|
Dan Landry posted:I've been meaning to check out the WSUS add-ons from EminentWare. They're pricey, but paying someone to take care of the dirty work with Adobe updates almost makes it worth it. That's not really too terrible of pricing to be honest. Hell we paid 16 or 17K for Shavlik to manage 200 servers. I wonder if that's flexible at all? I could easily sell this to management, but we have SCCM on our roadmap this year since we pay for it as part of our EA. Thanks for that link though, I've never heard of that company
|
#
¿
Jul 13, 2010 14:10
|
|
|
|
| # ¿ May 4, 2024 04:08 |
|
|
Anyone running a Zero Touch imaging setup with SCCM? I'm using Ghost right now, and between the Ghost Console and a batch file we crafted, I'm in a totally zero touch environment right now. The problem is rolling out new packages. Doesn't always work well. Ghost AI packages work well for some things, but not for others. I'm in a call center, so I have 300 workstations (4 different models) that all need the same software loadout.
|
|
#
¿
Jul 14, 2010 17:16
|
|
|
There a decent guide out there for imaging with SCCM? A basic walkthrough you might recommend? Right now I'm rolling Ghost and it works perfectly for what I need it to do. I have a nice Zero Touch setup right now, but Windows 7 is looming, and creating new images all the time sucks.
|
|
#
¿
Feb 7, 2011 18:03
|
|
|
Honey Im Homme posted:On the subject of MDT and deployment, here is a fantastic video with Mark Russinovich which basically works through everything you need to know. Thanks for this, going to watch it tomorrow at work.
|
|
#
¿
Mar 2, 2011 01:53
|
|
|
FISHMANPET posted:XP, but moving to Windows soon. The problem is that people keep getting laptops, and keep taking them places, and are too dumb to keep their roaming profiles in check (6GB!) and basically laptops are poo poo. So I'd like to force them to VPN in before they login, but I don't see how they can do that without activating a network connection. I've never gotten the Windows Wifi to connect before logon. I force my work at home users to plug in via ethernet, and then connect the VPN. I've seen the option in Intel Proset wifi to have it start before logon as well, but any other client, or windows, I have no clue. Too many variables really.
|
|
#
¿
Apr 13, 2011 21:28
|
|
|
We've been deploying SCCM this week with the help of a really smart MS Employee that we're burning a bunch of Premier Hours on. This guy has been great, and SCCM is going to rock our face.
|
|
#
¿
Apr 14, 2011 02:41
|
|
|
lol internet. posted:Anyone push out SP1 for Windows 7 through OS deployment yet? Service packs take forever to install. Vista SP1 took up to an hour on some machines. It won't make much difference if you install it manually or via task sequence.
|
|
#
¿
Apr 19, 2011 16:05
|
|
|
marketingman posted:Hey guys I didn't really get many answers in the Exchange thread, so I'm asking her with the wider audience - anyone have experience with seriously large Exchange mailbox numbers? Looking specifically for overall architecture and annoyances? It's hard to give advice without specifics. 100K users in a geographical region would be setup differently than say a global company with a dozen subdomains across 30 countries and 5 continents. One would also assume that this 100K user organization already has some form of messaging in place that would need to be migrated. Either way "How do you setup Exchange for 100K users" is a very poor question. For example, setting up Exchange for the 237,000 employees of the State of California, would be a totally different deployment scenario than say setting up Exchange for a global workforce of 100K like Coca-Cola. Then you have to dive into poo poo like budget, timeframe, sizing. (example, 100K students at an EDU with 100MB mailbox each and only OWA access would be totally different than sizing for 2GB mailboxes for corporate users with Outlook/Outlook Anywhere) Way too many variables to even begin to give a good answer.
|
|
#
¿
May 9, 2011 16:49
|
|
|
mindphlux posted:Are there any cheap/good network port mapper things for sale out there? I will have an unknown switch that services about 8-10 offices and need to map out what ports on the switch go to what ports in the rooms, and just want to save myself some time and hassle rather than running back and forth and checking lights like a chump. I've seen some, but they're like 600 bucks, and I don't anticipate having to do this more than like 2-3 times a year so I was hoping for something closer to the $100 mark. Quest Software/Packet Trap has a free set of tools available that includes a switch port mapper. http://www.packettrap.com/product/pt360_pro.aspx
|
|
#
¿
May 9, 2011 16:54
|
|
|
Regarding Windows licensing you'll get a better deal at your number by getting OEM licenses attached to your hardware. Assuming you go to Dell or something, just make sure you're getting Windows 7 Professional on the computers. Managing Windows machines is pretty dang easy. By default your users can't do much without administrative rights, and you can use Group Policy to push certain settings and preferences to the clients. *** *** This is assuming you have a proper Windows Active Directory domain setup, which you probably will want at least on a basic level to manage 50 machines. Patch management is easy with a WSUS server, approve the patches in the console and your Group Policy for patching will take care of the rest. Honestly Windows shines when it comes to this kind of setup.
|
|
#
¿
Jun 15, 2011 21:08
|
|
|
Our AD is broken down into geographical OU's, and then further departmental/functional OU's under that. I personally like separating things as much as reasonable, it makes life easier on me. Makes GPO's easier as well as you're usually applying a policy to a group of folks.
|
|
#
¿
Jun 23, 2011 02:55
|
|
|
FISHMANPET posted:Yeah, don't redirect AppData. Nope, don't redirect the Desktop either. Java has some crazy loving shithole 'feature' I don't remember the specifics of, but it hosed me a couple years ago in my environment. Honestly after using Folder Redirection I'm kind of soured on it, I'm just going with straight roaming profiles now. They're supposed to be faster with Win7 and Server 2008. Something changed in the networking code where it doesn't open a new session for each individual file anymore, just opens one session and transfers the files inside that session. We get a huge performance hit on our roaming profiles due to the thousands of tiny files our users have in our XP environment. FlyWhiteBoy posted:I guess this question best fits here. I have a server with 4 IP addresses because it is hosting 4 HTTPS web sites. The DNS is managed at a higher level so I requested they create 4 A records pointing to each IP address. It will work for a couple hours after they set the records but over time or after a reboot one of the records will be pointing to 4 IP addresses instead of just 1. Any ideas what could be causing the DNS to update and point to 4 IP's instead of just the 1? IIS and Server 2003/8 I assume? Make sure your server isn't registering poo poo for you assuming this is a AD environment and all that. Not terribly familiar with IIS, but wouldn't be surprised if it had the ability to update itself in AD DNS. skipdogg fucked around with this message at 01:48 on Jan 11, 2012 |
|
#
¿
Jan 11, 2012 01:41
|
|
|
Take a look at SpiceWorks. It's free.
|
|
#
¿
Jan 24, 2012 21:40
|
|
|
Icesler posted:Does anyone know of a fast and reliable software audit tool? Boss is asking me to get a full count of MS Office 2010 installs by tomorrow for our license true up. I would have used altiris but our server just took a massive poo poo and we need to rebuild it. Spiceworks will do a software inventory for you. Throw a quick install up somewhere and you should get your data in time.
|
|
#
¿
Feb 13, 2012 23:19
|
|
|
lol internet. posted:Question: Do you really need to be a programmer to take advantage\learn powershell? Nope. You don't need to be a programmer at all. Microsoft has made it really clear Powershell is the future as far as automation and scripting goes in Windows, and I think any good Windows admin should take the time to learn at least the basics of it.
|
|
#
¿
Feb 23, 2012 05:22
|
|
|
Swink posted:Any recommendations for full disk encryption for about 50 Win7 laptops? Other than Bitlocker I mean. Sophos products tend to not suck in my experience. They'll do FDE with their Endpoint Protection
|
|
#
¿
Mar 1, 2012 17:30
|
|
|
We also rebuild the image. Most of the imaging work I do is for our call center environment, so those things get re imaged every 4 months on average anyway so it's no big deal.
|
|
#
¿
Mar 1, 2012 21:56
|
|
|
Furnok Dorn posted:Not sure where else to ask this but this seems as good a thread as any; anybody have any recommendations for IM software that integrates with Active Directory? Free would be preferable! Spark/Openfire is pretty much the most mature open source IM software out there. If your a MS Shop Office Communicator rocks, but can get pricy if your not on a big agreement with them. We have a big EA with Enterprise CALs for everyone, so we already pay for most of the crap we don't even use. Really though, I ran Spark/Openfire for 3 years authenticating against AD and had almost no issues at all. If you're trying to configure Spark for true SSO, the documentation on their site should be enough to get it working, if not I bet there's an answer somewhere in the forums.
|
|
#
¿
Apr 12, 2012 16:23
|
|
|
Yaos posted:How much does that thing cost. Quick and dirty guess would be 350K to 500K depending on how big of a discount you can swing from HP. That includes all the software and support fees from HP as well. The issue with something like that is power density. What kind of power reqs does that rack have? Dual 60A 208V?
|
|
#
¿
Apr 18, 2012 05:31
|
|
|
gently caress Adobe products forever
|
|
#
¿
Apr 25, 2012 00:48
|
|
|
Crap like that makes me happy we just buy Enterprise CAL's for the whole company. We don't really have to worry about too much of the licensing crap. Downside is we hardly use any of the stuff we actually pay for and it's expensive as hell.
|
|
#
¿
Apr 25, 2012 17:04
|
|
|
jassa posted:That doesn't stop them from clicking "Shut down" from the Start menu though. What do you mean it would take configuring 80 routers? I'm not sure what your environment is like, but setting up a DHCP Reservation by MAC is pretty trivial and just has to be done on the DHCP server. No need to touch the routers, unless they're doing the DHCP  If you're insistent on scripting, you can use netsh to set tcp/ip information in a script.
|
|
#
¿
May 9, 2012 15:49
|
|
|
FISHMANPET posted:I came across this "feature" today: http://support.microsoft.com/kb/2009754 Finding a solid guide was the hard part... and I can't find the drat guide I used. It's pretty straightforward though. Get all your patches you want to install to the WIM, use DISM to mount the wim file. fake edit: I still have the command prompt windows open from when I did this.. I'll paste some stuff in here. I won't insult your intelligence by baby explaining everything, but ask for clarification if you need it. Step 1: Mount your wim file using DISM. The command below is what I used. C:\>dism /mount-wim /wimfile  \Win7Source\Win7Entx64.wim /mountdir\Win7_WIM/index:1 Step 2: add-packages from the folder containing all your packages. If you just select a folder it will pull all the packages in the folder. I used C:\Win7_update_packages>dism /image:"C:\Win7_WIM" /Add-Package /PackagePath:"C:\ Win7_update_packages" You'll see a bunch of these Processing 54 of 66 - Adding package Package_for_KB2644615~31bf3856ad364e35~amd6 4~~6.1.1.0 [==========================100.0%==========================] Then commit the changes to the mounted WIM C:\Win7_update_packages>dism /unmount-wim /mountdir \Win7_WIM /commitThen import the new WIM file into WDS or SCCM or whatever you're using.
|
|
#
¿
May 9, 2012 17:21
|
|
|
Right. I had just renamed some stuff to make it easier to organize. edit: the hardest part was getting all the patches. I ended up using wsusoffline and that worked pretty well.
|
|
#
¿
May 9, 2012 17:40
|
|
|
Can you just grab the Win7 install.wim with SP1 already in it? That's what I did.
|
|
#
¿
May 9, 2012 18:54
|
|
|
angrytech posted:I'm looking for a book or books that will give me a good introduction to AD environments/Group Policy/Exchange/SCCM/whatever. My knowledge is pretty much self-taught and I need to get something approaching a decent understanding. Exchange and SCCM are their own beasts and have books dedicated to just them. I don't have any so I can't recommend them, but would love a good recommendation on a SCCM book. For 2008 AD, I recommend the O'Reilly Active Directory Book. http://www.amazon.com/Active-Directory-Designing-Deploying-Running/dp/059652059X/ref=sr_1_1?ie=UTF8&qid=1337020316&sr=8-1 For Group Policy, Moskowitz's book is generally one of the better ones out there. I have the previous version of this book and he did a good job of including lots of real world scenarios and usages that some of the other technical books leave out. http://www.amazon.com/Group-Policy-Fundamentals-Security-Managed/dp/0470581859/ref=sr_1_1?s=books&ie=UTF8&qid=1337020421&sr=1-1
|
|
#
¿
May 14, 2012 19:36
|
|
|
Spermy Smurf posted:WSUS Did you have Service Packs in your last one? Service Packs for all those things might be a big chunk of that.
|
|
#
¿
May 17, 2012 15:59
|
|
|
Serfer posted:Correct me if I'm wrong, but I'm pretty sure this is what Sharepoint does. No, he's talking about actually making the photos a part of Active Directory. You can, but I still wouldn't do it. It shouldn't affect anything as long as you have reasonable wan links, but MS Best Practices are still thinking about there being 128K ISDN lines linking sites together, not Metro-E or DS3 WAN links. skipdogg fucked around with this message at 22:27 on May 24, 2012 |
|
#
¿
May 24, 2012 22:22
|
|
|
Powdered Toast Man posted:So this is a thorn in my side and I'm hoping that someone else has run into this problem before and has a good solution for it... We ran into this quite often with our road warriors. We put in a Juniper SSL VPN appliance and when their password expires I make them login to that. They can change it there to something we don't know, then use the Cisco client to connect, then the machine updates it's cached pw in the background. It's not elegant at all, but it is what it is.
|
|
#
¿
Jun 4, 2012 17:24
|
|
|
Anyone using any kind of standalone patch management software? Before I get into it, SCCM is off the table and is not an option. All I need to do is run agentless scans against servers, report on patch status, and then have the ability to schedule and deploy patches as needed. I'm only worried about Windows patches, but 3rd party patches are fine too. Looking at the following software: Shavlik/VMWare Protect Essentials GFI LanGuard SolarWinds Patch Manager/ Eminentware I used Shavlik in the past and I know it does what I need it to do, provided VMware hasn't changed the product too much. It's also the most expensive option. I have the money for it, but if GFI or SolarWinds would do the job better for a lower price, I'm good with that as well.
|
|
#
¿
Jun 4, 2012 20:41
|
|
|
FISHMANPET posted:What's wrong with WSUS? Nothing is wrong with WSUS, we have a WSUS infrastructure in place, but it doesn't meet the objectives of the project I'm working on. Price isn't that important, I will gladly pay VMWare their 20 grand, but if I can get similar functionality for a lower price, I obviously would have to consider it. We've always been in a situation where we have plenty of money to throw at a problem, but never enough manpower. Headcount is frozen for the foreseeable future. SCCM is off the table for a few reasons... mostly manpower related. We're short on manpower right now with other deliverables and getting System Center rolled out properly in the timeframe we have isn't feasible. It's on the roadmap for next year. I need a 1 year solution to make the auditors happy. So if anyone is familiar with GFI LanGuard or SolarWinds Patch Manager/ Eminentware please share your experience.
|
|
#
¿
Jun 4, 2012 23:37
|
|
|
You using trace32 for the logs? It should highlight any errors for you and at least give you something to google.
|
|
#
¿
Jun 29, 2012 16:59
|
|
|
2008 is fine, but there's no arguing with folks sometimes. I don't use Dell servers, but I know HP servers come with a SmartStart DVD that has all the drivers and everything on it and walks you through installing the OS on the server. I would assume that Dell has something similar. Cursory google searches show something like a Dell Systems Build and Update Utility CD or a Unified Server Configurator option somewhere.
|
|
#
¿
Jul 17, 2012 16:06
|
|
|
Anyone rolled out SCCM 2012 in a multi site environment? Trying to plan our sites out, but just getting confused as gently caress to be honest.
|
|
#
¿
Jul 18, 2012 17:43
|
|
|
Yeah, that's what I'm having a hard time wrapping my head around. We don't have an existing 2007 deployment, it never really left the testing phase, but it's what I'm familiar with. I went in planning on a CAS with 2 or 3 primary sites but the more I read technet and the forums the general consensus is if you are not >100K endpoints DO NOT INSTALL A CAS. We'll be dealing with 4 to 5K clients tops. We have 4 significant sites in the US, 2 in Europe and a significant site in India and Brazil... Everything new I'm reading says we'll be fine with just a single primary site and local distribution points across the enterprise. India and Brazil may get secondary sites as the WAN links there loving suck (4 megs if your lucky), but the rest of the company sites all have 45Mbit MPLS connections and the new 2012 stuff says thats fine. I'll pick the consultants brain more on Monday, but for 2012 everything I've seen says for our environment the single primary site should be fine. I know right now you can't roll a Primary site into a CAS after the fact, but supposedly SP1 will fix this, so down the road if we need a CAS, we should be able to do that.
|
|
#
¿
Jul 21, 2012 05:55
|
|
|
Thanks for the info, 2012 seems like a completely different product from 2007 I did manage to get a 5 day voucher from our Software Assurance credits for System Center 2012 training in a couple weeks but the install starts Monday so that's no help for me right now. The sanity check on the install is much appreciated, so thanks again!
|
|
#
¿
Jul 21, 2012 06:41
|
|
|
InfiniteDonkey posted:Just finished installing SCCM 2012 with a Microsoft technician. We're rolling it out as well. I've spent a week with a consultant setting it up, and this week has been all MS Official Training and I feel like I've barely scratched the surface. We're a complicated environment though. 2 forests, global sites, blah blah blah. I've ran into so many 'gotchas' and headscratching moments it's insane. If this was just a single forest single domain it would be so much easier. skipdogg fucked around with this message at 14:42 on Aug 9, 2012 |
|
#
¿
Aug 9, 2012 14:40
|
|
|
Definitely post up if you guys run into any issues with 2012 SCCM. Getting some knowledge sharing going on in this thread would be awesome. I ran into one today that really wasn't documented too well. I put a DP on a Win2K3R2 server and it would not get packages copied to itself. IIS and BITS was good, but Remote Diff Compression wasn't turned on by default. Luckily google-fu eventually lead me to this blog post http://blogs.msdn.com/b/george_bethanis/archive/2012/05/10/cm2012-packages-are-not-distributed-to-windows-server-2003-r2-dps.aspx Runing a .5MB file fixed it and now my DP is happy.
|
|
#
¿
Aug 9, 2012 19:09
|
|
|
System Center could replace the first 4 programs on your list. With some caveats though. I'm familiar with Shavlik, I used to manage NetChk6.5 for our environment. SCCM can replace that with WSUS and SCCM but it doesn't do the 3rd party patches like Adobe and stuff. It would completely replace Assetmanager for sure. The Asset and Intelligence in SCCM 2012 is insanely powerful. Want to know what computers have a Texas Instruments 1394 card in them? No problem. Software Metering and inventory is nice as well. I only briefly looked at the product page for Assetmanager but I would bet SCCM does everything it does. SCCM has an endpoint protection component, but you might find it lacking in certain features depending on what you have Symantec do. Desktop Authority is going to be the main issue. You can probably get 80% of the functionality of it (from what I've read about online, never used it) from SCCM. The User Environment Config component of DA doesn't really have a counterpart in SCCM, most of that stuff can be handled via Group Policy though. Depending on your licensing costs, it could very well be worth it. Not sure what your Microsoft Licensing is like, but if you're on any kind of plan with them you could get some pretty agressive pricing from them. We had a big Enterprise Agreement with them already and were paying for Core and Enterprise CAL's for SCCM so all we had to do was pay for a server license. I have no idea what the CAL pricing is like but you would be moving 4 systems to 1, and more than likely saving a bunch of money in the process. It's a bitch to roll out though, so there's a big time/project planning component to it. I just started using SCCM 2012 less than a month ago and let me tell you I'm in loving love.
|
|
#
¿
Aug 10, 2012 22:32
|
|
|
|
| # ¿ May 4, 2024 04:08 |
|
|
Serfer posted:Actually, it will absolutely do third party patching. Adobe provides their own patch definitions specifically for SCCM in fact. The definitions are only for reader x and flash, but better than nothing. You can build your own patches for anything else you want as well. You're right of course, I probably wasn't as clear as I should have been. Shavlik and the other 3rd party patching programs create those packages and automatically download them for you. It's like a subscription service so you don't have to do it.
|
|
#
¿
Aug 11, 2012 03:56
|
|