|
incoherent posted:Also: Microsoft Pushes windows server to 2016. That, and I was not looking forward to being the guy who had to explain to management why we chose to upgrade Win2003 systems to the then-already-replaced 2012r2. No new Server2015/2016 makes the choice a hell of a lot simpler. Yes, there are Win2003 boxes in our environment 
|
#
?
Feb 1, 2015 20:46
|
|
|
|
| # ? Apr 29, 2024 14:08 |
|
|
Would that really be a conversation? We're still upgrading some systems from 2003 to 2008R2 which is supported until Jan 2020. 2012R2 is good until at least 2023. I've just started introducing 2012R2 systems to our environment as certain features have been needed. Some of our software isn't even vendor supported on 2012R2 yet
|
|
#
?
Feb 1, 2015 20:55
|
|
|
DHCP clustering is such a nice thing to have, other than that I've not really done much exploration of the extra features that 2012 R2 has over 2008 R2, outside of the Hyper-V enhancements. 2008 R2 was already a really nice OS and I wouldn't be clamouring to get away from it any time soon.
|
|
#
?
Feb 1, 2015 20:57
|
|
|
Thanks Ants posted:2008 R2 was already a really nice OS and I wouldn't be clamouring to get away from it any time soon. heh...heheheh...hehehhehehehehehe
|
|
#
?
Feb 1, 2015 22:19
|
|
|
I'm only deploying 2012R2 right now when the new features are wanted. We're still defaulting to 2008R2 for the next 6 months. Most of the other guys aren't familiar with 2012 and need to get up to speed. I have put 2012R2 out there for a new RDS cluster, WSUS, and looking into 2012R2 for ADFS.
|
|
#
?
Feb 1, 2015 22:32
|
|
|
skipdogg posted:I'm only deploying 2012R2 right now when the new features are wanted. We're still defaulting to 2008R2 for the next 6 months. Most of the other guys aren't familiar with 2012 and need to get up to speed. I have put 2012R2 out there for a new RDS cluster, WSUS, and looking into 2012R2 for ADFS. I'd love to get to 2012 R2 for ADFS / DirSync / Azure Whatever. However, we have significant work to do before we get there because, as of 6 months ago, one of our directories was still at a 2000 functional level. We still have >100 2003 R1 servers too. 
|
|
#
?
Feb 1, 2015 23:20
|
|
|
2012R2 is pretty amazing. From improved DFS, dhcp clustering, file server clustering massive improvements, powershell and more there is absolutely no reason not to be using 2012r2 unless your app is crap and doesn't support it. The reasoning "most of the guys aren't familiar" is pretty poo poo considering it was released 1.5 years ago and 2012 2.5 years ago. Time to get the gently caress going.
|
|
#
?
Feb 1, 2015 23:29
|
|
|
Speaking of 2012 - my boss wants me to spin up a demo of Work Folders. Is ADFS the best thing to use for that or is there an easier option?
|
|
#
?
Feb 2, 2015 00:30
|
|
|
Man, Win7/R2 combo is the loving IROC Z of infrastructures.
|
|
#
?
Feb 2, 2015 00:31
|
|
|
Potato Salad posted:Yes, there are Win2003 boxes in our environment I'm sure this is pretty common. We have quite a few in ours. It's like pulling teeth to get some of these vendors to move even to Server 2008 (non-R2).
|
|
#
?
Feb 2, 2015 01:56
|
|
|
Honestly, it's not that big a deal to have win2003 boxes if they are behind your firewall and decently locked down. 2003 webservers? Yeah, not good.
|
|
#
?
Feb 2, 2015 01:58
|
|
|
TWBalls posted:I'm sure this is pretty common. We have quite a few in ours. It's like pulling teeth to get some of these vendors to move even to Server 2008 (non-R2). My understanding about Server 2008 non-R2 is that you do not use 2008 non-R2 . Or am I confused with 2012 non-R2? If it isn't obvious, I've only just jumped on the Windows administration wagon.
|
|
#
?
Feb 2, 2015 02:33
|
|
|
2008 vanilla is 32 bit, and is the last server OS in 32-bit, and that's the only reason to use it. 2008 R2 and up is 64-bit only.
|
|
#
?
Feb 2, 2015 02:34
|
|
|
WS2008 R2 also is the lowest version that supports Powershell v4.0, which is the lowest version that supports DSC. If you have WS2008 non-R2 you're trapped on Powershell v3.0 forever. WS2008 R2 is also supposed to get Powersehll v5.0 which will include linux-style package management  WS2008 non-R2 has most of the features of R2, but from a compatibility standpoint tools that work with R2 are generally compatible with WS2012 and vice versa.
|
|
#
?
Feb 2, 2015 02:58
|
|
|
Active directory recycling bin. Saved our bacon once or twice.
|
|
#
?
Feb 2, 2015 03:22
|
|
|
TWBalls posted:I'm sure this is pretty common. We have quite a few in ours. It's like pulling teeth to get some of these vendors to move even to Server 2008 (non-R2). Weird, we're getting the opposite, with vendors dropping windows 2008 and SQL 2008 (R2 in some cases for both).
|
|
#
?
Feb 2, 2015 04:24
|
|
|
What's the best way to grant someone Read Only access to an Exchange 2013 mailbox? I want them to be able to log in and look at mail, but not delete or send anything. I can give "User2" Full access to the "User1" mailbox with this: code:code:Is that really the best way of doing it? Is there any easy way of doing (and un-doing) that? Xenomorph fucked around with this message at 20:04 on Feb 2, 2015 |
|
#
?
Feb 2, 2015 20:01
|
|
|
As far as I know there is no way to not allow them to delete email. Once they can get in to view email, they can delete.
|
|
#
?
Feb 2, 2015 20:04
|
|
|
GreenNight posted:As far as I know there is no way to not allow them to delete email. Once they can get in to view email, they can delete. That's what I'm seeing. "Reviewer" status on individual folders lets them open them just fine in Outlook. (without the ability to delete, etc) OWA access just bombs out. Always Access Denied. One search said that Full access has to be granted on the mailbox to view it via OWA, which would totally get around the Reviewer status.
|
|
#
?
Feb 2, 2015 20:28
|
|
|
Xenomorph posted:That's what I'm seeing. Yeah that's exactly right. Once you give them Full Access though, it adds the mailbox as a proxy to their Outlook.
|
|
#
?
Feb 2, 2015 20:29
|
|
|
OK, it's probably a lost cause on that one. I wanted to do a former-employee a favor by giving them read-only access to their email. No sending, no deleting. This probably ain't gonna happen. New issue: how do we block this new Microsoft Outlook Android/iOS client? It's storing credentials and pushing our mail through Microsoft's servers. http://betanews.com/2015/02/01/warning-microsofts-new-ios-outlook-app-is-insecure/ edit, looks like this may do it: code:Xenomorph fucked around with this message at 20:57 on Feb 2, 2015 |
|
#
?
Feb 2, 2015 20:43
|
|
|
So how bad of an idea is pulling an enterprise wide Lync rollout in the next few months, given the changes coming? Is there any kind of solid info on how much work will be involved updating all the clients/server when the Skype for Business stuff takes over?
|
|
#
?
Feb 2, 2015 23:57
|
|
|
AlternateAccount posted:So how bad of an idea is pulling an enterprise wide Lync rollout in the next few months, given the changes coming? Is there any kind of solid info on how much work will be involved updating all the clients/server when the Skype for Business stuff takes over? Nope! At this point it seems like stuff is likely to drop 2nd half of 2015, so might as well get it out the door now and get people using it vs waiting to see.
|
|
#
?
Feb 3, 2015 01:53
|
|
|
Has anyone been able to use Skype for Business yet? I hope you can copy/paste screenshots into chat windows...
|
|
#
?
Feb 3, 2015 03:48
|
|
|
Tab8715 posted:Has anyone been able to use Skype for Business yet? I hope you can copy/paste screenshots into chat windows... I'm pretty sure I do that in Lync 2013 already...
|
|
#
?
Feb 3, 2015 10:25
|
|
|
TWBalls posted:I'm sure this is pretty common. We have quite a few in ours. It's like pulling teeth to get some of these vendors to move even to Server 2008 (non-R2). Yeah, but boxes. As in we lose support if we virtualize them. Not because there's a good reason for them to loose support when on a virtual platform; just because.
|
|
#
?
Feb 3, 2015 23:19
|
|
|
Potato Salad posted:Yeah, but boxes. As in we lose support if we virtualize them. Not because there's a good reason for them to loose support when on a virtual platform; just because. Same here. HealthcareIT.txt Their reasoning is they haven't tested that configuration. I mean, it's not like Virtualization is brand spankin' new. They've had years to test this.
|
|
#
?
Feb 3, 2015 23:46
|
|
|
incoherent posted:SMB 3.0? you can force it down I believe via powershell. i'd natively mount NFS where I can though, only because i'm a computer janitor. Yo, so I resolved this, I was going to do a giant effortpost about the problem if I couldn't resolve it but I did. The issue was that the Linux mount configruation was not permitting NTLMv2, and it kept trying to negotiate up to NTLM then stop, where our domain settings require NTLMv2 with no fallback permitted. I changed the security flag in Red Hat and it was good to go, Wireshark confirmed NTLMv2 was working. I have no idea why this became an issue in a 2012R2 domain as opposed to 2008R2 working fine, so either our previous GPO wasn't working, or MS changed something in the new AD level. Either way, it's good now!
|
|
#
?
Feb 4, 2015 19:02
|
|
|
That is good to know. Similar to my issues with linux/windows you need to be specific on both ends rather than hoping they'll negotiate. Its entirely possible the default domain policy (or domain controller policy) GPO wasn't getting applied consistently to the domain, and the migration to a new domain/forest/domain controller helped clear up any issues. Also another possibility if this is a new server in a new OU, NTLM negotiations may have been allowed on the old server/OU via GPO. Or someone hosed with local policy on the old server to make it work.
|
|
#
?
Feb 4, 2015 20:45
|
|
|
Our domain is very large, old, and complex, and there very easily could have been a misapplied GPO or some kind of filtering issue. We're in the process of re-architecting and cleaning up, but yeah I have a hunch that's what caused it.
|
|
#
?
Feb 4, 2015 20:48
|
|
|
I've given my company my 2 weeks notice and my boss is asking me to have a few 1 hour sessions to distill SCCM 12R2 administration down for the other admins since no one else knows it. Besides teaching how to create and deploy packages, how to troubleshoot/find logs and create collections, does anyone have any suggestions for important points to hit? I'm not sure I'll have enough time to go into creating reports.
|
|
#
?
Feb 4, 2015 20:58
|
|
|
....just how much of SCCM do you have deployed? If is business critical, have them get a SCCM consultant to handle it till a proper handoff can happen. They'll do a better job of communicating it then you could. e: not to discount your ability, but it's a full on discipline by itself. http://it.slashdot.org/story/14/05/17/051214/emory-university-sccm-server-accidentally-reformats-all-computers-campus-wide incoherent fucked around with this message at 21:10 on Feb 4, 2015 |
|
#
?
Feb 4, 2015 20:59
|
|
|
incoherent posted:....just how much of SCCM do you have deployed? If is business critical, have them get a SCCM consultant to handle it till a proper handoff can happen. They'll do a better job of communicating it then you could. 1 Primary site, 1 Secondary site and 1 Distribution point across 2 Forests Several thousand clients About 60 Collections Not using OSD yet(plenty of test images/TS that work successfully) Patching every Patch Tuesday Using Endpoint Protection Not using Compliance Settings Not using any Intune services If the consultant cost more then $0, they will not go for that idea. Edit - My job here was to stand up and manage SCCM. Thats what my next job is except they added a "Senior" to my title. I've tried explaining to them that the system will be left for dead if no one really learns it so he put it on me to try to train someone. There's a reason I'm leaving but I'm putting in my best effort for the rest of the team. Sacred Cow fucked around with this message at 21:16 on Feb 4, 2015 |
|
#
?
Feb 4, 2015 21:12
|
|
|
Sacred Cow posted:1 Primary site, 1 Secondary site and 1 Distribution point across 2 Forests I feel like you most likely work for my client.
|
|
#
?
Feb 4, 2015 21:13
|
|
|
MF_James posted:I feel like you most likely work for my client. Probably not. We're a bare-bones IT department for a small private company. We got bought out recently and I'm sure most of you know how that usually works out.
|
|
#
?
Feb 4, 2015 21:29
|
|
|
Sacred Cow posted:Probably not. We're a bare-bones IT department for a small private company. We got bought out recently and I'm sure most of you know how that usually works out. Ahh ok, well let's just say that the client I am currently assigned to is pretty much what you described
|
|
#
?
Feb 4, 2015 23:40
|
|
|
Sacred Cow posted:1 Primary site, 1 Secondary site and 1 Distribution point across 2 Forests Man, that was me a month ago, except that other people at my old place know how to manage it. I went from being secondary in an SCCM install that had about 600 computers to a "Senior" admin in control of an SCCM instance with 25k computers. 1430 collections.
|
|
#
?
Feb 4, 2015 23:43
|
|
|
incoherent posted:....just how much of SCCM do you have deployed? If is business critical, have them get a SCCM consultant to handle it till a proper handoff can happen. They'll do a better job of communicating it then you could. To give Emory credit, they had the entire campus back up in three days.
|
|
#
?
Feb 5, 2015 00:17
|
|
|
FISHMANPET posted:Man, that was me a month ago, except that other people at my old place know how to manage it. I went from being secondary in an SCCM install that had about 600 computers to a "Senior" admin in control of an SCCM instance with 25k computers. 1430 collections. Same situation. I'm going from a small company with a skeleton crew IT to a government agency with a massive dependency on SCCM. Thankfully it scales pretty well so I'm not too worried about taking on more computers or packages. I just need to really get to know the Compliance Baseline tools, brush up on my SQL/WQL for reports and probably finally learn to manage it with PowerShell.
|
|
#
?
Feb 5, 2015 16:37
|
|
|
|
| # ? Apr 29, 2024 14:08 |
|
|
I put this one yesterday in the general Windows thread, but it seems more appropriate for this one- I've got a WSS2012 r2 with four hdd's in it. The OS is on a comfy 100GB partition, and the remaining unallocated space participated in a parity storage pool that includes the other three devices. I don't have critical data to lose on this unit. I was testing out some failure scenarios. I ran the OEM vendor's (only) process for restoring from a failed OS situation, which is supposed to only re-install the OS on its small partition and leave any other allocated space completely alone. The problem with this process is that it always converts the original disk back to 'Basic' - storage pools seems to conceal the other drives but I'm sure the disks were all converted to dynamic as a result of the storage pool establishment. The storage pool metadata seems to be recognized in the server manager, but it cannot be reactivated at all. I can have the server take control of permissions on the storage pool, but it changes nothing. Converting the disk to dynamic doesn't help either, which I expected, and which probably would make a data recovery service's work even harder if the data mattered. It doesn't even behave like a single drive failure which a RAID5 should be capable of surviving. I tested an OS reinstall with no storage pool from disk0 dedicated to it, just confined to the three drives that the OS doesn't live on, and I could reactivate it just fine. If I put a single simple volume on the remaining unallocated space, that will also survive the OEM's recovery process. It seems the short story here is that if a storage pool on this device includes the OS's extra unallocated space, the act of recovery with the OEM method that converts the disk back to basic, hopelessly pooches the RAID metadata and therefore the RAID.
|
|
#
?
Feb 5, 2015 16:51
|
|
