Search Amazon.com:
Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«75 »
  • Post
  • Reply
Spudman
Feb 5, 2004

Post nudes plz
Don't worry, it's perfectly rational!


Responding to Noel's question from a couple pages ago.

The first thing that comes to mind is a Powershell script. (God I love Powershell.) Would it be feasible to get all your workstation names into a text file, one per line? Then you could do something like this to find the profile sizes. (I'm just doing this off the top of my head so the code probably isn't perfect, but you should get the idea:

code:
$file = Get-Content "file.txt"
ForEach{$_ in $file
  Get-ChildItem "\\$_\c$\users\" -Recurse | Measure-Object -Property Length -Sum
}
You'll probably have to fiddle with the escape characters and such... but that would return the size of all the junk under the users directory (or "Documents and Settings" for XP I guess, for each computer in your list. Then you could just use the script to add all that stuff up, convert it to GB, whatever floats your boat...

I did this exact same thing a while back because we wanted to know about how much space we'd need to store roaming profiles in a central location. The problem with this approach is duplication of data. Like if Sally has logged in to several of the machines that you're scanning, you'd end up counting her profile three times in your results.


Noel posted:

The tools I have available for these questions are SCCM and a Server2008 domain.

I want to discover the size of the local profiles on the desktops in my organization - I'm curious how much storage we would need if we used roaming profiles. I know that in the System control panel it tells me, but I'm not sure where that is stored. I suppose I could use a script + mof edit. Or File Collection.

I also want to parse the contents of each computer's local administrators group. Preferably this would be stored with each computer in SCCM (in the same way it currently shows what AD groups each computer is in). This one might also turn out to be a script + mof edit.

Spudman fucked around with this message at Feb 10, 2011 around 17:06

Adbot
ADBOT LOVES YOU

quackquackquack
Nov 10, 2002


Oh hey, thanks. I ended up going with an SCCM package consisting of du.exe and a batch file (below) to gather the info, then powershell to chop it up (you can't see the powershell, just like you can't see my funny wart).

code:
for /f %%m in ('dir /ad /b "%homedrive%\Users" ^| findstr /V /C:"Administrator" ^| findstr /V /C:"Public" ^| findstr /V /C:"Default" ^| findstr /V /C:"All "') 
do du.exe -accepteula -q -l 2 %homedrive%\Users\%%m > "\\server\PonyDepository\%%~nm.%computername%.txt"
(I included a line break before 'do', in case anyone is trying to run it).

I used SCCM instead of using Powershell to gather the info, as we have not deployed powershell to our client PCs, and we don't do a fantastic job of making sure the right firewall holes are poked. We have all Vista staff PCs.

As for the "multiple PCs" issue, the batch script named the files %username%.%computername%.txt, and the powershell script imported column A as %username% and B as %hostname%, so I could easily play with different combos (add, take the highest, etc).

quackquackquack fucked around with this message at Feb 10, 2011 around 21:03

Spudman
Feb 5, 2004

Post nudes plz
Don't worry, it's perfectly rational!


Well, I hope this thread does well. I'm a Windows enterprise administrator myself, and because I have no life I browse SHSC for fun, and this thread excites me.

My company has about 250 employees, a headquarters office, a primary datacenter, and a disaster recovery datacenter. For a year now, we have been in the process of migrating from a Windows 2000 domain to a Windows 2008 domain. The old domain was set up long ago by someone who thought it'd be swell if he made it a single-label domain name. There is no trust relationship between the two domains. Users that I've migrated to the new domain are interspersed throughout the company... literally, the person in the office next to mine is in a different domain. The non-IT people don't see the benefits of migrating to the new domain, despite my proselytizing. They don't want the inconvenience, and there are legacy apps in the old domain that won't run on 2k8... the developers of said programs all left the company years ago.

Alas, they hold all the political power.

I have SCOM, WSUS, WDS, and DPM all running, but I really would like to try SCCM. But I have a dedicated desktop/workstation guy, so I don't really think about desktop administration too much.

FISHMANPET
Mar 3, 2007



Noel posted:

At least Google put out an MSI and ADM for Chrome.

Come the gently caress on Firefox, it's not that hard to hire 1/8th of a full time person to package for Windows.

In one of our labs we're installing IE (obviously) and Chrome, but no Firefox. Now that there's another viable option for "alternative browser", we chose the one that is not a pain in the rear end to update. (and no, those community MSIs are not a viable option for us).

That's what I love about SCCM. If I can get a program to install automatically, I can have it run through SCCM. Firefox and Thunderbird are as easy as extracting the downloaded file with 7zip, and running 'setup.exe -ms'

quackquackquack
Nov 10, 2002


Didn't they deprecate -ms?

I also have SCCM and personally use /INI=blah.ini. However, because the installer extracts to a temp folder, you have to provide an absolute path to the .ini. Also, in my side job, they don't have SCCM, just AD.

It's just a pain in the rear end, where it needn't be.

I am excited about FF4 having auto-update.

Spudman:
I am that dedicated desktop administration guy in my place, although I dabble with other bits. SCCM is pretty awesomely fun, although the learning curve can suck. SCCM 2012 beta is out, which might be a good time to dive in. This is also my favourite thread here, I was disappointed when it got cobwebby.

SCCM question: is there a page/doc with best practices for upgrading SCCM? Right now I'm on 2007 SP1 (not R2) on a 2008 OS with SQL 2005. I would like to bring up a new VM with 2008R2, SQL 2008 (although 2005 would be fine, it's not like I interact with it) and SCCM 2007 R3, then move the database over.

lol internet.
Sep 4, 2007
the internet makes you stupid

Anyone have suggestions for folder structure on imported Storage and Ethernet drivers?

For the most part, I use driver packages\non imported. But with some older machines, I simply cannot always set the Storage mode to IDE\Compatability so I will have to import.

I really dislike importing due to the fact I can't import doubles. Unless someone knows how this is possible. I would love to hear how you do it.

GPF
Jul 20, 2000


FWIW, the hardlink setup is working great for us at [govt. entity] using SCCM.

FISHMANPET
Mar 3, 2007



lol internet. posted:

Anyone have suggestions for folder structure on imported Storage and Ethernet drivers?

For the most part, I use driver packages\non imported. But with some older machines, I simply cannot always set the Storage mode to IDE\Compatability so I will have to import.

I really dislike importing due to the fact I can't import doubles. Unless someone knows how this is possible. I would love to hear how you do it.

All our machines are Dell, which makes things a bit easier. I make a folder for the driver name, then a sub folder that is "<dell revision number> <driver version number>" Then when I get a new model I can easily see if I have the driver imported or not.

lol internet.
Sep 4, 2007
the internet makes you stupid

FISHMANPET posted:

All our machines are Dell, which makes things a bit easier. I make a folder for the driver name, then a sub folder that is "<dell revision number> <driver version number>" Then when I get a new model I can easily see if I have the driver imported or not.



Is the out of SCCM folder structure the same?

Also, when you use SCCM to "Import" the drivers. Do you need to keep the source folder you imported it form? Or can you delete it as SCCM "Imported" the drivers and if I recall correctly, you set the destination where the Imported drivers are kept.

FISHMANPET
Mar 3, 2007



lol internet. posted:

Is the out of SCCM folder structure the same?

Also, when you use SCCM to "Import" the drivers. Do you need to keep the source folder you imported it form? Or can you delete it as SCCM "Imported" the drivers and if I recall correctly, you set the destination where the Imported drivers are kept.

The "Source" is structured like this:
Source\(XP3|Win7x64|Win7x32)\Computer Model\(vga|nic|audio|etc)

I only did that for convience of getting new models of computers going. I create a package in SCCM for the model of computer, then add to the driver package any drivers I've already imported (these are mostly optiplexes or latitudes so they use the same audio/chipset/storage/nic for the most part). Then I download the rest of the drivers I need, and extract them to C:\Dell\Drivers (which I clear out before hand). I rename the R216818 style folders to something more descriptive (vga, wireless, etc). Then I drag all these into the "Computer Model" folder. From there I import into SCCM, then add the new drivers to the package.

When you create the drive package, you pick a filesystem path for it. I'm not sure what SCCM does with the drivers once it imports them. The grey beard thinks everything gets imported into the SQL database, but I'm not really sure about that.

lol internet.
Sep 4, 2007
the internet makes you stupid

FISHMANPET posted:

The "Source" is structured like this:
Source\(XP3|Win7x64|Win7x32)\Computer Model\(vga|nic|audio|etc)
But what do you do when two different models have the same driver? (ie. ethernet.)

You can't import it again correct? It will error out at the import screen. Do you just ignore this error then? I assume if it errors, you can't add it to the package. You would have to manually go and select the already imported driver.

AcridWhistle
Aug 20, 2003

Feasting on the flesh of a recently killed zombie probably wasn't the smartest of moves

spog posted:

I'd like to hear people's experience of USMT, specifically Loadstate.

Does it really work well out of the box, grabbing all the data that our beloved users like to hide? Does it get all the required settings/customisations of apps too?

Like Noel, I use it with a customized XML. If you don't it tends to grab way too much (why yes I certainly need that word document for program that is no longer used). I have it just grab the users data, we have been using it since XP.

Cpt.Wacky
Apr 17, 2005


Noel posted:

Didn't they deprecate -ms?

It's undeprecated now. https://wiki.mozilla.org/Installer:..._Line_Arguments

FISHMANPET
Mar 3, 2007



lol internet. posted:

But what do you do when two different models have the same driver? (ie. ethernet.)

You can't import it again correct? It will error out at the import screen. Do you just ignore this error then? I assume if it errors, you can't add it to the package. You would have to manually go and select the already imported driver.

I only put in the Source directory those drivers I don't already have imported. For example, my Source folder for the Latitude E6410 has 20 drivers in, but the similair Latitude E6400 only has 10 drivers, because I just reuse the existing ones.

I imported the a broadcom GigE driver a year ago and have used it in almost all of the driver packages.

quackquackquack
Nov 10, 2002


I do the same as FISHMANPET. I have a similar structure, but I don't care if, for example, the Optiplex330 folder has the audio driver, but the Optiplex360 folder does not. The driver packages I make in SCCM are the definitive articles. I could delete my source folders if I wanted.

When you tell SCCM to store a driver package somewhere, like \\server\DriverPackages\, it puts a folder named: %DriverPackageName%, which has a bunch of hex folders like: 40ADF883-0979-46DD-88B0-39592CBD646E\, one for each driver in that package.

Crazak P
Apr 11, 2003

PUNISHER > SPIDERMAN

FISHMANPET posted:

I'm not an expert on AD, but that should work. At some point you should raise the domain to 2008 functional level.

Thanks, once we get all our servers to 2008, that's the plan.


amishpurple posted:

Yep just run adprep on the 2000 schema master and you'll be able to install a new 2008 server as a DC. May as well go 2008 R2 (run adprep32 instead if you do) unless you have a specific reason to just stay on 2008, though. Transfer all the roles to the new 2008 server then unjoin the other DC's from the domain and you're good to go to raise the functional and domain levels.

If you go the one virtual, one physical route make sure the physical DC has the PDC Emulator role or be sure to read your vendors documentation on virtualizing domain controllers so you can avoid clock drift issues on the VM.

Two DC's for 300 users is just fine.

I should have been specific, but we're planning on running 2008 R2 datacenter edition. Thanks for the tips on adprep32 and the VM stuff. I don't think I would have read about it in the material that I'm using.

FISHMANPET
Mar 3, 2007



Noel posted:

I do the same as FISHMANPET. I have a similar structure, but I don't care if, for example, the Optiplex330 folder has the audio driver, but the Optiplex360 folder does not. The driver packages I make in SCCM are the definitive articles. I could delete my source folders if I wanted.

When you tell SCCM to store a driver package somewhere, like \\server\DriverPackages\, it puts a folder named: %DriverPackageName%, which has a bunch of hex folders like: 40ADF883-0979-46DD-88B0-39592CBD646E\, one for each driver in that package.

Yep, it's a practice I started when I first started with SCCM because I wasn't sure what I was doing, but now I keep doing it because I can drop a new folder into my source folder for a new machine rather than dump all the drivers into a root directory.

quackquackquack
Nov 10, 2002


And to answer a question from above, trying to import a duplicate driver fails gracefully.

lol internet.
Sep 4, 2007
the internet makes you stupid

- How do you deal with multiple advertisements that need to run in a specific order. (ie. Office 2007 x32 needs to be uninstalled prior to installing Office x64 2010)

- Also in advertisements, is there a way to force a restart first? If a user has outlook opened, I'd imagine you wouldn't be able to update/uninstall.

- Lastly, I haven't tried this yet, but how does SCCM software handle updates? (ie. MSI/exe updates.) Adobe 8 -> Adobe 9. Should you create a advertisements that uninstalls first, or are you good to just run installer

vladimir
May 29, 2003

We're caught in a flat spin!

Crazak P posted:

Thanks, once we get all our servers to 2008, that's the plan.


I should have been specific, but we're planning on running 2008 R2 datacenter edition. Thanks for the tips on adprep32 and the VM stuff. I don't think I would have read about it in the material that I'm using.

I just wanted to chime in here.

We just got done with a decent-sized migration from a 2003 AD to 2008. We actually had a MS consultant on-site for a large majority of the migration, with several weeks/months of conference calls and coordinating to make sure everything went smoothly.

I only bring this up because I specifically remember being on those conference calls and hearing the consultant ask (at least 2 times): "Are you sure that you don't have any 2000 domain controllers?" We did not...everything was already 2003. He kept asking because apparently there are some goofy steps* that need to happen if you're going from 2000 straight to 2008, that are not an issue if you're just going from 2003 to 2008. I believe it was also related to having Exchange in the environment, but I could be wrong.

I only bring this up because I'd hate to see someone run into an issue like this (esp. on an AD upgrade) if it's avoidable. I'm sorry I can't remember any further specifics on it (like I said, the issue wasn't applicable to our environment so we kind of glanced over that portion of the pre-check). It may just be over-protective and a non-issue, but it may also warrant doing a little more research. It would certainly suck epic amounts of rear end for something like an AD upgrade to go south half-way through the process.



* Honestly, I don't remember if it was extra steps that needed to happen, or if there was more of a potential for issues in skipping a version. I just remember that he specifically asked on a couple of different occasions to make sure that we didn't have any 2000 DCs before the 2008 upgrade.

quackquackquack
Nov 10, 2002


lol internet. posted:

- How do you deal with multiple advertisements that need to run in a specific order. (ie. Office 2007 x32 needs to be uninstalled prior to installing Office x64 2010)

- Also in advertisements, is there a way to force a restart first? If a user has outlook opened, I'd imagine you wouldn't be able to update/uninstall.

- Lastly, I haven't tried this yet, but how does SCCM software handle updates? (ie. MSI/exe updates.) Adobe 8 -> Adobe 9. Should you create a advertisements that uninstalls first, or are you good to just run installer

In order:

- Use a Task Sequence to create a... sequence of tasks. It is in the OSD part of the console, but can be used outside of OSD. So you would advertise a TS that, if 2007 is installed, uninstalls it, then installs 2010. If 2007 is not installed, it skips the uninstall and goes right to installing 2010.

- Again, use Task Sequences. The first step is a restart (make sure you play with the countdown timers...), then do what else you need.

- SCCM, in my opinion, handles software updates poorly. To answer your question, the delivery method (SCCM or GP Software Installation) does not matter, it depends what the msi/exe you are running does.
As for why I think SCCM is a poor choice for software updates in most environments (I assume we are talking desktops/laptops and not servers) is that it's an uncontrolled environment. GP Software Installation at least happens on startup, so it doesn't matter that Dreamweaver CS4 freaks out that firefox is open when it is installed.
Our users are currently running updates themselves (local admins, yadda yadda), and when we investigated using SCCM to perform the updates we decided it just wasn't going to work, and we're going to use GP Software Installation instead.

FISHMANPET
Mar 3, 2007



lol internet. posted:

- How do you deal with multiple advertisements that need to run in a specific order. (ie. Office 2007 x32 needs to be uninstalled prior to installing Office x64 2010)

- Also in advertisements, is there a way to force a restart first? If a user has outlook opened, I'd imagine you wouldn't be able to update/uninstall.

- Lastly, I haven't tried this yet, but how does SCCM software handle updates? (ie. MSI/exe updates.) Adobe 8 -> Adobe 9. Should you create a advertisements that uninstalls first, or are you good to just run installer

Is there a reason you're going to 2010 x64? Even Microsoft recommends you still use the 32 bit version, unless you're working with enormous files (aka excel spreadsheets bigger than a couple Gb). As for the uninstall/install, there's a few ways you can do that. You can have to packages, one to uninstall 2007, another to install 2010. You can have the 2010 install package run the 2007 uninstall package first. You could also write a script that does the uninstall for you, and then the install. This is probably the best idea, as it allows you a bit more control over what's going to happen (what do you do if you come to a computer that doesn't have 2007?). A task sequence would work, but is kind of ugly, as it advertises to the user as a mandatory operating system deployment, which might freak them out.

You can set a package to only run when the user is logged off, though that requires your users to log themselves off. But when it all comes down to it, it depends on how well the install package works. Firefox and Thunderbird are happy to be installed while the old version is running, they'll just ask the user for a restart if you want to open Firefox again.

And software updates, those are up to the vendor. All SCCM will do is run the program. If installing Adobe 9 on a system with Adobe 8 would remove Adobe 8 normally, then that's what will happen. If that's not the case, the you'll need to manually remove Adobe 8.

FISHMANPET fucked around with this message at Feb 14, 2011 around 18:00

lol internet.
Sep 4, 2007
the internet makes you stupid

Noel posted:

In order:

- Use a Task Sequence to create a... sequence of tasks. It is in the OSD part of the console, but can be used outside of OSD. So you would advertise a TS that, if 2007 is installed, uninstalls it, then installs 2010. If 2007 is not installed, it skips the uninstall and goes right to installing 2010.

- Again, use Task Sequences. The first step is a restart (make sure you play with the countdown timers...), then do what else you need.

- SCCM, in my opinion, handles software updates poorly. To answer your question, the delivery method (SCCM or GP Software Installation) does not matter, it depends what the msi/exe you are running does.
As for why I think SCCM is a poor choice for software updates in most environments (I assume we are talking desktops/laptops and not servers) is that it's an uncontrolled environment. GP Software Installation at least happens on startup, so it doesn't matter that Dreamweaver CS4 freaks out that firefox is open when it is installed.
Our users are currently running updates themselves (local admins, yadda yadda), and when we investigated using SCCM to perform the updates we decided it just wasn't going to work, and we're going to use GP Software Installation instead.

Gotcha, was just wondering if there's some super secret that I haven't of noticed or learned yet with SCCM

FISHMANPET posted:

Is there a reason you're going to 2010 x64? Even Microsoft recommends you still use the 32 bit version, unless you're working with enormous files (aka excel spreadsheets bigger than a couple Gb). As for the uninstall/install, there's a few ways you can do that. You can have to packages, one to uninstall 2007, another to install 2010. You can have the 2010 install package run the 2007 uninstall package first. You could also write a script that does the uninstall for you, and then the install. This is probably the best idea, as it allows you a bit more control over what's going to happen (what do you do if you come to a computer that doesn't have 2007?). A task sequence would work, but is kind of ugly, as it advertises to the user as a mandatory operating system deployment, which might freak them out.

You can set a package to only run when the user is logged off, though that requires your users to log themselves off. But when it all comes down to it, it depends on how well the install package works. Firefox and Thunderbird are happy to be installed while the old version is running, they'll just ask the user for a restart if you want to open Firefox again.

And software updates, those are up to the vendor. All SCCM will do is run the program. If installing Adobe 9 on a system with Adobe 8 would remove Adobe 8 normally, then that's what will happen. If that's not the case, the you'll need to manually remove Adobe 8.

Same as Noel, I thought there might be something I might of missed since the SCCM console is super big. Umm for the most part, I only started 2 months ago (at the company and with SCCM.) There was 30 something odd machines already deployed, I'm just following lead. Hell for the most part if it breaks their plugins, perhaps less trouble down the road unless it's them whining\complaining about it not working.

Some things I have yet to really taken advantage or learned in SCCM is software updates, and the dashboard due to OSD across like 20 different hardware configurations


Sorry for filling the thread with tons of questions as SCCM has a huge learning curve I found. But any tricks/tips/cool things you've noticed with SCCM that you would like to share? Or perhaps some mistakes\solutions you've made? For me, drivers was a total clusterfuck, I just spent a poo poo load of hours doing it and doing it wrong everytime till eventually I got a solid understanding of it.

lol internet. fucked around with this message at Feb 15, 2011 around 02:30

Muslim Wookie
Jul 6, 2005


Noel posted:

In order:

- Use a Task Sequence to create a... sequence of tasks. It is in the OSD part of the console, but can be used outside of OSD. So you would advertise a TS that, if 2007 is installed, uninstalls it, then installs 2010. If 2007 is not installed, it skips the uninstall and goes right to installing 2010.

- Again, use Task Sequences. The first step is a restart (make sure you play with the countdown timers...), then do what else you need.

- SCCM, in my opinion, handles software updates poorly. To answer your question, the delivery method (SCCM or GP Software Installation) does not matter, it depends what the msi/exe you are running does.
As for why I think SCCM is a poor choice for software updates in most environments (I assume we are talking desktops/laptops and not servers) is that it's an uncontrolled environment. GP Software Installation at least happens on startup, so it doesn't matter that Dreamweaver CS4 freaks out that firefox is open when it is installed.
Our users are currently running updates themselves (local admins, yadda yadda), and when we investigated using SCCM to perform the updates we decided it just wasn't going to work, and we're going to use GP Software Installation instead.

I have to disagree, in the last place I setup SCCM about a dozen departments climbed on the "This is just an excuse to take away our admin rights and it won't work right and the four horsemen..." train.

I just set all updating and installations to occur at 3am, waking the PC itself and then shutting it down once it's complete. I personally find GP terrible for software deployment, but most instinctually than for any technical reason.

FISHMANPET
Mar 3, 2007



lol internet. posted:

Sorry for filling the thread with tons of questions as SCCM has a huge learning curve I found. But any tricks/tips/cool things you've noticed with SCCM that you would like to share? Or perhaps some mistakes\solutions you've made? For me, drivers was a total clusterfuck, I just spent a poo poo load of hours doing it and doing it wrong everytime till eventually I got a solid understanding of it.

No problem, that's why I made the thread, because I was in the same boat.

Here's a tip that somebody else gave me that blew my mind:

Overload your OSD with all the driver packages you need. You can add a WMI query so it only applies the package if the computer is the right hardware model, so you only have one task sequence to keep up to date with new software packages.

quackquackquack
Nov 10, 2002


quote:

A task sequence would work, but is kind of ugly, as it advertises to the user as a mandatory operating system deployment, which might freak them out.

Why would it show a notification at all if I set it to Mandatory (As soon as possible) and uncheck "Allow users to run the program independently of assignments"

quote:

I have to disagree, in the last place I setup SCCM about a dozen departments climbed on the "This is just an excuse to take away our admin rights and it won't work right and the four horsemen..." train.

I'm not quite sure how these things are related. SCCM itself seems to be scarier in terms of "oh no they're taking away my local admin".

quote:

I just set all updating and installations to occur at 3am, waking the PC itself and then shutting it down once it's complete. I personally find GP terrible for software deployment, but most instinctually than for any technical reason.

I'm not a huge fan of GP software installation either, but for certain things like updates to flash, java, adobe reader, it makes sense to me, to avoid issues with running software when the update happens.

We are not just a 9-5 environment, and many people remote desktop into their computers from home (I'm working on roaming profiles plus a terminal server, but that's not something to rush), or they are required to lock their laptops in a drawer at night. Every environment is different, of course, I'm not implying the way I do things is gospel.

However, I will stand by Task Sequences being a better way to do things in a lot of cases. With a TS (as compared to a script) you get better error reporting, it's easy to chain things together, and if you use "Run Advertised Software", you can have the Task Sequence show a progress bar (albeit one that counts 'progress' as "number of steps completed").

So that would be my tip: Task Sequences make a lot of things easier. FISHMANPET stole my other biggest tip.

Crazak P
Apr 11, 2003

PUNISHER > SPIDERMAN

vladimir posted:

windows 2000 issues

Thanks. I think all that stuff about 2000 servers were related to Exchange or doing in place upgrades. I'm planning on rebuilding the servers from scratch and we don't use Exchange, so the upgrade should be relatively straight forward.

Although I have been reading more about having domain controllers on VMs and that's kind of a pain in the rear end, but I think I've got all the nuances down.

Muslim Wookie
Jul 6, 2005


Noel posted:

I'm not quite sure how these things are related. SCCM itself seems to be scarier in terms of "oh no they're taking away my local admin".

Because the only reason they were ever able to keep a hold of local admin rights was for installing software, because they undermanned the IT department so much that it took legitimately too long for anyone to get to them to get their poo poo installed. Of course, they wanted local admin for far more than installing Acrobat updates, Oracle suites or anything work related, but the work related issues were what got it over the line for exec. We actively had people trying to sabotage SCCM to prove they needed to keep local admin. I wish I was making this poo poo up.

Noel posted:

I'm not a huge fan of GP software installation either, but for certain things like updates to flash, java, adobe reader, it makes sense to me, to avoid issues with running software when the update happens.

We are not just a 9-5 environment, and many people remote desktop into their computers from home (I'm working on roaming profiles plus a terminal server, but that's not something to rush), or they are required to lock their laptops in a drawer at night. Every environment is different, of course, I'm not implying the way I do things is gospel.

However, I will stand by Task Sequences being a better way to do things in a lot of cases. With a TS (as compared to a script) you get better error reporting, it's easy to chain things together, and if you use "Run Advertised Software", you can have the Task Sequence show a progress bar (albeit one that counts 'progress' as "number of steps completed").

So that would be my tip: Task Sequences make a lot of things easier. FISHMANPET stole my other biggest tip.

I considered this issue at the time and solved it two different ways. One was to write a quick script that simply locked user input out and terminated the relevant process and then did the install and the other was I set the advertisement to only run if there was no user logged in, and if there was a user logged in at the install time it would wait until the first moment someone had logged off.

quackquackquack
Nov 10, 2002


Maybe you can answer a question I've had in the back of my head: if I set an advertisement to run when nobody is logged on, let's say it's a big one, like Photoshop, will it delay the shutdown process to finish installing after logoff? My flock does no log off. I don't think they know what that button is.

Around here if I killed someone's firefox in the middle of the day, or locked them out of their computer... well, they would think the computer demons did it. But if they noticed that it happened to a few people around them at the same time, they would clue in. "But my firefox had the exact tabs open I needed, re-opening them perfectly will take hooouuurrsss." We have a 'do not disturb' policy combined with a 'can't make the end user do anything themselves', which is why slipping something like an Adobe Reader update in at startup is possible, but having people update Reader themselves is too much.

Speaking of, I pulled the stats in SCCM to show me who had out of date software for the following: Reader, Flash plugin, Flash ActiveX, Java. Everyone is a local admin on their computer.
23% was the magic number. And I know that number was inflated by a large batch of new computers we had just given out, so they had the most recent versions.

FISHMANPET
Mar 3, 2007



Noel posted:

Why would it show a notification at all if I set it to Mandatory (As soon as possible) and uncheck "Allow users to run the program independently of assignments"

I haven't played around with this very much to be honest. All I've done with OSD is advertise it to a collection that allows the user to run it, then only put machines I want imaged right now in that collection. I've only done the mandatory thing once, and then the user was still allowed to run it on their own.

But I think some software packages and Windows updates will pop up a warning "this poo poo is gonna happen in 30 minutes, or right now if you click this button," so I wouldn't be surprised if task sequences did the same thing.

I also get spergy because they all co-mingle in the Add/Remove Programs dialog box, but in the "Run Advertised Programs" thing in the control panel, task sequences show up as Operating System Deployments and everything else is Software Packages.

lol internet.
Sep 4, 2007
the internet makes you stupid

Noel posted:

Maybe you can answer a question I've had in the back of my head: if I set an advertisement to run when nobody is logged on, let's say it's a big one, like Photoshop, will it delay the shutdown process to finish installing after logoff? My flock does no log off. I don't think they know what that button is.

Not sure what you mean by delay shutdown but photoshop should run okay with a user logged in. I've pushed out CS5 and visual studio 2010 to users logged in before.

I'm only weary when it comes to upgrade.

What I normally do is tell the users I'll push it out after hours, just log off. I just assign time to like 7pm or something

quackquackquack
Nov 10, 2002


FISHMANPET posted:

I haven't played around with this very much to be honest. All I've done with OSD is advertise it to a collection that allows the user to run it, then only put machines I want imaged right now in that collection. I've only done the mandatory thing once, and then the user was still allowed to run it on their own.

But I think some software packages and Windows updates will pop up a warning "this poo poo is gonna happen in 30 minutes, or right now if you click this button," so I wouldn't be surprised if task sequences did the same thing.

I also get spergy because they all co-mingle in the Add/Remove Programs dialog box, but in the "Run Advertised Programs" thing in the control panel, task sequences show up as Operating System Deployments and everything else is Software Packages.

You can control notifications on a per-advertisement basis.

Also, in 'Run Advertised Programs' my task sequences that are for software distribution are listed as such, and not under the OSD category.

I point it out not to call you on it, but because task sequences have made a whole hell of a lot of things easier for me, and I feel like their poor location in the console has left them overlooked and underused.

quote:

Not sure what you mean by delay shutdown but photoshop should run okay with a user logged in. I've pushed out CS5 and visual studio 2010 to users logged in before.

I'm only weary when it comes to upgrade.

What I normally do is tell the users I'll push it out after hours, just log off. I just assign time to like 7pm or something

Delay the shutdown until the program is finished installing.

Installing Photoshop CS4 while someone is logged on is fine, unless they have any internet browser, any other Adobe product, or any of the Office components open. At least Photoshop just errors out in that case, Adobe Pro will reboot the computer in some cases. Surprise!

Telling people to log off at certain times never seems to work around here. That was why I was hoping either "when nobody is logged on" (happening when someone shuts down their computer, in the period between logging off and actual shutdown), or "at logoff" would work (in the same fashion). Just some way to install software when the user is not logged on, but that doesn't require the user to explicitly log off. I realize a policy decision would be the better approach (have everyone log off at the end of the day or similar), but I've barked up that tree to no avail.

lol internet.
Sep 4, 2007
the internet makes you stupid

I'd like to setup email notifications for when applications have been deployed successfully in SCCM. Anyone do this yet or able to point me in the right direction.

quackquackquack
Nov 10, 2002


lol internet. posted:

I'd like to setup email notifications for when applications have been deployed successfully in SCCM. Anyone do this yet or able to point me in the right direction.

What are your criteria for "successfully"?

Take a look in the reports section, and find one that has to do with the status of an advertisement. Check the SQL it uses, then decide on an external tool that will query those tables and send the e-mail based on the criteria you choose.

Muslim Wookie
Jul 6, 2005


quackquackquack posted:

You can control notifications on a per-advertisement basis.

Also, in 'Run Advertised Programs' my task sequences that are for software distribution are listed as such, and not under the OSD category.

I point it out not to call you on it, but because task sequences have made a whole hell of a lot of things easier for me, and I feel like their poor location in the console has left them overlooked and underused.


Delay the shutdown until the program is finished installing.

Installing Photoshop CS4 while someone is logged on is fine, unless they have any internet browser, any other Adobe product, or any of the Office components open. At least Photoshop just errors out in that case, Adobe Pro will reboot the computer in some cases. Surprise!

Telling people to log off at certain times never seems to work around here. That was why I was hoping either "when nobody is logged on" (happening when someone shuts down their computer, in the period between logging off and actual shutdown), or "at logoff" would work (in the same fashion). Just some way to install software when the user is not logged on, but that doesn't require the user to explicitly log off. I realize a policy decision would be the better approach (have everyone log off at the end of the day or similar), but I've barked up that tree to no avail.

So maybe you or someone else had some questions on how I do this but I'm so rushed I have to drive by answer this, in the task sequence its easy as pie to have it run a script that evaluates "user logged in? yes/maybe" and logs off the user OR any action you want like maybe halting the task sequence with a failed flag and you can then set the task sequence to retry after failures on a schedule if i remember correctly

LoKout
Apr 2, 2003

Professional Fetus Taster

marketingman posted:

So maybe you or someone else had some questions on how I do this but I'm so rushed I have to drive by answer this, in the task sequence its easy as pie to have it run a script that evaluates "user logged in? yes/maybe" and logs off the user OR any action you want like maybe halting the task sequence with a failed flag and you can then set the task sequence to retry after failures on a schedule if i remember correctly

This is totally the right answer. Logoff or reboot first and then run the package. Set the advertisement time for after hours and you're good to go. Screw the user and their "I have to stay logged on overnight because I can't open Outlook and my web browser in the morning" attitude.

chmods please
Apr 28, 2009

The machine is a piece of shit!


I have a number of machines in MDT that belong to multiple roles. Nothing fancy there. However, in role A (which applies to most machines) the MachineObjectOU is specified, and in role B (which only applies to certain machines) a different MachineObjectOU is specified because those machines need to appear somewhere different in the directory.

How do I guarantee that MDT will read settings from role B? Is it the order of roles in the list in the machine properties window?

spog
Aug 7, 2004

I seem to smell the stench of appeasement in the air.

I've got a question about MDT

As I understand it, the official process is:

1) add a default image to MDT
2) add appropriate task sequences
3) deploy to a reference machine
4) capture an image of this reference machine
5) create new deployment share using this captured image
6) create new task sequence
7) deploy to new machines

I think I must be missing something pretty basic here: why perform 4-6?

4 is a checkbox selection in MDT, so it seems to be the Right Way, but to me it just looks like you are making extra work. What am I missing?

peak debt
Mar 10, 2001
b& :(

Mostly for saving time during a large scale deployment. 3 takes maybe an hour to finish depending on how much software and updates you need to install, 7 can be done in 10 minutes.

But on the other hand it costs you additional time for the setup, I never do 4-6 even if it takes a bit longer to setup.

Adbot
ADBOT LOVES YOU

quackquackquack
Nov 10, 2002


I also skip 4-6 (both in MDT and SCCM).

Part of this is I lie to use a lot of logic in my Task Sequences (conditional statements on various steps). Sure, I could make a reference machine with all but the conditional steps, then have another TS that deploys the reference image plus the conditional steps, but at that point it seems to be getting too complicated.

I'll probably do 4-5 this summer when we switch half of our PCs to 7 in a relatively short span.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«75 »