|
quackquackquack posted:SCCM is not something to lightly jump into. The learning curve is tough, the interface sucks, there's 50,000 logs, and you have to make sure you're looking in the right one, etc. I was thinking about playing with this after seeing all the talk about it. I downloaded the 2012 beta though.
|
#
¿
Mar 10, 2011 23:42
|
|
|
|
| # ¿ Apr 23, 2024 12:51 |
|
|
Italy's Chicken posted:Sometimes it's the user who moved the machine This is my dream
|
|
#
¿
Apr 16, 2011 17:41
|
|
|
Goon Matchmaker posted:I just pushed SP1 for Windows 7 out to everyone via WSUS. Let the bitching commence. Ours went out over the weekend. Outside of machines rebooting, no issues yet.
|
|
#
¿
Apr 25, 2011 18:56
|
|
|
Got Haggis? posted:I already have a Windows Server 2008 machine set up that is acting as our Exchange server as well as being used for AD Authentication for our linux machines. I'll have to look more into group policy administration I suppose..any good resources for that? Take a look at the GPO megathread. BangersInMyKnickers is a wizard when it comes to GPO stuff.
|
|
#
¿
Jun 16, 2011 15:14
|
|
|
Drumstick posted:I have about 1500 user folders that need to be cleaned off my nas. However, a few of them have removed the admin account from their folders security. I tried to take ownership of the folder they all belong too but im getting errors saying that there is not enough space on the disk. And I can add myself to their folders till I take ownership. Not all of the folders have done this. Any ideas to quickly get rid of these files? Quick question, why did they have the rights to modify the folders permissions?
|
|
#
¿
Jun 21, 2011 21:46
|
|
|
Wicaeed posted:So what is going to be the best way for me to remove 3 network printers from about 30-40 user accounts? I did this about 3 years ago via logon script and vbs at my old job as a student worker. Pretty much just had wrote the script to loop through printers and remove specific ones we were looking for. Sadly I don't have a copy of that script. If I get some time tonight I will see if I can get something together, I absolutely loath doing things manually, so will try and automate everything I can. Also, desktop authority is pretty loving solid. We had it here for the first hear or so and it made things so easy. You will notice that it makes them too easy, so good luck when you move to a new environment and it doesn't do all the voodoo for you.
|
|
#
¿
Jan 10, 2012 23:31
|
|
|
IT Guy posted:We don't virtualise where I'm at. I can't talk anyone into it. The exact quote I get for why we're not doing it is "It's job security when the executives step into the server room and are intimidated by all of the servers". What about job security when you have a small cluster running in there, and they touch the KVM and there is literally nothing they can do from an ESXi screen? My new boss talked about how stepping into a heavily virtualized environment coming from a place that was mostly physicals is pretty overwhelming until you get a good understanding of virtualization.
|
|
#
¿
Apr 14, 2012 20:22
|
|
|
InfiniteDonkey posted:Just finished installing SCCM 2012 with a Microsoft technician. Yea SCCM 2012 buddy! Currently working on an install myself. Currently I have no outside guidance (other than the interwebs), so I expect I may have to trash and rebuild, but I am excited to really see what I can get out of this. Edit: I just ordered a copy of this guy yesterday as well. http://www.amazon.com/System-Center-Configuration-Manager-Unleashed/dp/0672334372
|
|
#
¿
Aug 9, 2012 18:20
|
|
|
InfiniteDonkey posted:The Microsoft technician recommended me to check this post out. Funny that you post that. I was following a similar guide, but came across that one via google. Today my boss sends me the word document of SCCM 2012 install instructions and says that they are from his "SCCM Expert" and are for internal company use (his "expert" is supposed to come in next week for a few hours). After opening said document, I realize it is one of the guides that user posted for download. I wonder if I should tell him its from the interwebs 
|
|
#
¿
Aug 10, 2012 03:12
|
|
|
skipdogg posted:SCCM has Remote Control/Remote Assistance/Remote Desktop built into it. Right Click a device > Start > Remote Control This I am pretty excited about. Currently all of our machines have LogMeIn installed. So if I do not feel like walking to a users desk, I just connect with LMI. While it works, I really like the using SCCM and Remote Control instead. So my journey into SCCM is going pretty well so far. I just found out that when you purchase SCCM 2012, you get a license to run SQL standard for SCCM to use. I have having some hangups installing it and having it point at an existing SQL server. Now for the fun. On the first day I worked with only a very small (2) set of test computers. That was the only OU that I had SCCM discover so I wouldn't roast anything in production. Was able to successfully do a client push to both of those. Then create a software update group to patch flash (both activeX and plugin) to the most current version. Pretty sad that this is exciting, but I want our next pen test/vuln scan to come back with with a big smiley face on it. My boss is pushing me aggressively to start pushing out some patches to production. I am modifying my discovery methods to now include production workstations OUs. Just out of curiosity, how often does everyone have this polling? I have about 300 items within that OU, and it seemed to poll it pretty instantly, so I don't think having it poll every 3 hours or so should be an issue in production. Also preferred collection methods? For the basic stuff I am doing now, I am finding it easiest to create collections based on query, then just have it hit a specific OU. Anyone doing anything different? Edit: Random tip! When you create a collection, I would advise setting up maintenance windows on it. While it doesn't seem like a big thing, it could prevent you/someone from pushing out updates/sw/whatever during mid day. To set this, right click on a collection, and go to properties. This is then set in the Maintenance Windows tab. Moey fucked around with this message at 18:53 on Aug 17, 2012 |
|
#
¿
Aug 17, 2012 18:49
|
|
|
FISHMANPET posted:The way do maintenance windows is we have a set of nested collections that set them. There's WSUS Final, inside of that is WSUS General, inside of that is WSUS Test (they're called WSUS because it was setup by an old grey beard and it will forever be WSUS). Final has the smallest maintenance window, general slightly bigger, and test is always in a maintenance window for testing. If you start setting maintenance windows all over you could get confused about how a maintenance window is being set on a particular client (because your clients will be in multiple collections). Interesting to know! I never thought about nesting them. We have a small enough environment where we will not have that many collections (only internal work). Are you using SCCM for 3rd party patching as well? If so, are you rolling things yourself, or using something like Shavlik (vCenter Protect Update Catalog)? Edit: Also the "consultant" that I worked with for a little advised I install "RightClick Tools". So far I have found them pretty handy. http://eskonr.com/2012/05/sccm-2012-right-click-tools/
|
|
#
¿
Aug 17, 2012 20:21
|
|
|
Attempting to deploy my first software update group to a collection of ~260 workstations tonight, hopefully this doesn't blow everything up! It did work properly on my test collection of two workstations, and my admin collection of 10 workstations, so I have some mild faith.  Tomorrow I begin work on trying to get our mess of Java installs controlled.
|
|
#
¿
Aug 24, 2012 03:49
|
|
|
Moey posted:Attempting to deploy my first software update group to a collection of ~260 workstations tonight, hopefully this doesn't blow everything up! Heh, so much for that software update group deploying smoothly. Failed on every workstation. I got back an error description of "Group Policy Conflict". A little google work is showing me that it may relate to a GPO that we have applied to that specific OU that points Windows Update on those workstations to our existing WSUS server. I have not changed this since I am not handling MS patches with SCCM yet. Looks like I may have to get that changed sooner than later.
|
|
#
¿
Aug 24, 2012 12:24
|
|
|
Quick question for those patching Windows with SCCM 2012. When you are breaking up your Windows patches, do you break them up by OS (XP, 7), then distribute them to a collection that is limited by corresponding OS? Or is that overkill and just apply all those patches to all workstations, and let SCCM figure it out? Any advantages/disadvantages to either way?
|
|
#
¿
Sep 3, 2012 17:29
|
|
|
theperminator posted:Has anyone ever had a machine that loses it's secure channel every 30 days without fail? Never had this issue but what are the event logs showing?
|
|
#
¿
Oct 2, 2012 06:27
|
|
|
alanthecat posted:Is there an MMC for Add/Remove Programs so I can remotely connect to PCs and see what's installed, then hopefully uninstall what I don't like? If it is for one off things (non-automated), take a look at this script someone put together one the spiceworks forums. You put in a PC name and it will show everything in the add/remove programs window with options to uninstall or silent uninstall (if available). I have used it a handful of times over the past year for little things here and there and it has worked fine. http://community.spiceworks.com/scripts/show/915-remote-uninstall-software-hta
|
|
#
¿
Oct 25, 2012 18:25
|
|
|
Italy's Chicken posted:Enterprise Print Management question: How do you deal with multiple sites (10+) and users who randomly work at each site? GPO works fine to add printers to profiles we specify with a windows groups, but then the end-user ends up with 10 different sites' printers in their single profile. I'd really like the users to only see printers that are physically at the site they are signed into at that moment in time. Is there anyway do add printers based on what IP the user's machine is getting or another way??? Edit: Didn't realize this was answered a few times already.
|
|
#
¿
Feb 12, 2013 00:55
|
|
|
Docjowles posted:No Openfire pretty much owns, it's worth checking out for sure. With the disclaimer that I can't speak to its scalabality as I've only ever used it in environments of less than, say, 300 users. Hoping on the Openfire bandwagon. Rolled it at my previous place for around 280 users. Was a walk in the park. Maybe I'll roll it out here as a POC and see if anyone uses it. Most of the users here are very inept.
|
|
#
¿
May 1, 2013 15:53
|
|
|
Caged posted:I'd recommend a VPN endpoint built into the router you drop at each location, split tunnel it so only the traffic that needs to travel back to the head office does, and possibly drop a NAS at some locations for stuff like profile storage if you think it's necessary. A little old but seconding Meraki. Dead simple to use and not too costly either. Pick up some Z1 boxes for the remote offices and an MX60 for your main site. Meraki also does dynamic DNS so even if the remote offices are on a consumer line and their IP changes, you don't have to bat an eyelash. We have around 10 Z1s, 2 MX60s and 2 MX80s deployed. The amount of visibility it will give you is amazing. If a site is yelling about crappy internet speeds, you can go and see what device is consuming, and where that bandwidth is going to.
|
|
#
¿
Jun 27, 2013 22:51
|
|
|
Mr. Clark2 posted:I'm using Opsview (a Nagios fork), I found it much easier to set up and configure but YMMV. Seconding this. Using Opsview and found it pretty straight forward. I am using the free version so I have to go rip the ad frames out of their pages, but it works well enough for me. Moey fucked around with this message at 00:39 on Jan 8, 2014 |
|
#
¿
Jan 8, 2014 00:28
|
|
|
Anyone here good with AD CS? Hit a little bit of a snag today and am trying to get it sorted out. Back story: Old coworker installed AD CS on an older domain controller so he could get some AD authentication using SSL\TLS. Once was realized what he did, that role (and IIS) were removed from the domain controller. A standalone root ca for our domain was built and seems fine handing out most certs. We are retiring the older domain controller that had AD CA installed, so I need to point this sign on service at the new DC. Whenever I request a cert from the DC (pointing towards the root ca for the domain), I get the following error. certutil -ping also craps out. When using the gui though, I do see the correct root ca in there as the server I am requesting from. Edit: Both servers are 2012  
Moey fucked around with this message at 02:44 on Mar 6, 2014 |
|
#
¿
Mar 6, 2014 01:05
|
|
|
Moey posted:Cert poo poo Ended up getting this sorted out today. The Cert Publishers group didn't have rights in any of the right OUs...
|
|
#
¿
Mar 7, 2014 01:07
|
|
|
dotalchemy posted:Meraki, from a wireless infrastructure / AP point of view, came up this morning as an alternative to Aruba - does anyone have any experience with Meraki from a wi-fi perspective? Reviews show them to be pretty poo poo hot, and priced competitively, with Aruba... We are using Meraki for all of our APs, access layer switches and also some VPNs from smaller remote campuses. It works great, dead simple and their support is really reactive. My only gripe is their price is kind of high, and once you stop paying your support (purchases come with 3 years), your devices go dead (all cloud managed). I have heard good things about Ubiquiti, they are also much cheaper.
|
|
#
¿
Mar 13, 2014 18:04
|
|
|
Docjowles posted:Save yourself the hassle and just create a subdomain of your main, public domain name and use that for AD. Beating the dead horse, but do this. ad.example.com or whatever. I would kill for the chance to setup a clean brand new domain. The amount of legacy poo poo issues I have came across here is amazing.
|
|
#
¿
Mar 18, 2014 21:11
|
|
|
peak debt posted:Or you could use company.com as the domain, but then your website won't work from internal IPs! You can't win This is what is currently setup here. As I have discovered, there is a DNS entry for WWW pointing towards our webserver for internal...
|
|
#
¿
Mar 18, 2014 21:48
|
|
|
Docjowles posted:This is probably obvious, but it will create a new user account on their laptops when they log in as NEW\joe instead of OLD\joe. I remember this being advised in the past, but I have never used it. May be overkill for a domain this size though. Who knows. http://www.forensit.com/domain-migration.html
|
|
#
¿
Mar 28, 2014 23:06
|
|
|
On the subject of ticketing systems. Has anyone used osTicket? Thinking about spinning up a test of it. We need to replace an aging ticketing system. Owned Kaseya for two years and that was money down the toilet for our size (and no one ever set it up properly). Ideally opensource/free (I am a cheap rear end) with some workflow.
|
|
#
¿
Apr 5, 2014 00:54
|
|
|
Bob Morales posted:All machines on the LAN are using /16 Whatever server answers first will hand out the address. I just recently learned this, as our old network guy had ip helpers on different switches (for the same VLAN) pointing to different DHCP servers. One Windows box, and one old Cisco switch. Out of curiosity, why the /16 subnet? Why not a few smaller ones if you want to split things up? Nutbag client?
|
|
#
¿
May 1, 2014 15:13
|
|
|
orange sky posted:There is no justification. Just incompetence, probably. I setup a faxpress "server" to reboot every night at 3am. If I didn't the thing would randomly hang one of the lines and no faxes could come in. Gotta love faxes.
|
|
#
¿
May 2, 2014 17:45
|
|
|
Don't rename them, just roll new ones.
|
|
#
¿
May 9, 2014 08:15
|
|
|
Zaepho posted:I pretty much always take any excuse to get to the latest OS. This. And cleaning out all the crap people have done to the dc over the years. If I find another dc with Adobe Reader installed....
|
|
#
¿
May 9, 2014 16:06
|
|
|
orange sky posted:Why?? I work with some simple minded people.....
|
|
#
¿
May 9, 2014 18:26
|
|
|
Gyshall posted:Sharepoint? Stockpile alcohol long with it.
|
|
#
¿
May 21, 2014 17:04
|
|
|
We have a Dell reseller we go through. I normally just configure what I want on their website, print the specs and send them to my reseller. One time they came back with higher than the web price (which was on the PDF I sent with the specs). I emailed my Dell rep about it, they spoke with the vender, and I had a new quote within a few days that was cheaper. Everything at my current gig was all HP for servers, we are slowly switching to Dell. I have never had an issue with their support.
|
|
#
¿
May 21, 2014 19:43
|
|
|
Demie posted:My first experience with them involved staying on site until midnight, going through 3 shifts of support people, and losing all of the data anyway. But I have been pretty satisfied ever since I learned how to push them around. This would be a huge negative hit in my book. Over the years I have learned to not care and continually ask for escalation until I am with someone who knows what they are doing. I have a environment a fraction the size of yours though.
|
|
#
¿
May 22, 2014 03:12
|
|
|
I would say it really depends on your underlying disk storage (performance and redundancy) as well as your RTO and RPO for that data.
|
|
#
¿
Jun 5, 2014 14:24
|
|
|
Nitr0 posted:We routinely do >8-9TB VMFS with no issues. I see you are running Nimble. 
|
|
#
¿
Jun 6, 2014 17:50
|
|
|
I will be doing some testing with a big fuckoff sized VMDK sometime soon (5.5u1 as well). Probably 25tb. Should be interesting.
|
|
#
¿
Jun 6, 2014 20:08
|
|
|
BaseballPCHiker posted:Unfortunately legal wants me to put in a ticket for each individual system that I need to remove from AD. Ugh, lots of work ahead for me. Dear lord, I cleaned up over 2000 old computer accounts here not too long ago. Good thing I didn't have to check with anyone.
|
|
#
¿
Jul 22, 2014 16:59
|
|
|
|
| # ¿ Apr 23, 2024 12:51 |
|
|
BaseballPCHiker posted:Yeah I've got a powershell script that will give me a list of all computers that haven't logged onto the network in the last 60 days. Which I then gave to them, they still seem super paranoid about me making any changes. I'll try to talk them into letting me at least disable all of them and move them into a separate OU. When I started here I couldn't even do that, Windows 2000 functional level... I ended up using something called "ADTidy" (pretty much just a GUI for powershell scripts) to search for old rear end computer accounts, then disable/move them in bulk.
|
|
#
¿
Jul 22, 2014 23:28
|
|