|
FISHMANPET posted:Wow, thanks Ricoh, your drivers suck. The Dell provided driver extracts to... another executable, and that doesn't extract to anything. So I guess no INF for SCCM to push out. Are you sure? One of the best tools I ever had for setting up SCCM "anything" was UniExtract. Universal Extractor. Just right click any installation .exe (or virtually any archive at all) and choose "Extract here". Viola, you have all the files you need without the stupid Temp folder hunting bullshit.
|
# ¿ Jul 26, 2010 17:11 |
|
|
# ¿ Apr 26, 2024 01:10 |
|
Dyscrasia posted:I would love a better way to go about this too. I have just been doing GPO push installs for Reader, Flash and Java. I'm not sure I understand why SCCM would not be appropriate. You would set up primary site in each customers domain and go from there. SCCM itself isn't that expensive and the client licenses can be had real cheap if you buy a shitload at once from MS... I'd be doing a real CAPEX if I were in your shoes instead of asking on the net but I know accounting isn't particularly exciting... I find a lot of techs say things like this with confidence but haven't done anything but have some vague thoughts about the matter - doing some sums on paper can actually surprise you sometimes!
|
# ¿ Jul 26, 2010 17:16 |
|
Yeah SCCM will do that but it all comes down to the settings you have set. Once it thinks the advertisement ran and was successful, it will stop attempting to do it. You need to click the "Force" tickbox in the advertisement to have it rerun. Also if you haven't already done it or realised, using the inbuild collections for advertisements is foolish at best, and can cause huge headaches at worst. Create collections that take their membership information from an AD security group. Now, remove anyone but senior admin access to SCCM, and for anyone that wants Firefox deployed to a particular machine tell them to make that computer a member of the Firefox security group. User left and PC needs zeroing? Remove computer object's membership to everything, easy. Take this idea to it's conclusion, this is just the start. In your dev env you can have SCCM doing an AD discovery every 5 minutes. In Prod it depends on your prod environment but I would still have it fairly often (once every hour or two?). Muslim Wookie fucked around with this message at 06:26 on Jul 27, 2010 |
# ¿ Jul 27, 2010 06:23 |
|
I use security groups with SCCM because we tend to attach licenses to usernames. This also means one user can jump onto another computer and install all their "usual" suite of software. I usually put in some mechanism to prevent users using software that's installed that they aren't cleared for. If everyone in a department used the exact same set up then I might go for the collections only method.
|
# ¿ Jul 28, 2010 11:19 |
|
For option number 2 download Hyena and use that - it will make life a lot easier. For option number 1, you can use Hyena or you can use the inbuilt SCCM reports, either option will need some customisation ie scripting.
|
# ¿ Aug 7, 2010 04:59 |
|
Noel posted:Use "Apply Driver Package" instead of "Auto Apply Drivers". Better to have control over what is happening. Just an addendum to that - a task sequence works well for practically everything but you should only use it for those packages you can't install silently. And if you really want to get into things then you can look at repackaging any installers that won't do silent installs. On that note if you're a coder and you don't allow silent installs you can go get hosed you egocentric prick.
|
# ¿ Aug 10, 2010 05:40 |
|
I'll be honest, and excuse me for contradicting someone that is obviously very knowledgeable, but that Java install for x86 is way to complicated when you can simply UniExtract the downloaded installer and run the MSI within it. If you're using SCCM you just put the extracted files into a package and deploy it, telling it to run the MSI. It's really as simple as that. Across architecture doesn't change.
|
# ¿ Aug 24, 2010 06:18 |
|
OK fair enough. I'm not going to outright pan you like someone on SA might usually do so, all aggressive for an internet thrill - I'll just say that I've never had an issue deploying in the same exact situation you are talking about. Further, if I did I would simply repackage the product, using whatever tools that particular rear end in a top hat client site has available to me. Wise packaging tools? gently caress YOUUUUUUUUUU but I'll make it work. Anything else, gently caress you Sun, but I'll make it work. Actually to be brutally honest I'm just crazy jealous of the Kaseya guy - simply because he's described a solution I wouldn't even know how to go about discovering. How embarrassing, I think it's time I ended my CJ days and moved into management
|
# ¿ Aug 24, 2010 15:05 |
|
Noel posted:I used the ZTIWindowsUpdate script (part of MDT2008, have not used 2010), which was nice because it essentially hammered the WSUS until you were fully updated. Sure, the imaging took longer, but you skipping having people complain about all the updates that needed to be run once they got their new computer. I don't understand: 1) Why wouldn't you tie it in? 2) And that script is the same as SCCM installing all the updates during imaging - how come one is acceptable and the other is not to you?
|
# ¿ Oct 10, 2010 14:25 |
|
Well you've still got it around arse backwards... You don't install the SCCM "role" on the WSUS server, you install SCCM on a server, and then you install WSUS, and SCCM controls WSUS from that point forward. Further, setting up WSUS is like, 10 minutes work. It has basically no impact on server load, and setting it to be a downstream server would be easy as pie, just point it at the upstream IP address. Just go ahead and do it! What's the worst that can happen? "Oh no you've improved our systems and made everything better, you're fired!!!" (Don't answer that :P)
|
# ¿ Oct 11, 2010 08:19 |
|
Noel posted:If it makes it easier, let's agree that the Software Update Point (SUP) site role and WSUS have to be installed on the same machine. So either I get to install SUP on the existing WSUS (not going to happen), or I set up a downstream on my existing SCCM server. Oh yeah I did totally not click on that. If I wasn't such a strong fan of ITIL these days I would be doing things without telling them just because I know they'll work. I feel for you bud
|
# ¿ Oct 12, 2010 03:50 |
|
Noel posted:In order: I have to disagree, in the last place I setup SCCM about a dozen departments climbed on the "This is just an excuse to take away our admin rights and it won't work right and the four horsemen..." train. I just set all updating and installations to occur at 3am, waking the PC itself and then shutting it down once it's complete. I personally find GP terrible for software deployment, but most instinctually than for any technical reason.
|
# ¿ Feb 15, 2011 11:22 |
|
Noel posted:I'm not quite sure how these things are related. SCCM itself seems to be scarier in terms of "oh no they're taking away my local admin". Because the only reason they were ever able to keep a hold of local admin rights was for installing software, because they undermanned the IT department so much that it took legitimately too long for anyone to get to them to get their poo poo installed. Of course, they wanted local admin for far more than installing Acrobat updates, Oracle suites or anything work related, but the work related issues were what got it over the line for exec. We actively had people trying to sabotage SCCM to prove they needed to keep local admin. I wish I was making this poo poo up. Noel posted:I'm not a huge fan of GP software installation either, but for certain things like updates to flash, java, adobe reader, it makes sense to me, to avoid issues with running software when the update happens. I considered this issue at the time and solved it two different ways. One was to write a quick script that simply locked user input out and terminated the relevant process and then did the install and the other was I set the advertisement to only run if there was no user logged in, and if there was a user logged in at the install time it would wait until the first moment someone had logged off.
|
# ¿ Feb 16, 2011 03:46 |
|
quackquackquack posted:You can control notifications on a per-advertisement basis. So maybe you or someone else had some questions on how I do this but I'm so rushed I have to drive by answer this, in the task sequence its easy as pie to have it run a script that evaluates "user logged in? yes/maybe" and logs off the user OR any action you want like maybe halting the task sequence with a failed flag and you can then set the task sequence to retry after failures on a schedule if i remember correctly
|
# ¿ Feb 21, 2011 16:44 |
|
lol internet., as frustrating as all that sounds I just have to point out that in these matters, users never "just somehow have the TS available to them". I might end up proven wrong but SCCM doesn't muck up like that, it's invariably operator error.
|
# ¿ Mar 1, 2011 04:29 |
|
lol internet. posted:Gonna be setting up the update portion of SCCM to takeover the WSUS roles. I don't know your setup but the way I got lauded for my SCCM work was by never loving it up (because I built 2 test environments, one at home, one at work, and did all the changes there first, and made inevitably hundreds of newbie mistakes and ran into undocumented situations in those environments rather than production). Another thing to consider is if WSUS is working fine, do you *really* need to transfer to SCCM? In my cases it's always been yes because I'm an SCCM whore of the worst kind (I've deployed Linux via SCCM rather than set up Puppet).
|
# ¿ Mar 4, 2011 06:32 |
|
peak debt posted:Tip of mine: Unless you have a setup with a lot of branch offices, don't bother using SCCM for Updates. The one nice thing about it is that you can have the distribution points architecture create a lot of local update servers so you don't overload the VPN whenever a patch day comes. This what I was trying to get at. Don't do it unless you actually have to. And for branch office distribution points, you could always just roll a downstream WSUS server.
|
# ¿ Mar 4, 2011 12:48 |
|
To quote someone in the Rant thread: "Sir, it seems that you already know the answer to your problem. I suggest you try to fix your issue in the manner that you have described. Thank you and have a nice day." Are you SURE it's not the VM? What happens with 2k8 on the P4 shitbox? Slow or snappy? I've not seen this behaviour in any of my 2k8 terminal servers, VMWare VMs.
|
# ¿ Mar 25, 2011 12:55 |
|
mute posted:Get multiple quotes, aggressively play them against each other. This. And don't feel bad about it. You're a guppy in a shark pond. Take every advantage you can get over the sales sharks.
|
# ¿ Apr 9, 2011 05:45 |
|
Guys, I'm thinking of deploying SCCM into a server only environment, for quick deployment of new servers and being able to roll "Application ABC" server at a moments notice to add into the load etc. Reporting would be a big plus too. Do you think it's too much? Am I being biased simply because I like SCCM? I find the effort to roll out a SCCM install fairly minimal, build the server and off you go... Packaging software isn't a big deal, inhouse made apps can be either developed into MSIs or if the devs are lazy, Powershell scripts to "install" them... Am I making a huge mistake? I keep having this nagging feeling that I'm putting a nail into my careers coffin at this place if I do it.
|
# ¿ Apr 10, 2011 07:07 |
|
quackquackquack posted:How many servers? What are you currently using to deploy servers and software? Is this a vSphere environment? Are you the only person who needs to use it? ~300, growing steadily. Currently merely installing manually from ISO. Roger that on vSphere. I have many, many devs.
|
# ¿ Apr 11, 2011 07:20 |
|
quackquackquack posted:What about using templates? Dev's won't "use" it beyond their personal dev VMs which I'd leave the "image" advertised to permanently and allowed to be started off by any user. I haven't really researched templates for Windows VMs, but I'd still have to join to the domain, log in, set IP, etc etc. I'm pretty confident with SCCM I can have it ask me all the settings up front with OSD variables so it's pretty much fire and forget. That's also the advantage of getting things packaged - if it's ever required I can just spin up "Application ABC" OSD and bam, 20 minutes later fully completed server with application installed ready to be put into the load balancer.
|
# ¿ Apr 11, 2011 16:17 |
|
spog posted:Stupid newbie question regarding KMS: Ummm.... sort of? You use your KMS key to activate Windows on the KMS server. That's it, KMS server complete. This is why I might pair my KMS server with say, WSUS or something of that nature. You can use slmgr.vbs too add extra keys into the KMS server so that it can activate OSes other than Server 2008 R2. And if you have a properly configured DNS setup, you practically never actually have to run slmgr.vbs - it's all done automatically. KMS off the top of my head contacts MS over the net. My memory is hazy on that TBH you should check the Technet article for KMS. Edit: Here's an OK vid: http://technet.microsoft.com/en-us/dd936199.aspx Also no VLKs, you need to use these keys: http://technet.microsoft.com/en-us/library/ff793406.aspx But again if you've got a properly connected environment, you won't even need to enter the key, it'll grab the key and activate itself from the KMS server. Muslim Wookie fucked around with this message at 15:19 on Apr 12, 2011 |
# ¿ Apr 12, 2011 15:14 |
|
bear shark posted:When you put your volume key into slmgr, it activates the host and downloads that info from Microsoft. It takes like 2-3 minutes to enter the key because there's all that processing. Yup. But just to be clear - when you install the OS and during the installation process it asks you for the license key - use the KMS key. If you have to activate Windows 7, then you use slmgr.vbs to add the Windows 7 KMS key in there. bear shark posted:Not necessarily, we were using an Enterprise MAK until very recently. Incidentally, our KMS key is listed as being able to activate all Professional and Enterprise editions, but I don't know if that's true of all keys. You have to put in the correct client key for the edition you're running. I'm not sure what you mean here; if you enter an MAK the server/workstation will attempt to contact MS directly and if it can't you'll have to call the activation line. At no point will a MAK key try to contact the KMS server. You can change a MAK key to a KMS key using slmgr.vbs if you want - but MS still consider the MAK to be "activated" on that PC and you'd need to call them and hope they take your explanation if you ever need to get those MAK activations back. And when I say change MAK into KMS, I mean slmgr.vbs will allow you to enter a new license key at any time replacing the old key. bear shark posted:My understanding is that you do so by importing new keys, I'm not sure if it's possible to add new products to an existing key a la carte - I don't think it would be, because Server 2008 R2 is a different class of key from 7, but we haven't tried yet. You don't add products to existing keys - you add more keys to the KMS server. If you want to visualise it, imagine a the KMS server as a bouncer, the people in the line clients that are trying to activate and the door list is the info you've put into KMS. Every time you add a new key using slmgr.vbs, a new and extra name is appearing on the bouncers list. The delineation as to what keys can activate what products can be found in the link I've provided with the client KMS keys.
|
# ¿ Apr 13, 2011 12:18 |
|
Guys WMI plugin for Cacti, what's good? go go go
|
# ¿ Apr 14, 2011 05:05 |
|
Italy's Chicken posted:SCCM newbie here. How do you track and keep a history of what users log into which PCs and what IPs they've had? I'm in a situation where staff have moved machines, sometimes to different buildings, and the only way I'm realizing it is pinging the machine's to get the IP which our networking team thankfully setup to have building and floor specific IPs given out by DHCP. I'm not in the office so I can't give you a step by step, except to say there are multiple fairly straightforward ways to achieve this. My post is more of a question as to why this is important to you?
|
# ¿ Apr 15, 2011 08:52 |
|
Nitr0 posted:Looks like it's time for someone to invest in a good VM / thin client solution and quit replacing those things every 3 years. This is your endpoint right here. However, you have a better way of identifying the computers... you can have a report run every week/month/year/whatever that spits out all computers that are now older than x time. You have a lot of reliable date fields to choose from! You are definitely looking it at this the wrong way, don't try to follow arbitrary users...
|
# ¿ Apr 17, 2011 17:42 |
|
Hey guys I didn't really get many answers in the Exchange thread, so I'm asking her with the wider audience - anyone have experience with seriously large Exchange mailbox numbers? Looking specifically for overall architecture and annoyances?
|
# ¿ May 9, 2011 16:26 |
|
skipdogg posted:It's hard to give advice without specifics. 100K users in a geographical region would be setup differently than say a global company with a dozen subdomains across 30 countries and 5 continents. Totally understand where you are coming from, however I'm actually looking for examples of *any* style of large deployment. I'm fairly confident on how I'd architect it, just looking to see how other organisations do it in many different situations. To give you an idea though, 2 million plus users, national, soft 2gb quota, ActiveSync, OWA, even geographic spread, pretend migration from old system to new system isn't a concern at all. With regards to AD, it's practically greenfields, with all accounts actually authoritatively held within an OpenLDAP implementation. I have no expectation of using that in the solution however. There is an AD domain that I would be pushing to use.
|
# ¿ May 10, 2011 02:28 |
|
ghostinmyshell posted:What do you guys think about Server Core? It's perfect if you develop all your applications internally, you can just ensure they don't use any classes that aren't presented by ServerCore.
|
# ¿ May 12, 2011 08:07 |
|
|
# ¿ Apr 26, 2024 01:10 |
|
evil_bunnY posted:Don't know of any customers with it in production for anything that's not MS roles. I wouldn't be deploying ServerCore for most vendor products, it's not worth the hassle. But for internally developed applications which use IIS as a front end, why not? (rhetorical)
|
# ¿ May 12, 2011 13:07 |