Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Muslim Wookie
Jul 6, 2005
To quote someone in the Rant thread:

"Sir, it seems that you already know the answer to your problem. I suggest you try to fix your issue in the manner that you have described. Thank you and have a nice day."

Are you SURE it's not the VM? What happens with 2k8 on the P4 shitbox? Slow or snappy?

I've not seen this behaviour in any of my 2k8 terminal servers, VMWare VMs.

Adbot
ADBOT LOVES YOU

Nomex
Jul 17, 2002

Flame retarded.

lazer_chicken posted:

2k8 woes

Is there any errors or warnings in the event log during login?

lazer_chicken
May 14, 2009

PEW PEW ZAP ZAP

marketingman posted:

To quote someone in the Rant thread:

"Sir, it seems that you already know the answer to your problem. I suggest you try to fix your issue in the manner that you have described. Thank you and have a nice day."

Are you SURE it's not the VM? What happens with 2k8 on the P4 shitbox? Slow or snappy?

I've not seen this behaviour in any of my 2k8 terminal servers, VMWare VMs.

The p4 is not 64 bit so I can't test 2k8 on it directly. The vm performs fantastic otherwise but of course I can't be SURE it's not the vm at this point. Disk performance inside the vm is hard to gauge, though, because much of the vm ends up getting cached in the zfs cache. I guess I need to find a spare non-lovely machine to test 2k8 on.

I kind of suspect it may be an issue with samba, but I wanted to check in here to make sure it wasn't a known 2k8 issue or something.

Nomex: the only warnings in the event log are "token-based activation failed," which the kb article says we can ignore.

I'll dick around with the vm config in the meantime and see what happens.

LoKout
Apr 2, 2003

Professional Fetus Taster
It might be an issue with 2k8. By default it uses an authentication method that Samba doesn't support, but it will fall back to a less restrictive one if that fails. I read about that in an article just yesterday. You might try finding some settings (in local policy perhaps) relating to NTLM versions or look around on Microsoft's site for slow 2k8 login with a Windows 2000 PDC - that would simulate a similar environment to Samba.

I've seen the settings before but I'm drawing a blank right now. Sorry for not being more specific, but hopefully it helps.

amishpurple
Jul 21, 2006

I'm not insane, I'm just not user-friendly!

LoKout posted:

It might be an issue with 2k8. By default it uses an authentication method that Samba doesn't support, but it will fall back to a less restrictive one if that fails. I read about that in an article just yesterday. You might try finding some settings (in local policy perhaps) relating to NTLM versions or look around on Microsoft's site for slow 2k8 login with a Windows 2000 PDC - that would simulate a similar environment to Samba.

I've seen the settings before but I'm drawing a blank right now. Sorry for not being more specific, but hopefully it helps.

He could be on to something here. Check the below registry key on the 2k8 box and maybe try setting it to 0:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

lazer_chicken
May 14, 2009

PEW PEW ZAP ZAP
That looks promising but no dice so far. I changed that key and also some settings in the local security policy to use NTLM instead of NTLMv2 authentication, but no change yet. I bet this is the problem, though. It's probably going require some changes on samba's end too. Thanks for getting me going in (what I believe is) the right direction.

Edit: but we do have win7 clients and they don't seem to have this issue, so who knows...

lazer_chicken fucked around with this message at 16:40 on Mar 25, 2011

Quebec Bagnet
Apr 28, 2009

mess with the honk
you get the bonk
Lipstick Apathy
Anybody have experience deploying Adobe Creative Suite? I have it working by specifying --mode=silent to the installer, but is it there a quiet or passive mode that shows the progress bars? It's a little annoying to only have the MDT window up while that's running.

FISHMANPET
Mar 3, 2007

Sweet 'N Sour
Can't
Melt
Steel Beams

bear shark posted:

Anybody have experience deploying Adobe Creative Suite? I have it working by specifying --mode=silent to the installer, but is it there a quiet or passive mode that shows the progress bars? It's a little annoying to only have the MDT window up while that's running.

I would love in general for programs (at least the big ones) to show some kind of progress bar as they install. Some applications (MikTex comes to mind) have an option where it will install with an answer file, show the progress box, but not allow the user to click anything. That, plus allowing the user to "interact" with the program via SCCM is really nice, but I don't think there's a universal way to do it.

lol internet.
Sep 4, 2007
the internet makes you stupid

bear shark posted:

Anybody have experience deploying Adobe Creative Suite? I have it working by specifying --mode=silent to the installer, but is it there a quiet or passive mode that shows the progress bars? It's a little annoying to only have the MDT window up while that's running.

CS5? This spits out a custom installer/msi.

http://www.adobe.com/devnet/creativesuite/enterprisedeployment.html

Might work for older versions. I think I used it for InCopy CS4.

Then just msiexec /i installer.msi /qn /norestart

FISHMANPET
Mar 3, 2007

Sweet 'N Sour
Can't
Melt
Steel Beams
For all the stupid poo poo that adobe does in regards to packaging their software, they do have a lot of enterprise documentation.

Quebec Bagnet
Apr 28, 2009

mess with the honk
you get the bonk
Lipstick Apathy

lol internet. posted:

CS5? This spits out a custom installer/msi.

http://www.adobe.com/devnet/creativesuite/enterprisedeployment.html

Might work for older versions. I think I used it for InCopy CS4.

Then just msiexec /i installer.msi /qn /norestart

CS4. Thanks for that, I'll be sure to give it a try.

Ifan
Feb 21, 2006
The Nice Operator from Heaven
The MSI the Adobe tool spits out is a bit retarded. Youre only allowed to install it silently. To get a progress bar going you need to open up the MSI/create a transform and change the UILevel property to 3. This allows you to use switches like /passive.

And a heads up if youre planning to deploy it to computers in use:
I was deploying CS5 through SCCM and got really confused when installation on 60% of the clients failed. It always worked fine in my test-environment.
After a bit of research and fidgeting i found out that running a browser on the computer during installation will break it. The original attended Adobe installer lets you know about this, but the generated MSI file doesnt care at all.

Nomex
Jul 17, 2002

Flame retarded.

Ifan posted:

The MSI the Adobe tool spits out is a bit retarded. Youre only allowed to install it silently. To get a progress bar going you need to open up the MSI/create a transform and change the UILevel property to 3. This allows you to use switches like /passive.

And a heads up if youre planning to deploy it to computers in use:
I was deploying CS5 through SCCM and got really confused when installation on 60% of the clients failed. It always worked fine in my test-environment.
After a bit of research and fidgeting i found out that running a browser on the computer during installation will break it. The original attended Adobe installer lets you know about this, but the generated MSI file doesnt care at all.

That's an interesting bug. I think the easiest way around it would be to write a batch file to taskkill any active browsers and then launch the MSI.

code:
taskkill /IM iexplore.exe
taskkill /IM firefox.exe
taskkill /IM chrome.exe
msiexec /i package.msi /qb-
If you want to warn users you can add:

code:
echo This installer will close any open browsers. Please save your work and press any key to continue.
pause
Then set the package to allow user interaction. If you do warn users you also need to set it to only install when someone is logged in.

Nomex fucked around with this message at 19:12 on Apr 3, 2011

Ifan
Feb 21, 2006
The Nice Operator from Heaven
Users tend to ignore text in command prompts :) Also, users like to turn off command promts and other annoying boxes. This will in turn break the installation when you have multiple MSIs chained in the batch file. Im not sure how the exit-code gets passed either when using batch scripts.
From my SCCM experience i would not recommend using batch scripts except in task-sequences and other un-fuckupable things.

A hidden powershell script with a messagebox warning and a browserkill is probably better. This doesnt stop the user from actually turning on a browser during install though, so they can still break it. Maybe its possible to script the registry settings of software restriction policy to disallow users to start their browser during the install? Havent tried it, but it seems like a plausible solution.
And i can guaratee that the MSI exitcode gets passed with a powershell script if you do it the right way. This way reporting will work as intended.

Best option (if possible) is to deploy it after business hours, and make sure that no users are logged on to the workstation during installation. You might use a bit more time to get it out to everyone, but you save time not having to manually fix/create a fix script for botched installations.

Nomex
Jul 17, 2002

Flame retarded.
Using batch files in packages works perfectly. I do it all the time.

Ifan
Feb 21, 2006
The Nice Operator from Heaven
Yeah, i know batch scripts work. I just don't think it's the optimal solution if you need to turn on "allow user interaction" or if you need error-handling/failsafe for multiple commands in the same program.
It's just too easily broken and doesnt look good.

Users tend to break anything that can be broken :)

In the end it all depends on the situation anyway.

Nebulis01
Dec 30, 2003
Technical Support Ninny
Anyone want to tell me why my USMT xml is being retarded? It doesn't copy the Default User profile, but still copies user2. What am I missing?

code:
<?xml version="1.0" encoding="UTF-8"?>
<migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/miguser">

   <!-- This component migrates data in user context -->
   <component type="Documents" context="User">
      <displayName>MigDocUser</displayName>
      <role role="Data">
         <rules>
            <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
               <objectSet>
                  <script>MigXmlHelper.GenerateDocPatterns ("FALSE","TRUE","FALSE")</script>
               </objectSet>
             </include>
             <exclude filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
               <objectSet>
                  <script>MigXmlHelper.GenerateDocPatterns ("FALSE","FALSE","FALSE")</script>
               </objectSet>
            </exclude>
	<!-- This will exclude Default User and User2 from Migration -->
	<unconditionalExclude>
               <objectSet>
                <pattern type="File">c:\documents and settings\user2\* [*]</pattern>
                <pattern type="File">c:\documents and settings\default user\* [*]</pattern>
               </objectSet>
	</unconditionalExclude>
        <contentModify script="MigXmlHelper.MergeShellLibraries('TRUE','TRUE')">
               <objectSet>
                  <pattern type="File">*[*.library-ms]</pattern>
               </objectSet>
            </contentModify>
            <merge script="MigXmlHelper.SourcePriority()">
               <objectSet>
                  <pattern type="File">*[*.library-ms]</pattern>
               </objectSet>
            </merge>
         </rules>
      </role>
   </component>
</migration>

quackquackquack
Nov 10, 2002
Instead of performing the user selection tasks in the XML files, we call USMT with the user flags. Here's an abbreviated version:

Scanstate.exe %destination% /i:blah.xml /i:moreblah.xml /localonly /ue:*\* /ue:* /ui:DOMAIN\%u%

mattisacomputer
Jul 13, 2007

Philadelphia Sports: Classy and Sophisticated.

Hey Windows Sysadmins, any of you familiar with APC Smart-UPS units? I have 5 of them in my rack that up until now were unmanaged. I want to manage them all from my network monitoring server, but the stupid Powerchute Agent will only manage one of the 5 that I have connected. Is there any way to manage them all through one server? If not, I'll just put an agent on each server but I'm trying to avoid that.

SmellsOfFriendship
May 2, 2008

Crazy has and always will be a way to discredit or otherwise demean a woman's thoughts and opinions

TheRife posted:

Hey Windows Sysadmins, any of you familiar with APC Smart-UPS units? I have 5 of them in my rack that up until now were unmanaged. I want to manage them all from my network monitoring server, but the stupid Powerchute Agent will only manage one of the 5 that I have connected. Is there any way to manage them all through one server? If not, I'll just put an agent on each server but I'm trying to avoid that.

Ack. I can't remember what the answer was but give APC support a call. I've had nothing but great experiences with them. I got one mouth breather once but everyone else was amazing.

Alfajor
Jun 10, 2005

The delicious snack cake.
Welp, since this thread might as well be called "SCCM is awesome", I'm looking into it some more.
I've asked our CDW rep to shoot me a quote. What's the best way to get a discount? I'm looking for anyway to bring the price down. We're a pretty small environment, 4 DCs (one for each geographical site), about 60 PCs and 90 users.

mute
Jul 17, 2004

Alfajor posted:

Welp, since this thread might as well be called "SCCM is awesome", I'm looking into it some more.
I've asked our CDW rep to shoot me a quote. What's the best way to get a discount? I'm looking for anyway to bring the price down. We're a pretty small environment, 4 DCs (one for each geographical site), about 60 PCs and 90 users.

Get multiple quotes, aggressively play them against each other.

Muslim Wookie
Jul 6, 2005

mute posted:

Get multiple quotes, aggressively play them against each other.

This. And don't feel bad about it. You're a guppy in a shark pond. Take every advantage you can get over the sales sharks.

quackquackquack
Nov 10, 2002
I would think hard about whether 60 PCs and 90 users makes SCCM worthwhile.

We got it for very cheap (edu) for our ~350 PC, ~200 user environment, and I believe we're on the lower end size-wise for deployments.

There's a significant learning curve to SCCM.

Ifan
Feb 21, 2006
The Nice Operator from Heaven
I would also advise against using SCCM in a small environment for the reasons stated above. Just using SCCM is pretty time-consuming itself.
Actually making a software package, then making sure it installs properly unattended, disabling automatic updates and testing it properly might take longer than doing a manual install on 60 PCs (depending on the application), but again everything depends on the situation.

I'd recommend you to try out SCCM in a test environment (i believe there is a free trial out there). Figure out the ropes and whatnot. If you feel you need it, get it. If not, be happy that you learned something :)

spog
Aug 7, 2004

It's your own bloody fault.
That was my thoughts as well. I believe that MS recommends that you have 500+ PCs to make SCCM worth the effort to implement.

Quebec Bagnet
Apr 28, 2009

mess with the honk
you get the bonk
Lipstick Apathy
What about WPKG? It seems like the sort of tool that fills the 60-PC niche for a very attractive price. I've been considering using MDT to automate the initial deployment, then WPKG to keep it up to date. Is that a reasonable plan? I've been using Group Policy for the more irritating items (Flash, Java) but it's only so powerful.

Of course you have to consider that your WPKG and MDT databases are completely separate, but I'm starting to wonder if it could be a "good enough" solution for smaller setups.

FISHMANPET
Mar 3, 2007

Sweet 'N Sour
Can't
Melt
Steel Beams
Well I've got about 150 clients about to be split between two management servers (currently two departments on same server, but splitting for political reasons).

I didn't have to install the server so I can't speak to the difficulty of that. There was quite a bit of trial and error on learning how to do machine reinstalls, but now that it's running, it's amazing. There's also a cost/benefit analysis for each software package. The important stuff like Firefox, Thunderbird, Adobe Reader, Flash, and Java are a no brainer. If I had to deal with those on a PC-by-PC basis I'd kill myself. When it gets down to other software it's a combination of how easy it is to package versus how many people will want the software.

Basically, I think SCCM is awesome.

E: Whenever I describe to a user how I'm going to do whatever to their machine, I just say it's magic, because it pretty much is.

Megiddo
Apr 27, 2004

Unicorns bite, but their bites feel GOOD.
I've never used it, but there's also this:

http://unattended.sourceforge.net/

Or if you're just deploying scripts, you can use the "at" command to schedule things on remote machines:

http://support.microsoft.com/kb/313565

You'd have to include your own error checking or have install logs written to a network share or something, but it might be doable.

Muslim Wookie
Jul 6, 2005
Guys, I'm thinking of deploying SCCM into a server only environment, for quick deployment of new servers and being able to roll "Application ABC" server at a moments notice to add into the load etc. Reporting would be a big plus too.

Do you think it's too much? Am I being biased simply because I like SCCM? I find the effort to roll out a SCCM install fairly minimal, build the server and off you go... Packaging software isn't a big deal, inhouse made apps can be either developed into MSIs or if the devs are lazy, Powershell scripts to "install" them...

Am I making a huge mistake? I keep having this nagging feeling that I'm putting a nail into my careers coffin at this place if I do it.

Nomex
Jul 17, 2002

Flame retarded.

TheRife posted:

Hey Windows Sysadmins, any of you familiar with APC Smart-UPS units? I have 5 of them in my rack that up until now were unmanaged. I want to manage them all from my network monitoring server, but the stupid Powerchute Agent will only manage one of the 5 that I have connected. Is there any way to manage them all through one server? If not, I'll just put an agent on each server but I'm trying to avoid that.

You need to get Powerchute business edition to manage multiple UPSes.

mattisacomputer
Jul 13, 2007

Philadelphia Sports: Classy and Sophisticated.

Nomex posted:

You need to get Powerchute business edition to manage multiple UPSes.

Thats what I have, but the Business edition agent will only manage one UPS per server, it seems.

quackquackquack
Nov 10, 2002

FISHMANPET posted:

Well I've got about 150 clients about to be split between two management servers (currently two departments on same server, but splitting for political reasons).

I didn't have to install the server so I can't speak to the difficulty of that. There was quite a bit of trial and error on learning how to do machine reinstalls, but now that it's running, it's amazing. There's also a cost/benefit analysis for each software package. The important stuff like Firefox, Thunderbird, Adobe Reader, Flash, and Java are a no brainer. If I had to deal with those on a PC-by-PC basis I'd kill myself. When it gets down to other software it's a combination of how easy it is to package versus how many people will want the software.

Basically, I think SCCM is awesome.

E: Whenever I describe to a user how I'm going to do whatever to their machine, I just say it's magic, because it pretty much is.

The tricky part about SCCM compared to Group Policy software deployment is that SCCM does not have an "install on startup" option for packages. This matters for those programs that actually need other programs to be closed when installing. I'm looking at you, Flash, Creative Suite, etc.

If your environment already has a well defined "everyone logs off/shuts down their computer every night", this isn't an issue. But in my environment, I can't force that kind of thing, partially because people have to lock their laptops in their desks at night.

Because of this, I still use SCCM for most things, but frequently updated software (Flash, Java, Adobe Reader, etc) is being pushed out through Group Policy.

quackquackquack
Nov 10, 2002

marketingman posted:

Guys, I'm thinking of deploying SCCM into a server only environment, for quick deployment of new servers and being able to roll "Application ABC" server at a moments notice to add into the load etc. Reporting would be a big plus too.

Do you think it's too much? Am I being biased simply because I like SCCM? I find the effort to roll out a SCCM install fairly minimal, build the server and off you go... Packaging software isn't a big deal, inhouse made apps can be either developed into MSIs or if the devs are lazy, Powershell scripts to "install" them...

Am I making a huge mistake? I keep having this nagging feeling that I'm putting a nail into my careers coffin at this place if I do it.

How many servers? What are you currently using to deploy servers and software? Is this a vSphere environment? Are you the only person who needs to use it?

FISHMANPET
Mar 3, 2007

Sweet 'N Sour
Can't
Melt
Steel Beams

quackquackquack posted:

The tricky part about SCCM compared to Group Policy software deployment is that SCCM does not have an "install on startup" option for packages. This matters for those programs that actually need other programs to be closed when installing. I'm looking at you, Flash, Creative Suite, etc.

If your environment already has a well defined "everyone logs off/shuts down their computer every night", this isn't an issue. But in my environment, I can't force that kind of thing, partially because people have to lock their laptops in their desks at night.

Because of this, I still use SCCM for most things, but frequently updated software (Flash, Java, Adobe Reader, etc) is being pushed out through Group Policy.

Ha! Like people ever log off. I had one guy that was logged on so long his password had expired, and he could no longer print or even upload his profile on logoff. I basically deal with the cases where Flash doesn't install one by one. I just pushed flash last week, and out of 150 computers, 10 of them didn't install. One of them is just hosed (but she refuses to ask her adviser for a new one, so gently caress that poo poo) and the rest just need a reboot and for the package to be manually run. When somebody complains about not having Flash, I just go up their and manually run the advertisement, then go back to the dungeon to sit smugly in my Aeron chair.

Cpt.Wacky
Apr 17, 2005

bear shark posted:

What about WPKG? It seems like the sort of tool that fills the 60-PC niche for a very attractive price. I've been considering using MDT to automate the initial deployment, then WPKG to keep it up to date. Is that a reasonable plan? I've been using Group Policy for the more irritating items (Flash, Java) but it's only so powerful.

Of course you have to consider that your WPKG and MDT databases are completely separate, but I'm starting to wonder if it could be a "good enough" solution for smaller setups.

I'm not familiar with MDT, but I'd say keep your OS deployment separate from your software installation and updating. MDT and WPKG should work very well that way, each doing what they're best at.

I've been using WPKG for at least a year now for about 125 workstations and it works very well. The catch is that I'm using it on XP, and I've heard of some issues with Vista/7, mostly to do with people wanting to install updates on shutdown. Apparently Vista/7 doesn't allow any process to delay shutdown. If you're going to use it on VIsta/7, take a look at wpkg-gp too.

I use Clonezilla to load a base sysprepped image that prompts for PC name and joins the domain automatically. Then one batch file to set a few local group policies like pointing to the WSUS server, and another batch to install the WPKG Client and start the service. WPKG installs everything else with only one reboot for Office 2k3.

I used Unattended for a while but I'd recommend against it now. The current latest release is 4.8 from April 2009. In order to boot on recent hardware you have to get 4.9 RC4 from February 2010, and it's has a bug where you have to type in the kernel in the bootloader because someone messed it up when packaging. Development seems to be slow and small.

Take a look at WPKG if you can't afford SCCM. The wiki has ready to use stuff for all the popular applications, and it's not hard to configure new installers once you understand how WPKG works. I'm happy to answer any questions about it, and their mailing list is reasonably good too.

Muslim Wookie
Jul 6, 2005

quackquackquack posted:

How many servers? What are you currently using to deploy servers and software? Is this a vSphere environment? Are you the only person who needs to use it?

~300, growing steadily. Currently merely installing manually from ISO. Roger that on vSphere. I have many, many devs.

quackquackquack
Nov 10, 2002
What about using templates?

With that many servers, depending what you need to do with them, and whether you have an existing inventory infrastructure, I could definitely see SCCM being useful. However, I use it exclusively with non-servers, so my opinion is only so useful in your case.

Also, will the other devs take to using it?

Muslim Wookie
Jul 6, 2005

quackquackquack posted:

What about using templates?

With that many servers, depending what you need to do with them, and whether you have an existing inventory infrastructure, I could definitely see SCCM being useful. However, I use it exclusively with non-servers, so my opinion is only so useful in your case.

Also, will the other devs take to using it?

Dev's won't "use" it beyond their personal dev VMs which I'd leave the "image" advertised to permanently and allowed to be started off by any user.

I haven't really researched templates for Windows VMs, but I'd still have to join to the domain, log in, set IP, etc etc. I'm pretty confident with SCCM I can have it ask me all the settings up front with OSD variables so it's pretty much fire and forget.

That's also the advantage of getting things packaged - if it's ever required I can just spin up "Application ABC" OSD and bam, 20 minutes later fully completed server with application installed ready to be put into the load balancer.

Adbot
ADBOT LOVES YOU

portable s0n
Jun 2, 2008

devmd01 posted:

Altiris 7.1 is out. Hope you have maintenance contracts, suckas!

I have been churning through these e-learning videos and this product is still a whole new world compared to 6.9. Thinking of leaving 6.9 in production for a while until I can cover all my bases.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply