|
Tell them it's like hiring new staff: sure you can rush it and get someone in by monday, but it takes a hell of a lot of work and disrupts many people, and you likely get a poor outcome.
|
#
?
Feb 18, 2012 17:56
|
|
|
|
| # ? Apr 24, 2024 04:17 |
|
|
An update on my issue: Found an ok workaround to work with in the meantime, and that is to run updates first thing after the OS is installed, then another one almost at the end of the task sequence. I've also tried alot of other stuff, but nothing that actually fixed the problem has worked.
|
|
#
?
Feb 21, 2012 20:55
|
|
|
Question: Do you really need to be a programmer to take advantage\learn powershell? I've taken introduction courses in programming and I can read source code and kind of have an understand of whats going on, but aside from that, I don't know much about programming. Just wondering if I should make the effort? I'm interested in automation and do what I can with regular batch scripting.
|
|
#
?
Feb 23, 2012 03:42
|
|
|
lol internet. posted:Question: Do you really need to be a programmer to take advantage\learn powershell? Nope. You don't need to be a programmer at all. Microsoft has made it really clear Powershell is the future as far as automation and scripting goes in Windows, and I think any good Windows admin should take the time to learn at least the basics of it.
|
|
#
?
Feb 23, 2012 05:22
|
|
|
lol internet. posted:Question: Do you really need to be a programmer to take advantage\learn powershell? I am terrible at scripting and learning computer languages. I've never taken a programming class or been trained in powershell. I've taught myself over the last 6 months and can do everything I need to and more. It's a really well built platform that makes a lot of really simple sense. And the built in help is pretty close to perfect.
|
|
#
?
Feb 23, 2012 06:28
|
|
|
lol internet. posted:Question: Do you really need to be a programmer to take advantage\learn powershell? Nope. I learned programming from working with powershell. I was at the same level as you, could read some code, understand a bit of what was going on etc. I needed to automate/fool proof poo poo at work. Figured out powershell was the way to go, then used a lot of google-fu to get what i wanted. Half a year later i found myself making/modifying more and more complex poo poo. Now i can program in "real" languages like C#. Once you have the foundation in place, it's not hard to learn new languages. Before learning powershell i tried to learn programming many times, and failed. I wasn't motivated enough, and a lot of the stuff out there is written for people who already know the basics. It wasn't before I had real use for it i actually managed to figure it out. Getting paid for learning it doesn't hurt either 
|
|
#
?
Feb 23, 2012 18:12
|
|
|
Does Microsoft have a definitive answer to the question: Should collections be software based or machine based? Should a collection have an advanced query to add all machines that should get a specific piece of software. Or should each group of computers have a collection with multiple advertisements. From what I can tell it's advanced queries vs. literally thousands of advertisements.
|
|
#
?
Feb 25, 2012 01:39
|
|
|
Is DumpSec still the best tool for seeing file permissions?
|
|
#
?
Feb 26, 2012 18:59
|
|
|
spidoman posted:Does Microsoft have a definitive answer to the question: Should collections be software based or machine based? For software we seem to have naturally settled on having a collection or two for each piece of software. So for Firefox for example, when 10.0.2 comes out, we have a collection that has Firefox installed but not the current version, and then advertise 10.0.2 to that collection. Theres also a collection of machines that don't have Firefox but should. Our campus overlords are doing that, except keeping collections for every version of Firefox, so they've got a collection for 10.0.1, a collection for 10.0, etc. Not sure how long they plan on keeping those old collections around.
|
|
#
?
Feb 26, 2012 19:17
|
|
|
I recently had need to move some collections around, and I was pissed at the tedium it would entail (copy pasting queries, etc) but then I found this, which makes it brain dead simple: http://verbalprocessor.com/2009/03/20/how-to-move-collections-in-configmgr/ Also, would anybody be interested in me updating the OP to be an actual OP, or maybe a new thread?
|
|
#
?
Feb 28, 2012 21:31
|
|
|
I vote new thread, and expand it to all desktop management. ie: Mac stuff like NetBoot, Casper, MCX. Maybe Linux stuff like puppet, chef as well?
|
|
#
?
Feb 29, 2012 01:28
|
|
|
Question about MDT\SCCM Task Sequences\Images. Is there any reason why we should use task sequences to create\capture images? In general I just use the task sequence (blank OS install) then have each install application added to the task sequence and customize if necessary through application packages\bash scripts. Most tutorials I find on line kind of have you do a build & capture type image through task sequence, then deploy the image with a different task sequence. Am I missing something here? I see the blank OS + application install post imaging more beneficial then just a image. Ifan posted:Nope. Thanks, I started reading a free pdf called "Mastering Powershell" today. Do you have any other recommendations?
|
|
#
?
Feb 29, 2012 04:43
|
|
|
lol internet. posted:Question about MDT\SCCM Task Sequences\Images. It's faster if the software is in the actual capture, since you're (essentially) just copying over files instead of running through setup programs. However there are challenges in creating that perfect capture. The talented people I worked with did software in the image. The people now... not so much. I'd like to figure out the ins and outs of getting a perfect capture myself.
|
|
#
?
Feb 29, 2012 04:52
|
|
|
We image student labs instead of building, partly because a lot of the software is a huge pain in the rear end and can't be silently installed. The image is about 55 GB now ( I think we're still using different images for different hardware, not my area though) and doing a build instead of an image would be a huge pain in the rear end there. If I were to go the build/capture route, I might not do much more than Windows Updates and Office, because the rest changes so much. Even to save much time from imaging, I'd have to make a new image every few months, and I don't image enough machines to make that worth my while.
|
|
#
?
Feb 29, 2012 04:59
|
|
|
FISHMANPET posted:can't be silently installed. Most software can be silently installed. You either have to repackage it or do some tweaking here and there. I'd recommend appdeploy.com for resources on how to do this (but beware it's something that can take a while to learn how to do properly). You an also get others to do it for you if have the money. I really don't see the extra hassle of having the software baseline in a capture instead of during deployment. You still have to make the same packages. You still need the same programs. As soon as you have a good build sequence, you just need to swap out the old packages with the new ones, run a build + capture, then do some testing. When all is well, just change out the wim file that get's applied during your production imaging task sequences. And a 55gb image :O What do you have in there? Adobe CS3 and CS5 master collection? My biggest image is 6.8gb and it has all the essential crap (Win7 x64, Flash, Java, Firefox, Office 2010, full winupdates +++) and a lot of other non-essential poo poo. As for software/multiple collections, it depends. We have som schools with no mandatory advertisements and have grouped their computers together based on what kind of courses they take (electronics, design, mechanical engineering etc). For updates and other "standard" stuff, we just use some advanced queries. Over the years you will build up a repository of queries for everything you might need. Then it's just a copy paste job and some tweaking to the strings. When it comes to different images for different hardware; why don't you just apply driver packages and/or other necessary software based on the computer model? This can be conditionally applied in a task sequence with WMI filtering. Same is for specific software. Is the computer a member of the _Adobe_CS_5.5_Master_Collection aswell as one of the imaging collections, it will get it installed during the task sequence. If not, it will just skip it. Check out the "Install multiple software" step in combination with collection variables. lol internet. posted:Am I missing something here? I see the blank OS + application install post imaging more beneficial then just a image. As the other said, it's way faster and less points of failure if you have a proper build in place. We do both. A baseline is in the main image, everything else, well, it depends on where you are, what kind of computer it is, etc. lol internet. posted:Thanks, I started reading a free pdf called "Mastering Powershell" today. Nope, sorry. Haven't read any books, not my way to learn. I need to have a task assigned to me and then i'll figure how to do it.
|
|
#
?
Feb 29, 2012 09:38
|
|
|
In my opinion, build+capture is almost entirely about speed. If you're imaging a lab overnight, speed isn't important. quote:I'd like to figure out the ins and outs of getting a perfect capture myself. The best way to get a perfect capture is to create a "...blank OS install then have each install application added to the task sequence and customize if necessary..." and then put a capture step at the end. That way you have the flexibility and easy updating of a LEGO-esque task sequence, plus the speed of a block image. And if there are specific customizations that need to happen on the final computer (ie: some dumb program that records the MAC address during install), you can put those in the deployment task sequence after the WIM installation. In ASCII: Build+Capture TS: (OS from source files)(Software1)(Software2)(Software3)(generic customizations)(capture) Deploy TS: (OS from Build+Capture WIM)(domain join)(AnnoyingSoftware1)(AnnoyingCustomization1) quote:And a 55gb image :O What do you have in there? Student labs in higher ed? Let me make some guesses: SPSS, Stata, Matlab, thelargest CS package, some stupid quasi-database program that doesn't support any form of client-server setup, GIS programs that also may or may not have a bunch of the data locally, etc. When you have a site license for all of these, and one lab that is used to teach a wide range of software, it's amazing what you can fit into an image. Even more fun is to calculate the retail cost of the software on a single PC in that lab. quote:Most software can be silently installed True, but at some point there is an effort vs reward conversation. For example, I would happily play with transforms and installer flags to silently install something (see: Office, 90% of the software out there). But I tried very hard not to truly package software (AdminStudio/InstallShield, etc). This was partially for "hit by the bus" reasons (software packaging skills are hard to hire for in academia and smaller companies), and partially because of the support burden of a library of packaged software. In my 70ish unique title software library, I ended up packaging only a handful of things. See: AutoCAD 2009, where the initial setup.exe would spawn a bunch of child installer processes, but then the parent would quit before the children were done (AutoDesk said: "we do not support our software being installed via automated methods")
|
|
#
?
Feb 29, 2012 14:42
|
|
|
quackquackquack posted:Student labs in higher ed? Let me make some guesses: SPSS, Stata, Matlab, thelargest CS package, some stupid quasi-database program that doesn't support any form of client-server setup, GIS programs that also may or may not have a bunch of the data locally, etc. Yep, that's it. And like I said, I don't deal with that area, so I don't know how much work has been put into making the programs silent. I've hosed around with making Matlab silently, and while it can be done, not sure why I would if I'm going to reimage the labs every semester, and a single hand install is faster than making it silent. I agree that it's a time/reward mix. Considering some of the poo poo that gets used in Academia, I won't even think about making a package until 3 people request it, and even then it might be impossible (I've had to rebuild installer packages becuase the developers are too dumb to know how the installer package they used even works). And then I've got other poo poo where I have to argue with the devs to prove to them that 1) yes, I do know the difference between Program Files and ProgramData, and 2), YOU'RE PACKAGE DOESN"T INSTALL SILENTLY.
|
|
#
?
Feb 29, 2012 15:45
|
|
|
quackquackquack posted:
True true... We just have different strategy for stuffs. We barely have any labs left in any of our schools. Every student gets their own laptop when they start. quackquackquack posted:(software packaging skills are hard to hire for in academia and smaller companies), and partially because of the support burden of a library of packaged software. In my 70ish unique title software library, I agree. I've had to train every resource we've hired to help out with this from scratch. Nearly impossible to get anyone who knows Windows Installer/Adminstudio/Installshield from the get-go. We currently have a library ~500 active packages over ~750 advertisements. Many of the packages have different configurations as well (different license keys, features etc). It's hell. When we have all of our school-software 100% up and running through SCCM i'll go on a consolidation rampage. 20 different Adobe CS packages? BEGONE! quackquackquack posted:See: AutoCAD 2009 If you have the money, get 2010 or newer. I have deployed 2010 and 2012 for 32 and 64bit without any issues through SCCM 2007. As a workaround for 2009 you can make a script that waits for the child-processes to exit. After that, pull info on the installation exitcode and just exit the script with the same exitcode as the installer. Update on the case with the hanging Windows Updates during capture; MS has confirmed that the issue we're having is the same as the one fixed by the KB posted earlier. The hotfix has been verified applied, but it just doesn't fix the problem in our shop. I guess the hotfix only corrects issues related to the intel storage drivers, and not vmwares. I'm hoping that a revision will be out soon 
Ifan fucked around with this message at 16:27 on Feb 29, 2012 |
|
#
?
Feb 29, 2012 16:10
|
|
|
Ifan posted:If you have the money, get 2010 or newer. I have deployed 2010 and 2012 for 32 and 64bit without any issues through SCCM 2007. Yeah, that was an example from a few years ago. We always have the newest with our site license. I didn't end up doing anything fancy with AutoCAD 2009 because it wasn't for many computers (unlike some other packages). I just created a customization shortcut (or whatever they call them) and put it on a network drive. Post-imaging, someone went around and ran the shortcut. Not my favourite approach, but my time was needed elsewhere.
|
|
#
?
Feb 29, 2012 16:38
|
|
|
Any recommendations for full disk encryption for about 50 Win7 laptops? Other than Bitlocker I mean.
|
|
#
?
Mar 1, 2012 07:39
|
|
|
I was supposed to have our new SMP 7.1 environment up by today. welp...
|
|
#
?
Mar 1, 2012 07:46
|
|
|
Swink posted:Any recommendations for full disk encryption for about 50 Win7 laptops? Other than Bitlocker I mean. Symantec Endpoint Encryption? But don't use it. Oh the horror. We've delayed deploying Windows 7 for two months because Symantec is apparently completely unable to give us a build that can be deployed successfully through SCCM. (Encryption is required by law for our laptops, and with over 2,000 laptops we can't do it by hand.)
|
|
#
?
Mar 1, 2012 08:21
|
|
|
spidoman posted:Symantec Endpoint Encryption? But don't use it. Oh the horror. We've delayed deploying Windows 7 for two months because Symantec is apparently completely unable to give us a build that can be deployed successfully through SCCM. (Encryption is required by law for our laptops, and with over 2,000 laptops we can't do it by hand.) I had a problem with Symantec Endpoint Protection where it would install sucesfully but the package returns an exit code of 1, so SCCM thinks it failed. Could that be the case here?
|
|
#
?
Mar 1, 2012 14:49
|
|
|
FISHMANPET posted:I had a problem with Symantec Endpoint Protection where it would install sucesfully but the package returns an exit code of 1, so SCCM thinks it failed. Could that be the case here? Nah, they have weird code in the msi that requires a user be logged in for the program to install. It's a known issue that they keep fixing then breaking.
|
|
#
?
Mar 1, 2012 15:40
|
|
|
Swink posted:Any recommendations for full disk encryption for about 50 Win7 laptops? Other than Bitlocker I mean. Sophos products tend to not suck in my experience. They'll do FDE with their Endpoint Protection
|
|
#
?
Mar 1, 2012 17:30
|
|
|
Anyone using SCDPM here, any major pitfalls? My boss seems to have a major hardon for it and I just know I'm going to be told to set it up.
|
|
#
?
Mar 1, 2012 18:18
|
|
|
I just went to take a look at someone's ZenWorks implementation and it was awesome, if a wee bit quirky. Now I feel dirty. I don't need anything for desktop management, but I'm getting really tired of our helpdesk guys spending half their time installing poo poo for people.
|
|
#
?
Mar 1, 2012 18:21
|
|
|
What's been changed in zenworks over the past five years? I switched over to sccm and AppV and have never looked back at the unholy abomination that was zenworks back then.
|
|
#
?
Mar 1, 2012 18:42
|
|
|
For those who included Office in your install images: what do you do when the next version of Office comes out and you have to upgrade? Do you just reimage the machines? I've tried to get my boss to let me roll Office up into our Windows 7 image but he argues against it because we won't be able to easily uninstall Office from our machines should a new version come out or something go wrong with a patch. Currently I've got a hacked together MSI that lets me deploy/undeploy Office 2010 through a GPO but I'd rather just have it in the images.
Hiyoshi fucked around with this message at 21:22 on Mar 1, 2012 |
|
#
?
Mar 1, 2012 21:18
|
|
|
Honey Im Homme posted:Anyone using SCDPM here, any major pitfalls? My boss seems to have a major hardon for it and I just know I'm going to be told to set it up. Have used DPM since 2006, currently 2007 in production and rolling out 2010 in the next month. I have no major issues with it it runs and does its thing just fine. You backing up to disk only or to tape as well?
|
|
#
?
Mar 1, 2012 21:50
|
|
|
Hiyoshi posted:For those who included Office in your install images: what do you do when the next version of Office comes out and you have to upgrade? Do you just reimage the machines? I've tried to get my boss to let me roll Office up into our Windows 7 image but he argues against it because we won't be able to easily uninstall Office from our machines should a new version come out or something go wrong with a patch. Currently I've got a hacked together MSI that lets me deploy/undeploy Office 2010 through a GPO but I'd rather just have it in the images. We remake the image with the new office installed. In any case, you should be re-imaging with the latest updates when the new office comes out anyway.
|
|
#
?
Mar 1, 2012 21:54
|
|
|
We also rebuild the image. Most of the imaging work I do is for our call center environment, so those things get re imaged every 4 months on average anyway so it's no big deal.
|
|
#
?
Mar 1, 2012 21:56
|
|
|
We have some machines that haven't been reimaged for four years because we don't make it mandatory. It's absolutely maddening.
|
|
#
?
Mar 1, 2012 23:10
|
|
|
Hiyoshi posted:For those who included Office in your install images: what do you do when the next version of Office comes out and you have to upgrade? Do you just reimage the machines? I've tried to get my boss to let me roll Office up into our Windows 7 image but he argues against it because we won't be able to easily uninstall Office from our machines should a new version come out or something go wrong with a patch. Currently I've got a hacked together MSI that lets me deploy/undeploy Office 2010 through a GPO but I'd rather just have it in the images. You could have the new version's installer uninstall the old version. Curious why are you using a hacked MSI instead of a startup script with the setup exe?
|
|
#
?
Mar 1, 2012 23:25
|
|
|
spidoman posted:What's been changed in zenworks over the past five years? I switched over to sccm and AppV and have never looked back at the unholy abomination that was zenworks back then. Do you have any recommendations for books/learning materials for AppV? I've heard good things about it and would like to know more.
|
|
#
?
Mar 2, 2012 02:23
|
|
|
quackquackquack posted:You could have the new version's installer uninstall the old version. Just because the MSI uninstalls when the GPO is unlinked/removed whereas a startup script would require two GPOs to achieve the same functionality: one to install and one to uninstall.
|
|
#
?
Mar 2, 2012 02:35
|
|
|
For those of you with Dell servers, does anyone use the new OpenManage Essentials (formerly OpenManage IT Assistant) to manage their server hardware? We have OpenManage Server Administrator installed on every server but nothing to connect them for alerts and poo poo. It's basically just installed to watch the hardware status. Unfortunately, it seems to be the only way to monitor a RAID status because I can't see any other way to do it.
|
|
#
?
Mar 2, 2012 14:19
|
|
|
Will the Microservers make decent multifunction servers for small branch offices? I'm running 5 offices worldwide without subnets or sites defined because we were a Citrix shop. But our citrix servers are old as poo poo and our users need desktops. It looks like AD throws a poo poo ton of data over the WAN link so I'm looking for low cost, low power AD servers that might also serve out AV and WSUS downstream stuff. Or am I in the wrong thread? I don't give a poo poo about storage as I have pretty good NAS' at the sites with 1TB of RAID1 storage for user files.
|
|
#
?
Mar 2, 2012 19:55
|
|
|
I think they'd make a fine DC, as long as what you've mentioned is the only stuff that will ever run on them and in 6 months management won't make you put sharepoint on one. I don't like standalone NAS units for files, but if the ones you have work, then why not.
|
|
#
?
Mar 2, 2012 20:37
|
|
|
|
| # ? Apr 24, 2024 04:17 |
|
|
sanchez posted:I think they'd make a fine DC, as long as what you've mentioned is the only stuff that will ever run on them and in 6 months management won't make you put sharepoint on one. I don't like standalone NAS units for files, but if the ones you have work, then why not. Thanks, and gently caress no, we'd never put sharepoint on them. I told my boss if he ever wanted me to install and use sharepoint that I quit.
|
|
#
?
Mar 2, 2012 20:41
|
|