|
The self-paced 70-640 book goes over AD CS in great detail. If you can get a hold of chapter 15 in the book and read+sim the examples, you'll be on your way to deploying CS. Just sim it out before you go in, you could seriously muck up your Domain.
|
#
?
Aug 20, 2013 02:49
|
|
|
|
| # ? Apr 28, 2024 14:02 |
|
|
Anyone use any software from BeyondTrust? We use Quest Active Admin right now, but I'm always looking for less expensive tools or at least a bargaining chip.
|
|
#
?
Aug 20, 2013 17:25
|
|
|
Anybody know of good material on how to use SCCM 2012? We're getting the SCCM 2012 Unleashed book, wanted to see if anybody else had suggestions. I can't figure out anything in this beast of a program, I can't even figure out if it's doing anything at all.
|
|
#
?
Aug 20, 2013 19:10
|
|
|
The question when it comes to SCCM is what do you WANT it to do. It's stupid powerful. What do you want to use it for? I barely leverage what SCCM can do. I use it mostly for reporting and software deployment. I have 2 different SCCM books and went through the Microsoft Course and it still barely scratched the surface. Windows-Noob.com is helpful, but you'll be doing a lot of Googling like 'SCCM Query Service Tag' when management wants a report of all the service tags in a certain site collection. A very brief few words on SCCM that might help get you started. Assets and Compliance The big one under here is Collections - Groups of objects (users or computers) that you may want to do things. You want a collection of all the Marketing Departments laptops? No problem. All laptops running Windows 7 64 bit? Sure. All users that have VPN access? No problem. If you can think of a way to group users or computers, you can throw them in a collection. Collections are groups of objects that you do poo poo to with SCCM Applications/Packages are how you deploy software/scripts/whatever to collections of objects. Everyone in the Marketing department needs to have Adobe whatever installed. You create an application or package with the software, deploy it to the collection of marketing computers and sit back and surf the forums some more. Monitoring - You can setup alerts, and more importantly create queries and run reports here. Need the Service Tag of every computer in California? This is where you go. Need a count of how many people have Microsoft Project installed? Create a Query or run one of the canned reports. You can also monitor all sorts of things in SCCM here, like if your new package has been copied to the distribution point across the world yet. Administration - Settings Settings Settings. This barely scratches the surface. If you want more specifics ask away.
|
|
#
?
Aug 20, 2013 19:25
|
|
|
SCCM is awesome and I don't think that any one book will explain everything that you will want to know. I might recommend http://www.amazon.com/System-Center-2012-Configuration-Manager/dp/9187445018 once it comes out though. Like skipdogg says you'll be doing a LOT of googling for specific tasks that you want to do and then piecing together a bunch of different results to end up with something that works. Windows-noob is definitely a place you'll end up at often when searching. I use it for our reporting, querying, app / OS deployment, patching, etc and it's really nice once you get everything working. You can do some really crazy stuff especially now that powershell is mixed in to 2012. You can ask specifics or just dive in and start breaking things (my preferred method) which is nice since you can simulate deployments without actually blowing up your systems.
|
|
#
?
Aug 20, 2013 20:17
|
|
|
Right now I'm just trying to bring in computers so they show up in SCCM. I have two computers in the test environment, the SCCM server and the domain controller. The only thing showing up under all devices is the SCCM server and two unknown computers. Supposedly AD integration is enabled, but my domain controller does not show up in all devices, I have no idea what the unknown computers are or where they came from. I'm guessing collections are the most basic part of SCCM though, and I assume is the first thing explained in the SCCM books. I'm looking forward to jumping in and figuring everything out. I'm having Eve Online flashbacks right now.
|
|
#
?
Aug 20, 2013 20:19
|
|
|
There's lots of settings you have to setup first to get things to populate and be auto approved. Poke around under Administration/Hierarchy Config and discovery methods. Make sure things are enabled. Honestly these guides are going to be better than any book you buy when it comes to getting a functional environment up and going. http://windows-noob.blogspot.com/2013/01/sccm-2012-guides.html
|
|
#
?
Aug 20, 2013 20:24
|
|
|
Unknown Computers are placeholders for OS Deployment. If you want to be able to advertise a deployment to a system that isn't in SCCM, you advertise it to the proper Unknown computer. As for getting objects into SCCM, you have to setup discovery agents... somewhere. I'm not sure where they moved it to in 2012. And once you've got computer objects, you'll want to push a client to them.
|
|
#
?
Aug 20, 2013 20:26
|
|
|
Thanks for the information everybody, and of course Windows-noob is being blocked here. I'll have to get the network dude to unblock it. SCCM is making my head explode, just like Eve Online.
Yaos fucked around with this message at 20:43 on Aug 20, 2013 |
|
#
?
Aug 20, 2013 20:34
|
|
|
I'm having a really weird issue with a Server 2012 server. I copied a couple of folders to an empty drive on the server using the admin share \\server\x$. When I look at that UNC path, the files are there, but when I browse to that drive on the server itself through RDP, it is empty (however the drive shows space being used up). What am I missing? I confirmed that the X$ share points to the path x:\. Oh wait, I'm wrong. I can't see it in either place, but if I enter x:\folder or \\server\x$\folder in the path of the explorer window, I see the files. edit2: ok, it was set to hidden and system so attrib -s -h worked. I guess it wasn't a 2012 issue and just a Weird Thing. Erwin fucked around with this message at 21:54 on Aug 20, 2013 |
|
#
?
Aug 20, 2013 21:49
|
|
|
gently caress, I solved this one a month ago. It's related to the share not being on the C:\ drive and a GPO needing to be set. Give me a minute. Try this if you're on VMware, it's not what fixed it for me but I didn't see this article at the time: http://social.technet.microsoft.com...s-network-share And this http://support.microsoft.com/kb/2811670 Some background: http://blogs.technet.com/b/askpfeplat/archive/2013/07/03/how-to-fix-windows-server-2012-shared-folder-inaccessible-on-a-vm.aspx Thanks Ants fucked around with this message at 22:06 on Aug 20, 2013 |
|
#
?
Aug 20, 2013 22:01
|
|
|
Yaos posted:Anybody know of good material on how to use SCCM 2012? We're getting the SCCM 2012 Unleashed book, wanted to see if anybody else had suggestions. I can't figure out anything in this beast of a program, I can't even figure out if it's doing anything at all. We had a consultant who recommended that book, but he hosed up pretty much everything except what's detailed in MS's own design documents. Later, I asked an MVP about the books that are out there, and he said that a novice can really get themselves in trouble with that one. He recommended the Agerlung SCCM book, but that's one of his colleagues so he is biased. I haven't had time to read it yet, but I know I won't get Unleashed. My best advice is this: Don't take google results at face value. Try to understand how every step of those solutions work before you do them, and you'll be able to filter out the really bad advice, which there is a lot of. I know that's obvious for anything, but the rule is exponentially more true with SCCM.
|
|
#
?
Aug 21, 2013 05:24
|
|
|
Yaos posted:Right now I'm just trying to bring in computers so they show up in SCCM. I have two computers in the test environment, the SCCM server and the domain controller. The only thing showing up under all devices is the SCCM server and two unknown computers. Supposedly AD integration is enabled, but my domain controller does not show up in all devices, I have no idea what the unknown computers are or where they came from. you'll have to configure domain autodiscovery. boundaries and device collections come after that, but autodiscovery is typically what gets your hosts in the database. Since you're starting fresh, I'd encourage you to make sure the MS design documents were followed when the system was built. If I recall, that would address various system accounts and security priveledges that need to be in place, and that sounds to me like something that would cause two blank hosts to appear. disclaimer: I'm pretty new to this, too. Demie fucked around with this message at 05:37 on Aug 21, 2013 |
|
#
?
Aug 21, 2013 05:32
|
|
|
I downloaded the PDF versions of the windows-noob sccm guide and will follow it and see what happens. I've been looking at the technet articles on sccm as well. Thanks for the help everybody.
|
|
#
?
Aug 21, 2013 12:45
|
|
|
We put in SCCM a few months ago to replace our aging Zenworks server. All I've gotten so far is imaging and some reporting, but that's miles ahead of what we used to have.
|
|
#
?
Aug 21, 2013 13:35
|
|
|
I've utilized just about everything in SCCM 12 except the imaging system. I just put up a Linux FOG server and called it a day. I really need to pick up a book and learn how to do it the Microsoft way. Also, dumb question, but if I wanted to set up a Secondary Site I would need to build a CAS, correct? Or is that only when you have more then one Primary Site? Has anyone started using R2 yet? I'm interested in the newly added iOS/Android compatibility in Mobile Management but I'm trying to figure out if you need an Intune subscription or not.
|
|
#
?
Aug 21, 2013 14:04
|
|
|
Caged posted:gently caress, I solved this one a month ago. It's related to the share not being on the C:\ drive and a GPO needing to be set. Give me a minute. What a weird set of causes. Indeed that's it, we're on VMware. Thanks!
|
|
#
?
Aug 21, 2013 14:45
|
|
|
Sacred Cow posted:I've utilized just about everything in SCCM 12 except the imaging system. I just put up a Linux FOG server and called it a day. I really need to pick up a book and learn how to do it the Microsoft way. Also, dumb question, but if I wanted to set up a Secondary Site I would need to build a CAS, correct? Or is that only when you have more then one Primary Site? Microsoft explains the various sites here: http://technet.microsoft.com/en-us/library/gg712681.aspx They have changed the way hierarchies work significantly for the 2012 product with the aim of flattening them due to sites no longer being needed as security boundaries. In 2012 SP1 they also added the ability to add a CAS later. It's important to get your hierarchy right so do the reading before you start setting it up. The R2 product is really exciting. You will get done basic management for iOS and Android through ActiveSync but you need an Intune agent for the major stuff.
|
|
#
?
Aug 21, 2013 14:57
|
|
|
MyLightyear posted:Microsoft explains the various sites here: http://technet.microsoft.com/en-us/library/gg712681.aspx Thanks for the link. I was really happy when they added the ability to add a CAS later in SP1. My company has a constantly changing infrastructure and adding that flexibility will save us some headaches in the future. When I first set it up we only had a need for a single Primary site but we're exploring the possibility of expanding. We already handle ActiveSync stuff through Exchange and I never bothered with the Exchange Server Connectors on SCCM. I wanted to avoid stepping on our Exchange engineer's toes. It sucks about the Intune subscription requirement but it looks like its still cheaper then some of the 3rd party stuff my company has been looking at. I'm looking forward to tinkering with R2 once it has an official release.
|
|
#
?
Aug 21, 2013 15:08
|
|
|
Yep, Microsoft recommend that you don't really need a CAS these days as Primary sites have grown to supporting over 100k clients (with the correct resources) so they had to add a way to collapse them. In the R2 product they have beefed up the migration toolset again as well to better support business acquisitions, mergers and what not. With Exchange, even if you don't plan to do anything management wise to the mobile clients, having them within the product is useful from a reporting and Collection standpoint. As an example I used a SQL query to create a collection with all iPhones that were running that version of IOS that was breaking Exchange ActiveSync with a dynamic rule and it was helpful for identifying users still using old software for follow up. I'd recommend the Exchange Connector for that alone. Show your Exchange guy the reporting benefits it gives him and he should come round :-) I'm evaluating Intune against Airwatch and the functionality isn't there yet. :-( That said, the fact that Intune licenses on users not devices almost makes it a no brainer and I'll strongly consider moving to the Wave E product once it's out. I have probably 6 devices with ActiveSync on at home and in Airwatch's land that's 6 licenses. *edit, added Intune stuff* MyLightyear fucked around with this message at 17:45 on Aug 21, 2013 |
|
#
?
Aug 21, 2013 17:42
|
|
|
SCCM 2012 question. I'm trying to push down SCEP to a workstation, but it's not applying. Where are the logs that I can check to see what's going on? I know where the CCM logs are just not SCEP.
|
|
#
?
Aug 22, 2013 17:14
|
|
|
Swink posted:^ What would be the reason I dont have DCHP setting 252 available in DCHP manager? My list ends at 121 Edit: This is all with an IPv4-only internal network, if you've already got 6 rolled on your network it's probably a bit less finicky... Also, on the DHCP thing, you can add options by right clicking the DHCP protocol (4 or 6) under the server and choosing "Set Predefined Options" (assuming you're running Windows DHCP which I'm guessing you are) wyoak fucked around with this message at 20:10 on Aug 22, 2013 |
|
#
?
Aug 22, 2013 20:04
|
|
|
I've gotten SCCM 2012 going with the Windows Noob guide, but I don't understand anything at all. I'm just following a guide but I have no idea what's going on or why anything does what it does. The most confusing is endpoint protection, turning on the role instantly starts deployment to SCCM clients. I thought I would have a chance to play around with deploying it myself, but it just did it on it's own. 
|
|
#
?
Aug 23, 2013 03:17
|
|
|
wyoak posted:words Sweet. How do your users find it? I can only assume they love it. By "Change IP configuration" Do you just mean changing the IPv4 address of the DA server? I'll know to avoid that.
|
|
#
?
Aug 23, 2013 04:06
|
|
|
Our company has an upcoming project to build a new Failover cluster for a billing environment (first time I'm touching clustering), and I am entertaining the option of using Windows Server 2012. For those that run Windows clusters & SQL clusters, if you had to, would would choose to make a new Windows Server 2008 R2 Failover cluster for MSSQL 2008 R2, or go with a Windows Server 2012 Failover cluster running MSSQL 2008 R2? How is Windows Server 2012 as a platform for Failover Clustering right now?
|
|
#
?
Aug 23, 2013 07:15
|
|
|
IS your current SQL data on a SAN or locally on the server? Also, does anyone have any info on how you're supposed to deploy 8.1 to domain users?
|
|
#
?
Aug 23, 2013 09:49
|
|
|
incoherent posted:IS your current SQL data on a SAN or locally on the server? It will be on a SAN when we rebuild it. We are currently doing a HW refresh for this project.
|
|
#
?
Aug 23, 2013 09:51
|
|
|
Yaos posted:I've gotten SCCM 2012 going with the Windows Noob guide, but I don't understand anything at all. I'm just following a guide but I have no idea what's going on or why anything does what it does. The most confusing is endpoint protection, turning on the role instantly starts deployment to SCCM clients. I thought I would have a chance to play around with deploying it myself, but it just did it on it's own. I know it might be too late for this, but the best thing to do for any single module testing is create a custom Client configuration JUST for that module (Administration > Client Settings > Create Custom Client Device Settings). Create a Device Collection with just your test machine as a member and deploy the custom Client to that. Another good idea (or at least it was for me) is to set up an Auto Deployment for Endpoint updates (Software Library > Software Updates > Automatic Deployment Rules). Have it filter for Article ID 2461484 and Update Classification "Definition Updates". MyLightyear posted:I'd recommend the Exchange Connector for that alone. Show your Exchange guy the reporting benefits it gives him and he should come round :-) Thanks for the suggestion. I did end up talking him into letting me make the connection. Turns out our boss has been asking him for regular reports on devices connected to ActiveSync and he's been trying to make the scripts himself. The reports subscription has been a life and time saver on more then one occasion.
|
|
#
?
Aug 23, 2013 14:03
|
|
|
Swink posted:Sweet. How do your users find it? I can only assume they love it. I honestly forget exactly what I did that caused it (I think I was messing with the IPv6 interface), but it definitely caused the 4to6 DNS translation to stop working, so it could happen with changing the v4 address too I suppose. DA isn't very transparent in what it's actually doing and there isn't any visibility or configuration for that translation process which was frustrating - I could tell what was wrong but didn't have a way to see why. Since I'm thinking of it - we had one user who had problems getting onto a captive portal at a hotel once we deployed DA to their machine, but I'm not sure that was actually caused by DA. I've walked around to pretty much every hotel and coffee shop in downtown Denver and haven't had any problems with their portals.
|
|
#
?
Aug 26, 2013 15:20
|
|
|
I don't know why I can't wrap my head around this because I'm sure tons of people out there do this. We want to clone our production application stack (4 Windows domain-joined VMs plus a domain controller) at will to an isolated network for testing. Everything is on VMware. IP address schemes are identical since it's on an isolated network. When I clone there are two issues. One is that VMware gives each VM a new MAC address, so each VM thinks it has a new NIC. Simple enough, I just give the DC the same IP it had before and everything else gets DHCP addresses. The bigger issue is trust relationship errors at random. I assume this is due to the time lag between snapshotting production and powering up the clones? Does anyone do what I'm trying to do? Do you just rejoin each machine no matter what so everything is happy?
|
|
#
?
Aug 27, 2013 14:43
|
|
|
I've never had trust issues, but I don't do what you're describing all that often. I guess if there's a big enough delay between cloning your DC and your member servers, it's possible that the member servers change their domain password in that interval which would cause issues, so I guess you could disable password changes for those machines for the duration of your cloning process? Or just snapshot everything at once.... Also make sure time is synced correctly between your virtual DC and virtual member servers, maybe NTP is screwy since you're on an isolated network? If the time is far enough askew between the DC and the domain members, they won't correct clocks on their own.
|
|
#
?
Aug 27, 2013 15:59
|
|
|
Hmm. I'm just testing the process now, so I manually clone them separately, whenever I get around to each one. Once it's automated it'll all happen at once, so I guess I won't worry too much about it.
|
|
#
?
Aug 27, 2013 16:13
|
|
|
Erwin posted:When I clone there are two issues. One is that VMware gives each VM a new MAC address, so each VM thinks it has a new NIC. Simple enough, I just give the DC the same IP it had before and everything else gets DHCP addresses. The bigger issue is trust relationship errors at random. I assume this is due to the time lag between snapshotting production and powering up the clones? Does anyone do what I'm trying to do? Do you just rejoin each machine no matter what so everything is happy? If you're having difficulty with random errors in AD, first thing is to make sure that everyone is on the same time reference. All the DCs pull their time from the PDC Emulator which will be (by default) the first DC brought up in a domain. It really doesn't matter if the time is right or not, just that everyone is within 5 minutes +- of that PDC Emulator. If you're in a multi-domain forest, each PDC Emulator will get its time from the one above, and they get it from the root DC from the first domain created in the tree. Also, VMware can overwrite the time on the VMs with it's own idea of what the time is. That can screw up your relationships and replication.
|
|
#
?
Aug 27, 2013 19:18
|
|
|
Are there any Microsoft official documents on the best way to go from a Windows 2003 domain level (running std ADDS roles + DHCP server) all the way to a Server 2012 domain?
|
|
#
?
Aug 29, 2013 22:00
|
|
|
This probably isn't a bad place to start. I'm sure there's lots of blogs and stuff out there as well as it's a very common upgrade path right now with 2003 going EOSupport next year. http://technet.microsoft.com/en-us/library/hh994618.aspx
|
|
#
?
Aug 29, 2013 22:06
|
|
|
Wicaeed posted:Are there any Microsoft official documents on the best way to go from a Windows 2003 domain level (running std ADDS roles + DHCP server) all the way to a Server 2012 domain? How quickly do you have to do this? You could wait until early next year and just go to 2012 R2 (I know it comes out in Oct, but I like waiting a few months in case of crazy bugs).
|
|
#
?
Aug 30, 2013 01:27
|
|
|
Wicaeed posted:Are there any Microsoft official documents on the best way to go from a Windows 2003 domain level (running std ADDS roles + DHCP server) all the way to a Server 2012 domain? Check the IPD guides every time for this kind of thing, it's exactly what you're looking for. If they have one that matches what you're doing, follow it as closely as possible. They lay it all out for you. http://www.microsoft.com/ipd http://technet.microsoft.com/library/cc196387.aspx
|
|
#
?
Aug 30, 2013 02:11
|
|
|
Can anyone tell me why one would use XenDesktop instead of just RDS? I understand that Citrix supports 3d acceleration, remote USB redirection, media playback etc but apparently all of this functionality is available with RDS in 2012 with RemoteFX
|
|
#
?
Sep 2, 2013 04:09
|
|
|
Does Microsoft put Exchange pricing out there anywhere? I'm trying to get an estimate on how much it would cost to implement Exchange but all the information online seems to be comparing internal to hosted Exchange. Going to need new hardware to put it on, and back it up with as well. Ugh.
|
|
#
?
Sep 9, 2013 15:49
|
|
|
|
| # ? Apr 28, 2024 14:02 |
|
|
Bob Morales posted:Does Microsoft put Exchange pricing out there anywhere? I'm trying to get an estimate on how much it would cost to implement Exchange but all the information online seems to be comparing internal to hosted Exchange. Not really. Would be easier and quicker to call someone like CDW to quote you.
|
|
#
?
Sep 9, 2013 17:40
|
|