|
Make sure you're hitting the FQDN (.local or whatever your case is) instead of just the hostname?
|
#
?
Jun 7, 2018 16:31
|
|
|
|
| # ? Apr 25, 2024 11:43 |
|
|
Not a DNS issue. Chrome/Firefox work fine. nslookup resolves correct IP. Niether http://internalname or http://internalname.corp.domain.com work either. edit: I might be on to something here: https://social.technet.microsoft.co...itpronetworking kiwid fucked around with this message at 16:52 on Jun 7, 2018 |
|
#
?
Jun 7, 2018 16:35
|
|
|
kiwid posted:edit: I might be on to something here: https://social.technet.microsoft.co...itpronetworking 
|
|
#
?
Jun 7, 2018 17:19
|
|
|
Does Edge do fallback to IE 6/7/8 rendering modes for intranet sites like IE does by default? I had to push a GPO to turn that off for a site that only support IE 10/11 and rendering it in IE6 mode broke the hell out of it.
|
|
#
?
Jun 7, 2018 17:34
|
|
|
BangersInMyKnickers posted:Does Edge do fallback to IE 6/7/8 rendering modes for intranet sites like IE does by default? I had to push a GPO to turn that off for a site that only support IE 10/11 and rendering it in IE6 mode broke the hell out of it. No I do not believe it's even capable of running the older compatibility modes. Probably why they still include IE with Windows 10.
|
|
#
?
Jun 7, 2018 18:12
|
|
|
Does HP have a driver/BIOS update tool similar to Dell Command | Update?
|
|
#
?
Jun 7, 2018 19:22
|
|
|
kiwid posted:Does HP have a driver/BIOS update tool similar to Dell Command | Update? http://ftp.hp.com/pub/caps-softpaq/cmit/HP_SDM.html
|
|
#
?
Jun 7, 2018 19:23
|
|
|
Just don't check everything when you use that. Make intelligent choices.
|
|
#
?
Jun 7, 2018 19:29
|
|
|
.
a_pineapple fucked around with this message at 11:59 on May 7, 2019 |
|
#
?
Jun 10, 2018 22:21
|
|
|
So I’m helping one of our devs trace out a deployment issue that has cropped up recently. We have some .net apps that run on 2008R2 IIS servers. During deployments, part of the script is that it will attempt to stop the app pools one by one, however some process or handle has been causing random pools to exceed the set timeout. It’s completely sporadic, twice this afternoon we tested redeploying to our dev servers and they all went through the process fine. I’ve started looking at DebugDiag, but I’m not 100% sure what I’m supposed to be looking for.
|
|
#
?
Jun 13, 2018 00:28
|
|
|
Anyone ever seen GPO be EXTREMELY slow to process on a Windows server following a reboot? I've been sitting here at a login screen for 20 minutes while each policy takes 1-2 minutes to apply to the system.
|
|
#
?
Jun 15, 2018 20:45
|
|
|
There are gpo logging tools to let you know what step of the process is hanging up on. Are you deploying software through gpo? Are there TOO many gpos, that could be compacted down into one monolithic gpo (not in default domain policy)? Is it detecting a slow link? Are you on a slow link? Have the network driver been updated? Is it waiting for a domain controller to process (vs fallback)? Have you gone through the Group policy modeling wizard? What about Group policy results on the user\computer combo?
|
|
#
?
Jun 15, 2018 20:59
|
|
|
I've also seen GPOs scripts that have a bunch of steps and are timing out.
|
|
#
?
Jun 15, 2018 21:47
|
|
|
huh, seemed to have been a hiccup, as after I logged out & back in everything was fine
|
|
#
?
Jun 15, 2018 23:36
|
|
|
Oh my god, AWS storage gateway supports SMB shares through S3quote:Posted On: Jun 20, 2018 I hope I can roll my NFS share over to this come july.
|
|
#
?
Jun 21, 2018 23:46
|
|
|
That came a bit out of nowhere - Azure Files Sync is still in preview. Good to see cloud tiered storage becoming commoditised, even if it’s only because it works massively in the favour of these companies to encourage people to load hundreds of TB of data into their platforms and charge you to retrieve it.
|
|
#
?
Jun 21, 2018 23:54
|
|
|
While I get the hate if SharePoint it sucks so much less than it did and it’s really perfect for just most files? Shared or mapped drives are so 2000s.
|
|
#
?
Jun 22, 2018 01:57
|
|
|
incoherent posted:Oh my god, AWS storage gateway supports SMB shares through S3 Thanks for the heads up on this!
|
|
#
?
Jun 22, 2018 03:13
|
|
|
Wicaeed posted:huh, seemed to have been a hiccup, as after I logged out & back in everything was fine If you have a tombstoned or firewalled and inaccessible domain controller you can end up in a situation where its a round robin chance that you'll try to attached to that one and get extremely long logon/GPO processing delays.
|
|
#
?
Jun 26, 2018 13:47
|
|
|
For sccm. I made a available install to desktos for a application. I login to a computer and install the application via software center. I goto another pc and it installs automatically I guess because I initiated it via software center. Is there anyway to stop this? I thought device affinity would of but it doesn't appear to. In end up with tons of computers having the install as I'm logging into multiple computers.
|
|
#
?
Jun 28, 2018 02:50
|
|
|
lol internet. posted:For sccm. I made a available install to desktos for a application. This may not be the answer... Did you deploy it to all users instead of all computers? If the deployment is all users, and you the user told it to install, it may be installing for your user wherever you go. This is a guess...
|
|
#
?
Jun 28, 2018 16:57
|
|
|
Apologies if there's a better thread for this; it's in an enterprise context but not quite enterprise-scale itself. I'm in the running for a position that manages a computer lab of some 150–200 computers in a university setting. I had assumed it would be more or less a matter of keeping things running smoothly and making incremental improvements within a framework decided higher up the IT food chain. Turns out that's not the case at all. This division basically has its own IT department independent of the organization's actual IT department, which has basically left them to roll their own everything. What's more, the person I'd be replacing, who had been there for years and years, doesn't seem to have known what he was doing—and wasn't interested in learning. The most glaring evidence of that, to me, is the fact that imaging is done one-by-one with flash drives  So, a massive overhaul is needed. I've been led to believe I'll have significant latitude to make changes, but my experience with setting up something like this from the ground up is, uh, thin. I've definitely got some studying to do, but I'd like to start getting a sense of what constitutes best practices in this sort of environment rather than blindly muddling through. I don't have a complete picture of the place's assets and needs yet, but the gist is that the lab is currently sort of a hodgepodge of iMacs and Dell all-in-ones of various vintages, most of them older than any reasonable replacement cycle would involve. Many of the iMacs are currently dual-booting Windows, with Windows making up the vast majority of their use. The student body is only a few thousand, and I think they use Active Directory to authenticate users. I'm not sure what sort of server resources are available to this department. Sorting out deployment and administration seems like it should be my first order of business (after getting a better picture of what the hell's going on over there). What tools should I be looking at for this sort of use case?
|
|
#
?
Jun 28, 2018 20:21
|
|
|
Beefstorm posted:This may not be the answer... Even then this shouldn't be occurring. Are you on current branch?
|
|
#
?
Jun 28, 2018 20:28
|
|
|
Start digging in to doing network deployments. MDT is going to be your tool of choice for Windows.
|
|
#
?
Jun 28, 2018 20:29
|
|
|
That all sounds fairly normal for a university. There's usually 100 different departments all doing their own "IT." The people who work for them (generally, don't murder me university folks) are comfortable in their ways and don't try to push the envelope, often times because of the bureaucracy involved. Set up Windows Deployment Services or FOG. Check out DeepFreeze or RebootRestoreRX. Figure out how you are going to push updates, either by just re-imaging machines or using something like WSUS or PDQDeploy. Document, document, document.
|
|
#
?
Jun 28, 2018 20:33
|
|
|
Beefstorm posted:This may not be the answer... Sudden Loud Noise posted:Even then this shouldn't be occurring. Are you on current branch? One behind current branch. I plan on going to current branch this weekend. I deployed to the PC and not the users. Not sure if this will affect it I assume it should not. The application has 2 deployments. The first deployment is "install for system" which installs the MSI The second deployment is "install as user" and "when logged in" which copies a file/folder into the users appdata directory (this is for the application config.)
|
|
#
?
Jun 28, 2018 22:20
|
|
|
Internet Explorer posted:That all sounds fairly normal for a university. There's usually 100 different departments all doing their own "IT." The people who work for them (generally, don't murder me university folks) are comfortable in their ways and don't try to push the envelope, often times because of the bureaucracy involved. My current job is at a different university, so I can definitely attest to people being comfortable and set in their ways—frankly, I myself spent too long content with my current position. The extent to which IT functions are fragmented among different entities at the other place did come as a shock, though. Where I am now, there are a few servers managed by random professors, and we're not all the way there yet on centralizing hardware and software purchasing, but most technology-related issues do involve a single university-wide IT department. The place I'm waiting to hear from actually does have a relatively big IT department that ostensibly plays that sort of role, but in practice it seems to have a rather narrower focus, leaving a bunch of other departments to fend for themselves. I'm big on documentation, so whatever I do will be meticulously recorded, but it's an open question how much I can get coworkers to play ball. As things stand now, they don't seem to have any kind of ticketing system, knowledge base, version control, etc. I'd like to see all of that implemented, but I won't be in a position to make that call for anyone but myself and maybe a subordinate or two, so it'll be a lot of leading by example. Thankfully, the new place does have Deep Freeze, which I have experience with, so that's one piece already in place. How about SCCM? It offers integration with several of the tools discussed so far, so is there any downside to having it in the mix? I get the impression that it's a step up in complexity, but I need more than just an imaging solution anyway. It sounds like it's arguably overkill for the number of devices I'd be managing, but I'm eager to learn, and I'd like to have scalability in mind from the outset. I don't want to keep that job 'til I die, and I don't want that job to stay what it has been, either.
|
|
#
?
Jun 28, 2018 22:41
|
|
|
Thoughts on the best way to learn MIM / FIM?
|
|
#
?
Jun 29, 2018 02:11
|
|
|
Tab8715 posted:Thoughts on the best way to learn MIM / FIM? Try not to. There’s a couple decent blogs on it, but it’s one of those what do you need it to do products.
|
|
#
?
Jun 29, 2018 03:25
|
|
|
skipdogg posted:Try not to. Especially since Azure AD can do alot of what MIM does, and sometimes more. Save yourself the hassle and just get Azure AD Premium.
|
|
#
?
Jun 29, 2018 12:51
|
|
|
So I want to say I've looked into MIM heavily and spun up a test environment that I really didn't do much with. I did this last year so any statements I make should be taken with a grain of salt from my view a year ago. The 2016 documentation at the time I spun up the test environment was complete trash. Half completed articles and constant references to the 2012 and earlier versions. Pretty sure one of the steps was to install sharepoint 2010 when that actually wouldn't work. So MIM in my opinion is one of those tools that's super powerful, but how you use it depends on what you need it to do. Like SCCM for instance. Many people only use it for a small percentage of what it's capable of doing. The biggest challenges are getting MIM to interface with other systems. You have to be part admin, part programmer really, or have resources that can handle the programming part for you. I also didn't find a ton of resources out there on the internet for it. Not like SCCM or other Microsoft tech. There seems to be a few big consulting companies that work with MIM, so some information is out there, but nothing like the parts of System Center. We were looking at using MIM to integrate AD with 2 different HR systems, O365, a legacy LDAP system on premise, and a few other applications. I didn't have the knowledge to pull it off, and identity management is technically handled by another team, so they're using a product they picked.
|
|
#
?
Jun 29, 2018 17:03
|
|
|
skipdogg posted:
What is your use case that you need a 3rd identity platform when you already have AD and AzureAD?
|
|
#
?
Jun 29, 2018 17:11
|
|
|
The Fool posted:What is your use case that you need a 3rd identity platform when you already have AD and AzureAD? Primary goal was to automate a lot of the identity life cycle. Currently it's a mostly manual process that sucks and is time consuming. Being able to connect to the 2 different HR systems, a legacy on premise Linux LDAP server, other cloud and on premise apps, and then automate provisioning of identities, and then open up a lot of self service. One example HR uses Taleo to manage contract employees. FTE's are managed in Oracle. A contractor is always provisioned with an end date, and we set the AD account to expire the day their contract is set to end. If that end date changes, HR has to submit a ticket to IT for us to manually update the end date. Guess what happens? (They don't submit the ticket,the account expires, we pay contractors to not work) Guess why we had to start provisioning contractors with AD Account expiration dates? (HR wouldn't off board contractors leaving unused active accounts in AD) Guess who gets blamed come audit time? (IT of course) By automating and integrating with the HR systems we put the ball back in HR's court. I haven't messed with Azure AD in about 2 years, not sure what it's current capabilities are. It was just getting to the point where there were API's for some cloud apps that handled provisioning, and maybe some Workday integration as far as user management went. It's definitely the way to go though if meets your needs.
|
|
#
?
Jun 29, 2018 17:40
|
|
|
I ask because I manage our identity platform, which is admittedly less complicated than yours. Our HR system feeds into on-prem AD, which then syncs to AzureAD. Every other service connects to either the on-prem AD or AzureAD. I just have a hard time imagining a situation where the additional complexity of another identity platform is needed.
|
|
#
?
Jun 29, 2018 17:46
|
|
|
Larger company (15K users), with tons of legacy stuff hanging around. I still have AD domains online for companies that haven't existed in 10 years that I can't get rid of. (Like no poo poo I have at least 9 AD domains right now from previous companies we acquired, one of them only has 2 active servers and 1 active user account but we have to keep that data online for a while longer) In our case it's not really it's own identity platform, it's more of middleware that connects all the existing identity platforms we already have together. The multiverse aspect of it lets you do attribute mapping across different systems.For example mapping the Oracle "UserName" or "WorkEmail" fields to the "mail" and "sAMAccountName" fields in AD can be done. We already have multiple identity platforms around, this would just let them all synchronize in an automated fashion and can establish one as authoritative (Oracle is auth for employeeID, if gets changed anywhere else it will be overwritten). We're using the NetIQ product to handle this instead of MIM though. Same concept though. central multiverse connecting and synchronizing multiple identity resources.
|
|
#
?
Jun 29, 2018 18:23
|
|
|
Teams Direct routing is now GA https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Direct-Routing-is-now-Generally-Available/ba-p/210359 Some SIP trunking partners to remove the need for an SBC are launching products as well.
|
|
#
?
Jun 30, 2018 19:57
|
|
|
skipdogg posted:Larger company (15K users), with tons of legacy stuff hanging around. I still have AD domains online for companies that haven't existed in 10 years that I can't get rid of. (Like no poo poo I have at least 9 AD domains right now from previous companies we acquired, one of them only has 2 active servers and 1 active user account but we have to keep that data online for a while longer) This is the kind of stuff I need to learn as I trying my best to work through bizarre tickets were a few dozen users have multiple accounts but don’t merge or provision correctly. I’m starting to spend the majority of my day looking a the sync engine console trying to find out why a connector didn’t project into the metaverse but hey it’s working for 100,000 other people!
|
|
#
?
Jun 30, 2018 20:33
|
|
|
I'm trying to set up Bitlocker encryption in our domain. So far we have encrypted all our OS drives straight out of the SCCM task sequence where everything is working exactly as it should. All computers are getting encrypted and the recovery keys are making their way into AD as they should. But now I have gotten the task to make sure that all secondary drives (d:\ etc) are also encrypted. I tried looking at group policy to do this, and here is where my questions start. Am I right in that there is in fact no "encrypt this drive" GPO? I found lots of GPOs that set how an encryption is supposed to happen but none that actually trigger it. If so, is it the usual procedure to just use a Powershell script or something similar to actually trigger the encryption myself? As things look, how I am planning to do this is to use a script like the following: code:
|
|
#
?
Jul 2, 2018 12:59
|
|
|
peak debt posted:I'm trying to set up Bitlocker encryption in our domain. If you're licensed for it, take a look at MBAM (https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25). It requires an agent but allows you to easily manage encryption for secondary or removable drives.
|
|
#
?
Jul 2, 2018 13:41
|
|
|
|
| # ? Apr 25, 2024 11:43 |
|
|
We threw in the towel attempting to encrypt secondary drives via bitlocker and just use stuff like this: https://www.amazon.com/Apricorn-Har...CS9WXKN65KC23QB Bitlocker works great for drives that are permanent/semi-permanent, but once you have drives that are extremely mobile it becomes a pain. This was about a year ago maybe a little longer that we tried it, things might have gotten better, I'm not sure.
|
|
#
?
Jul 2, 2018 17:27
|
|