Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Thanks Ants
May 21, 2004

#essereFerrari


You'd have to run those commands on the print server

Adbot
ADBOT LOVES YOU

Hughmoris
Apr 21, 2007
Let's go to the abyss!

Thanks Ants posted:

You'd have to run those commands on the print server

D'oh. I don't have access to that (that I'm aware of). I'm out of my scope and depth on this, will leave well enough alone. I was hoping I'd get lucky that if I knew the NetworkPrinterName I could get the IP, or vice versa.

Thanks for the help!

Internet Explorer
Jun 1, 2005


Hughmoris posted:

D'oh. I don't have access to that (that I'm aware of). I'm out of my scope and depth on this, will leave well enough alone. I was hoping I'd get lucky that if I knew the NetworkPrinterName I could get the IP, or vice versa.

Thanks for the help!

If the printers are registered in AD and the port names include the IP addresses, you might be able to eek something out.

code:
Get-ADObject -LDAPFilter "(&(uncName=*)(objectCategory=printQueue))" -properties Name, portName

Hughmoris
Apr 21, 2007
Let's go to the abyss!

Internet Explorer posted:

If the printers are registered in AD and the port names include the IP addresses, you might be able to eek something out.

code:
Get-ADObject -LDAPFilter "(&(uncName=*)(objectCategory=printQueue))" -properties Name, portName

Get-ADOject is not recognized, I'm guessing because I don't have elevated privileges.

Last hail mary... If I do nslookup <ipaddress> I receive server name/ip and the printer name/ip. The problem being the printer name is in a format like printer-115.domain.com . Anything useful I can take from that to walk to a friendlier printer name? Even if the name was \\serverpath\\printer_01_x.

Thanks Ants
May 21, 2004

#essereFerrari


No, there's no relationship between how printers are listed in DNS and what the 'friendly' name is that the print server publishes queues as.

Internet Explorer
Jun 1, 2005


Hughmoris posted:

Get-ADOject is not recognized, I'm guessing because I don't have elevated privileges.

Last hail mary... If I do nslookup <ipaddress> I receive server name/ip and the printer name/ip. The problem being the printer name is in a format like printer-115.domain.com . Anything useful I can take from that to walk to a friendlier printer name? Even if the name was \\serverpath\\printer_01_x.

Sounds like you don't have the module installed. Do you have local admin rights, or no? If so, you can install the RSAT tools and try again.

nslookup is just looking at DNS entries. There's no given that the DNS entry matches the share name ("friendly name" as you are calling it) and I'd say most places aren't that organized.

Submarine Sandpaper
May 27, 2007



Get-adobject should be fine? That just reads AD and if you can load the AD module without doing some fuckery with your PS drives you should be able to use get cmds.

Whether you have read access to those objects in AD can be another story. I've only seen it with printers and big loving dollar printers to mange cost.

Hughmoris
Apr 21, 2007
Let's go to the abyss!

I don't have local admin rights, they have it locked down (understandably).

To wrap this up: since I can't leave well enough alone, I started poking about a bit more. When I ran Get-Printer on my local computer on the VPN, I saw that it had a printer mapped to a network path with a $PrintServerName. I then ran Get-Printer --ComputerName "$PrinterServerName and that gave a list of printers with their "friendly" name and ports.

I then did a little more sleuthing to find the other relevant print server names. A few more checks and I found my target IP and printer.

At this point I'll read up on a little more PS, put together a simple script that will poll all of the print servers for their list of printers and then check to see if a given IP is in one of them and what the associated printer name is.

The bigger picture is that this is a people/process problem that is outside of my responsibilites but it was a fun puzzle to solve.

Thanks for the help everyone!

Internet Explorer
Jun 1, 2005


That's pretty cool. Good job!

SEKCobra
Feb 28, 2011


Can anyone recommend a good KVM/iLO/whatever solution that's cheaper than 600$ but still does digital?
Basically I want to be able to connect from normal workstations to multiple devices being set up (HDMI/DVI/DP + USB)
So far it seems like you can either get ones with a single HDMI input for 700€ or one with 8 that needs 100€ adapters per input, making it cost 600€ for just one working input.

It would actually preferable if we could do n:n connections, but 1:n would be good enough.

I just can't believe no one has made a cheap generic device for this.

wolrah
May 8, 2006
what?


SEKCobra posted:

Can anyone recommend a good KVM/iLO/whatever solution that's cheaper than 600$ but still does digital?
Basically I want to be able to connect from normal workstations to multiple devices being set up (HDMI/DVI/DP + USB)
So far it seems like you can either get ones with a single HDMI input for 700€ or one with 8 that needs 100€ adapters per input, making it cost 600€ for just one working input.

It would actually preferable if we could do n:n connections, but 1:n would be good enough.

I just can't believe no one has made a cheap generic device for this.

There are a few projects to do this with a Raspberry Pi 4 providing virtual keyboard/mouse and disk over USB-OTG and a video capture device.

https://pikvm.org/
https://mtlynch.io/tinypilot/

That gets you down under $100 per machine, maybe a bit more if you want to wire up power/reset controls.

Anything fancier than that is going to cost you, the market is just too limited.

Thanks Ants
May 21, 2004

#essereFerrari


Old Avocent/whatever they are called gear off eBay seems to be the way to go on this, but there's an 80% chance of encountering a Java applet.

Like wolrah said, it's a limited market. People just buy servers with iDRAC/iLO now because it's hundreds of times better than a KVM.

SEKCobra
Feb 28, 2011


Well our use case is actually having a "setup table" for computers/servers etc. that we are deploying for the first time. It's a major hassle right now because we are running out of space and we only have like one or two setup seats that you have to constantly walk to and from before the OS is setup far enough for remote control.

This should probably be less of an issue for clients at some point in the future when we get our new (fully automated) deployment solution, but servers are still extremly manual labor for us.

I just want to plonk down new hardware, connect three cables and then do the rest from my workstation.
If there really is nothing cheaper, I'll just have to get busy arguing for a 8 connector ATEN unit.

Thanks Ants
May 21, 2004

#essereFerrari


If you only need local control (as in, the next room) then can you can get KVM extenders that bring the USB and video to your workstation. It sounds like you don't need the switching part or the network control which is what makes the KVM expensive.

Or even go really cheap and just extend the HDMI cable, and use a wireless keyboard/mouse and plug the receiver into the server you're building.

SEKCobra
Feb 28, 2011


No, I do need the remote control, as I have several people that need to access the attached devices. Not Necessarily simultaneously, but definitely regularly.

Adbot
ADBOT LOVES YOU

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!



How do you store bitlocker keys in AD on current versions of Windows 10?

code:
Backup-BitLockerKeyProtector $drive.MountPoint $key.KeyProtectorId
Backup-BitLockerKeyProtector : Group policy does not permit the storage of recovery information to Active Directory. The
operation was not attempted.
This setting not longer exists:

Note: Trusted Platform Module (TPM) initialization might occur during BitLocker setup. Enable the "Turn on TPM backup to Active Directory Domain Services" policy setting in System\Trusted Platform Module Services to ensure that TPM information is also backed up.


But as far as I can tell I have the other GPO settings right for Fixed Data Drives and OS Drives



It worked on one of my test PC's but not the other (storing the keys in AD), automatically when bitlocker was turned on and the drive was encrypted.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply