|
On Server 2008 R2 FSRM, under Share and Storage Management when I list shares, what would cause a normal file share to appear under the section for "SMB shared folder (partial)"? The only other entry in this section is IPC$. Nothing is different about this share from the other shares on this system, and every other share is in the other section labelled "SMB shared folder".
|
# ¿ Nov 20, 2013 20:01 |
|
|
# ¿ Apr 27, 2024 23:46 |
|
Anyone on SCOM 2012 or 2012 R2? I'm curious how you have it set up, VM vs physical, SAN vs local disks, etc. I'd be looking at monitoring 600+ servers.
|
# ¿ Jan 30, 2014 00:51 |
|
Xenomorph posted:This is probably a dumb question: Open Powershell on the server where the share is and run Get-SmbConnection. This will let you verify what SMB version (under the "Dialect" column) the share is shared as. If it's 3.02, I had problems with XP machines and that as well. Never bothered resolving as it was just a test 2012 R2 machine and we're getting rid of our final XP boxes soon.
|
# ¿ Feb 20, 2014 01:30 |
|
In 2008 R2, is there an advanced auditing policy that will audit security options changes in the Local Security Policy? There's options for logging audit policy and user rights assignment changes, but I can't find a way to audit changes to the actual Security Options section.
|
# ¿ Feb 27, 2014 20:43 |
|
dotalchemy posted:This is a bit of a shot in the dark, but do the VM's have their NIC set as vmxnet3? If yes, try setting it as E1000 instead. The image that WDS uses to stage from doesn't have the vmxnet3 drivers afaik. vmxnet3 is much better than E1000 though, solved some issues we were having like excess CPU overheard. vmxnet3 does need tools installed first though. vvvv Good point, I misunderstood. CLAM DOWN fucked around with this message at 20:05 on Mar 6, 2014 |
# ¿ Mar 6, 2014 20:02 |
|
TheDestructinator posted:Thanks for the recommendations guys, these technet labs are definitely helpful. Totally depends on experience, company size, and whereever the hell this "tri-state" area is. I'm in Vancouver BC and you wouldn't get NEARLY that much here.
|
# ¿ Mar 7, 2014 20:58 |
|
lol internet. posted:I got my initial SCCM experience there, and they were paying me 45k/year. This was not just administration, I set it up from scratch and scaled it across multiple remote offices. Obviously didn't stick around their that long because I knew I was getting the shaft. Pretty typical for Vancouver IT, salaries are all on the low end with a super high cost of living
|
# ¿ Mar 8, 2014 03:10 |
|
nahanahs posted:I have an MSSQL server where the SQL Server service gets disabled by SYSTEM for some reason I can't figure out. Based on the event logs, nothing's crashing or anything. It just casually disabled the service and then stops the server and agent services. Anyone have any ideas what's causing this? While I'm not sure why that's happening without looking at your setup closer, why are you running it as SYSTEM? You should be using a service account, an MSA if you're on AD.
|
# ¿ Mar 12, 2014 17:03 |
|
Docjowles posted:Also you can limit the scope of what Windows handles to just your Windows machines and internal AD records. Yeah this is a good way of doing it and what I have experience with. You should always put DNS on domain controllers or you're just asking for problems and slowness, but definitely forward anything non DC-related to another DNS server if you want to use bind or something.
|
# ¿ Mar 18, 2014 23:10 |
|
Bandwidth saving replication is exactly what DFS is built for as well.
|
# ¿ Mar 25, 2014 19:15 |
|
skipdogg posted:Does anyone use a really smart monitoring suite? Our monitoring situation is...less than ideal right now and it's giving us some headaches mostly with tons of false alerts. I'm looking for something smart, that can be configurable, like a workflow. Process monitoring would be nice as well. It's not much help if you can ping the server OS if the critical process running on it is locked up or crashed. I only have limited experience, but SCOM is probably a really good idea for you. Especially if you're a primarily Microsoft shop, but I think SCOM 2012 supports Linux monitoring as well.
|
# ¿ Mar 26, 2014 21:39 |
|
dotalchemy posted:I want to say "yes, pretty much", but be careful with the SQL server if you're using Windows authentication to manage access, as hose accounts will no longer be valid. Basically, make sure you know the SA account password. I was gonna post this, I usually use mixed mode authentication so have an active sa account, but if you use Windows only then make sure to generate a local sa login with sysadmin rights on the instance first.
|
# ¿ Mar 28, 2014 17:36 |
|
Wicaeed posted:Alright, I loving hate RPC (probably because I don't really understand how it works). Way too in depth, but interesting if you use RPC a lot: http://blogs.technet.com/b/askds/archive/2012/01/24/rpc-over-it-pro.aspx Basically you can see the first and third arrows in that diagram are the initial requests on ports, first the mapper (135) then the dynamic port (49152-65536 for a DC). I can't recall how I originally wrote a rule for this (we have a hardass networking guy too so I get it). I just apply the same rule object when I need RPC for 2008/2008 R2 now, but I believe you only need to allow client initiated.
|
# ¿ Apr 4, 2014 03:14 |
|
MC Fruit Stripe posted:What does this mean? "Dogfooding" is when a company runs their own product internally so their employees can use it, be familiar with it, test it, and help improve it.
|
# ¿ Apr 6, 2014 08:26 |
|
Bit late: I only use .local for completely private/segregated/non-public domains or test/lab environments, there was some reason I did that but have since forgotten.
|
# ¿ Apr 15, 2014 20:33 |
|
Riso posted:Either it was to try and crash Mac OS X or you followed some old rear end poo poo guide by MS. Honestly, either could be true.
|
# ¿ Apr 15, 2014 20:36 |
|
redstormpopcorn posted:The guys in my position prior to me didn't really have a system for cataloging software licenses beyond "copy of receipt in disc case maybe with username scribbled on it" and I'd like to fix that. Would a KeePass DB separated by program, subdivided by user be a decent way to do it, or is there something better out there for a 20ish-user operation with a bunch of Adobe keys floating around? Even a common spreadsheet would be better than that.
|
# ¿ Apr 17, 2014 20:22 |
|
Bob Morales posted:Ran into an interesting setup today. Imagine a bunch of folders on a file share: Big company with specific permission needs, that's how we do it.
|
# ¿ Apr 30, 2014 16:12 |
|
Good new thread title.
|
# ¿ May 10, 2014 02:23 |
|
Interesting timing, I think the Linux guys here are trying out Puppet right now too.
|
# ¿ May 14, 2014 18:50 |
|
Riso posted:Alternative reasons to stockpile alcohol: BlackBerry Enterprise Service.
|
# ¿ May 21, 2014 17:21 |
|
kiwid posted:Anyone here use HP servers? We are currently using Dell which we've never had any issues with except when it actually comes time to buy Dell hardware. We've gone through like 10 Dell reps in 5 years, each one taking several business days to respond to us which usually leads to getting perfect quotes a two-week ordeal. On the other hand, our CDW rep who deals mostly with HP is wonderful and is near instant contact. We're considering switching to HP hardware for this reason alone. Anyone have any comments regarding the two? The only downside to HP that I know of is their brutally awful website and their 100 model loving lineup, I never know how to choose hardware. We're starting to move to Dell from IBM ourselves, haven't seen an HP server in years. Is the support or lack thereof your biggest issue with Dell?
|
# ¿ May 21, 2014 18:49 |
|
kiwid posted:The process usually goes like this: Request quote > 1 business day later > Receive Quote > Modify Quote > 2 business days later > Receive incorrectly modified quote > Note errors > 2 business days later > Get quote. If you add any complexity at all then it get's even worse. That's like my problems right now, but we're a pretty big company so it's our internal purchasing giving me a headache rather than Dell. I had to use their support last week to replace a dead-on-arrival 10GbE PCI card, and they were fast/helpful/accurate, it was like night and day compared to loving IBM's support which makes me want to drink.
|
# ¿ May 21, 2014 19:50 |
|
Loten posted:How do you guys feel about big drives on file servers? The main file server at my work has an 8TB drive which has pretty much everything on it. Everything in this case being user home drives, departmental shared drives, assorted public folders. Historically I've kept each disk to 2TB max but something tells me that was originally done because of a VMware limitation in <5.0. I don't see a problem with large single disks provided they're LUNs on a SAN so you get that redundancy and performance.
|
# ¿ Jun 5, 2014 08:41 |
|
Crossposting this from the general IT thread, it got lost amidst job interview discussion: How do you guys manage file server quotas? I'm talking central file servers with hundreds of shares and in the many terabyte range. Do you thick or thin provision quotas on drives, ie. say you have 100 quotas on drive D:, can every quota reach 100% and not overfill the drive? This is a Windows Server 2008 R2 file server, not that it matters because this is more a matter of policy.
|
# ¿ Jun 11, 2014 22:40 |
|
This new MS security webcast format on ustream sucks poo poo.
|
# ¿ Jul 9, 2014 19:10 |
|
KS posted:Very curious what other companies (the bigger the better) use to keep HR information in AD up to date -- job titles, managers, etc. It's something we struggle with. I know some previous companies I've worked for have had HRIS apps that tie into AD, but there's nothing like that here. In-house script/program with an approval method, linked to PS commands which alter AD. Large company (5000+).
|
# ¿ Jul 10, 2014 17:29 |
|
BaseballPCHiker posted:I'd be interested to see how that is structured if you are allowed to share anything about it. We're starting to get big enough that it's a pain for HR to hand us paper forms for new hire and then have someone do enter all that info in manually. I know their are some 3rd party apps out there but I've never heard good things about them and flat out refuse to just give someone in HR full AD access. I'm really sorry but I can't share anything about it If you're just doing things manually by paper now, I highly recommend looking into Powershell's AD cmdlets, you can even design a basic form with .NET in Powershell to allow you to input this stuff, it could simplify your life a lot.
|
# ¿ Jul 10, 2014 17:52 |
|
BaseballPCHiker posted:I've worked a little bit with powershell's AD cmdlts to generate some useful reports but dont really have any experience with .net. Any useful links or reading suggestions? I started with very basic with text input boxes to feed my scripts things, starting with learning from links like these: http://technet.microsoft.com/en-us/library/ff730941.aspx http://blogs.technet.com/b/stephap/archive/2012/04/23/building-forms-with-powershell-part-1-the-form.aspx After learning and practicing the basics a ton I now can make pretty complex GUIs in Powershell with .NET Winforms and it's really useful and powerful.
|
# ¿ Jul 10, 2014 18:06 |
|
Mr. Clark2 posted:What are y'all using for MDM? We're curently planning a deployment of approximately 100 ipads for students and need software to remotely manage them. We'd like it to be as close to 0 touch as possible. I know about the big ones like Mobile Iron and Maas360 but I'm interested in hearing about how these things actually work in a production environment and peoples experience with them. BES. loving kill me.
|
# ¿ Jul 11, 2014 18:50 |
|
nexxai posted:Yeah, I thought 0x8 was what you needed, not 0x1. If you use 0x1 you have to set a registry key for the polling interval as well. (I think, it's been a while) e: yeah found it: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
|
# ¿ Jul 12, 2014 00:39 |
|
nescience posted:doh. Windows 7 and 2008 R2 have the same kernel version (6.7.7601).
|
# ¿ Jul 16, 2014 22:23 |
|
Martytoof posted:Let's talk about DFS for high-availability of a network share. Trying to understand what part of DFS you're looking at network traffic for, the namespace queries alone or DFSR? DFSR is pretty efficient and replicates changed blocks, and you can set schedules and throttles on each replication group. Namespace queries are all done via the nearest domain controller using AD site cost, there's a whole referral ordering system in the namespace too. I'm the DFS/file server admin here so I'm definitely interested in helping you and taking a look at this!
|
# ¿ Jul 21, 2014 20:16 |
|
Martytoof posted:I think it's the namespace queries. Basically in my lab tests I was successfully able to bring up two file servers, create a \\mydomain.blah\shares\testshare, edit testfile.txt in that folder, bring the active DFS server down, then edit and save testfile.txt after it fails over to the second. My problem is that this failover took a good minute or so. I'd love to tune this down to sub-minute recovery, and everything I hear is that this will basically increase the namespace requests going out to the network from clients. I don't really know if it's significant or not for the number of clients I'm working with It will, but you want to make sure you have the namespace set to "Optimize for scalability" which means it will always poll the nearest DC rather than the PDC. I'm guessing you may have it set to "Optimize for consistency" which is the default. Once it's set to poll the nearest DC I don't think that should be a problem, having increase traffic, assuming you have a domain controller in each site. I haven't tried before what you're trying to do though, getting that interval down super low, I think I have it set to 5 minutes right now.
|
# ¿ Jul 22, 2014 00:09 |
|
What is the MS best practice for share permissions on file servers? Domain Users (or similar) with read/write or full control, then restrict with NTFS permissions? I can't find it written anywhere or any kind of technet reference.
|
# ¿ Jul 23, 2014 20:45 |
|
Moey posted:I have always done read/write for everyone, then lock it down with NTFS permissions by security groups. I want to avoid "Everyone" because well that's a generally bad idea security-wise, so I was just gonna use Domain Users or even Authenticated Users for read/write. I was just hoping to find an official or semi-official reference for this so my manager can see written proof and approve it for me to implement
|
# ¿ Jul 23, 2014 20:51 |
|
thebigcow posted:Roughly how lovely is Server 2008? I never hear anything about it. It's the Vista server OS. Use R2.
|
# ¿ Jul 25, 2014 05:11 |
|
kiwid posted:What is the preferred way to setup a file server, do you guys share out the root folder and control all sub folders via NTFS permissions or do you share out each folder as a separate share? Using your case, I share out all subfolders so I'd have 10 shares there. Quotas set on each share root as well.
|
# ¿ Jul 28, 2014 01:50 |
|
Yaos posted:I have a question about adding a server to a domain. We have a file server with a few people using local accounts on the server, if I add the server to the domain will they still be able to access their files over the network using their local accounts? I'm pretty sure they can but I just want to make sure before I destroy myself. Thanks! Probably think about migrating them to AD accounts or groups, but yeah local accounts will still work just fine on a domain.
|
# ¿ Jul 28, 2014 19:55 |
|
|
# ¿ Apr 27, 2024 23:46 |
|
hihifellow posted:I swear the domain suffix gets listed as a search suffix automatically upon joining a domain, as in doesn't get listed in the search suffix list under the advanced TCP/IP settings for the adapter so you can't even remove it automatically. I'm pretty sure this isn't automatic, I know there's a GPO for the suffixes and this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DomainNameDevolutionLevel But I don't believe it's automatic on domain join unless I'm just forgetting. e: Oh whoops, I was thinking of the suffix search order list, not the actual suffix setting that does change when you join a domain, sorry! CLAM DOWN fucked around with this message at 00:18 on Jul 29, 2014 |
# ¿ Jul 29, 2014 00:02 |