|
lol internet. posted:Good info... Pricing - it's hard for me to say directly as pricing I've seen has always been effected by EA or some other licensing agreement. At my last job it was something around $7 per client and the server was free. Again, that was covered by an EA. My new job has a partner account so it's free for internal use (for as many clients as we have). Perhaps someone else can chime in with more useful experience there. I've found this tool - SCCM Client Center to be a big help with troubleshooting and forcing installs. It'll let you override service windows, re-run advertisements, and recycle policies if something is messed up. There's a number of scripts and stuff out there that will affect installs as well, though I haven't had to use them.
|
#
¿
Feb 5, 2011 22:21
|
|
|
|
| # ¿ Apr 26, 2024 06:31 |
|
|
marketingman posted:So maybe you or someone else had some questions on how I do this but I'm so rushed I have to drive by answer this, in the task sequence its easy as pie to have it run a script that evaluates "user logged in? yes/maybe" and logs off the user OR any action you want like maybe halting the task sequence with a failed flag and you can then set the task sequence to retry after failures on a schedule if i remember correctly This is totally the right answer. Logoff or reboot first and then run the package. Set the advertisement time for after hours and you're good to go. Screw the user and their "I have to stay logged on overnight because I can't open Outlook and my web browser in the morning" attitude.
|
|
#
¿
Feb 21, 2011 22:31
|
|
|
quote:Can you elaborate on its remote control capabilities? If my organization went with SCCM (which is becoming increasingly likely) I would definitely learn it and use every inch of its capabilities. I really want something that will let me easily see the users active session (sorry for harping on this) because i have many users who couldn't be talked through starting remote assistance. It uses the remote assistance engine, but is completely admin driven. The request comes through the SCCM client on the machine, and they can get an acceptance prompt, or not. The user is notified that someone is connected. There's little to no user interaction required for the session to take place with the correct settings. The most intensive interaction would be accepting the connection, which should be easy. The only caveat is that the SCCM server has to be able to see and communicate with the client.
|
|
#
¿
Mar 10, 2011 06:07
|
|
|
I've run into an odd behavior that I'm not sure I can blame on SCCM. We use SCCM to patch our servers. We've got a few collections for this:code:To describe: the Maintenance Windows are assigned to the MW collections and patch deployments are assigned to the PM - Dev and then PM - Prod collections. We ignore the stuff in PM - Hold. Not all servers are in one of the MW collections, so some don't have any Maintenance Windows at all. The behavior I've seen is that normal packages don't deploy without a window because they just sit and wait, which makes sense. What doesn't make sense is patch deployment. I set the availability of the patches for about an hour before our maintenance window, and the deadline for the time I want stuff to install. This works on servers that have a maintenance window as expected. On servers without a window, the patches seem to install at a random time (which happens to be during the day every time - which sucks). It's happened a few times, and I might be able to chalk it up to error - maybe they were thrown into the wrong MW collection at some point, though I haven't seen this happen. I check the MW of the computers through the report and on the client side and they show no windows available. Has anyone seen this behavior with patches? I'm running 2007 R2 SP2. I've tried trolling through the CCM logs on the computers but have yet to find a reference to waiting for a window or similar. The computers with maintenance windows all mention it before executing patches. The other computers just up and install and reboot.
|
|
#
¿
Mar 22, 2011 21:36
|
|
|
lol internet. posted:Check rsop.msc ? Verify its pointing at your SCCM server and that it's not set to "automatically install/automatically download" or any of those Install automatically options. I'll check that stuff. I inherited the SCCM setup from someone else and never really thought to look at the GPO settings. I think it's all correct, but it won't hurt to verify.
|
|
#
¿
Mar 24, 2011 05:15
|
|
|
lol internet. posted:Make sure you run rsop on the machine in question. That appears to be the case for me too. We've got a policy that tells it to auto download but prompt for install on the server in question. Still investigating why it rebooted.
|
|
#
¿
Mar 24, 2011 17:26
|
|
|
It might be an issue with 2k8. By default it uses an authentication method that Samba doesn't support, but it will fall back to a less restrictive one if that fails. I read about that in an article just yesterday. You might try finding some settings (in local policy perhaps) relating to NTLM versions or look around on Microsoft's site for slow 2k8 login with a Windows 2000 PDC - that would simulate a similar environment to Samba. I've seen the settings before but I'm drawing a blank right now. Sorry for not being more specific, but hopefully it helps.
|
|
#
¿
Mar 25, 2011 14:46
|
|
|
Intoxication posted:If the customer has chosen to purchase Open License versions of Office 2010, and decides to not pay again after 2 years, does he retain the right to use Office afterwards? Does he only lose the right to upgrade to the latest version, the home use stuff and all that jazz? Yep. You just lose ongoing SA benefits and benefits from your license agreement are no longer available. Any licenses you purchased and paid for over your 3 year commitment stay active as of the last day of the commitment (you could potentially upgrade within that time frame).
|
|
#
¿
May 17, 2011 19:39
|
|
|
Telex posted:on SP1, IE9 is the default installed browser so there's no add/remove... and I'm stumped. I may just let them deal with it in the name of not pushing out old builds of Windows in a fresh all new machine environment and whatnot. IE9 has compatibility modes - you might try forcing the application to run in IE7 or 8 mode to see if that helps. You can temporarily enable it by hitting F12 to bring up the dev tools. I think you can send out sites via GPO, or you could at least push a reg hack to enable it on the site.
|
|
#
¿
May 26, 2011 03:31
|
|
|
quackquackquack posted:I would love an "at startup" condition in SCCM. You can require users to be logged off and force logoffs too. Try exploring the task sequence options - they can enable a lot more state checks than a basic package deployment, and they aren't only for OSD.
|
|
#
¿
May 26, 2011 03:35
|
|
|
quackquackquack posted:Yes, but when do you force logoffs for laptop users? Desktops are not an issue, since they are on at night, bu laptop users have to lock their laptops in a drawer at night, or they take them home. You'll have to make that decision likely with management approval. For an example, at my last job laptops were all required to have packages installed by 7am (intentionally just before standard work hours). Notifications were sent out via email and if users logged in when they got to work (around 8am) the package gets installed and they are forced to reboot within 30 minutes - in case they managed to open up anything important. Sometimes all you can do is warn users and it might take a bit of a culture change to get something like this in place. Culture changes certainly require sponsorship from management, the higher the better. The packages were advertized for a few days before any deadline so if they wanted to manually install they could (directions were published in the notification email).
|
|
#
¿
May 26, 2011 16:44
|
|
|
lol internet. posted:It seems any company that is SCUP compliant. They released a new SCUP version (2011) just the other day: http://technet.microsoft.com/en-us/systemcenter/bb741049.aspx Still the same supported packages, but it doesn't require a SQL backend and is supposed to be a lot faster. I just implemented 4.0 about two weeks ago, too. Speaking of SCUP, I'm trying to use it to update Dell server software (OpenManage and Drivers mainly) and it's not detecting anything. Has anyone used it for that? Everything I attempt to deploy comes back as not applicable though the packages will install manually on servers just fine. Adobe's support is limited, and I was pissed when Citrix dropped support for it. Patching Citrix servers sucks.
|
|
#
¿
May 26, 2011 16:48
|
|
|
Windows Intune is what you're thinking of. I have no idea if that would let you split things up into separate customers or anything, though they are pushing it for partners to resell, so it seems like you would be able to do something like that. Intune is basically Forefront Endpoint Protection (MSE for business) + hardware/software inventory + remote support in one product.
|
|
#
¿
Jun 9, 2011 05:09
|
|
|
You don't save a lot of money by going with Volume Licensing unless you are buying large quantities. The savings comes with ease of administration and centralization of management. With OEM licensing you have to enter a key every time you install a piece of software. There's no way to automate it. You also need to keep track of all the keys, licenses, etc. Last, there's no way to get an upgrade - if something new comes out you buy that license now. Volume Licensing lets you install on multiple computers using the same key. You can go over your license agreement by a little bit and just true up. This allows for automatic installs of software because the keys are static. Licensing is tracked through your agreement with Microsoft and any licensing partner can look up your license counts and availability for you. You can purchase Software Assurance, which is about 15% of the original price tacked on - this allows for unlimited upgrades for new versions of the software so long as you keep it (think Windows XP Pro to Windows 7 Pro, or Office 2007 Pro Plus to Office 2010 Pro Plus). Over the long run you can save money, but it takes making a larger investment up front. If you check a 4+ year budget spread you will see the savings.
|
|
#
¿
Jun 16, 2011 15:18
|
|
|
Group policy that cuts down everything on the computer except a few desktop icons that are pushed out via policy as well. Software restrictions also would help if you're paranoid. Login as a standard user with limited rights. Think of the computers like a remote desktop session that would be totally locked down. If users can't launch IE, install programs, or plug in a USB drive it would be pretty hard to do anything, right?
|
|
#
¿
Jul 5, 2011 05:27
|
|
|
Trying explaining it as a version 2.0 or version 5.0 or whatever if you want, but use the correct name. Using some fancy buzzword thing will probably bite you in the rear end down the road when it slips that it's still just roaming profiles. Explain the benefits over the older versions with a quick comparison slide of the changes that impact performance and whatnot. Dial the experience to the technical level of your management and then take it one step further so it's like some sort of voodoo they don't really understand, but will want to look like they do, so they approve it. VPs will likely care most about user productivity, lessened support, or some other cost impact, so gear everything towards that.
|
|
#
¿
Jul 5, 2011 17:54
|
|
|
Zero VGS posted:*stuff* 1) You're probably not pointing at the local DC. By default, Group Policy Editor points to one of the FSMO holders - can't remember which off-hand. Point it locally and you'll see faster (instant) updates. 2) You'll need to buy some sort of additional licensing. Thin clients aren't cheaper than traditional desktops, they just change the administration techniques. 3) Sometimes it takes a few reboots for the redirect policies to stick. Try running gpupdate /force and reboot. Rinse and repeat if it didn't work. It can also not work right if permissions on their profile share are jacked up, so verify that. Honestly it sounds like you have a few problems, but many could be fixed by a more knowledgeable administrator. No offense meant, but you need to go take some classes or network with some other techies in the area to learn your trade a bit better. You and your users will be much better for it.
|
|
#
¿
Jul 9, 2011 06:38
|
|
|
kapinga posted:What do you all use for managing updates on "mission critical" network accessible servers like a domain controller? That is, how do you keep such computers secure, without rebooting them for every patch Tuesday? Buy two servers to run the same service and don't reboot them at the same time. Otherwise, put them in lockdown so hard that they will never see the light of day (or internet). You have to understand there is a tradeoff between secure and usable, and at some point it will be unusable but very secure. An alternative would be virtualization (with snapshots taken regularly) or amazing backups. If your server is compromised a restore to pre-compromised state would be used to bring it back online. This is not a good idea, but something that I've seen implemented before in a pinch.
|
|
#
¿
Jul 11, 2011 19:28
|
|
|
Any mentions of what companies provide packaging service? That seems like a really useful card to play if necessary.
|
|
#
¿
Jul 11, 2011 20:11
|
|
|
Kullrock posted:I just got a request from a client. - Any input is appreciated. psexec.exe deltree /y I don't really know what you're getting at with "his setup is HTTPS enabled". I'm assuming you have remote access to the system, which means you can do all kinds of stuff to the perp. Remote wipe is not going to work very well without booting an alternative OS, though, since Windows will freak when you start deleting system files. It will likely take care of the questionable files - or you could target them directly with a batch file or remote access. It might be better to change the desktop to an image saying you've contacted the authorities, call ### to the return the laptop no questions asked. Or just spy on the person for a while and report what he's doing to police.
|
|
#
¿
Jul 19, 2011 15:48
|
|
|
Italy's Chicken posted:What are people using for quick installation or procedural documentation? At the moment, my organization is using word documents, but it's a pain in the rear end inserting screenshots or creating links that change. We tried out Windows 7 built-in tool which works ok, but still requires the word like capability having to precisely edit things. For really quick stuff Word is probably the easiest program that I've found. You just have to know some of the shortcuts to get things going well. Keep things in lists, try to save inserting screenshots for the end, and ctrl+enter to jump to a new page works really well for keeping things together. Wikis work well for documentation too. If you're quick with the markup they could easily be faster than a Word doc, but I'm not so fast and therefor prefer Word. Putting together documentation quickly and well is mostly about getting things setup. Run through the procedure 3 times - first run get some notes about what you did. Second run verify and expand your notes and put them into step by step format. Third run take and insert screenshots where appropriate.
|
|
#
¿
Sep 18, 2011 22:14
|
|
|
evil_bunnY posted:I'd be curious how you'd document an exchange migration. I know this is kinda old, but my information might not apply in that situation. I was talking more repeatable scenarios. Of course, if you're consulting or working for a masochistic company perhaps an Exchange migration is repeated often. In a complicated scenario - lab lab lab. If you've ever worked with an enterprise consulting company you'll realize this is how they develop all their procedures and framework documentation. Of course you can document on the first shot, but a good engineer/admin will have done research up front and outlined the procedure beforehand, so you're really just updating an existing doc.
|
|
#
¿
Oct 12, 2011 04:50
|
|
|
spidoman posted:Obsolete computer stuffs... It should be best practice to create some initial collections based on client health, and then base all other collections off these. I've started using Hardware Inventory age as a benchmark, but you can also include a lot of other limiting factors. This way you can have an old client age out pretty quick and limit reports - though you'll have to create additional versions for a lot of them. This would help you out because then you can keep the old SCCM computer accounts around and refer to them if necessary, but ignore them otherwise. I admit, this practice caused me some major headaches. Once I found out this wonder I had to touch all my existing collections. It also slows down collection refresh since you basically have to limit all collections to your healthy one. Pros and cons I guess. I only manage servers in my SCCM world, so the churn isn't very fast. Also it's a pretty small environment.
|
|
#
¿
Jan 27, 2012 04:29
|
|
|
spidoman posted:Which situation is more common? Everywhere I've worked I've had complete control over everything, but I don't think I'm the norm. My current job has the most separation, mainly due to political separation of teams from a manager level. I have total control, but I overstep my duties if I do anything to help the Desktop team. Our Desktop team is empowered to have access to things they need to do their job, so they have delegated access to AD so they can create GPOs and use them in concert with SCCM. I recently found out they don't have access to some things, but we'd give them access if they asked. That's a different problem. Your second question: information from obsolete clients can be found in a few reports. I have also extended a few of the built-in reports to limit clients that haven't checked in recently. It's not difficult and the limiting definition can be reused again and again. You could do the same in reverse to pull a report.
|
|
#
¿
Jan 28, 2012 01:13
|
|
|
|
| # ¿ Apr 26, 2024 06:31 |
|
|
skipdogg posted:Nothing is wrong with WSUS, we have a WSUS infrastructure in place, but it doesn't meet the objectives of the project I'm working on. Unfortunately I don't have experience with the products you're asking about, but I felt compelled enough to note that I am surprised that WSUS doesn't provide what you're looking for, while SCCM will. The patching is almost exactly the same between the two products, and in my past jobs where I need to comply with auditors I was able to convince them that WSUS did everything they wanted. That being said, I've used other SolarWinds products and they are decent. They have come a long ways in recent years and I would try anything they make now for a low cost alternative to higher end products (given that I don't need high scalability). I think at this point you'd be most concerned with something that meets your audit requirements and you should look for that over all else.
|
|
#
¿
Jun 14, 2012 05:02
|
|