|
WSUS and GPOs for security policies, the rest is handled through Altiris. Poorly. I should know, i'm the one that does it. 
|
#
¿
Jul 13, 2010 15:41
|
|
|
|
| # ¿ Apr 26, 2024 22:48 |
|
|
FISHMANPET posted:Also the loving hidden Altiris boot partition makes me want to hurt somebody. gently caress the hidden boot partition, we don't roll with that poo poo. I'm moderately competent (NS can go to hell and i've convinced everyone we don't need to use it), but God help us if our altiris server ever goes tits-up...our CIO is a cheapass and has refused to get our maintenance contract current, so no access to product downloads, updates, etc...
|
|
#
¿
Jul 13, 2010 20:06
|
|
|
zero0ne posted:devmd01, 6.8 Build 378 SP2. We only use the Deployment Console as we have just purchased DS licenses since the initial setup, not NS/DS licenses. Our NS is a total clusterfuck anyway, there's no way to get any useful information out of it short of purging the entire database, uninstalling company wide, and only installing it on machines we need software inventory on.  Like I said, our CIO is a cheapass and refuses to pay for maintenance support, so we don't have access to upgrades.
|
|
#
¿
Jul 21, 2010 14:03
|
|
|
Alright, who has messed with WDS and DISM? I am trying to get nic drivers integrated into capture/deploy PE images. Using Windows 7 32Bit boot.wim. Followed the updated tutorials in the documentation and others I found online. I have the correct drivers, as manually loading them once pxe booted works just fine. Once I go through the integration steps to update the image, nothing. Any ideas?
|
|
#
¿
Aug 2, 2010 16:51
|
|
|
User migration? What's that? Dump the user profile elsewhere, reimage, have them log in, dump files back. We gives no fucks about your profile customizations. 
|
|
#
¿
Feb 10, 2011 14:49
|
|
|
Altiris 7.1 is out. Hope you have maintenance contracts, suckas!
|
|
#
¿
Mar 24, 2011 02:09
|
|
|
portable s0n posted:I have been churning through these e-learning videos and this product is still a whole new world compared to 6.9. Thinking of leaving 6.9 in production for a while until I can cover all my bases. Can you link me those? I'm going from 6.8, and only using the deployment component at that. 
|
|
#
¿
Apr 11, 2011 19:21
|
|
|
Thank you Jesus for DFS replication. My job has become significantly easier now that we have servers at every site with one-way replication down for a namespace share for all of our application updates/on-site imaging/etc.
|
|
#
¿
May 24, 2011 15:59
|
|
|
1. Super easy with vbscript/powershell and a text input file. 2. Find the install GUIDs, write a script to call msiexec /x for each guid. EDIT: Misread. Manual folder, registry tree, and shortcut deletion with a script may be an option, depending on how involved the app is. 3. Yes, start from scratch. You will need one of every machine type to build for your reference machines, since it's XP. MDT may be able to do this so you don't need reference; I haven't messed around with that functionality as I have one of each hardware type sitting on a shelf for this purpose.
|
|
#
¿
Jul 8, 2011 20:13
|
|
|
Started my project to install and migrate everything to SMP 7.1 today ohgod i have no idea what im doing and i even went to training 
|
|
#
¿
Oct 6, 2011 16:42
|
|
|
Going from DS 6.8 only to setting up SMP 7.1 from scratch is loving melting my brain.
|
|
#
¿
Dec 8, 2011 19:49
|
|
|
I was supposed to have our new SMP 7.1 environment up by today. welp...
|
|
#
¿
Mar 1, 2012 07:46
|
|
|
IT Guy posted:For those of you with Dell servers, does anyone use the new OpenManage Essentials (formerly OpenManage IT Assistant) to manage their server hardware? We are in the process of rolling this out. All of our Dell servers are now on it, and Dell promises that they'll have the mibs for HP servers by the end of Q1 so we can trash hpsim. Prior to this, we were using a batch file that executed blat to fire off an email with the disk alert. Do yourself a favor and get a group policy together before you begin the ome install to set up snmp permitted managers and where to send the traps - gently caress manually configuring that. We also ran into a bug wherein it won't email off to anything but localhost, so we had to set up smtp services on the machine and have it relay over to our actual smtp server. If you are having issues or have some questions, I can get you in touch with the lead dell systems engineer who reports back to the development group directly. We had him come on-site to stand it up and run us through the product, but we also spend $lots with dell and our sales rep is awesome. No complaints so far, though the email reporting is...verbose, and you have to pare down what it fires off otherwise your inbox will quickly be full.
|
|
#
¿
Mar 6, 2012 17:16
|
|
|
jesus christ i'm loving done with SMP, gently caress Symantec.. i've taken our upgrade to symantec management platform 7.1 95% of the way, someone take it the remaining 5% please
|
|
#
¿
Jun 4, 2012 23:58
|
|
|
That's beautiful.
|
|
#
¿
Oct 25, 2012 20:29
|
|
|
What's your topology, and size of the replicated folder(s)? You can use robocopy, but it will still have to rehash all the files when you bring the new folder in to the environment, touch timestamps, etc to get everything in sync. If you could bring it up at the home office, get it added and let it do the initial sync, that would probably be easiest depending on how fast the link is between there and your DR site. This article might be helpful: http://blogs.technet.com/b/askds/archive/2010/09/07/replacing-dfsr-member-hardware-or-os-part-2-pre-seeding.aspx
|
|
#
¿
Dec 6, 2012 16:21
|
|
|
Just sat through a presentation on Wyse WSM yesterday...oh man. I'm spurtin' here!
|
|
#
¿
Jan 11, 2013 15:42
|
|
|
Ifan posted:We subscribe to a service which delivers the most usual applications (Flash, Java, iTunes etc.) deployment friendly within 3 days of release. It costs a bit, but a huge time saver not having to disable auto updates etc. every time a new version rolls around. Mind pointing me to the website?
|
|
#
¿
Feb 7, 2013 18:37
|
|
|
Number19 posted:I've found that if I mount the namespace root to a drive letter it will report the size and free space of the share as whatever the DFS root drive has. Everything I've read indicates that this is the expected behaviour but that just seems goofy to me and will end up confusing the users. Our setup does this as well. Users shouldn't be concerned about disk space on a server, that's your job to set up monitoring and alerting on disk space thresholds so you can address space issues before they become a problem.
|
|
#
¿
Mar 1, 2013 15:10
|
|
|
Disable it, wait for a month, then delete. If it's in use someone will complain pretty quick, unless it's for some random quarterly/year-end process that the data is rarely touched.
|
|
#
¿
Mar 5, 2013 15:20
|
|
|
Eikre posted:Is there a built-in method to create a new user in your Active Directory when you're sitting at a client system, logged in as a domain admin? Like, say I'm orienting a new employee, show him his desk, oh by the way I guess nobody's set him up with an account yet. Obviously I can go walk to the server and but if I could just log in as myself and then do a thing in the control panel that would be pretty neat. Tell them to wait a couple of hours and their manager will provide their login credentials because the peoplesoft active directory user processor won't create an account until the day the user is supposed to start. Oh yeah make sure your manager puts in the appropriate system access request for any additional distribution lists/security groups beyond what is usually automatically applied for your job code. 
|
|
#
¿
Mar 8, 2013 23:25
|
|
|
I don't know what you mean by "initial inventory like sccm," but I'm currently the Symantec Management Platform administrator at my company and it can get as crazy as you want it to. Our needs aren't all that complex, something like 50 software packages and 6 images. I haven't used SCCM at all, but SMP is extremely powerful. Conversely, it is also incredibly complex. Thankfully we keep a very homogenized environment except for corporate, so it's easy to keep things the same. I use software management policies to handle automatic upgrades of things like flash, reader, etc, but the packages are also available to be installed instantly by the helpdesk should someone call in. We don't use it for patch management, WSUS still fits our needs even with a central server for 250 sites. I'm just now getting into utilizing the imaging, but the deployanywhere functionality is impressive. I sucked up a basic XP install on one model that only had the network driver installed, deployed it to an entirely different machine with a different network card, and all drivers were installed automatically, no need to keep them in the image. Downside is that it's crazy expensive, and you really need someone who knows what the gently caress is going on to get full use out of the platform. I am not that person, because I have 3 other hats to juggle.
|
|
#
¿
Mar 27, 2013 23:19
|
|
|
Yeah but that's true for any system management software, be it SCCM, SMP, or otherwise.
|
|
#
¿
Apr 3, 2013 02:33
|
|
|
Edit the NIC binding order maybe?
|
|
#
¿
Apr 7, 2013 18:57
|
|
|
Is there a better way to import a certificate to a user's personal store than a batch file upon login to call certutil? I'm not seeing anywhere in group policy for users, only machine level and unfortunately it has to be in the personal store on a per-user basis.
|
|
#
¿
Jul 11, 2013 16:22
|
|
|
How do people handle granting temporary local admin for people like developers and such who occasionally need to install software for their job, but don't need admin all the time? We're looking to get away from "approved ticket comes in, grant access, add reminder on calendar a week later to remove." Ideally it would be a "set once and it goes away" type of thing. We've kicked around a couple of ideas, but nothing has stood out as being a good solution.
|
|
#
¿
Jul 29, 2013 15:31
|
|
|
Oh boy, we're taking email and office ~to the cloud~ and going office365 across the enterprise. What are some major tips/tricks/suggestions we should consider in our implementation? I won't be doing the back-end work, more on the client configuration side but any tips are welcome.
|
|
#
¿
Jul 31, 2013 22:07
|
|
|
Currently a single on-premise exchange server, about 350 outlook clients or so, the rest (about another 1500) use OWA. Mobile email all goes through activesync/owa via a couple of front-end servers. The OWA users typically use a generic login for active directory then their own personal login for email. I'm the Symantec Management Platform administrator, so any automation/software deployment/scripting will be a piece of cake. We currently limit everyone to a 100MB inbox, so data migration on that will be easy. My guess is that we won't give a poo poo about local PSTs people have unless they're VP or up.
|
|
#
¿
Aug 1, 2013 01:09
|
|
|
IT Guy posted:We don't have a problem spending money but the last time we did (Numera Track-It!), it turned out to be no better. Out of curiosity, what were your issues with it? Track-IT is the ticketing system we use and until 6 months ago I was the administrator for our install. It meets the needs of our organization, but of course every one is different. Whatever drawbacks it has, their support is top-notch, both in terms of knowledge-base and getting a native english-speaking person on the phone within a couple of rings.
|
|
#
¿
Aug 15, 2013 01:57
|
|
|
Sounder posted:How does everyone have their WSUS set up? Servers: Patches are auto-approved and set for download, but the gpo is set to manually notify. Wednesday after patch tuesday, we change the test patch gpo to auto-install and reboot, so those servers are patched and ready for testing thursday morning. There are a handful of systems we leave up to the application owner to reboot the server manually. Friday we patch and reboot inactive nodes in all of the clusters, and change the production auto-reboot gpo to auto-install and reboot for 5am sunday morning. 6am sunday morning, manually patch the domain controllers, fail over active nodes then patch them, and manually patch a few other servers that don't get the auto-reboot treatment. Application owners are then responsible for testing their systems at 8am and providing documentation for sox purposes. This is a lot of words to say that it only takes about 4 hours work to patch 600+ systems. Desktops: Patches are manually approved monthly and set for auto-install, everything gets auto-reboot except for corporate and our 24/7 operations centers. I approve to a test group that is a cross section of all departments and a region of stores, this assignment is handled through group policy security filtering group policy preference. This sits for a week then I approve for production.
|
|
#
¿
Oct 1, 2013 14:03
|
|
|
Real enterprises just wait for the audit to come around and true-up then. 
|
|
#
¿
Apr 18, 2014 16:14
|
|
|
That's exactly how we do permissions on our file server cluster. Everyone gets H:\ mapped to the dfs namespace root, then from there folder redirections for Marketing, Accounting, etc for their specific shared disks off the SAN. Each folder from there is given Foldername_RO/Foldername_FA groups in AD for assigning permissions. Most of the time the RO group isn't needed so we don't create one unless the request specifies it.
|
|
#
¿
Apr 30, 2014 15:28
|
|
|
Yeah, once you make it past tier 1. So i'm rebuilding a 4-node 2008r2/sql2012 cluster with 10 instances. Not every instance is on every node, but by the end of this they will be. I uninstalled each instance from the first node, evicted it from the cluster, reformatted/remediated hardware issues and network cabling, and now it's back in to the cluster. Adding instances back to it is godawful slow, on the order of 2 hours just to launch the sql installer, an hour to get through the install options/selecting instance/adding service accounts, and another 1-2 hours to install the instance. What, if anything, can I look at to speed this up, or is it just a result of me having a 10-instance node with 60+ clustered disks? Looking at the SQL setup log, it takes over an hour just for action DiscoverClusterData.
|
|
#
¿
Oct 17, 2014 03:32
|
|
|
Oh my god why are new SQL cluster instances such a loving pain in the rear end
|
|
#
¿
Oct 29, 2014 14:31
|
|
|
Gyshall posted:gently caress Symantec ya'll. Agreed in every area. I will say that I prefer Management Platform to SCCM though, way more flexible and powerful...also harder to use as a result.
|
|
#
¿
Nov 1, 2014 01:31
|
|
|
If everyone has local admin then what antivirus you are using is the least of the major things that need to be fixed.
|
|
#
¿
Nov 1, 2014 21:34
|
|
|
I sure hope you're a consultant, now you can upsell them on a migration to 2008r2 at a minimum and raise the functional level, since 2003 loses support next year in July! More billable hours for everyone!
|
|
#
¿
Nov 10, 2014 16:09
|
|
|
I'm a bad sysadmin, I just set up a 4 drive raid 0 and put the page file on it. I have a good reason I swear, its only temporary!
|
|
#
¿
Nov 10, 2014 22:23
|
|
|
Believe me I was twitching too when I did it, but that was the only option given the resources available and the time constraints I'm working under for this SQL cluster remediation project that is...not going well.
|
|
#
¿
Nov 10, 2014 22:48
|
|
|
|
| # ¿ Apr 26, 2024 22:48 |
|
|
skipdogg posted:Anyone work at a bigger company that has implemented Secure Administrative Workstations? Auditors tagged us and I'm internally debating personal VM's vs. Terminal Services for admin tasks. Previous job was PCI compliant with vlans/firewalls/acls out the rear end, we had a single TS VM that all the admins shared that had unfettered access to every network segment for troubleshooting purposes, and we ran all the necessary ad snap-ins from there.. Worked pretty well.
|
|
#
¿
Nov 25, 2014 02:16
|
|