Re: So where is this new list signup?
On Mon, Apr 29, 2013 at 11:27 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: We don't know what is happening on the move. So here is plan B: Thanks. I signed up there. And also for the Powershell list, as I am getting more into that. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 10:29 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. Done. Link is here: http://myitforum.com/myitforumwp/services/email-lists/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: So where is this new list signup?
On Mon, Apr 29, 2013 at 1:32 PM, Richard Stovall rich...@gmail.com wrote: Powershell.com (run by Idera) has a nifty daily tip via e-mail feature. You can sign up at powershell.com/cs/blogs/tips/. There is a signup box on the right side of the screen. (Or you can subscribe to the RSS feed, or go to the site everyday...) Great, thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT - Google Apps down?
I'm having trouble signing into my Google Apps domain. I get a server error when going to my mail server alias (mail.mike-leone.com); I can't get to admin.google.com, to sign into my control panel (a 502 error); trying to sign into another account from here (my regular gmail account) also errors out with a 502. Yet the mail is coming into my Android fine just fine; I can't access it it via any browser (Chrome, IE, Firefox) on my PC. Is it Just Me? EDIT: Ah, this Apps Status page is showing disruption in Mail ( http://www.google.com/appsstatus#hl=env=statusts=1366203964961). So the actual mail servers must be up (if my Android phone is getting mail), but the front end servers providing the web interface have decided to take the morning off ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT - Google Apps down?
On Wed, Apr 17, 2013 at 9:30 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: Yes, all morning. Google has posted they are looking into it. Seems to be getting better...but not there yet. Posted where, if I might ask? I rarely check Twitter, since I have to keep checking it often to sift the wheat from the chaff ... I have some of the Google blogs on RSS feed, but they're tied to my Google Apps account ... EDIT: Ah, this Apps Status page is showing disruption in Mail ( http://www.google.com/appsstatus#hl=env=statusts=1366203964961). So the actual mail servers must be up (if my Android phone is getting mail), but the front end servers providing the web interface have decided to take the morning off ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT - Google Apps down?
I am finally back into my Google Apps domain, including my mail. So YAY! for that ... a couple hours or so, for me. (maybe longer, I don't know when it started, I noticed when I couldn't get in this morning). Thanks for the feedback, everybody. On Wed, Apr 17, 2013 at 9:49 AM, Ben Scott mailvor...@gmail.com wrote: On Wed, Apr 17, 2013 at 9:13 AM, Michael Leone oozerd...@gmail.com wrote: I'm having trouble signing into my Google Apps domain. Logging into Gmail is/was erratic for me this morning. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Google Drive
On Fri, Apr 12, 2013 at 11:30 AM, Matthew W. Ross mr...@ephrataschools.org wrote: *Shudder* Back when we were installing a lab of Windows 3.11, by hand, by 3.5 floppy... I swear MS had some kind of copy protection where you could only install MS Dos 6.22 3 times before the disk died. Centuries ago (literally .. this would be 1986 or so ...) Lotus used to do something similar. Their copy protection was a hidden file with the count of how many times you installed the product. Once the count got above 4, the installer would refuse to work. So (I remember hearing at the time ... :-)) you made the file unhidden; edited it (it was a simple ASCII text file); reset the count back to 0; re-hide the file; continue with the install ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: VMware vCenter upgrade; problems with vCenter Database PreCheck
So I never did get an answer on this, either from here, VMware Communities, or Tech Support. :-) But since the Host Agent Pre-Check passed, and the new vCenter 5.1 Pre-Install Check Script passed, I just went ahead and did it. So yesterday I upgraded my 5.0 to 5.1.0b. And it all Just Worked, surprisingly enough. :-) Every section said completed successfully. It does pay to do your homework - in my case, the SQL instance where I created my RSA Single Sign On database was on a separate server. Being a named instance (i.e., not default), the port number was 50977, not the standard 1433). I found that port by asking my head DBA. :-) I specified that when installing SSO, and it seemed to work. Also, when installing Syslog Collector and Dump Collector, I had to specify the username as user@domain, not the user that the configuration screen pre-filled in for me. (to be extra safe, I made a local hosts file on my vCenter, just incase there were problems with my DNS. There wasn't - all my hosts properly resolved forward and backward in DNS; I'm a bit of a stickler for that - but it doesn't hurt just to be safe. Remember to do a ipconfig /flushdns, to reload the hosts file) Other than that, I didn't have any problems. Took about 80 minutes (I went slowly, just in case). I also upgraded 2 vSphere clients on workstations (mine and my boss), and again that just worked, along with the Update Manager upgrade. So at this point, I just need to change my SQL Agent job that creates a nightly backup of my VirtualCenter DB to also make a backup of my RSA database. And then upgrade my hosts ... I will let it sit and percolate for another day, and start to upgrade the hosts to 5.1, by using the Update Manager. On Thu, Apr 11, 2013 at 10:23 AM, Michael Leone oozerd...@gmail.com wrote: I realize this is more than a bit OT for this list. But I'm still waiting to hear back from VMware Tech Support (they said they need to contact their engineers), and I've had no response from the VMware community yet. So I thought I would take a chance and ask here. I am about to upgrade from ESXi 5.0 U2 to 5.1. I am running the vCenter Server Database Pre-Upgrade Checker as a pre-step, and it is failing. Regardless of whether I run 32 or 64 bit checker, and regardless of whether I choose the ODBC or Credentials type of check.. vCenter OS=Win 2008 R2; DB = SQL 2008 R2 in a named instance, on a remote server. I am using ODBC as connection type, and am using the name I see in ODBC, and the correct SQL sa user and password. But it fails. Even if I use the Credentials option, it still fails. Both complain about failing to create a file. vCenter Server version = 5.0.0 Build 804277 The log shows: (snipped) - same error whether running an ODBC or Credentials check --- Signature file path: C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml Message output file path: C:\Users\admin\Documents\64bit-check.xml-message20130410141806.txt Output archive file created. Error: no such file C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml --- And the Debug log: C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml (The system cannot find the file specified) The KB ( http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=2004286 ) says that the checker compares a signature file of what I am running, against a standard signature file. From the looks of it, it's not creating my signature file, even tho the log says it did. Anybody ever run this? Does it even work? Looks to me like an error in the Java code that creates the signature, or the code that reads it back in, it's the only thing I can think of. Mind you, the 5.1 Host Agent Pre-Upgrade check runs flawlessly. But I am presuming that the Database PreCheck does a more comprehensive check (else why does it exist?). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: VMware vCenter upgrade; problems with vCenter Database PreCheck
On Tue, Apr 16, 2013 at 11:49 AM, Kurt Buff kurt.b...@gmail.com wrote: Thanks for a very useful writeup - I'm going to be going through a similar process in the near future. I just have to locate the Dell-ized version of 5.1, and get the time to do it. Yeah, from all the horror stories on the VMware forums, I was really worried. And when it all just worked, I was surprised at how smoothly it went. (my boss told me I really shouldn't be shocked at success LOL) At some point I will need to upgrade my HP Insight Manager plugin for vCenter, and the Emulex plugin, but honestly I hardly ever use those plugins, so I'm not too worried. I've download the HP customized 5.1 images (all my ESXi hosts are HP Proliant DL570s, or a BL460c blade). Next step is upgrading the ESXi host by pushing it out using Update Manager, which I have done before, to go from 4.1 to 5.0 ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Google Drive
On Wed, Apr 10, 2013 at 6:37 AM, James Rankin kz2...@googlemail.com wrote: Anyone else using Google Drive and think it is a bit rubbish in general? No. :-) But mine is the Google Drive that comes with my (paid) Google Apps account, so that may make a difference ... I regularly get sync failures, errors in the software, I've never had that happen - no errors, no sync failures. and if I go to the online version and try to empty the Trash folder, everything simply reappears as soon as I delete it. I've been using it with Portable Apps and recently all my Firefox bookmarks just disappeared, so I am beginning to think it might not be really fit for purpose. Anyone else had similar issues, or got any feedback to report? I use mine with my Win 7 desktops, my Android phone, and my iPad v2; none have shown me an error. All the files I have there are accessible, including the folders I have shared with friends. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT: VMware vCenter upgrade; problems with vCenter Database PreCheck
I realize this is more than a bit OT for this list. But I'm still waiting to hear back from VMware Tech Support (they said they need to contact their engineers), and I've had no response from the VMware community yet. So I thought I would take a chance and ask here. I am about to upgrade from ESXi 5.0 U2 to 5.1. I am running the vCenter Server Database Pre-Upgrade Checker as a pre-step, and it is failing. Regardless of whether I run 32 or 64 bit checker, and regardless of whether I choose the ODBC or Credentials type of check.. vCenter OS=Win 2008 R2; DB = SQL 2008 R2 in a named instance, on a remote server. I am using ODBC as connection type, and am using the name I see in ODBC, and the correct SQL sa user and password. But it fails. Even if I use the Credentials option, it still fails. Both complain about failing to create a file. vCenter Server version = 5.0.0 Build 804277 The log shows: (snipped) - same error whether running an ODBC or Credentials check --- Signature file path: C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml Message output file path: C:\Users\admin\Documents\64bit-check.xml-message20130410141806.txt Output archive file created. Error: no such file C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml --- And the Debug log: C:\Users\admin\Documents\64bit-check.xml-signature20130410141806.xml (The system cannot find the file specified) The KB ( http://kb.vmware.com/selfservice/microsites/search.do?language=en_UScmd=displayKCexternalId=2004286 ) says that the checker compares a signature file of what I am running, against a standard signature file. From the looks of it, it's not creating my signature file, even tho the log says it did. Anybody ever run this? Does it even work? Looks to me like an error in the Java code that creates the signature, or the code that reads it back in, it's the only thing I can think of. Mind you, the 5.1 Host Agent Pre-Upgrade check runs flawlessly. But I am presuming that the Database PreCheck does a more comprehensive check (else why does it exist?). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Confused about monitoring RDS connections
So in my ongoing saga about learning about RDS, to (soon!) set up our environment, I have gotten to this stage. I have 1 servers that is session host, connection broker, and web access. I have a second server that is just web access (no session host). I have set up a DNS round robin name, pointing at both of my web access servers. And I can enter https://rdwebtesting.mydomain; from multiple clients, and up pops my published RemoteApp (Google Earth). All well and good. But where do I see where the connections are connecting to? For example, what do I pull up to show me that client test7 is connecting to web-server01, and client test8 has connected to web-server02, etc? This is mostly for testing, because production will use our Cisco ACE hardware load balancer for .. well, load balancing. :-) (eventually, I will want multiple session hosts, and I don't know how to configure that. Do I just add multiple session hosts, and let the connection broker figure it out? Or will the multiple session hosts need to also be round robin DNS entries?) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Friday semiOT: funny to me anyway
On Sun, Mar 24, 2013 at 9:38 PM, Ben Scott mailvor...@gmail.com wrote: On Sat, Mar 23, 2013 at 1:03 AM, Kurt Buff kurt.b...@gmail.com wrote: This day, 1995, Intel dropped the big one... https://www.youtube.com/watch?v=qpMvS1Q1sos Let's see... Pentium jokes... right... And the Weird Al song, It's all about the Pentiums ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Thu, Mar 21, 2013 at 4:42 PM, Ken Cornetet ken.corne...@kimball.com wrote: With VMWare HA, your web server and broker will only be down for a minute or two - even if one physical host crashes. You are correct about the physical host. But I am speaking of the guest. I am trying to avoid the possibility of the web server going down, and staying down, due to some Windows-related problem, or a service not coming up properly. Things like that happen, you know. :-) And if that happens, I have no HA, and we're down (well, no new connections can be made). With a second web server in a load balanced configuration, that possibility goes away. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 4:18 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet ken.corne...@kimball.com wrote: The web server and broker are out of the picture after the RDP client session is established with the session host. If something goes wrong with a session host, the users have lost their sessions anyway - no way to prevent that. Right. Another reason why we will have 3-4 session hosts (also the vendor recommends approx 35 sessions per host, of their published app, and I will have somewhere around 100 users total possible users, altho probably not that many concurrently). But if the session hosts stay up and available, without the connection broker and web server, no one who doesn't already have an active connected session can connect. That would be the reason for multiple brokers/web servers. (because even if we push an RDP to the client desktops, it points to a connection broker, right, which then re-directs to a session host, as you pointed out? So even clicking on the RDP link would fail, if the connect broker wasn't there) -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 3:19 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able
Re: Space and Beyond:
On Fri, Mar 22, 2013 at 11:37 AM, Crawford, Scott crawfo...@evangel.edu wrote: Cool. Has me wondering if amateurs could tune in to the broadcasts from Voyager. Also, I’m not sure how much instruction it receives, but it seems like there could be some interesting hacking opportunities. How secure could 35 year old technology be? Also, where are you gonna find 35 year old documentation, to figure out where and how you can exploit it? :-) These days, the data stream is probably encrypted, and maybe has some sort of authentication handshake first. There may be something similar back then - you wouldn't want the Russians to break in and jam your signals or whatever, even back then. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, March 22, 2013 10:10 AM To: NT System Admin Issues Subject: Space and Beyond: http://articles.latimes.com/2013/mar/20/science/la-sci-voyager-20130321 http://xkcd.com/1189/ Read them in any order :) Hope you enjoy... (Voyager has computers, in case you're wondering) ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Fri, Mar 22, 2013 at 12:56 PM, Ken Cornetet ken.corne...@kimball.com wrote: We used to have that sort of mentality, but I've found over the years that, in general, HA options tend to create more down time than they are designed to eliminate. Personally, I'd recommend just doing an occasional clone of your web server and broker (they don't have any critical volatile information), which you probably want to do anyway for DR purposes. OK, I will put that to my boss. I seriously doubt he will agree to it, and I will have to try for HA on the connection broker / web access. I am guessing that each component should be isolated - by which I mean, the session host should *only* be the session host, and not also the web access or connection broker. So I would want, at minimum, 1 connection broker, 1 web access, and multiple session hosts. I imagine I can remove the connection broker and web access from the session host without issue, as long as I have added a broker and web access server ahead of time? More - should I? I have added a 2nd Win2012 server, and added it as a web access server, so now it shows 2 - the web access server, and the original server which is also the session host and connection broker. And if I can remove the broker and web access from the session host, where do I connect to - do I put the web URL of the web access server into a client web browser, or do I put the web URL of the broker server in the client web browser? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill falc...@gmail.com wrote: Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, 21 March 2013 4:40 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS
Re: Advice on setting up a Win2012 RDS environment - Progress!
On Thu, Mar 21, 2013 at 3:59 PM, Ken Cornetet ken.corne...@kimball.com wrote: The web server and broker are out of the picture after the RDP client session is established with the session host. If something goes wrong with a session host, the users have lost their sessions anyway - no way to prevent that. Right. Another reason why we will have 3-4 session hosts (also the vendor recommends approx 35 sessions per host, of their published app, and I will have somewhere around 100 users total possible users, altho probably not that many concurrently). But if the session hosts stay up and available, without the connection broker and web server, no one who doesn't already have an active connected session can connect. That would be the reason for multiple brokers/web servers. (because even if we push an RDP to the client desktops, it points to a connection broker, right, which then re-directs to a session host, as you pointed out? So even clicking on the RDP link would fail, if the connect broker wasn't there) -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 3:19 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 2:26 PM, Ken Cornetet ken.corne...@kimball.com wrote: I don't think you can have two connection brokers without complicating things (clustering and SQL server involved). If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Yes, ESXi provides for HA, but with only 1 web server (or connection broker), what happens if something goes wrong with that machine? If I have to restart it for whatever reason (say it locks up, errors out, whatever), all users get kicked off the published app, don't they?. That's what I am trying to avoid. Would that not be best practice? Avoid a single point of failure at the various points - broker, web server, session host? Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP redirect to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. Thanks So the web server only really is a hand off to connection broker. Once the client gets and opens the RDP file, the web server becomes unimportant to the situation. So I guess having multiple web servers would be just for redundancy - if the web server goes down, currently connected users shouldn't even notice anything. But it means new users wouldn't be able to connect, until the web server becomes available again. Similarly for connection brokers, if I understand correctly. I'm not sure how multiple connection brokers would coordinate between themselves, or load balance. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet ken.corne...@kimball.com wrote: For traffic handling, you don't need two web servers for 4 session hosts. You don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 21, 2013 1:07 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS
Advice on setting up a Win2012 RDS environment
So we use a Citrix environment (it's really old runs on Win2003, is Presentation Manager v 4.58, has 2 front end web servers as load balancing, and 2 back end servers in the farm that are running a single application ). And what we will be doing is to replace all that with a Win2012 environment, running Remote Desktop Services in a similar configuration (front end web servers, back end farm). Now, all these Win2012 servers will be VMware ESXi 5.0 Update 2 VMs (or that's what we want - all VMs). My task is a proof-of-concept environment - someone else will be involved in the actual migration. So what I need to do is publish a single app, in a similar fashion to my existing Citrix environment (via a front end web server) as a proof-of-concept that we can/should be able to do this as VMs. And I am having trouble understanding what I need to do to set this all up. I have a Win2012 server that I installed RDS onto (as a Role - I installed the Remote Desktop Connection Broker, Remote Desktop Session Host, and Remote Desktop Web Access - I haven't installed the Licensing Host yet) - . And I'm not sure where to go from here. I've seen lots of web sites that detail RDS, etc But they don't seem to be what I want - or, if they are, I'm Just Not Getting It. It has something to do with RemoteApp, near as I can figure. I'm completely unclear on how the front end web servers will enter into it, but one step at a time, I guess. Server Manager at the moment shows me Remote Desktop Services, and tells me a RDS deployment does not exist in the server pool. Right now I want to just set up a test app (even Notepad will do fine, as a test), and I want to see it work from a client's web browser (clients will be XP and Win 7). Can somebody point me at a beginner how to for this? Years back, I set up a Win2003 terminal server, but that was an entire desktop, not just specific published applications (which is what I need in this case). Thanks. I realize I will need to provide more info, please feel free to ask. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on setting up a Win2012 RDS environment
See, part of the problem is that all the documentation I am finding is about setting up Remote Desktop Services not as a Role (apparently), but I need it as a Role. When I inquired previously about this, James Hill told me: The guide you have followed is for a VDI installation an hence it uses the second option in the Add Roles and Features Wizard. And every other guide I am finding starts the same way - to install with the second option, but that's not what I want/need. And I am lost trying to figure out where to go from here, to start configuring my server. I don't want a VDI (Virtual Desktop Infrastructure), apparently. But even all the web sites that deal with setting up RemoteApp start off by installing RDS for VDI. I'm told that I can do this (use RDS but not as VDI, with the RDS host running as a VM). But I can't seem to get started on it. What base concept am I missing here? On Wed, Mar 20, 2013 at 9:06 AM, Michael Leone oozerd...@gmail.com wrote: So we use a Citrix environment (it's really old runs on Win2003, is Presentation Manager v 4.58, has 2 front end web servers as load balancing, and 2 back end servers in the farm that are running a single application ). And what we will be doing is to replace all that with a Win2012 environment, running Remote Desktop Services in a similar configuration (front end web servers, back end farm). Now, all these Win2012 servers will be VMware ESXi 5.0 Update 2 VMs (or that's what we want - all VMs). My task is a proof-of-concept environment - someone else will be involved in the actual migration. So what I need to do is publish a single app, in a similar fashion to my existing Citrix environment (via a front end web server) as a proof-of-concept that we can/should be able to do this as VMs. And I am having trouble understanding what I need to do to set this all up. I have a Win2012 server that I installed RDS onto (as a Role - I installed the Remote Desktop Connection Broker, Remote Desktop Session Host, and Remote Desktop Web Access - I haven't installed the Licensing Host yet) - . And I'm not sure where to go from here. I've seen lots of web sites that detail RDS, etc But they don't seem to be what I want - or, if they are, I'm Just Not Getting It. It has something to do with RemoteApp, near as I can figure. I'm completely unclear on how the front end web servers will enter into it, but one step at a time, I guess. Server Manager at the moment shows me Remote Desktop Services, and tells me a RDS deployment does not exist in the server pool. Right now I want to just set up a test app (even Notepad will do fine, as a test), and I want to see it work from a client's web browser (clients will be XP and Win 7). Can somebody point me at a beginner how to for this? Years back, I set up a Win2003 terminal server, but that was an entire desktop, not just specific published applications (which is what I need in this case). Thanks. I realize I will need to provide more info, please feel free to ask. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on setting up a Win2012 RDS environment
On Wed, Mar 20, 2013 at 12:35 PM, David Lum david@nwea.org wrote: My info is from 2008 R2, hopefully 2012 is similar Session Host (RDSH). Installed role: Remote Desktop Services. This server is what you'd install say, MS Office on and this is all you need to create an .RDP file to publish an app that folks can use if the endpoints are all on-network on the same domain. We're not pushing RDP files, we will do it via TS Web Access. License server is self-explanatory. Need it if you want to operate more than 120 days Yeah, years ago I used to run a Win2003 Terminal Server, but that was allowing full desktops, not individual published apps. RD Gateway and RD Web access in my environment are on the same server, but different than RDSH RD Broker is only needed if you have multiple RDSH. In my environment I put RDS Licensing on this broker server Yeah, we'll probably have 3 RDSH, and probably 2 RD Web Access servers, for load balancing. Does this help? It does, thanks. Dave -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Wednesday, March 20, 2013 6:54 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment See, part of the problem is that all the documentation I am finding is about setting up Remote Desktop Services not as a Role (apparently), but I need it as a Role. When I inquired previously about this, James Hill told me: The guide you have followed is for a VDI installation an hence it uses the second option in the Add Roles and Features Wizard. And every other guide I am finding starts the same way - to install with the second option, but that's not what I want/need. And I am lost trying to figure out where to go from here, to start configuring my server. I don't want a VDI (Virtual Desktop Infrastructure), apparently. But even all the web sites that deal with setting up RemoteApp start off by installing RDS for VDI. I'm told that I can do this (use RDS but not as VDI, with the RDS host running as a VM). But I can't seem to get started on it. What base concept am I missing here? On Wed, Mar 20, 2013 at 9:06 AM, Michael Leone oozerd...@gmail.com wrote: So we use a Citrix environment (it's really old runs on Win2003, is Presentation Manager v 4.58, has 2 front end web servers as load balancing, and 2 back end servers in the farm that are running a single application ). And what we will be doing is to replace all that with a Win2012 environment, running Remote Desktop Services in a similar configuration (front end web servers, back end farm). Now, all these Win2012 servers will be VMware ESXi 5.0 Update 2 VMs (or that's what we want - all VMs). My task is a proof-of-concept environment - someone else will be involved in the actual migration. So what I need to do is publish a single app, in a similar fashion to my existing Citrix environment (via a front end web server) as a proof-of-concept that we can/should be able to do this as VMs. And I am having trouble understanding what I need to do to set this all up. I have a Win2012 server that I installed RDS onto (as a Role - I installed the Remote Desktop Connection Broker, Remote Desktop Session Host, and Remote Desktop Web Access - I haven't installed the Licensing Host yet) - . And I'm not sure where to go from here. I've seen lots of web sites that detail RDS, etc But they don't seem to be what I want - or, if they are, I'm Just Not Getting It. It has something to do with RemoteApp, near as I can figure. I'm completely unclear on how the front end web servers will enter into it, but one step at a time, I guess. Server Manager at the moment shows me Remote Desktop Services, and tells me a RDS deployment does not exist in the server pool. Right now I want to just set up a test app (even Notepad will do fine, as a test), and I want to see it work from a client's web browser (clients will be XP and Win 7). Can somebody point me at a beginner how to for this? Years back, I set up a Win2003 terminal server, but that was an entire desktop, not just specific published applications (which is what I need in this case). Thanks. I realize I will need to provide more info, please feel free to ask. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T
Re: Advice on setting up a Win2012 RDS environment - Progress!
SO I am making progress! I had already installed the RDS as a role, but that didn't configure the deployment. So I went to Server Manager, clicked on RDS, and clicked on Deploy. It then went into what seemed like an install of RDS as a service (which had failed before). This time, however, the deploy step went through without error. I rebooted at the end, and after I logged back in, I was able to install an app (Notepad++), and then I was able to add it to a Quick Session Collection, publish it as a RemoteApp, and I was able to access it remotely. w00t! Definite progress. So now I need to make my own collection, add an app to it. Then investigate how to use a separate web server front end for it (to separate the RDS hosts from the web access). And probably give it our self-signed internal certificate, to stop it complaining about untrusted publishers of the app. So I am definitely further along than I was. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell advice - matching an AD user to a value in an array
On Tue, Mar 5, 2013 at 11:39 AM, Michael B. Smith mich...@smithcons.com wrote: Ok, small enough to do a brute force search. Yeah, I did something pretty much similar: $AllCSVUsers = @(Import-CSV $InputFileName) | Sort $TotCntCSVUsers = $AllCSVUsers.count $All_AD_Users = Get-QADUser -Enabled -SizeLimit 0 -LastName * | Select givenName,LastName,DisplayName,description,mail,DN,SAMAccountName,homeDirectory | Sort LastName,givenName $TotCntMatched = 0 $TotCntNotMatched = 0 ForEach ($AD_User in $All_AD_Users) { $IndexValue = 0 ForEach ($CSVUser in $AllCSVUsers) { $IndexValue++ IF (($AD_User.LastName -eq $CSVUser.LastName) -and ($AD_User.FirstName -eq $CSVUser.FirstName)) { $TotCntMatched++ Break } } IF ($IndexValue -eq $TotCntJennyUsers) { $TotCntNotMatched++ $TotCntNotMatchedStr = #{0,4}: -f $TotCntNotMatched Write-Host RATZ! $TotCntNotMatchedStr Could not find AD user: $AD_LastName $AD_FirstName ( $AD_User.DisplayName ) In pseudo-code (I don't use QAD and I didn't test it) $AllCSVUsers = @(Import-CSV $InputFileName) $TotCntCSVUsers = $AllCSVUsers.count foreach( $row in $AllCSVUsers ) { $user = Get-AdUser -Filter { ( GivenName -eq $row.FirstName ) -and ( Surname -eq $row.LastName ) } -SearchBase dc=contoso,dc=local -SearchScope Subtree if( $user ) { ### you found a record for matching firstname and lastname } else { ### no such record } } -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Tuesday, March 5, 2013 11:15 AM To: NT System Admin Issues Subject: Re: Powershell advice - matching an AD user to a value in an array On Tue, Mar 5, 2013 at 11:05 AM, Michael B. Smith mich...@smithcons.com wrote: How many users do you have? How many users are in the CSV file? Approximate, in both cases, is fine. CSV users = 1300. AD users = 1100. What I am most interested in: AD users NOT in CSV file. There will always be users in CSV file not in AD; that is fine. What I need to know is - who is in AD that isn't accounted for, in the CSV file. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Tuesday, March 5, 2013 10:54 AM To: NT System Admin Issues Subject: Powershell advice - matching an AD user to a value in an array So I have this CSV file of names (LastName, FirstName). What I need to do: find every AD user that is in that CSV file. If they are not there, report that, too. So I imported the whole CSV into an array, and use Quest to get all active user objects: $AllCSVUsers = @(Import-CSV $InputFileName) $TotCntCSVUsers = $AllCSVUsers.count $AllUsers = Get-QADUser -SizeLimit 0 | Select LastName,givenName,DisplayName But I am unclear on how to (easily) search each AD user against the CSV array. ForEach ($AD_User in $AllUsers) { $LastName=$AD_User.LastName $FirstName=$AD_User.FirstName - then what? Do loop thru the CSVUsers array, looking for both $LastName and $FirstName? Can Compare-Object help me here? I foresee problems, especially if the names don't match exactly, or I have multiple John Does. But all I have is that CSV file. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Re: Semi-OT: Vsphere shutdown
On Fri, Mar 1, 2013 at 12:02 PM, Robert Cato cato.rob...@gmail.com wrote: I would not put the hosts in maintenance mode. I always put my hosts into maintenance mode before powering them down. However, I have my vCenter on a physical box - I had problems when the vCenter was a VM on one of the hosts that was being managed by that same vCenter. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Running Powershell script as scheduled task fails with 0x1
I can't understand why my script is failing. I can run it from a Powershell prompt (I have to Run as administrator, because the script is deleting some files in a backup directory). But it works perfectly when I do it that way. But when I create a Scheduled Task to do it, it fails with 0x1. I create a Task, tell it to use an account with domain admin privileges. Tell it to run whether the user is logged on or not, and to run with highest privileges The action calls a program (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe). In Add arguments, I have -Command C:\Scripts\myscript.ps1 And it always fails with 0x1. And I can't figure out why, if it is running as a user with highest privileges and that works interactively, from an elevated PS prompt. What part am I doing wrong? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Running Powershell script as scheduled task fails with 0x1
Sorry; this is Win 2008 R2. On Thu, Mar 7, 2013 at 2:30 PM, Michael Leone oozerd...@gmail.com wrote: I can't understand why my script is failing. I can run it from a Powershell prompt (I have to Run as administrator, because the script is deleting some files in a backup directory). But it works perfectly when I do it that way. But when I create a Scheduled Task to do it, it fails with 0x1. I create a Task, tell it to use an account with domain admin privileges. Tell it to run whether the user is logged on or not, and to run with highest privileges The action calls a program (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe). In Add arguments, I have -Command C:\Scripts\myscript.ps1 And it always fails with 0x1. And I can't figure out why, if it is running as a user with highest privileges and that works interactively, from an elevated PS prompt. What part am I doing wrong? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Running Powershell script as scheduled task fails with 0x1
On Thu, Mar 7, 2013 at 2:37 PM, Webster webs...@carlwebster.com wrote: I thought it was -File c:\scripts\myscript.ps1. See, this is what's infuriating. Most of the examples I have found say you don't need -Command or -File. Some say -Command. Some say the 2 are equivalent. SIGH So I changed it to -File, and made sure the folder holding the script itself had no spaces in its name. And then it all started working ... I thought for sure I had tried it with -File as well, but maybe not. Anyways, it all seems good now. Thanks. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, March 07, 2013 2:30 PM To: NT System Admin Issues Subject: Running Powershell script as scheduled task fails with 0x1 I can't understand why my script is failing. I can run it from a Powershell prompt (I have to Run as administrator, because the script is deleting some files in a backup directory). But it works perfectly when I do it that way. But when I create a Scheduled Task to do it, it fails with 0x1. I create a Task, tell it to use an account with domain admin privileges. Tell it to run whether the user is logged on or not, and to run with highest privileges The action calls a program (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe). In Add arguments, I have -Command C:\Scripts\myscript.ps1 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Powershell advice - matching an AD user to a value in an array
So I have this CSV file of names (LastName, FirstName). What I need to do: find every AD user that is in that CSV file. If they are not there, report that, too. So I imported the whole CSV into an array, and use Quest to get all active user objects: $AllCSVUsers = @(Import-CSV $InputFileName) $TotCntCSVUsers = $AllCSVUsers.count $AllUsers = Get-QADUser -SizeLimit 0 | Select LastName,givenName,DisplayName But I am unclear on how to (easily) search each AD user against the CSV array. ForEach ($AD_User in $AllUsers) { $LastName=$AD_User.LastName $FirstName=$AD_User.FirstName - then what? Do loop thru the CSVUsers array, looking for both $LastName and $FirstName? Can Compare-Object help me here? I foresee problems, especially if the names don't match exactly, or I have multiple John Does. But all I have is that CSV file. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell advice - matching an AD user to a value in an array
On Tue, Mar 5, 2013 at 11:05 AM, Michael B. Smith mich...@smithcons.com wrote: How many users do you have? How many users are in the CSV file? Approximate, in both cases, is fine. CSV users = 1300. AD users = 1100. What I am most interested in: AD users NOT in CSV file. There will always be users in CSV file not in AD; that is fine. What I need to know is - who is in AD that isn't accounted for, in the CSV file. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Tuesday, March 5, 2013 10:54 AM To: NT System Admin Issues Subject: Powershell advice - matching an AD user to a value in an array So I have this CSV file of names (LastName, FirstName). What I need to do: find every AD user that is in that CSV file. If they are not there, report that, too. So I imported the whole CSV into an array, and use Quest to get all active user objects: $AllCSVUsers = @(Import-CSV $InputFileName) $TotCntCSVUsers = $AllCSVUsers.count $AllUsers = Get-QADUser -SizeLimit 0 | Select LastName,givenName,DisplayName But I am unclear on how to (easily) search each AD user against the CSV array. ForEach ($AD_User in $AllUsers) { $LastName=$AD_User.LastName $FirstName=$AD_User.FirstName - then what? Do loop thru the CSVUsers array, looking for both $LastName and $FirstName? Can Compare-Object help me here? I foresee problems, especially if the names don't match exactly, or I have multiple John Does. But all I have is that CSV file. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell witth Quest - listing group memberships of users
I ended up doing this: $AllUsers = Get-QADUser -SizeLimit 0 | Select givenName,LastName,DisplayName,description,mail,ParentContainer,SAMAccountName,homeDirectory,AccountIsDisabled,MemberOf | sort AccountIsDisabled,LastName,FirstName ForEach ($User in $AllUsers) { $Cells.Item($CurrentRow, $CurrentCol) = $User.displayName $CurrentCol++ $ListOfGroups = Get-QADMemberOf $User.sAMAccountName $UsersGroups = ForEach ($GroupName in $ListOfGroups) { $UsersGroups += | + $GroupName.Name + |, } $Cells.Item($CurrentRow, $CurrentCol) = $UsersGroups $Sheet.columns.item($CurrentCol).columnWidth = 52 $Cells.Item($CurrentRow, $CurrentCol).WrapText = $True } So I nested a couple loops, and I broke out each group, enclosed it in | - which I found makes it more readable - and stored it in an Excel cell, which I widen and wrap, for readability. Basically this gives me a spreadsheet of all users, their home folders, and group memberships. I keep it as a sort of snapshot of AD, so that in 5 years, when I get a request to restore the home folder of some user that doesn't work here anymore, and who has been deleted out of AD, I have a way to find out where that home folder was, and I can query the backup system for that location and time frame. (and yes, I have had that happen, which is why I wrote the script). On Tue, Feb 26, 2013 at 4:48 PM, Steven Peck sep...@gmail.com wrote: .memberOF outputs an array and arrays don't play well with other types of info with just a straight select-object I used to use Get-QadUser JDoe | Get-QADMemberOf for this type of stuff Haven't actually had to solve this problem in a while now though. On Tue, Feb 26, 2013 at 12:36 PM, Michael Leone oozerd...@gmail.com wrote: On Tue, Feb 26, 2013 at 2:56 PM, Michael Leone oozerd...@gmail.com wrote: I am unsure what I am doing wrong. I want a list of all my user accounts, and I want the contents of the MemberOf property, among other things. Get-QADuser -SizeLimit 0 | Select givenName,LastName,DisplayName,mail,ParentContainer,SAMAccountName,homeDirectory,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf I sort this, and export to CSV. When I import the CSV into Excel, the MemberOf, NestedMemberOf and AllMemberOf are showing as System.String[]. What am I doing wrong? I want that MemberOf to actually list what groups the user is a member of. So here is where I am. I am trying to output into an Excel spreadsheet: $AllUsers = Get-QADUser -SizeLimit 0 LeoneM | Select givenName,LastName,DisplayName,description,mail,ParentContainer,SAMAccountName,homeDirectory,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf | sort AccountIsDisabled,LastName,FirstName ForEach ($User in $AllUsers) { $Cells.Item($CurrentRow, $CurrentCol) = $User.displayName $CurrentCol++ $ListOfGroups = Get-QADMemberOf $User.sAMAccountName $Cells.Item($CurrentRow, $CurrentCol) = $ListOfGroups Write-Host $User.displayName $ListOfGroups $CurrentRow++ $CurrentCol = 1 } And my $ListOfGroups writes out on my screen, but does NOT get written into the spreadsheet. What's that about? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Powershell witth Quest - listing group memberships of users
I am unsure what I am doing wrong. I want a list of all my user accounts, and I want the contents of the MemberOf property, among other things. Get-QADuser -SizeLimit 0 | Select givenName,LastName,DisplayName,mail,ParentContainer,SAMAccountName,homeDirectory,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf I sort this, and export to CSV. When I import the CSV into Excel, the MemberOf, NestedMemberOf and AllMemberOf are showing as System.String[]. What am I doing wrong? I want that MemberOf to actually list what groups the user is a member of. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell witth Quest - listing group memberships of users
On Tue, Feb 26, 2013 at 2:56 PM, Michael Leone oozerd...@gmail.com wrote: I am unsure what I am doing wrong. I want a list of all my user accounts, and I want the contents of the MemberOf property, among other things. Get-QADuser -SizeLimit 0 | Select givenName,LastName,DisplayName,mail,ParentContainer,SAMAccountName,homeDirectory,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf I sort this, and export to CSV. When I import the CSV into Excel, the MemberOf, NestedMemberOf and AllMemberOf are showing as System.String[]. What am I doing wrong? I want that MemberOf to actually list what groups the user is a member of. So here is where I am. I am trying to output into an Excel spreadsheet: $AllUsers = Get-QADUser -SizeLimit 0 LeoneM | Select givenName,LastName,DisplayName,description,mail,ParentContainer,SAMAccountName,homeDirectory,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf | sort AccountIsDisabled,LastName,FirstName ForEach ($User in $AllUsers) { $Cells.Item($CurrentRow, $CurrentCol) = $User.displayName $CurrentCol++ $ListOfGroups = Get-QADMemberOf $User.sAMAccountName $Cells.Item($CurrentRow, $CurrentCol) = $ListOfGroups Write-Host $User.displayName $ListOfGroups $CurrentRow++ $CurrentCol = 1 } And my $ListOfGroups writes out on my screen, but does NOT get written into the spreadsheet. What's that about? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Powershell with Quest advice - show all disabled users, but only in a certain OU
I'm still trying to get the hang of this. Here's what I need - a report of all user accounts that are in just certain OUs. Specifically - we have an OU called Disabled where we put disabled user accounts. There are 4 sub-OUs - Q1, Q2, etc. And what I want is only the accounts in Q2 and Q3. HOWEVER, when a user is on a leave of absence, we disable their accoutn, but do NOT move it into the Disabled OU. I know I can use Get-QADUser -Disabled -SearchRoot OU=Disabled in Q3,OU=DISABLED,DC=...DC=...,DC=...,DC=...,DC=... Which gives me that one sub-OU. Will I just have to repeat it for just Q2? OR ... is there some way I can search the DISABLED OU, and just filter out Q1 and Q4? Also: there doesn't seem to be an entry for DisabledDate, I only see last modification date (which ideally will work out to be the same thing as disabled date). It's not critical for me, but is there a way to list date the account was disabled? I plan to write all this out into an Excel spreadsheet, which I've done before. Any advice gratefully appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell with Quest advice - show all disabled users, but only in a certain OU
On Thu, Feb 21, 2013 at 12:17 PM, Christopher Bodnar christopher_bod...@glic.com wrote: Something like this might help: get-qaduser|where {$_.dn -match Q2 -and $_.dn -match Q3} Yes, I can definitely make use of that - thanks! How would I do the reverse? i.e., dn must not match DISABLED? (to find any disabled accounts that are not in the DISABLED OU or it's sub-OUs) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Replacing a print server - publishing printers in directory?
So I need to replace one of my current print servers (Win2003, 32bit) with a new VM (Win2008 R2, 64bit). Some of you may recall my emails about this recently. Anyway, I have the new server ready, all printers defined on it (with the same names as the current production printers). My question is about actually cutting over to the new server. Before I do that, do I need to unlist the printers from the directory on the old production print server and unshare the printers *before* changing it's name and IP? That's a bit of a pain, because there are 93 printers, and I haven't found a way to do that as a batch, so I'd have to change each printer definition manually.I don't know how printers are treated in the directory - do they have a unique SID like a computer object, and so just creating a new printer with the same name on a server with the same name does not mean that it will just work? Once I unlist and unshare, I should be able to change the name and IP of the old server; re-assign them to the new printer; list all the new printers in the directory. And then all should Just Work. Is that right? Am I missing a step? Do I have a step wrong? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Replacing a print server - publishing printers in directory?
On Wed, Feb 13, 2013 at 9:33 AM, John Cook john.c...@pfsf.org wrote: Any chance you could just publish them in Group Policy? ... I don't know if they (some of them) are already being being published via GPO. Might be, probably are. But not all of them. What impact does that have on my plans? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Replacing a print server - publishing printers in directory?
On Wed, Feb 13, 2013 at 9:45 AM, John Cook john.c...@pfsf.org wrote: Depending on your organizational structure you could possibly just publish all the new printers to your users and make life a little easier going forward - you could eliminate the manual process by just adding a printer policy to a user. But aren't the already published printers tied to the old print server? These aren't new printers, really - the only change is the underlying print server. There are no new printers - all the same names and same IP addresses of the printers. I just duplicated the entries from the old print server to the new. I'm now more confused than before. :-) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Replacing a print server - publishing printers in directory?
On Wed, Feb 13, 2013 at 10:27 AM, John Cook john.c...@pfsf.org wrote: You might go through these, it could be of help. http://technet.microsoft.com/en-us/library/dd379488(WS.10).aspx Yeah, I've read that. And done it. I think this is the part that I just wanted to verify: --- In most cases, a new print server will not affect other computers in the enterprise. Existing client connections may be corrupted if you make a change to any of the following print server properties: The print server name The printer name The print share name The share permissions The printer’s availability to the server --- I'm not changing any of those, so I should be OK. Still not sure if I should unpublish and unshare from the old server first, Just In Case. That's really what I am asking ... AH HA! And I didn't read closely enough ... http://technet.microsoft.com/en-us/library/dd379557(v=ws.10).aspx - When you restore printers to the destination server, do not publish printers to AD DS. This prevents duplicate printers from being displayed by AD DS before the destination server configuration is verified. On the source server, you must unpublish printers before renaming the source server. To do this, select all printers in the Print Management snap-in, right-click the selected printers, and then click Remove from Directory. This prevents printers from being published twice to AD DS when the source server is renamed. After renaming the destination server to the source server’s original name, you can publish all printers on the destination server to AD DS. To do this, select all printers in the Print Management snap-in, right-click the selected printers, and then click List in directory. - There you go, that's what I needed. Confirmation to do exactly what I was planning to do anyway. :-) Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Thu, Feb 7, 2013 at 12:16 PM, Webster webs...@carlwebster.com wrote: Do you have this update? http://blogs.technet.com/b/sus/archive/2012/09/04/an-update-for-windows-server-update-services-3-0-service-pack-2-is-available-kb2734608.aspx I don't see that on my list of WSUS updates, that my WSUS server has ... I will download and install it ... Thanks Thanks Webster -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, February 07, 2013 10:53 AM To: NT System Admin Issues Subject: Re: Registry entries to set a WSUS client On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Thu, Feb 7, 2013 at 12:17 PM, Kennedy, Jim kennedy...@elyriaschools.org wrote: First and foremost I suggested that before Andrew did. He just copied off me. True. Thanks, first and foremost! :-) http://support.microsoft.com/kb/2734608 Then reregister the server. Also that update needs to be on your console machine if that is how you are doing it. I did download and install that update, and now my Win2012 server shows up as Win2012. I will re-synchronize again, before I update the Win2012 server. Andrew is going to copy, I just know it. Imitation is the sincerest form of flattery -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, February 07, 2013 11:59 AM To: NT System Admin Issues Subject: Re: Registry entries to set a WSUS client On Wed, Feb 6, 2013 at 12:51 PM, Andrew S. Baker asbz...@gmail.com wrote: Yes, it still does work if you change the registry manually, but having a separate OU for testing (like everyone else is saying) is the best path. Yes, you're right. So I did this - set up a test OU, and a test GPO, pointing at my new WSUS server. I rolled out some new VMs - Win7, Win2003, Win2008, Win2012, put them in that OU, added them to the group that links to that new GPO. All are showing up in the new WSUS server (yay!). However, the 2012 server is showing up as OS Win2003 STD x64, and not Win2012. What's up with that? :-) I am up to date on the WSUS updates, apparently. Is this just a display bug? It shows I need 14 updates (which I suppose is correct), ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2
On Wed, Feb 6, 2013 at 5:01 AM, Randal, Phil phil.ran...@hoopleltd.co.uk wrote: It's also worth installing KB2734608 as soon as you've installed WSUS 3.0SP2. I will keep that in mind. It should show up as soon as I synchronize the first time, it says ... Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Registry entries to set a WSUS client
I'd like to test my new WSUS server, before changing my GPO to point to it. And it occurred to me that I could set a couple test VMs to point to the new server, and see if they can get their updates from it, before making the change to the GPO. There used to be a way to set this via registry entries. Anybody know if this would this still work on a Win2008 R2 server? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate] WUServer=http://new-WSUS-server; WUStatusServer=http://new-WSUS-server; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU] UseWUServer=dword:0001 NoAutoUpdate=dword: AUOptions=dword:0002 ScheduledInstallDay=dword: ScheduledInstallTime=dword:0003 DetectionFrequencyEnabled=dword:0001 DetectionFrequency=dword:0001 NoAUAsDefaultShutdownOption=dword:0001 NoAUShutdownOption=dword:0001 RescheduleWaitTimeEnabled=dword:0001 RescheduleWaitTime=dword:0001 UseWUServer=dword:0001 If I import these registry entries to a test Win2003 and Win2008 R2 VMs, and then stop and start the Windows Update service, those VMs should check in with the new server, and get it's updates. Then I can see that the new server is working. Then I can change the GPO ... Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: iso mounting software for Windows Server 2008 R2
On Wed, Feb 6, 2013 at 10:09 AM, Glen Johnson gjohn...@vhcc.edu wrote: I like and use Virtual CloneDrive. +1 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Registry entries to set a WSUS client
On Wed, Feb 6, 2013 at 11:51 AM, Webster webs...@carlwebster.com wrote: Couldn't you also create a test OU, create a GPO for the new WSUS server, link it to the test OU, put the VMs in that OU, reboot the VMs for the OU move and verify your WSUS settings? I could. That's a lot more work than just changing 2 registry entries on some test VMs that are already set to look at my old WSUS server. :-) That way you are not touching production and also, even better, not relying on reg hacks. I was never touching production anyway - I created a new WSUS server, and using a test VM that I keep around to test stuff like this. Never changed any settings on production servers, or changed any production GPOs. Never pointed the new WSUS server at the old server, started over clean. Changing the registry entries and restarting the service worked just fine, BTW. The test VM checked in to the new server, and I see a list of updates that need to be applied (as expected, since this test VM hasn't been updated in a few months). So it looks like all that is left is changing the production GPO to point to the new server, give the clients a couple days to check in, and All Should Be Good ... Thanks Webster -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Subject: Registry entries to set a WSUS client I'd like to test my new WSUS server, before changing my GPO to point to it. And it occurred to me that I could set a couple test VMs to point to the new server, and see if they can get their updates from it, before making the change to the GPO. There used to be a way to set this via registry entries. Anybody know if this would this still work on a Win2008 R2 server? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\Windows Update] WUServer=http://new-WSUS-server; WUStatusServer=http://new-WSUS-server; [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\Windows Update\AU] UseWUServer=dword:0001 NoAutoUpdate=dword: AUOptions=dword:0002 ScheduledInstallDay=dword: ScheduledInstallTime=dword:0003 DetectionFrequencyEnabled=dword:0001 DetectionFrequency=dword:0001 NoAUAsDefaultShutdownOption=dword:0001 NoAUShutdownOption=dword:0001 RescheduleWaitTimeEnabled=dword:0001 RescheduleWaitTime=dword:0001 UseWUServer=dword:0001 If I import these registry entries to a test Win2003 and Win2008 R2 VMs, and then stop and start the Windows Update service, those VMs should check in with the new server, and get it's updates. Then I can see that the new server is working. Then I can change the GPO ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2
I've asked this on the WSUS list over at PatchManahement.org, but while I am waiting on their wisdom, I thought I would ask here, as well. I am using WSUS 3.0 SP2 on a Win2003 SP2 VM, and I need to move it to a Win2008 R2 VM, and while I am it, change the server name. Since I posted on the other list, I have determined (I think) that my database is the default Windows Internal database. I have a SUSDB.MDF file, and a separate SUSDB.BAK in a different folder. I must have set that backup up at one point, and pointed it to that backup folder, but it was so long ago, I've forgotten, and there is no documentation here. I found this link - How to move WSUS from one server to another http://blogs.technet.com/b/sus/archive/2009/07/02/how-to-move-wsus-from-one-server-to-another.aspx, This blog post is 3.5 years old; is it still valid? Almost all the comments say this procedure did not work for them. If not, is there a better step-by-step guide? Thanks for any help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2
On Tue, Feb 5, 2013 at 11:56 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: I have moved WSUS servers twice. It isn't worth it, just redo it. It doesn't take that long to mass approve the updates. OK ... it's not approving the updates, really. It's rebuilding the groups, and the client history. Once I re-point the GPO to the new server, then the client has to fully scan and report to the new WSUS server which patches it has, and for the server to determine what patches it needs. Those are the parts I would be trying to avoid. How can I migrate that? Do I make the new WSUS server, and somehow replicate from the current to the new, then demote the old, leaving only the new? (in our case - we have a set of servers that are up to date with the latest patches, and another set that one month behind. This lets us test that the patches don't break anything, before rolling them out to the production servers) -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Tuesday, February 05, 2013 11:49 AM To: NT System Admin Issues Subject: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2 I've asked this on the WSUS list over at PatchManahement.org, but while I am waiting on their wisdom, I thought I would ask here, as well. I am using WSUS 3.0 SP2 on a Win2003 SP2 VM, and I need to move it to a Win2008 R2 VM, and while I am it, change the server name. Since I posted on the other list, I have determined (I think) that my database is the default Windows Internal database. I have a SUSDB.MDF file, and a separate SUSDB.BAK in a different folder. I must have set that backup up at one point, and pointed it to that backup folder, but it was so long ago, I've forgotten, and there is no documentation here. I found this link - How to move WSUS from one server to another http://blogs.technet.com/b/sus/archive/2009/07/02/how-to-move-wsus-from-one-server-to-another.aspx, This blog post is 3.5 years old; is it still valid? Almost all the comments say this procedure did not work for them. If not, is there a better step-by-step guide? Thanks for any help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2
On Tue, Feb 5, 2013 at 2:54 PM, Robert Peterson robert.peter...@prin.edu wrote: The actual moving of the database to another server is not difficult as long as you don't change from internal to SQL database. The problem is in renaming the server. When you do that you have to remember to change any GPO's that are associated with WSUS. The database export and import procedures are still the same that I'm aware of, use the WSUSutil command line. That's not working for me. wsusutil export Old-Server-CAB.CAB Old-Server-LOG.LOG give me a binary file as the LOG, and an empty zero-byte CAB file. If the environment is not very large About 130 servers ... you could just install a fresh copy of WSUS on the new server, re-point the GPO's and let the clients populate the new database on their own. Then import only the metadata of approved updates. That way you're not getting old machines that may not be on the network any longer and you start with a much cleaner database. That's what I am hoping to do. I have installed WSUS on the new server, and am about to synchronize updates. Then I was going to change the GPO and let it re-populate the DB. But I have nothing to import metadata from ... I can approve everything up till last Patch Tuesday date, of course. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Advice on migrating WSUS 3.0 SP2 from Win2003 32bit to Win2008 R2
So the boss figures that if we are creating a new database, we might as well install SQL Server 2008 R2 Express, and use that (locally). So we'll go with that, I guess. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: On a lighter note for a Friday, Passed my CISA exam
Congratulations! On Fri, Feb 1, 2013 at 2:54 PM, Ziots, Edward ezi...@lifespan.org wrote: Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. ** ** Z ** ** Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ** ** This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. *[image: Description: Description: Lifespan]* ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
Re: Migrating from a 32bit print server to a 64bit print server
On Thu, Jan 31, 2013 at 4:01 PM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: It's been a while since we migrated our systems, and since we went from 32 bit WS03 R2 to a 64 bit WS08 R2 print cluster with a new name, I didn't use printbrm at the time. That being said, I've used printbrm to do exports of our config and it doesn't restore everything well to another box, like you've experienced, but it's also been a while since I've tried using it (not counting my nightly export scripts). I think the main issue for us is because of print processors, and in our case may be related to a bug where Windows doesn't always delete old processors over time - http://support.microsoft.com/kb/242394 and since we are using HP Universal drivers, it gets complicated at times--you may be in the same boat. I've had to remove the old processors after updating queues on more than one occasion. And, based on some experience I've had from testing removal of print processors, I've also seen that if the print processor is not there, the queue does not appear at all, like what you are reporting. But, the queue does show in the registry, meaning if you only could load the print processor files, it would work. If you're using HP's UP drivers, I can provide more info on the messiness of it--it sort of sounds like that might be the scenario. Yep; it appears to be the print processors. There are a lot more on the old print server, than on the new one, even though the list of installed printer drivers (per Printer Management) is the same, even down to the version numbers. I think what happened is that, in the past, we would use a model-specific driver. Now we use the universal driver for PostScript (HP has one, as do Ricoh and Xerox), rather than a multitude of different drivers.. And I think that uninstalling the old driver left the print processor behind, and so the printer continued to use that print processor. Yeah, I ended up re-creating 24 printers (that's the amount on this print server that didn't restore). And I have a scheduled task that uses PrintBRM to save a backup of everything, once a week. Hopefully, I won't have quite this amount of trouble in the future. Printing through the new print server all seems to be working. When the time comes, I will shutdown the old server, re-name and re-IP the new server, and tell it to publish all it's queues in the directory. I may see if I can construct a script to do that, rather than manually modifying each printer to publish in the directory. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Migrating from a 32bit print server to a 64bit print server
I'm surprised no one responded at all. Anyways, here's further info: I did do the printbrm -R -F filename. And there were errors. So I reverted back to a clean snapshot (it's a VMware VM), added the same print drivers that are on the production server (both 32 and 64 bit drivers, same versions) - I used the list of print drivers shown in Printer Management on the production server. Made a new snapshot. And tried restoring again (no overwriting, no queue publishing). And I'm still getting errors. I am only getting about 2/3 of the printers/queues restored. I am getting errors 0x80070706 and 0x80070705. 0x80070706 is Print Processor unknown, which is odd, because I am getting that for some queues that use one of the pre-installed drivers. And other queues, using the same driver, import with no errors, so I guess those are finding the print processor, so it must exist ... 0x80070705 is Printer Driver unknown. Again, this is for a driver pre-installed, and other printer queues that use this driver work; they restore (haven't tried printing to them yet, as those printers aren't local to me). I have 92 printers, and only 68 import correctly. So what should I do at this point - just manually install the 24 printers that didn't come through? I just don't understand why the print processor seems to work for some printer queues, and not others. I know I am going from 32bit to 64bit, but I have both drivers already installed (for both the production 32 bit and the new 64bit). Anyone have any ideas, before I go installing 2 dozen printers? On Wed, Jan 23, 2013 at 12:35 PM, Michael Leone oozerd...@gmail.com wrote: I have a VM that is running Win2008 (not R2) 32bit, and we are using this as our print server. I save the printer definitions and queues using the printbrm -B -F filename command as a scheduled task. Note that this server has both 32bit and 64bit drivers installed to it (I am told). 64bit drivers installed to that print server using the Print Manager snapin from a 64bit PC. Now, I want to replace this VM with a new one, running Win2008 R2. I think I should just be able to do: printbrm -R -f filename and then all my printers and queues should install, and be ready to go. Then I can decommission the old server, re-name the new server, re-use the old IP, and everyone who uses a printer defined on that print server name should continue to Just Work. .. .which seems Too Easy. Am I missing some consideration here? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Migrating from a 32bit print server to a 64bit print server
I have a VM that is running Win2008 (not R2) 32bit, and we are using this as our print server. I save the printer definitions and queues using the printbrm -B -F filename command as a scheduled task. Note that this server has both 32bit and 64bit drivers installed to it (I am told). 64bit drivers installed to that print server using the Print Manager snapin from a 64bit PC. Now, I want to replace this VM with a new one, running Win2008 R2. I think I should just be able to do: printbrm -R -f filename and then all my printers and queues should install, and be ready to go. Then I can decommission the old server, re-name the new server, re-use the old IP, and everyone who uses a printer defined on that print server name should continue to Just Work. .. .which seems Too Easy. Am I missing some consideration here? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? I run VMware ESXi 5.0, and I know I have had to extend a disk any number of times. And Win2008 makes extending the boot disk so much easier, too. My largest VM has 16G of RAM, and I was even leery of that. And I have 6 hosts with 512G RAM each ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Time sync
On Mon, Jan 7, 2013 at 10:33 AM, Andrew S. Baker asbz...@gmail.com wrote: You do know you can thin provision in both VMWare and HyperV, right? Thus, you can stipulate that a disk have a max size of 200GB, but if you're only using 50GB, it will only be 50GB in size. I never use think disks, personally. Not for production use - possibly for a test VM. I'd be afraid of what would happen if the disk needed to expand, and there wasn't enough available disk space. With (hopefully) sensibly sized thick disks, you know the running machines will continue to run, up to the assigned disk maximum. And with an alerting system that notifies you of free disk left, you can deal with the situation ahead of time (usually). If a production server needs space in the middle of the night, and there's not enough room on that datastore, that can be bad altho I guess storage profiles (for VMware) might be able to help with that. I guess Hyper-V has a similar feature, to move VMs between datastores based on pre-defined profiles. Thus, no reason for Windows users to howl. Plus, Windows doesn't mind extending non-boot disks, but it's not all that happy about having its boot disk extended, no matter what the underlying hypervisor. True. But it's a lot better and easier with Win2008, and I imagine at least as easy with 2012. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Trying to install RDS on Server 2012, as a VM under VMware ESX 5.0 ..
On Thu, Jan 3, 2013 at 3:55 PM, Andrew S. Baker asbz...@gmail.com wrote: Are you sure you want to install a virtual host inside another virtual host? I'm not, but the boss is ... at least for a proof-of-concept. Citrix Presentation Manager works perfectly under ESXi, so some nested virtialization (apparently that's the term for this type of setup) works fine. I haven't attempted to install RDS as yet under 2012. I might give that a go this weekend under Hyper-V and see... I've found ways to do it, but apparently it's a lot easier under VMware 5.1. Upgrading is a pain, but I guess I will do that first. Mind you, running Hyper-V in a VM under ESXi is still not supported, but it's supposed to work .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Trying to install RDS on Server 2012, as a VM under VMware ESX 5.0 ..
On Fri, Jan 4, 2013 at 2:46 AM, James Hill falc...@gmail.com wrote: You can install a Remote Desktop Session Host on a VM (whether it is Hyper V, or Vmware etc), that is supported. You can't (well it isn't supported though there are hack methods) install VDI on a VM which is what you have attempted to do. I see ... (well, sorta ...) When you run the Add Roles and Features Wizard select the first option Role based or feature-based installation. In the next step select the server and then in the next step (Roles) select the Remote Desktop Services (and whichever components you wish to use). This will give you the Remote Desktop Session Host etc which is what you after. It should install just fine then. It did! Excellent! Thanks so much for the hint ... The guide you have followed is for a VDI installation and hence it uses the second option in the Add Roles and Features Wizard. I see I will need to read more. Years ago (like 5-6), I used to run a Win2003 Terminal Server, and we used to set up a full desktop of apps for our users (at my old company). Here, we want to publish just the one app, apparently - we do not want a full desktop for the users. At least now I have something more to play around with. This is all a proof-of-concept - if we can get it to work, we will replace our Citrix Presentation Managers VMs with 2012 and RDS. Total user base for this app is *maybe* 100 users total; the most I've ever seen on Citrix simultaneously is like 50 or so. Guess I should dig more into RemoteApp, as well ... Thanks so much, you've really helped me! James. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Friday, 4 January 2013 1:52 AM To: NT System Admin Issues Subject: Trying to install RDS on Server 2012, as a VM under VMware ESX 5.0 .. So I seem to be stumped. We have some old Citrix Presentation Manager servers running on Win 2003 that my boss would like to retire, and replace with Remote Desktop Services under Server 2012. The catch is that these servers would VMs, running under VMware ESXi 5.0 (that's what the current Citirix servers are). If you install all the latest ESXi 5.0 patches, then you can run Server 2012 VMs. That part is running fine. But I can't seem to install RDS. (the last time I used even Terminal Services was on Win 2003, over 5 years back). Following this blog post http://technet.microsoft.com/en-us/magazine/jj554307.aspx I am trying to install RDS. But it keeps failing on RD Virtualization Host step - all it says is that it failed. The other 2 steps (Connection Broker and Web Services) installed fine. I don't see anything in the Event log that is telling me WHY it failed. I am seeing Event 9645 from source MSSQL$MICROSOFT##WID. Message is An error occurred in the service broker manager, Error 3602, State: 145. And I can't seem to track down what this means. The online Event log help is no help (it never seems to be, for me). I haven't found it in eventid.net, and Google isn't showing me anything close to my situation. So let's start at the beginning: 1. Is this even possible - can you run RDS on Server 2012 as a VM under ESXi 5.0? Or is that trying to run one virtualization technology (Hyper-V) under a different virtualization technology (ESXi)? (eventually we want to publish an application or two, not a lot, and no need of a full desktop, as I understand it). I know MS says you shouldn't (or can't) run Hyper-V inside of Hyper-V, but it doesn't seem to say anything about Hyper-V inside any other virtualization - ESXi, XenApp, etc. 2. If it is possible, what am I missing? The article didn't mention any pre-requisites I don't have. I have Server 2012 as a domain member in my Win 2008 R2 AD domain. So far, I am not liking Server 2012. :-) (and I haven't started in on that Metro interface ...) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Trying to install RDS on Server 2012, as a VM under VMware ESX 5.0 ..
So in further narrowing this down with my boss, here's what we want: (that I know of, so far) - want to access the app from a web browser - client OSes will be many XP w/SP3, some Win 7 - do not want clients to see a full desktop, only the one crappy app they need to access - and, just to make it more interesting, the app is a traditional, fat, full client-server app, that uses too much bandwidth to run remotely, hence the need to run this way - the app has it's own security, own IDs and passwords, separate from our domain logins So it looks like I want Remote Desktop Web Access, so the clients can connect using a web browser. Not sure if that means I also then need to set up RemoteApp on the server, so that when they do connect, they will see only the one app I have published, and can only execute that. Sounds like it, from the skimming I've done so far. Right now, what we happens is: you (the client) start a browser session. We have a load balancer, which routes you to a Ctirix XenApp server, where you authenticate with a domain ID, and then it shows you the one and only app you can run. Choosing it then prompts you for the application security (ID and password). Then you see the rest - entry screens, etc. I should be able to replace all the Citrix parts with Server 2012 and RDS, and the users should just be able to toodle right along. (well, the web interface to choose the app will change, but other than that, it should be all the same to the end users). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Trying to install RDS on Server 2012, as a VM under VMware ESX 5.0 ..
So I seem to be stumped. We have some old Citrix Presentation Manager servers running on Win 2003 that my boss would like to retire, and replace with Remote Desktop Services under Server 2012. The catch is that these servers would VMs, running under VMware ESXi 5.0 (that's what the current Citirix servers are). If you install all the latest ESXi 5.0 patches, then you can run Server 2012 VMs. That part is running fine. But I can't seem to install RDS. (the last time I used even Terminal Services was on Win 2003, over 5 years back). Following this blog post http://technet.microsoft.com/en-us/magazine/jj554307.aspx I am trying to install RDS. But it keeps failing on RD Virtualization Host step - all it says is that it failed. The other 2 steps (Connection Broker and Web Services) installed fine. I don't see anything in the Event log that is telling me WHY it failed. I am seeing Event 9645 from source MSSQL$MICROSOFT##WID. Message is An error occurred in the service broker manager, Error 3602, State: 145. And I can't seem to track down what this means. The online Event log help is no help (it never seems to be, for me). I haven't found it in eventid.net, and Google isn't showing me anything close to my situation. So let's start at the beginning: 1. Is this even possible - can you run RDS on Server 2012 as a VM under ESXi 5.0? Or is that trying to run one virtualization technology (Hyper-V) under a different virtualization technology (ESXi)? (eventually we want to publish an application or two, not a lot, and no need of a full desktop, as I understand it). I know MS says you shouldn't (or can't) run Hyper-V inside of Hyper-V, but it doesn't seem to say anything about Hyper-V inside any other virtualization - ESXi, XenApp, etc. 2. If it is possible, what am I missing? The article didn't mention any pre-requisites I don't have. I have Server 2012 as a domain member in my Win 2008 R2 AD domain. So far, I am not liking Server 2012. :-) (and I haven't started in on that Metro interface ...) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Symantec %@(*OI:TNGF(P*
On Thu, Nov 8, 2012 at 6:41 AM, Ken Schaefer k...@adopenstatic.com wrote: Even if you don’t have a separate network, you can create a separate group in WSUS, and put a test machine(s) with your SOE image in that group. That's what we do. I have a group of machines that we use for development. They get all the WSUS patches applied. Production machines get everything one month behind. This way, if some update breaks something, production isn't affected. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Confused about DNS resolution on a server with 2 NICs on a DMZ
On Wed, Nov 7, 2012 at 11:13 AM, Christopher Bodnar christopher_bod...@glic.com wrote: If you want the MS resource that is taken from, it's here: http://technet.microsoft.com/en-us/library/bb457118.aspx Thanks. The other link said I needed to become a Premium member to download or print, and I wasn't about to pay $9 to print the one document. So the resolution will just automatically cycle through all the adapters; that's what I was figuring, from observation. Good to know ... Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From:Christopher Bodnar christopher_bod...@glic.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/07/2012 11:02 AM Subject:Re: Confused about DNS resolution on a server with 2 NICs on a DMZ Have you taken a look at this yet? http://www.scribd.com/doc/63870216/108/Multihomed-Name-Resolution Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From:Michael Leone oozerd...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:11/07/2012 10:14 AM Subject:Confused about DNS resolution on a server with 2 NICs on a DMZ So, today's confusion ... we have a webserver on our DMZ, Win 2008 R2. It has 2 NICs, and external and an internal. The external NIC has DNS settings pointing to our ISp (Verizon, in our case). The internal NIC has DNS settings of our internal LAN. So how come, if I say ping other internal server, the name resolves and I can ping? (I can understand how the ping succeeds; we have a static route to our internal servers). But how is the name resolving to the internal address? Using another of my internal servers as a target (i.e., not on the DMZ): If I do ping shortname, it says could not find host. That's good; we don't have our domain name set in the NIC properties. if I do ping FQDN, it says Pinging FQDN [internal IP]. And how does it know to do that?? It appears that it's succeeding by using the internal NIC, but how does it know to use the internal NIC to resolve a name? If it was an internal IP, I could understand it - it would use the static route. Is it normal behavior to use the DMZ NIC, and - if that fails - silently use the INTERNAL NIC? That makes no sense to me either, but that's all I am coming up with, for why this is working. Can somebody clear up my age-fogged brain about this?? There is no HOSTS file, these are not domain members. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: A question about Virtualization
On Tue, Nov 6, 2012 at 1:09 PM, Don Ely don@gmail.com wrote: 3 hosts for 10 servers?!?!?!!?!?! I have 3 hosts and I run 120 servers on them SAN switches? Kool-aid taste good? I do 120 VMs on 6 hosts, w/256G RAM ea. Soon to be 512G, so we can run more VMs ... all backed by an FC SAN ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: East Coast people out there?
I'm in Philly. No problems here. Power never went out, so no need for UPS or generators to kick in. I happen to live close by my data center, and my lights flickered once or twice, but that was all.. On Tue, Oct 30, 2012 at 10:00 AM, Guyer, Don dgu...@che.org wrote: Just South of Philly here. Storm moved through here quicker than expected, so my area escaped fairly unscathed, considering. From what I’ve seen on the news, NY got it pretty hard. ** ** Jersey shore got hammered. ** ** Regards, * * *Don Guyer** **Catholic Health East - Information Technology* Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: *dgu...@che.org* Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 *For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839.* [image: Description: Description: Description: InfoService-Logo240] ** ** *From:* Christopher Bodnar [mailto:christopher_bod...@glic.com] *Sent:* Tuesday, October 30, 2012 9:45 AM *To:* NT System Admin Issues *Subject:* OT: East Coast people out there? ** ** Anyone else on the east coast dealing with the aftermath of Sandy? Still waiting to hear how our NY office faired. Chris - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
Re: Church email
You're talking about a Google Apps account, I presume? You do that from the Control Panel. http://support.google.com/a/bin/answer.py?hl=enanswer=182076 Basically you want to Manage this domain. On Thu, Oct 25, 2012 at 1:33 PM, itli...@imcu.com itli...@imcu.com wrote: My Church has their email through Gmail. Their net admin left and they want to remove two old email accounts and add two new ones. Where do I look for that kind of info? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Powershell question - property to determine group vs user, using Quest Get-QADUser
I'm confused about something. I am writing a Powershell script, using the Quest AD CMDLETs. I have a list of groups that I need to retrieve the membership list for. But I don't want any group members that are themselves groups (i.e., no nested groups); I only want users. And I am not sure how best to accomplish this. At the moment, my script loops thought my list of groups, and I get the list of names who are members: $TheUsers = Get-QADGroupMember $GroupName | Select Name | Sort -property Name I then loop through the returned user list and output individual user accounts that are not disabled into a spreadsheet. ForEach ($User in $TheUsers) { $Employee = Get-QADUser $User.Name $DisabledUser = $Employee.AccountIsDisabled IF ( $DisabledUser -eq $false ) { $Cells.Item($CurrentRow, $CurrentCol) = $GroupCounter (I don't want to make the pipelining too complicated, in case the other guys need to maintain this script in my absence) And so forth. But what I don't know is how to determine that $Employee is a person and not a group. I'm sure it's simple and pretty much staring me in the face, but I'm not seeing it. Groups have no AccountIsDisabled property, apparently, so any groups who are members of the group I am searching are not falling through into the section that formats the spreadsheet. SO: when I do a Get-QADUser someuser, what property should I be looking at to determine that someuser is actually a group? Then I can modify my IF statement appropriately. Thanks, and sorry for being such a n00b at this ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell question - property to determine group vs user, using Quest Get-QADUser
On Fri, Oct 5, 2012 at 12:15 PM, Steven Peck sep...@gmail.com wrote: So... $TheUsers = Get-QADGroupMember $GroupName -type 'user' At this moment you have the user objects and their properties so let's try Yes, but that's not all I want. I *do* want to see any groups that are members of $GroupName, but not any disabled users who are members of $GroupName ... The above would filter out the group names. Out of the list of all members of $GroupName, I want to list out only groups (nested groups) and users who are not disabled. The problem with using an IF statement that looks at the AccountIsDisabled property is that a group name will not have that property, and so the IF statement fails, and the nested group is not included in the output. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell question - property to determine group vs user, using Quest Get-QADUser
On Fri, Oct 5, 2012 at 2:14 PM, Michael Leone oozerd...@gmail.com wrote: On Fri, Oct 5, 2012 at 12:15 PM, Steven Peck sep...@gmail.com wrote: So... $TheUsers = Get-QADGroupMember $GroupName -type 'user' At this moment you have the user objects and their properties so let's try Yes, but that's not all I want. I *do* want to see any groups that are members of $GroupName, but not any disabled users who are members of $GroupName ... The above would filter out the group names. I found the ClassName property will help me out. This IF will include all non-disabled users, and all groups IF ( ($Employee.ClassName -eq $null) -or (($Employee.AccountIsDisabled -eq $false) -and ($Employee.ClassName -eq user))) Apparently, groups have a null ClassName, and users have a ClassName of user. Maybe there's a better way to differentiate, but this seems to be working. Thanks for the nudges in the right direction, everyone. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: P2V Windows 2000 Server Issue
On Thu, Sep 27, 2012 at 11:59 PM, Robert Jackson r...@walkermartyn.co.uk wrote: I’m currently trying to P2V a Windows 2000 Server (SP4) machine using VMware Converter 3.0.2. The latest Converter is v5, BTW. Each and every time I run through the conversion process, it halts at 97%. Has anyone seen this issue and is there a way to get the server virtualised? I have, but possibly not for the same reason. Try this: 1. Upgrade to latest Converter, it has fixes. 2. When virtualizing, change the size of the disk drives. Decrease it, even by 1G. Change the disk size changes the way the disks are cloned - block vs sector, if I'm remembering correctly. That's what resolved my issue. (I also had one conversion that literally took 4 days, and it was only 125G drives) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Listing all groups / finding a group on shared folders security
I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Listing all groups / finding a group on shared folders security
Thanks. For some reason, I seem to only get Access Denied when I point it as some share, even tho I have access to that share. DUMPSEC.exe /computer=\\File-Server /rpt=dir=\\File-Server\DOCS /outfile=D:\DOCS.dcl If I browse to \\File-Server\DOCS, I can see everything, all files and subdirectories. But the report only says Access Denied, and I can't figure out why. I am running it from an Administrator prompt. Am I just being moronically stupid this morning?? I was expecting to see all folders under the \\File-Server\Docs share, and all the users/groups on it's Security tab. (not that I don't want a share report). On Thu, Sep 27, 2012 at 10:32 AM, David Lum david@nwea.org wrote: DUMPSEC. Free. http://www.systemtools.com/somarsoft/index.html -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Thursday, September 27, 2012 7:27 AM To: NT System Admin Issues Subject: Listing all groups / finding a group on shared folders security I have this problem. I have an AD group that has just a name and no description, no notes, no nothing. (it was apparently created like 7 years ago). I don't know what it does, or what it is used for. I *suspect* that it's used to control ACLs to a share, but I don't know that for sure. And it occurred to me that I don't know how to find out what share it might be providing security for. I guess what I am asking is: how can I go through all the folders on a file server, and list out the user and group names on the security of the folders (or shares, I suppose)? Is there a utility that does that? A script I would have to run against the whole folder structure? Ideally, tell it the group name I'm looking for, and have it come back and say \\this-server\that-folder? I'm looking for a free utility, BTW - I know there are a lot of security programs for purchase that can tell me this, and in fact we will be looking at one in a few weeks. But even if we purchased such software, it would be a while to implement, etc. And I'd like to answer at least this one request now. This is why I harp on about using the description and notes fields in AD, both for users and groups ... it makes my life a lot easier when someone asks me for a list like this ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Listing all groups / finding a group on shared folders security
On Thu, Sep 27, 2012 at 1:04 PM, Kurt Buff kurt.b...@gmail.com wrote: That's why I name my groups descriptively. If the group is for read-only access by US staff to the HR directory in the departments share on the home file server, I name it as US-HomeDepartmentsHR-RO I do the same. Well, we do the same ... now. So I have groups like Finance_RWXD and Police_ScannedDocuments_RO and so forth. But back then, apparently not ... The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. Yeah, we do things that way, too. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Listing all groups / finding a group on shared folders security
On Thu, Sep 27, 2012 at 1:04 PM, Kurt Buff kurt.b...@gmail.com wrote: The good thing about this is that you can then populate those descriptive groups with the base groups for departments or workgroups, and when someone moves to a new position, you remove them from their no longer relevant groups, and add them to the newly relevant groups. So, for instance, when Ralph in accounting moves from AP to AR, you remove him from the AP group and add him to the AR group, and he automatically inherits all of the permissions needed, while losing the permissions that no longer apply. This also applies to cross-functional groups, which can be viewed as sort of meta-departements. What we also do - we have a group for department members, and a group for non-department members who need access to another department's files. So we have Dept-Finance, and those folks get RWXD access to the Finance folder hierarchy. And we have another group Finance_RO, which is used as security to specific sub-folders of Finance, by users not in the Finance department but who happen to need access to some files in the Finance folder hierarchy (like reports or budget files or project status reports, etc) So everybody gets a Dept-somewhere, which is assigned via drive mappings in a GPO. If you need access into Finance, and you are not a member of the Finance dept, you map your own drive letters. Yeah, I have a whole bunch of groups, effectively at least 2 per department - one for department members, one for non-department members. Sometimes more, as we have _RWXD and _RO groups, depending, etc. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Powershell question - listing groups a user belongs to, and the notes/description of the group
I have this request to list all the groups a specific set of users belong to. Since we use groups to control ACLs, this can (effectively) be a listing of all the shared folders the user has access to (we list the location of the shared folder in the notes of the group). I'm still new to PS, and could use a bit of a pointer as to how to get to the description. To get the list of groups, I am planning on: import-module ActiveDirectory cd AD: and then loop through a text file of SAMAccountNames: Get-ADUser -Identity LeoneM -Properties memberof | select -ExpandProperty memberof | get-adgroup | select name This would give me the names of the groups (thank you, Google ...), but how do I get to the descriptions of the groups that are returned? I don't seem to see the notes property in the adgroup. How can I list that attribute of the returned group? If someone has a better idea, I'm all ears. :-) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Powershell question - listing groups a user belongs to, and the notes/description of the group
On Wed, Sep 26, 2012 at 11:15 AM, KenM kenmli...@gmail.com wrote: With Quest get-qadmemberof USERNAME | Select name, notes Well, THAT was stunningly easy! LOL Thanks. That will make the report a whole lot easier, I think ... I will have to read up on these Quest addins ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Event ID 2042: It has been too long since this machine replicated
Thanks. Powershell is not installed on these servers, unfortunately. And now repadmin /showreps is saying that it can't find a domain controller, for either domain. And i can't paste in the output, because copying and pasting from the VM console to my browser doesn't seem to work ... SIGH All I did was follow the directions, running the removelingeringobjects, and the repadmin /regkey. And then rebooted (that part was probably a mistake ...) On Tue, Aug 21, 2012 at 3:04 PM, Michael B. Smith mich...@smithcons.comwrote: Something like this: ** ** ### get the DS entry for the configuration naming context $configNC = ( [ADSI] 'LDAP://RootDSE' ).ConfigurationNamingContext $configDSE = ( [ADSI] LDAP://$configNC ) $myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() ### build a list containing every DC in the forest ### this is the fully qualified domain name $dcList = @() foreach( $site in $myForest.Sites ) { foreach( $server in $site.Servers ) { $dcList += $server.Name } } ### search for NTDS objects in the configNC. the parent object of the NTDS object ### is the server object itself. $dsSearch = New-Object DirectoryServices.DirectorySearcher( $configDSE, 'objectClass=nTDSDSA' ) $results = $dsSearch.FindAll() ### build an array containing the Guid and the DN for each NTDS object $dcGuids = @() foreach( $result in $results ) { $name = $result.properties.distinguishedname.item( 0 ) $guid = New-Object System.Guid( ,$result.properties.objectguid.item( 0 ) ) $dcGuids += @{Guid=$guid;DN=$name} } ### go through each NTDS object and build a repadmin command for each DC** ** ### that will clean up the lingering objects for that DC. This will be ### a many-to-many relationship, so the number of output commands can ### expand quickly! foreach( $dcGuid in $dcGuids ) { $serverName = $dcGuid.DN.Split( ',' )[1] ### this gets CN=ServerNetBiosName into $serverName $serverName = $serverName.SubString(3)### this strips CN= from the front $dcFQDN = ( $dcList -like $serverName* )[ 0 ] ### get the FQDN of the server $arrFQDN = $dcFQDN.Split( '.' ) $arrSlice = $arrFQDN[ 1 .. ( $arrFQDN.Length - 1 ) ] $domainDN = 'DC=' + ( $arrSlice -join ',DC=' ) ##$serverName + ' ' + $arrFQDN[ 0 ] ### these two should be the same foreach( $dc in $dcList ) { Write-Host repadmin /removelingeringobjects $dc $dcGuid.Guid $domainDN '/advisory_mode' } } ** ** *From:* Michael Leone [mailto:oozerd...@gmail.com] *Sent:* Tuesday, August 21, 2012 2:52 PM *To:* NT System Admin Issues *Subject:* Event ID 2042: It has been too long since this machine replicated ** ** Hey all. Been a while since I've had time to read or post. But I'm back, looking for advice. :-) I have a test domain (this is a private domain running on a VMware server, self-contained on their own private vSwitch, completely separate from my production domain), consisting of a parent (1 DC) and child domain (2 DCs). This is my testing domain. Unfortunately, apparently the VMs have been turned off too long, as now I have no replication between the DCs, giving the error in the subject line). Apparently they've been turned off since 2012-06-20, and are now there beyond their tombstone life. (figures I couldn't have looked at this LAST week, when it still would have been within their tombstone lifetime. Oh, well ...) This is a AD 2008 domain; each DC is Win2008 R2. In reading through the options to fix this, I can't demote or re-install the DCs (not easily, anyway). So I want to try the second suggestion: 2. Use the repadmin /removelingeringobjects tool to remove inconsistent deleted objects and then resume replication. The documentation on the exact syntax of the /removelingeringobjects is a bit unclear to me. Obviously I have to run this on the parent DC, and one one (both?) of the child DCs. ** ** Some questions before running that: ** ** - SourceDCGUID—Run the command repadmin /showrepl AuthDCname |more, where AuthDCname is the host name of the domain controller that you selected as authoritative. Substitute the first DSA object GUID that appears for SourceDCGUID. I find this odd ... when I run repadmin /showrepl parent DC on the parent DC, I don't see a DSA object GUID:; I see a DC object GUID; is that the same thing? (and why doesn't it say DSA? My production DC says DSA. But then, production has had updates applied to it, and I couldn't even begin to tell you
Re: Event ID 2042: It has been too long since this machine replicated
On Tue, Aug 21, 2012 at 3:43 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I haven't used /removelingeringobjects for the same purpose you are having, but I have used it in a USN rollback scenario. In my instance the event logs clearly indicated what container the issue was in. For me that was the configuration container. You should be able to find this somewhere in the event logs, not exactly sure where. Once you know what container to target, you need to establish what your source of truth will be. What DC is clean . There is only 1 DC in the parent domain. Once you decide that, you should be good to go. Yes, the DC Object GUID from the repadmin /showrepl is what you will need to use. For example: Repadmin /removelingeringobjects ACMEDC0 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC2 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC3 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC4 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC5 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com So, in my case, I would run the command on the parent DC, referencing the parent DC. Do I then run the same command on the 2 DCs in the child domain? I don't run the removelingeringobjects on the parent DC, but referencing the child DCs, do I ? Where 2ba99ac3-8a25-4711-7d84-c87c44902d0a is the DC object GUID for your clean DC you obtained from the repadmin /showreply command. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From:Michael Leone oozerd...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:08/21/2012 02:54 PM Subject:Event ID 2042: It has been too long since this machine replicated Hey all. Been a while since I've had time to read or post. But I'm back, looking for advice. :-) I have a test domain (this is a private domain running on a VMware server, self-contained on their own private vSwitch, completely separate from my production domain), consisting of a parent (1 DC) and child domain (2 DCs). This is my testing domain. Unfortunately, apparently the VMs have been turned off too long, as now I have no replication between the DCs, giving the error in the subject line). Apparently they've been turned off since 2012-06-20, and are now there beyond their tombstone life. (figures I couldn't have looked at this LAST week, when it still would have been within their tombstone lifetime. Oh, well ...) This is a AD 2008 domain; each DC is Win2008 R2. In reading through the options to fix this, I can't demote or re-install the DCs (not easily, anyway). So I want to try the second suggestion: 2. Use the repadmin /removelingeringobjects tool to remove inconsistent deleted objects and then resume replication. The documentation on the exact syntax of the /removelingeringobjects is a bit unclear to me. Obviously I have to run this on the parent DC, and one one (both?) of the child DCs. Some questions before running that: SourceDCGUID—Run the command repadmin /showrepl AuthDCname |more, where AuthDCname is the host name of the domain controller that you selected as authoritative. Substitute the first DSA object GUID that appears for SourceDCGUID. I find this odd ... when I run repadmin /showrepl parent DC on the parent DC, I don't see a DSA object GUID:; I see a DC object GUID; is that the same thing? (and why doesn't it say DSA? My production DC says DSA. But then, production has had updates applied to it, and I couldn't even begin to tell you when the private domain was updated - no Internet access). LDAPPartition—The Lightweight Directory Access Partition (LDAP) name of the partition that you are targeting. For example, if the lingering objects are in the domain partition of the contoso.com domain, substitute dc=contoso,dc=com for LDAPPartition. How am I supposed to know where the lingering objects are, before running it? :-) Also, what if there are in a different partition than the domain partition; what's the syntax for that? I ran the repadmin /removelingeringobjects with the /advisory_mode switch, as recommended, and it just came back that RemoveLingeringObjects successful on parent DC FQDN. Is it supposed to say that? Seems odd - no indication that this is advisory_mode, etc. Do I just go and do the same on each of the child DCs? Thanks for listening to my long-winded whine
Re: Event ID 2042: It has been too long since this machine replicated
On Tue, Aug 21, 2012 at 4:21 PM, Greg Olson gol...@markettools.com wrote: Probably won't work, but since this is a test domain on vm, what happens if you simply change all the clocks back on all of them (and the vm hosts)? The VM hosts are also my production VM machines, so that won't work ... -G -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Tuesday, August 21, 2012 1:02 PM To: NT System Admin Issues Subject: Re: Event ID 2042: It has been too long since this machine replicated On Tue, Aug 21, 2012 at 3:43 PM, Christopher Bodnar christopher_bod...@glic.com wrote: I haven't used /removelingeringobjects for the same purpose you are having, but I have used it in a USN rollback scenario. In my instance the event logs clearly indicated what container the issue was in. For me that was the configuration container. You should be able to find this somewhere in the event logs, not exactly sure where. Once you know what container to target, you need to establish what your source of truth will be. What DC is clean . There is only 1 DC in the parent domain. Once you decide that, you should be good to go. Yes, the DC Object GUID from the repadmin /showrepl is what you will need to use. For example: Repadmin /removelingeringobjects ACMEDC0 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC2 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC3 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC4 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com Repadmin /removelingeringobjects ACMEDC5 2ba99ac3-8a25-4711-7d84-c87c44902d0a CN=Configuration,DC=acme,DC=com So, in my case, I would run the command on the parent DC, referencing the parent DC. Do I then run the same command on the 2 DCs in the child domain? I don't run the removelingeringobjects on the parent DC, but referencing the child DCs, do I ? Where 2ba99ac3-8a25-4711-7d84-c87c44902d0a is the DC object GUID for your clean DC you obtained from the repadmin /showreply command. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From:Michael Leone oozerd...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:08/21/2012 02:54 PM Subject:Event ID 2042: It has been too long since this machine replicated Hey all. Been a while since I've had time to read or post. But I'm back, looking for advice. :-) I have a test domain (this is a private domain running on a VMware server, self-contained on their own private vSwitch, completely separate from my production domain), consisting of a parent (1 DC) and child domain (2 DCs). This is my testing domain. Unfortunately, apparently the VMs have been turned off too long, as now I have no replication between the DCs, giving the error in the subject line). Apparently they've been turned off since 2012-06-20, and are now there beyond their tombstone life. (figures I couldn't have looked at this LAST week, when it still would have been within their tombstone lifetime. Oh, well ...) This is a AD 2008 domain; each DC is Win2008 R2. In reading through the options to fix this, I can't demote or re-install the DCs (not easily, anyway). So I want to try the second suggestion: 2. Use the repadmin /removelingeringobjects tool to remove inconsistent deleted objects and then resume replication. The documentation on the exact syntax of the /removelingeringobjects is a bit unclear to me. Obviously I have to run this on the parent DC, and one one (both?) of the child DCs. Some questions before running that: SourceDCGUID-Run the command repadmin /showrepl AuthDCname |more, where AuthDCname is the host name of the domain controller that you selected as authoritative. Substitute the first DSA object GUID that appears for SourceDCGUID. I find this odd ... when I run repadmin /showrepl parent DC on the parent DC, I don't see a DSA object GUID:; I see a DC object GUID; is that the same thing? (and why doesn't it say DSA? My production DC says DSA. But then, production has had updates applied to it, and I couldn't even begin to tell you when the private domain was updated - no Internet access). LDAPPartition-The Lightweight Directory Access Partition (LDAP) name of the partition that you are targeting. For example, if the lingering objects are in the domain partition of the contoso.com domain, substitute dc=contoso,dc=com for LDAPPartition. How am I supposed to know where the lingering
Re: Event ID 2042: It has been too long since this machine replicated - SOLVED!
OK, I solved it. The repadmin /regkey wasn't working .. until I actually ran it from the \windows\syswow64 folder, and used the DC name in capitals. shrug Dunno why it worked that way, when issuing the command didn't work anywhere else, even tho repadmin was in the PATH. Anyway, it created the reg key, and now all 3 DCs show all successful, when I do repadmin /showreps.I've got a 53 min or so delta, but I can live with that. So all that's left (I think) is to remove the reg key, and make sure that if the DC VMs are powered on, at least every week or two, and perhaps execute a script to kick off a replication, to avoid this problem in future. Maybe a cobination of a vsphere scheduled task, or a PowerCLI script that does all that ... Thanks everybody. On Tue, Aug 21, 2012 at 4:21 PM, Michael Leone oozerd...@gmail.com wrote: OK, so the 2 DCs in the child domain seem to be replicating; a repadmin /showreps comes back as successful, on each DC. But not on the parent DC - I still get failures because too much time has elapsed. Here is what I am wondering - the repadmin /regkey DC FDQN +allowDivergent seemed to work on both child DCs, and I even see the key in the registry - HKLM\System\CurrentControlSet\Services\NTDS\Parameters and I see Allow Replication with Divergent and Corrupt Partner, value 1, on both child DCs. I do *not* see that key on the parent domain, and running the repadmin /regkey doesn't seem to do anything; it just spits back the command line help. Maybe I have to manually go add that key, on the parent DC? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: recommendations for Bluetooth stereo headset that multi-pairs and is not an earbud?
Thanks everyone for the responses. From the reviews, I'm thinking of the Motorola S305s, or maybe on of the LG HBS models. I think I will see if I can pick one up at a Best Buy - easier to return than buying online, in case I am still dissatisfied. On Tue, Jul 10, 2012 at 2:17 PM, Steven Peck sep...@gmail.com wrote: I have a Motorolla S9 (precursor to the S10). It works on multiple devices (Windows Phone, Home Phone, Computer). Not thrilled with stabby things in ear but comfortable enough for an hour workout or a bit longer at work. My wife has http://www.amazon.com/Motorola-S305-Bluetooth-Headset-Microphone/dp/B002BH3I9U/ref=sr_1_1?s=wirelessie=UTF8qid=1341943983sr=1-1keywords=motorolla+bluetooth+stereo+headset Which she uses on her Windows Phone and the Home Phone. She likes it. Beyond that no other feedback as I don't use em. On Tue, Jul 10, 2012 at 11:06 AM, William Robbins dangerw...@gmail.com wrote: I've had these for ~6 months and like them. Music quality is good, and I've had no complaints on call quality. It does multi-point also. http://amzn.to/PN3Slw - Will On Mon, Jul 9, 2012 at 5:11 PM, Michael Leone oozerd...@gmail.com wrote: Lot of conditions, I know. :-) But I'm looking for a *stereo* BT headset, that I can pair with both my Android phone and my iPad2. (most of the time I will be listening to music through it, but if a call comes in on the Android phone, I want to be able to take it directly. I've read reviews of many, but they either don't mention whether the headset will pair with more than one device (obviously not at the same time :-) without deleting the pairing on one device, or say that it will only pair with one device. To narrow it down even further, I dislike earbuds, and so would prefer over-the-ear style (altho I will take earbuds, if that is all that meets the 2 important requirements (stereo, and multi-pairing). Thanks, and sorry for the silly questions. I have a friend who really likes a Jaybird model with his Iphone ... but it's earbuds. Another really likes his Motorola S10 .. again, earbuds (and supposedly, not good sound). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT: recommendations for Bluetooth stereo headset that multi-pairs and is not an earbud?
Lot of conditions, I know. :-) But I'm looking for a *stereo* BT headset, that I can pair with both my Android phone and my iPad2. (most of the time I will be listening to music through it, but if a call comes in on the Android phone, I want to be able to take it directly. I've read reviews of many, but they either don't mention whether the headset will pair with more than one device (obviously not at the same time :-) without deleting the pairing on one device, or say that it will only pair with one device. To narrow it down even further, I dislike earbuds, and so would prefer over-the-ear style (altho I will take earbuds, if that is all that meets the 2 important requirements (stereo, and multi-pairing). Thanks, and sorry for the silly questions. I have a friend who really likes a Jaybird model with his Iphone ... but it's earbuds. Another really likes his Motorola S10 .. again, earbuds (and supposedly, not good sound). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: share ipad screen
On Wed, May 23, 2012 at 12:34 PM, Jimmy Tran jt...@teachtci.com wrote: Does anyone have any ideas on how to share/present an ipad screen, specifically Safari in an online meeting? Everything I’ve found so far either allows you to only join a meeting, show media and presentation files but nothing for the screen itself or for safari app. Airplay mirroring will mirror an iPad screen to a device that understands Airplay, such as an Apple TV or one of their routers that supports it. I suppose you could try that. That may not be all that feasible, since the Apple TV and the iPad will both need connectivity on the same subnet, for that to work. I don't know of any other way to do that, unless there's some sort of remote control app that you could run from a computer hooked up to the monitor, and then remote control the iPad, maybe? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
ICACLS question
Dunno why I seem to be having so much trouble with this. I want to turn on inheritance on a user home folder. It already has all the permissions I want it to have, the only problems is that inheritance is turned off, so new files/folders aren't getting those permissions. I thought that icacls folder /I:e /T would do it, based on what I found on web searches. But what happens is that the permissions are doubled - one set listing as not inherited, and then the same permissions again, this time listed as properly inheriting from above. So what am I doing wrong? I've tried without the /T, to no effect. Do I need to /reset /T /C, to remove all explicit permissions, then /I:e /T to have it inherit? because then I would need to add in the user explicitly again, and set the user to be owner. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: ICACLS question
Once I took ownership, I was able to reset inheritance with /inheritance:e /T /C. No need for /reset. I *did* have to take ownership, before I could reset it. On Tue, May 15, 2012 at 10:18 AM, Michael Leone oozerd...@gmail.com wrote: Dunno why I seem to be having so much trouble with this. I want to turn on inheritance on a user home folder. It already has all the permissions I want it to have, the only problems is that inheritance is turned off, so new files/folders aren't getting those permissions. I thought that icacls folder /I:e /T would do it, based on what I found on web searches. But what happens is that the permissions are doubled - one set listing as not inherited, and then the same permissions again, this time listed as properly inheriting from above. So what am I doing wrong? I've tried without the /T, to no effect. Do I need to /reset /T /C, to remove all explicit permissions, then /I:e /T to have it inherit? because then I would need to add in the user explicitly again, and set the user to be owner. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Using SUBINACL to set inheritance? Or what utility?
So I have a need to reset the permissions on our user home folders. I have a script written that is now setting the ACLs to be what I need. What I haven't figured out is how to turn inheritance back on (right now, the folders are set to not inherit; we want to change that so that they do inherit). I am taking ownership; adding the new groups I want to have access to the folder (and it's subdirectories); all that is working the way we need. But I need to turn the inheritance back on, so that new files/folders will inherit all these things I've just set. I can't seem to see how to do that using SUBINACL. Can it be done? My searches suggest that I can do DSACLS /I:T /P user folder path I'd prefer not to have to call in a second utility, if one will do it, and since my script is pretty much done, except for setting the inheritence. But if not, is that the right format for DSACLS? Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Using SUBINACL to set inheritance? Or what utility?
On Mon, May 14, 2012 at 6:29 PM, Michael Leone oozerd...@gmail.com wrote: So I have a need to reset the permissions on our user home folders. I have a script written that is now setting the ACLs to be what I need. What I haven't figured out is how to turn inheritance back on (right now, the folders are set to not inherit; we want to change that so that they do inherit). I am taking ownership; adding the new groups I want to have access to the folder (and it's subdirectories); all that is working the way we need. But I need to turn the inheritance back on, so that new files/folders will inherit all these things I've just set. I can't seem to see how to do that using SUBINACL. Can it be done? My searches suggest that I can do DSACLS /I:T /P user folder path D'OH! That's what I get for trying to look up 2 different needs at the same time. I meantL ICACLS /I:E user folder path I'd prefer not to have to call in a second utility, if one will do it, and since my script is pretty much done, except for setting the inheritence. Thanks! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
SUBINACL question - setting inheritance
I have a need to write a script to do this: Right now, our user home folders are set so that they are the owner; only they have permissions to their folder; and that all files and sub-folders inherit from the user folder, but the user folder itself does not inherit from above. i.e., \users\mike - does not inherit from \users, but all files and folder under \users\mike will inherit all permissions of \users\mike. So what I need to do is: Take ownership (so I can change ACLs) Add 2 new groups to the \users\username ACL Make sure that the inheritance is ON, and that these new ACLs will bubble down to all files and sub-folders under \users\username I know that I can do SUBINACL with /setowner to seize ownership, and /grant to add the 2 new groups to the ACL. But how do I make sure that inheritance is on for all the sub-folders, and how do I make sure that the new ACLs bubble down the chain of files/sub-folders? I've used SUBINACL to seize ownership; grant an account access rights to the folder; and then move the folder somewhere else. So I assume this is just another option or two to be executed against the user folder (and not doing the step about moving it with robocopy). SUBINACL /file !_HomeDir! /setowner=domain\groupname /grant=domain\groupname=F /noverbose SUBINACL /subdirectories !_HomeDir! /setowner=domain\groupname /grant=builtin\groupname=F /noverbose (the account running the script would be a member of the groupname) Then repeat, but setting owner back to the username, instead of the groupname. Thanks for any suggestions. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: recommendations on home server
On Mon, Apr 2, 2012 at 7:15 PM, Richard Stovall rich...@gmail.com wrote: Also, why limit yourself to ESXi. Hyper-V server is free and works great on a large variety of hardware. There's a free version of ESXi, too. (called ESXi Hypervisor, I believe). It won't do command line stuff, and a few other, not too limiting things. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: list delays
The plural of y'all is all y'all, obviously LOL On Thu, Mar 15, 2012 at 12:21 PM, John Cook john.c...@pfsf.org wrote: It's like Chinese, plural is not Chineses John W. Cook Systems Administrator Partnership for Strong Families From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 15, 2012 11:40 AM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: list delays The plural of y’all is y’all. Your mistake was that you concatenated it with a northernism. The proper phrase is “Geez louise, cain’t y’all idjits evah git anythin’ rite?�€ (s) Signed, Mr. Suthren Pedant From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, March 15, 2012 9:44 AM To: NT System Admin Issues Subject: RE: list delays No, I should have use the proper plural southern word - y'alls. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com From: Richard Stovall [rich...@gmail.com] Subject: Re: list delays Don't you mean you-ens? On Thu, Mar 15, 2012 at 8:45 AM, Webster webs...@carlwebster.com wrote: No, I'm batty, not batman! Sheez can't yuse people ever get anything write? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: VMWare tools
On Thu, Mar 8, 2012 at 10:14 AM, Steven M. Caesare scaes...@caesare.com wrote: Are you upgrading the virtual devices within the VMs as well? Do you mean upgrading the virtual hardware? No, not until all servers in the cluster are at the same version. Else the VMs would be limited as to which ESX(i) host they could run on. -sc -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Friday, March 02, 2012 12:04 PM To: NT System Admin Issues Subject: Re: VMWare tools On Fri, Feb 24, 2012 at 9:50 AM, pdw1...@hotmail.com wrote: I just make a console connection to the server, then at the top, click on the VM drop-down menu, click on Guest and select Install\Upgrade VMWare tools. That's what I always do. Sometimes the upgrade to a new version takes 10 minutes to do, sometimes it takes 1 minute, sometimes it just doesn't seem to do it ... since we're in the process of upgrading to v5, and I have 100 VMs, and each VMTools upgrade requires a reboot, I foresee much fun ... and upgrading the virtual hardware version to the latest v8 is another shutdown (not just a reboot) ... From: richard.mccl...@aspca.org To: ntsysadmin@lyris.sunbelt-software.com Date: Fri, 24 Feb 2012 14:00:17 + Subject: RE: VMWare tools OK, I give up - how does one do a manual install? From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com] Sent: Friday, February 24, 2012 7:44 AM To: NT System Admin Issues Subject: RE: VMWare tools We're on v4.1, and I always have to manually install the tools thru vcenter. It's not a big deal to me since I don't create that many servers. And on that note, I am so glad we finally got a virtual solution in place. Instead of the get quote for a new server, order it, set it up now it's Okay, give me an hour or two and I'll have it up and running. From: cgarciamo...@spragueenergy.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: VMWare tools Date: Fri, 24 Feb 2012 13:23:08 + I've yet to find an issue installing tools on any server, Ubuntu, Windows (NT,2000,2003,2008) that being said, sometimes servers like Terminal Servers might have an issue timing out unless you switch modes on them. For the most part I always open up a direct console onto the servers log on and then fire up the tools install so I can see what's going on, most are done within 5-10 minutes. Have you looked into the Event logs on the server? Maybe an Autorun issue? On the ones that failed have you tried a mount CD and then do the tools manually (next,next,finish)? From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Friday, February 24, 2012 8:09 AM To: NT System Admin Issues Subject: VMWare tools Greetings! Why is it that on some VMWare VM's, VMTools will not install? I can find no errors nor any consistency. Locally, we are currently running ESX 3.5. I see the failure for VMTools to install on some Windows 2003 machines. On others, created at about the same time (within a day or two), VMTools installs on them quickly with no issues. Several weeks back, I created my first Windows 2008 server on an ESX 4.1 system. In vCenter, I gave the command to install VMTools. Only recently did I log back into that particular VMWare environment. I happened to check on the server I had created. In vCenter, Summary, it shows that VMTools were not installed. In vCenter, clicking that VM, then Guest, I see I have only the option to cancel the installation. (Likewise on the ESX 3.5 VM's on which VMTools would not install.) Again, anybody know why VMTools simply will not install on some VM's? -- Richard D. McClary Jr Infrastructure Architect, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richard.mccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt
Re: Max available RAM on Vmware Host
I have 6 DL 580 G7s with 128G RAM. And we're going to upgrade them all to 256G RAM, which is the max for the 580 G7, AFAIK. FWIW ... On Thu, Mar 1, 2012 at 1:50 PM, Stefan Jafs stefan.j...@gmail.com wrote: I’m doing an hardware refresh and I’m planning to purchase 2 + HP DL380 G7 Vmware hosts with 2 x X5650 6-core processors each. Initially we were going with 96GB of RAM but I got an comparison quote from Dell and they said “The memory configuration that was given (8 * 16 GB) is not optimal for a VM Host as the modules are not balanced across all the DIMMS with Intel the memory must be populated in sets of 3 Chips to evenly balance across the 3 Channels otherwise you may lose up to 33% of performance” and they quoted me 192 GB of RAM per server. (12 * 16 GB). My HP reseller came back and said that max available for the Host is 144 GB and re-quoted me 18 * 8 GB modules. Tried to do some googeling but could not find anything relevant, anyone have any insights into this? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: ???
On Thu, Mar 1, 2012 at 2:30 PM, Rankin, James R kz2...@googlemail.com wrote: Am I blacklisted, or has no-one else seen any list messages all day? Its eerily quiet... It's not just you. Remember - it's never *just* you ... LOL Sent from my SR-71 Blackbird ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Want a funny back...
On Wed, Feb 29, 2012 at 4:11 PM, Kurt Buff kurt.b...@gmail.com wrote: Wow. Noscript and Request Policy make that site almost unusable - I see more domains blocked there than I've seen in a while. My ScriptNo on Chrome blocked 18 (I had previously whitelisted Facebook and Twitter, and Google Analytics). Kurt On Wed, Feb 29, 2012 at 10:56, Mike Sullivan neog...@gmail.com wrote: Is this it? http://www.geeksaresexy.net/2011/09/16/windows-1-0-vs-windows-8-pic/ On Wed, Feb 29, 2012 at 10:33 AM, Kurt Buff kurt.b...@gmail.com wrote: Excellent. It's in response to this bit of silliness: http://reviews.cnet.com/8301-13970_7-57386760-78/windows-8-beta-hands-on-with-microsofts-tablet-friendly-os/?tag=mncol;txt On Wed, Feb 29, 2012 at 09:46, David Mazzaccaro david.mazzacc...@hudsonmobility.com wrote: http://www.macguru.biz/images/Windows-8-Vs-Windows-1.0-Not-Much-Has-Changed-%28Humor%29.jpg -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 29, 2012 12:31 PM To: NT System Admin Issues Subject: Want a funny back... Not really OT. Well, OK, maybe it is... I can't find the link to the picture that compares the Windows 1 interface to the Windows 8 interface, and my team needs to see it... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Thank you, Mike Sullivan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: VMWare tools
On Fri, Feb 24, 2012 at 9:50 AM, pdw1...@hotmail.com wrote: I just make a console connection to the server, then at the top, click on the VM drop-down menu, click on Guest and select Install\Upgrade VMWare tools. That's what I always do. Sometimes the upgrade to a new version takes 10 minutes to do, sometimes it takes 1 minute, sometimes it just doesn't seem to do it ... since we're in the process of upgrading to v5, and I have 100 VMs, and each VMTools upgrade requires a reboot, I foresee much fun ... and upgrading the virtual hardware version to the latest v8 is another shutdown (not just a reboot) ... From: richard.mccl...@aspca.org To: ntsysadmin@lyris.sunbelt-software.com Date: Fri, 24 Feb 2012 14:00:17 + Subject: RE: VMWare tools OK, I give up – how does one do a manual install? From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com] Sent: Friday, February 24, 2012 7:44 AM To: NT System Admin Issues Subject: RE: VMWare tools We're on v4.1, and I always have to manually install the tools thru vcenter. It's not a big deal to me since I don't create that many servers. And on that note, I am so glad we finally got a virtual solution in place. Instead of the get quote for a new server, order it, set it up now it's Okay, give me an hour or two and I'll have it up and running. From: cgarciamo...@spragueenergy.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: VMWare tools Date: Fri, 24 Feb 2012 13:23:08 + I’ve yet to find an issue installing tools on any server, Ubuntu, Windows (NT,2000,2003,2008) that being said, sometimes servers like Terminal Servers might have an issue timing out unless you switch modes on them. For the most part I always open up a direct console onto the servers log on and then fire up the tools install so I can see what’s going on, most are done within 5-10 minutes. Have you looked into the Event logs on the server? Maybe an Autorun issue? On the ones that failed have you tried a mount CD and then do the tools manually (next,next,finish)? From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Friday, February 24, 2012 8:09 AM To: NT System Admin Issues Subject: VMWare tools Greetings! Why is it that on some VMWare VM’s, VMTools will not install? I can find no errors nor any consistency. Locally, we are currently running ESX 3.5. I see the failure for VMTools to install on some Windows 2003 machines. On others, created at about the same time (within a day or two), VMTools installs on them quickly with no issues. Several weeks back, I created my first Windows 2008 server on an ESX 4.1 system. In vCenter, I gave the command to install VMTools. Only recently did I log back into that particular VMWare environment. I happened to check on the server I had created. In vCenter, “Summary”, it shows that VMTools were not installed. In vCenter, clicking that VM, then “Guest”, I see I have only the option to cancel the installation. (Likewise on the ESX 3.5 VM’s on which VMTools would not install.) Again, anybody know why VMTools simply will not install on some VM’s? -- Richard D. McClary Jr Infrastructure Architect, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richard.mccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin _ This e-mail, including attachments, contains information that is confidential and may be protected by attorney/client or other privileges. This e-mail, including attachments, constitutes non-public information intended to be conveyed only to the designated recipient(s). If you are not an intended recipient, you are hereby notified that any unauthorized use, dissemination, distribution or reproduction of this e-mail, including attachments, is strictly
Re: Writing Turnover Doc
On Fri, Feb 17, 2012 at 12:46 PM, John Cook john.c...@pfsf.org wrote: Congrats (maybe?) Backup strategy, vendor contacts, software lifecycles (renewal due dates) inventory And any specific HOWTOs for starting applications (we have some that MUST be started in a specific order OR ELSE, etc, Ditto for shutdown sequences, if any. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Allowing or not Allowing iTunes on corporate computers????
On Tue, Feb 14, 2012 at 2:38 PM, Sam Cayze sca...@gmail.com wrote: Can’t Apple products finally sync over the air yet? Yes, over WiFi. Didn’t they announce that not too long ago? Is iTunes still even needed? Yes, that's where the syncing comes from. :-) ITunes syncs wirelessly with my iPad over WiFi. But there's no way around needing Itunes, as that's where the library of media that is being synced comes from/goes to. (and apps are considered media, so it backs those up, too, along with songs, videos, books, etc) From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, February 14, 2012 1:16 PM To: NT System Admin Issues Subject: Re: Allowing or not Allowing iTunes on corporate computers Regardless of the issues of streaming, let me fill you on on some things about Apple products - especially when related to iTunes: They are worse than Adobe. 1. Their update process can break easily, more often on 64bit. I'm not saying it common, but its easy. And its not easy to fix. IME it frequently requires a manual wipe of some kind. 2. They cache all of their installation files. Just like what Adobe Reader and related products do, they save/store install files of every single downloaded upgrade that they process (firmware as well). As well as multiple backups of devices that are attached/synched, and other crap. If you are space-strapped, and have finite backup/sync windows - your processes can be seriously impacted. I've seen backups impacted by 10GB of older/cached upgrades of Apple products per user. It just keeps growing over time until you manually delete it. I've been a bit of a backup whore recently, so this in turn has made me a disk-space analyst as well. I am extremely annoyed with Apple, Adobe, and Quickbooks especially. Some of it can be easily compensated for with scripts. Some of it, not so easily scripted without non-builtin tools. -- Espi On Sun, Feb 12, 2012 at 2:38 PM, justino garcia jgarciaitl...@gmail.com wrote: iTunes removal has come up in our office. What is norm are you allowing iTunes on the network? -- Justin IT-TECH ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: An observation on moving users to new machines
On Sun, Feb 12, 2012 at 9:16 AM, Silvio L. Nisgoski nisgo...@gmx.de wrote: You would add .MKV and .ASF also. I probably should. But at the time I originally made that directive a couple years ago, I didn't see any of those file types in the list of files backed up in the \USERS folders. [ ] - Original Message - From: Michael Leone oozerd...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Saturday, February 11, 2012 4:45 PM Subject: Re: An observation on moving users to new machines On Sat, Feb 11, 2012 at 2:25 PM, Mike Sullivan neog...@gmail.com wrote: Could you share that with me? I use EMC Networker as well and I would like to do the same. Sure ... we also skip SQL database files (which won't back up anyway, as they're held open by the SQL process, and we use the SQL Agent or backup a flat file .BAK copy). And a couple standard lock file types, too. I based the filetypes on a search of the file index that we backed up, from use home folders. I'm sure I could put other file types there. We skip such stuff on in the \USERS folder; this way, if the training department makes up a video for use on our portal, that gets saved in a departmental share, and so would get backed up, as the directive only explicitly looks at the \USERS folder. (most of the media files I came across are audio, very few AVI or other video formats) / +skip: pagefile.sys +skip: *.MDF *.mdf +skip: *.LDF *.ldf +skip: *.NDF *.ldf +skip: *.LOK *.lok +skip: *.TMP *.tmp +skip: *.LCK *.lck +skip: usrclass.* +skip: ntuser.* H:\Users +skip: *.MP3 *.mp3 +skip: *.MP4 *.mp4 +skip: *.MOV *.mov +skip: *.MPG *.mpg +skip: *.WMA *.wma +skip: *.WAV *.wav +skip: *.VEM *.vem +skip: *.VOB *.vob +skip: *.OGG *.ogg SKIP: will completely ignore the file, not even recording the name in the index; a NULL: will not backup the file, but will at least keep the name in the index. On Sat, Feb 11, 2012 at 9:57 AM, Michael Leone oozerd...@gmail.com wrote: On Fri, Feb 10, 2012 at 1:48 PM, Guyer, Donald dgu...@che.org wrote: At %last gig%, we did a periodic sweep for these and killed them on sight. The data, not the user……. I have a directive in my backup program (EMC Networker) to SKIP any media types (.WMV/.MP3/etc) that are under the \USERS folder (i.e., the home profile locations). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Thank you, Mike Sullivan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: An observation on moving users to new machines
On Fri, Feb 10, 2012 at 1:48 PM, Guyer, Donald dgu...@che.org wrote: At %last gig%, we did a periodic sweep for these and killed them on sight. The data, not the user……. I have a directive in my backup program (EMC Networker) to SKIP any media types (.WMV/.MP3/etc) that are under the \USERS folder (i.e., the home profile locations). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: An observation on moving users to new machines
On Sat, Feb 11, 2012 at 2:25 PM, Mike Sullivan neog...@gmail.com wrote: Could you share that with me? I use EMC Networker as well and I would like to do the same. Sure ... we also skip SQL database files (which won't back up anyway, as they're held open by the SQL process, and we use the SQL Agent or backup a flat file .BAK copy). And a couple standard lock file types, too. I based the filetypes on a search of the file index that we backed up, from use home folders. I'm sure I could put other file types there. We skip such stuff on in the \USERS folder; this way, if the training department makes up a video for use on our portal, that gets saved in a departmental share, and so would get backed up, as the directive only explicitly looks at the \USERS folder. (most of the media files I came across are audio, very few AVI or other video formats) / +skip: pagefile.sys +skip: *.MDF *.mdf +skip: *.LDF *.ldf +skip: *.NDF *.ldf +skip: *.LOK *.lok +skip: *.TMP *.tmp +skip: *.LCK *.lck +skip: usrclass.* +skip: ntuser.* H:\Users +skip: *.MP3 *.mp3 +skip: *.MP4 *.mp4 +skip: *.MOV *.mov +skip: *.MPG *.mpg +skip: *.WMA *.wma +skip: *.WAV *.wav +skip: *.VEM *.vem +skip: *.VOB *.vob +skip: *.OGG *.ogg SKIP: will completely ignore the file, not even recording the name in the index; a NULL: will not backup the file, but will at least keep the name in the index. On Sat, Feb 11, 2012 at 9:57 AM, Michael Leone oozerd...@gmail.com wrote: On Fri, Feb 10, 2012 at 1:48 PM, Guyer, Donald dgu...@che.org wrote: At %last gig%, we did a periodic sweep for these and killed them on sight. The data, not the user……. I have a directive in my backup program (EMC Networker) to SKIP any media types (.WMV/.MP3/etc) that are under the \USERS folder (i.e., the home profile locations). ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Thank you, Mike Sullivan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Who in your org creates server shares?
On Thu, Feb 9, 2012 at 10:04 AM, David Lum david@nwea.org wrote: 2. Groups for this should be Domain Local and no other kind Why? Specifically, why no other kind? 3. In the description in AD, be explicit about where that group has access to – at any time someone should be able to look at the description an know exactly what that group does/has access to. I do the same, and make a nuisance of myself to my fellow network admins to do the same. Now we all put the share location in the description, at the very least. (me, I document user changes - such as adding to/changing group memberships, etc - in the Notes field of the Telephone tab (we don't use that tab for anything else). Sort of a poor man's audit trail. I still can't get the other guys to do that, tho ...) Most Pre-Lum era groups had blank fields and others simply had “For access to files” and they seemed to understand once I showed them, as I heard more than one “Aaahhh..” I know that one; that's why we now document all new groups with share locations in the descriptions, at the very least. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin