from:"James Rankin"

RE: [NTSysADM] Hmmm....

2018-02-06 Thread James Rankin

That’s interesting… something for the lab tomorrow I think…

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jack Kramer
Sent: 06 February 2018 16:27
To: <ntsysadm@lists.myitforum.com> <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Hmmm

It could be as simple as Windows caching the relevant parts of the Default User 
skeleton files in RAM. If you’re so inclined, try using up all the available 
guest RAM as the user before logoff, then see if the speed difference is still 
there.

Jack Kramer, Senior Consultant
Small Type Computing - www.smalltype.net<http://www.smalltype.net>
W: 855-765-8973 x101 - C: 248-635-4955

On Feb 6, 2018, at 10:49 AM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:

Horizon 7.2
Profiles are discarded by setting the HKLM\Software\Microsoft\Windows 
NT\CurrentVersion\ProfileList\{SID}\State value to 128 at logoff, which means 
the OS thinks that it is a temporary profile and purges it. So nothing from 
C:\Users or HKCU is retained at all. Yet still – next logon is half the time.
We’re not using Persona Management of any sort, and I’ve removed all logon 
scripts
The testing I am doing isn’t doing a refresh or recompose on reboot, which is 
why I’m getting really confused. I thought about Superfetch, which has been 
disabled by the VMware OSOT, but re-enabling that didn’t do anything.

Well confused!

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jack Kramer
Sent: 06 February 2018 15:35
To: <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: Re: [NTSysADM] Hmmm

What version of Horizon are you running? You say profiles are discarded—are you 
redirecting profiles to disposable disks or retaining them on the C: drive? Do 
you have the registry keys set to discard profiles as well as the Horizon 
settings for it? (The ones I can think of offhand: removing local/roaming 
profiles at logoff under the normal Windows administrative templates; the 
Horizon Persona Management ADM/ADMX template settings; the Horizon disposable 
disk settings)

If you’re just using redirection to disposable disks and not also discarding 
the profiles the other ways I would expect there’s some data being kept in HKLM 
that wouldn’t need to be recreated at every subsequent login. HKCU would be 
thrown away with the disposable disk (since it’s the user hive) but anything in 
HKLM would be retained until the refresh operation occurs on reboot. Also, if 
you’re perhaps triggering a login script that licenses some software on a 
per-user basis, etc.

Jack Kramer, Senior Consultant
Small Type Computing - www.smalltype.net<http://www.smalltype.net/>
W: 855-765-8973 x101 - C: 248-635-4955

On Feb 6, 2018, at 9:50 AM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:

Ok, so can anyone shed any light on this….

I have a VMware VDI implementation running Windows 7. The user profiles are 
discarded at logoff, so no user profile information is retained at all on the 
machines. When a user logs off, the machine is restarted. This keeps all 
machines in the pool in a pristine state (as the client wants).

However, when a user logs on for the first time, the logon takes 20 seconds. If 
I remove the machine from the pool (so it doesn’t get restarted at logoff), and 
log the same user in again (bear in mind the profile is discarded at logoff), 
the logon takes 10 seconds. Each subsequent logon for the user will be solidly 
10 seconds, unless I restart the machine, and then we are back to 20 seconds 
for the first logon.

It doesn’t matter if I log a *different* user in before logging in the test 
user – each user experiences their first logon to the machine as 20 seconds, 
and all subsequent tries as 10. Each user has their profile discarded at 
logoff. It’s almost as if some process is running at first logon that then 
stores some user-specific information or data outside of the user profile but 
in a user-specific location – yet I can’t for the life of me speculate as to 
what it might be.

Any ideas anyone? 

Cheers,

James Rankin CTP ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/megan-holland-368bb0150/> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB862 6660 04. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear,

RE: [NTSysADM] Hmmm....

2018-02-06 Thread James Rankin

Horizon 7.2
Profiles are discarded by setting the HKLM\Software\Microsoft\Windows 
NT\CurrentVersion\ProfileList\{SID}\State value to 128 at logoff, which means 
the OS thinks that it is a temporary profile and purges it. So nothing from 
C:\Users or HKCU is retained at all. Yet still – next logon is half the time.
We’re not using Persona Management of any sort, and I’ve removed all logon 
scripts
The testing I am doing isn’t doing a refresh or recompose on reboot, which is 
why I’m getting really confused. I thought about Superfetch, which has been 
disabled by the VMware OSOT, but re-enabling that didn’t do anything.

Well confused!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jack Kramer
Sent: 06 February 2018 15:35
To: <ntsysadm@lists.myitforum.com> <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Hmmm

What version of Horizon are you running? You say profiles are discarded—are you 
redirecting profiles to disposable disks or retaining them on the C: drive? Do 
you have the registry keys set to discard profiles as well as the Horizon 
settings for it? (The ones I can think of offhand: removing local/roaming 
profiles at logoff under the normal Windows administrative templates; the 
Horizon Persona Management ADM/ADMX template settings; the Horizon disposable 
disk settings)

If you’re just using redirection to disposable disks and not also discarding 
the profiles the other ways I would expect there’s some data being kept in HKLM 
that wouldn’t need to be recreated at every subsequent login. HKCU would be 
thrown away with the disposable disk (since it’s the user hive) but anything in 
HKLM would be retained until the refresh operation occurs on reboot. Also, if 
you’re perhaps triggering a login script that licenses some software on a 
per-user basis, etc.

Jack Kramer, Senior Consultant
Small Type Computing - www.smalltype.net<http://www.smalltype.net>
W: 855-765-8973 x101 - C: 248-635-4955


On Feb 6, 2018, at 9:50 AM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:

Ok, so can anyone shed any light on this….

I have a VMware VDI implementation running Windows 7. The user profiles are 
discarded at logoff, so no user profile information is retained at all on the 
machines. When a user logs off, the machine is restarted. This keeps all 
machines in the pool in a pristine state (as the client wants).

However, when a user logs on for the first time, the logon takes 20 seconds. If 
I remove the machine from the pool (so it doesn’t get restarted at logoff), and 
log the same user in again (bear in mind the profile is discarded at logoff), 
the logon takes 10 seconds. Each subsequent logon for the user will be solidly 
10 seconds, unless I restart the machine, and then we are back to 20 seconds 
for the first logon.

It doesn’t matter if I log a *different* user in before logging in the test 
user – each user experiences their first logon to the machine as 20 seconds, 
and all subsequent tries as 10. Each user has their profile discarded at 
logoff. It’s almost as if some process is running at first logon that then 
stores some user-specific information or data outside of the user profile but 
in a user-specific location – yet I can’t for the life of me speculate as to 
what it might be.

Any ideas anyone? 

Cheers,










James Rankin CTP ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/megan-holland-368bb0150/> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB862 6660 04. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

[NTSysADM] Hmmm....

2018-02-06 Thread James Rankin

Ok, so can anyone shed any light on this….

I have a VMware VDI implementation running Windows 7. The user profiles are 
discarded at logoff, so no user profile information is retained at all on the 
machines. When a user logs off, the machine is restarted. This keeps all 
machines in the pool in a pristine state (as the client wants).

However, when a user logs on for the first time, the logon takes 20 seconds. If 
I remove the machine from the pool (so it doesn’t get restarted at logoff), and 
log the same user in again (bear in mind the profile is discarded at logoff), 
the logon takes 10 seconds. Each subsequent logon for the user will be solidly 
10 seconds, unless I restart the machine, and then we are back to 20 seconds 
for the first logon.

It doesn’t matter if I log a *different* user in before logging in the test 
user – each user experiences their first logon to the machine as 20 seconds, 
and all subsequent tries as 10. Each user has their profile discarded at 
logoff. It’s almost as if some process is running at first logon that then 
stores some user-specific information or data outside of the user profile but 
in a user-specific location – yet I can’t for the life of me speculate as to 
what it might be.

Any ideas anyone? 

Cheers,



[cid:image007.png@01D3895F.44D7D410]

[ISO 9001_COLOUR_NORMAL_UKAS]

[cid:image003.jpg@01D23035.1507D340]


James Rankin CTP ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/megan-holland-368bb0150/> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB862 6660 04. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

Re: [NTSysADM] RE: Citrix question for the Citrix guru's l

2018-02-01 Thread James Rankin

When a user opens a session to an RDSH or xenapp server, it should set a 
clientname variable

Sent from my BlackBerry — the most secure mobile device — via the O2 Network
From: l...@ochin.org
Sent: 1 February 2018 11:00 pm
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Citrix question for the Citrix guru's l

Ok…how does this get implemented? Some setting on the customer’s Citrix server 
but I’ve love to give them specifi =c guidance.  I think the answer to this I 
will set me straight
https://discussions.citrix.com/topic/387471-client-name-pass-through-not-working-with-receiver-47/

I apologize that I am peripheral to this and it’s one of those “I think I 
overheard that it used to be a reg hack that used to make it work” but I was 
not directly involved in the “used to work” operation.

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, February 01, 2018 11:46 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Citrix question for the Citrix guru's l

Use the CLIENTNAME variable?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
Sent: 01 February 2018 18:07
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Citrix question for the Citrix guru's l

We have a scenario where a customer wants to use Citrix servers to connect to 
an application we host, but our application security uses UserID/NetBIOS name 
as a pair for authentication, and while one user can log from multiple 
machines, the application does not allow multiple users from the same machine 
simultaneously.

What we need is Citrix to pass the NetBIOS name of the workstation to the 
application so the app will see unique workstation ID’s and not think they’re 
all coming in via CITRIXSERVER01 and the like.

The twist is our application is served up via our own Citrix and customers 
connect via site to site VPN and then use a web portal / Citrix receiver and 
our side grabs the NetBIOS name and throws it to the app.

Ping me offlist of necessary.

David Lum
Systems Administrator III
P: 503.943.2500
E: l...@ochin.org<mailto:l...@ochin.org>
A: 1881 SW Naito Parkway, Portland, OR 97201

[Facebook Link]<https://www.facebook.com/OCHINinc>[Twitter 
Link]<https://twitter.com/ochininc>[Linkedin 
Link]<http://www.linkedin.com/company/ochin> 
www.ochin.org<https://www.ochin.org/>
[OCHIN email]

Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to 
complia...@ochin.org<mailto:complia...@ochin.org>, delete this email and 
destroy all copies.
Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to complia...@ochin.org, delete 
this email and destroy all copies.

Re: [NTSysADM] RE: Citrix question for the Citrix guru's l

2018-02-01 Thread James Rankin

Ah right sorry, a double hop session.

Yes in that case I think the pass through key would be needed, dependent on 
receiver versions as far as I know

Sent from my BlackBerry — the most secure mobile device — via the O2 Network
From: ja...@htguk.com
Sent: 1 February 2018 11:02 pm
To: NTSysADM@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Citrix question for the Citrix guru's l

When a user opens a session to an RDSH or xenapp server, it should set a 
clientname variable

Sent from my BlackBerry — the most secure mobile device — via the O2 Network
From: l...@ochin.org
Sent: 1 February 2018 11:00 pm
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Citrix question for the Citrix guru's l

Ok…how does this get implemented? Some setting on the customer’s Citrix server 
but I’ve love to give them specifi =c guidance.  I think the answer to this I 
will set me straight
https://discussions.citrix.com/topic/387471-client-name-pass-through-not-working-with-receiver-47/

I apologize that I am peripheral to this and it’s one of those “I think I 
overheard that it used to be a reg hack that used to make it work” but I was 
not directly involved in the “used to work” operation.

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, February 01, 2018 11:46 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Citrix question for the Citrix guru's l

Use the CLIENTNAME variable?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
Sent: 01 February 2018 18:07
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Citrix question for the Citrix guru's l

We have a scenario where a customer wants to use Citrix servers to connect to 
an application we host, but our application security uses UserID/NetBIOS name 
as a pair for authentication, and while one user can log from multiple 
machines, the application does not allow multiple users from the same machine 
simultaneously.

What we need is Citrix to pass the NetBIOS name of the workstation to the 
application so the app will see unique workstation ID’s and not think they’re 
all coming in via CITRIXSERVER01 and the like.

The twist is our application is served up via our own Citrix and customers 
connect via site to site VPN and then use a web portal / Citrix receiver and 
our side grabs the NetBIOS name and throws it to the app.

Ping me offlist of necessary.

David Lum
Systems Administrator III
P: 503.943.2500
E: l...@ochin.org<mailto:l...@ochin.org>
A: 1881 SW Naito Parkway, Portland, OR 97201

[Facebook Link]<https://www.facebook.com/OCHINinc>[Twitter 
Link]<https://twitter.com/ochininc>[Linkedin 
Link]<http://www.linkedin.com/company/ochin> 
www.ochin.org<https://www.ochin.org/>
[OCHIN email]

Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to 
complia...@ochin.org<mailto:complia...@ochin.org>, delete this email and 
destroy all copies.
Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to complia...@ochin.org, delete 
this email and destroy all copies.

[NTSysADM] RE: Citrix question for the Citrix guru's l

2018-02-01 Thread James Rankin

Use the CLIENTNAME variable?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Dave Lum
Sent: 01 February 2018 18:07
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Citrix question for the Citrix guru's l

We have a scenario where a customer wants to use Citrix servers to connect to 
an application we host, but our application security uses UserID/NetBIOS name 
as a pair for authentication, and while one user can log from multiple 
machines, the application does not allow multiple users from the same machine 
simultaneously.

What we need is Citrix to pass the NetBIOS name of the workstation to the 
application so the app will see unique workstation ID’s and not think they’re 
all coming in via CITRIXSERVER01 and the like.

The twist is our application is served up via our own Citrix and customers 
connect via site to site VPN and then use a web portal / Citrix receiver and 
our side grabs the NetBIOS name and throws it to the app.

Ping me offlist of necessary.

David Lum
Systems Administrator III
P: 503.943.2500
E: l...@ochin.org
A: 1881 SW Naito Parkway, Portland, OR 97201

[Facebook Link][Twitter 
Link][Linkedin 
Link] 
www.ochin.org
[OCHIN email]

Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to 
complia...@ochin.org, delete this email and 
destroy all copies.

[NTSysADM] RE: Welcome a brand new CTP to the family

2018-02-01 Thread James Rankin

Thanks, I was surprised to make the cut - so now got to try and stay in!

Obviously lists like these are always a huge help both in staying abreast of 
current trends and also trying to give back to the community, so let me say 
thanks to everyone.

Cheers,



JR

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 01 February 2018 14:08
To: NT Issues (ntsysadm@lists.myitforum.com) <ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Welcome a brand new CTP to the family

Our very own James Rankin is a brand-new CTP. Welcome to the family James.

https://www.citrix.com/blogs/2018/02/01/welcome-ctp-class-of-2018/
https://www.citrix.com/community/ctp/awardees.html

Thanks


Carl Webster
Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels 
VIPP
http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7>
The Accidental Citrix Admin

[NTSysADM] RE: Random reboots Win7 and 10

2018-01-31 Thread James Rankin

Scheduled restart done by shutdown command from script somewhere?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sean Chapman
Sent: 31 January 2018 17:46
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Random reboots Win7 and 10

Hey all,

Been going crazy today trying to find out why a lot of our PCs are rebooting on 
people with a 2 minute warning.  It seems like it should be easy to track down 
but I cant find anything solid on whats causing it.  This has happened for some 
users 2 days in a row now.  Event viewer shows the following:

The process wininit.exe (*PC_NAME*) has initiated the restart of computer 
*PC-NAME* on behalf of user *DOMAIN ADMIN ACCOUNT* for the following reason: 
Other (Planned)
Reason Code: 0x8000
Shutdown Type: restart
Comment: On behalf of user *DOMAIN ADMIN ACCOUNT*, a shutdown/reboot request 
was made for the following reason: Other (Planned)

The users are prompted with the following message
[cid:image001.jpg@01D39ABF.9AF847F0]

The information contained in this communication and all accompanying documents 
from Coilcraft may be confidential and/or legally privileged, and is intended 
only for the use of the recipient(s) named above. If you are not the intended 
recipient you are hereby notified that any review, disclosure, copying, 
distribution or the taking of any action in reliance on the contents of this 
transmitted information is strictly prohibited. If you have received this 
communication in error, please return it to the sender immediately and destroy 
the original message or accompanying materials and any copy thereof. If you 
have any questions concerning this message, please contact the sender.

[NTSysADM] RE: VDI options

2017-12-14 Thread James Rankin

Citrix have Unidesk for an equivalent tech to AppVolumes.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Raymond Peng
Sent: 14 December 2017 19:02
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: VDI options

We've rolled out VDI using VMWare Horizon ( we are also a VMware shop) - but we 
also have RDS farms for session based users that are running large jobs or have 
shared job functions.

Many folks here have VDI as well (dedicated VMs) - but there is something to 
look at called App Volumes which makes it so much easier to package and publish 
applications.
Essentially each package is a VMDK that is mounted on each VM yet shared. If 
there are any issues with certain VMs - one can just blow it away and provision 
a new one.

Thank you,

[cid:9FE8CE67-4431-44CD-970D-6A632819929E]
Raymond Peng
Systems Engineer / IT Operations
Direct: 650-577-5399
Email: raymond.p...@wageworks.com<mailto:raymond.p...@wageworks.com>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, December 14, 2017 9:34 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: VDI options

Very good points/questions, from you and Webster.  I will go back and see if I 
can get further clarification of what they really want.  VDI has been a 
buzzword thrown around here for years, but I was approached last week by my 
supervisor and told to look into it, but no real scope.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, December 14, 2017 8:55 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: VDI options

I suppose it all depends on your use case for "VDI". Would a published desktop 
from a server do or does it have to be full fat client VDI for licensing or GPU 
reasons? Does it have to be on-premise or cloud? Citrix and VMware both have 
many pricing options now, which could be more palatable depending on what else 
you want with it (application packaging, profile management, etc.)

We are a partner with Parallels, Citrix and VMware FWIW. I suppose a more 
detailed breakdown of your actual VDI drivers would allow me to give a more 
in-depth response.

Cheers,

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image004.jpg@01D3750F.5D1AE800]

James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.htguk.com_=DwMFAg=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk=TwoExnfyKBMIPVVkCdhPm70I0SBuAChoJodtguldaOc=PRMGGpSNs46xTgESM8Bvv61aQ6lsem4Xs3eOgh4xrl0=>
 | 
Twitter<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_htguk=DwMFAg=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk=TwoExnfyKBMIPVVkCdhPm70I0SBuAChoJodtguldaOc=7dEcBhYm9kqCW0KX-ZK9z2dveTsyO_HrHUa3RaSl4X8=>
 | 
Linkedin<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_in_markhtg=DwMFAg=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk=TwoExnfyKBMIPVVkCdhPm70I0SBuAChoJodtguldaOc=f3vEK9NPC7vZ4sinIYksYqXW85TAlkm76f9-jy_hma0=>
 | 
Facebook<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_HTGUK=DwMFAg=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk=TwoExnfyKBMIPVVkCdhPm70I0SBuAChoJodtguldaOc=tC4HU8Usia2w0gNvzLRmFgd2TfrOWio8yn-yzMBlBVc=>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. 
https://htguk.on.spiceworks.com/portal<https://urldefense.proofpoint.com/v2/url?u=https-3A__htguk.on.spiceworks.com_portal=DwMFAg=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk=TwoExnfyKBMIPVVkCdhPm70I0SBuAChoJodtguldaOc=qfUORDtd-4P5QO7biOShtTAlqSgY1nZu5VMwtujJBkk=>

From: listsa

[NTSysADM] RE: VDI options

2017-12-14 Thread James Rankin

Here's an example - I was brought in a couple of years ago for a customer that 
wanted "to do VDI". Why? They didn't know, they just thought it was the 
solution to everything. They were going to move 5000 PCs off user desks and 
into the datacenter, just because they thought it was the right thing to do.

What we did do was implement a robust application containerization system, 
coupled with profile management features, that allowed them to quickly deploy 
new apps, provision them without installing them, and maintain a similar 
look-and-feel across their existing devices. They ended up using Citrix for a 
limited amount of XenApp systems (to allow remote application access) and 
approximately 35 "power user" VDI instances that gave remote access to some 
overseas students needing to use "heavy" applications.

5000 VDI down to 30 saved them a lot of money. Their main requirement was easy 
deployment of applications, a cut-down "roaming" experience and the ability to 
deal with Windows 10 feature upgrades without the hassle of broken applications.

TL:DR - VDI isn't the magic bullet. In truth, it isn't really a necessity for 
most projects. Some parts of it are, but you can replicate those with other 
tech.

Happy to offer bits of advice offline if you need some help defining the actual 
scope, just shout.

Cheers,



JR

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Heaton, Joseph@Wildlife
Sent: 14 December 2017 17:34
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: VDI options

Very good points/questions, from you and Webster.  I will go back and see if I 
can get further clarification of what they really want.  VDI has been a 
buzzword thrown around here for years, but I was approached last week by my 
supervisor and told to look into it, but no real scope.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, December 14, 2017 8:55 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: VDI options

I suppose it all depends on your use case for "VDI". Would a published desktop 
from a server do or does it have to be full fat client VDI for licensing or GPU 
reasons? Does it have to be on-premise or cloud? Citrix and VMware both have 
many pricing options now, which could be more palatable depending on what else 
you want with it (application packaging, profile management, etc.)

We are a partner with Parallels, Citrix and VMware FWIW. I suppose a more 
detailed breakdown of your actual VDI drivers would allow me to give a more 
in-depth response.

Cheers,




[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D3750E.14C9D580]






James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 14 December 2017 16:21
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] VDI options

I know there are tons of options for VDI out there today.  I'm asking what you 
guys are using, and why.

We are a VMWare shop, running ESXi 5.5, but don't own licensing for Horizon.  
That is currently the front-runner for the VDI project.

I have looked at Jentu, very briefly, and while it sounds awesome, there's not 
a whole lot of info on how it does what it claims to do.

I think Citrix would be a non-starter, due to licensing, but I haven't looked 
at Citrix in over 10 years, so if something has changed, I'd love to be 
enlightened.

Thanks for any and all input,

Joe He

Re: [NTSysADM] VDI options

2017-12-14 Thread James Rankin

VMware isn't bad, Citrix expensive if you want platinum features, not sure 
whether Parallels do a vdi option? (Webster?)  You also might want to look at 
Frame

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: joseph.hea...@wildlife.ca.gov
Sent: 14 December 2017 4:47 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] VDI options

I know there are tons of options for VDI out there today.  I’m asking what you 
guys are using, and why.

We are a VMWare shop, running ESXi 5.5, but don’t own licensing for Horizon.  
That is currently the front-runner for the VDI project.

I have looked at Jentu, very briefly, and while it sounds awesome, there’s not 
a whole lot of info on how it does what it claims to do.

I think Citrix would be a non-starter, due to licensing, but I haven’t looked 
at Citrix in over 10 years, so if something has changed, I’d love to be 
enlightened.

Thanks for any and all input,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] RE: VDI options

2017-12-14 Thread James Rankin

I suppose it all depends on your use case for "VDI". Would a published desktop 
from a server do or does it have to be full fat client VDI for licensing or GPU 
reasons? Does it have to be on-premise or cloud? Citrix and VMware both have 
many pricing options now, which could be more palatable depending on what else 
you want with it (application packaging, profile management, etc.)

We are a partner with Parallels, Citrix and VMware FWIW. I suppose a more 
detailed breakdown of your actual VDI drivers would allow me to give a more 
in-depth response.

Cheers,




[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D374FC.4AA75FE0]






James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Heaton, Joseph@Wildlife
Sent: 14 December 2017 16:21
To: 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] VDI options

I know there are tons of options for VDI out there today.  I'm asking what you 
guys are using, and why.

We are a VMWare shop, running ESXi 5.5, but don't own licensing for Horizon.  
That is currently the front-runner for the VDI project.

I have looked at Jentu, very briefly, and while it sounds awesome, there's not 
a whole lot of info on how it does what it claims to do.

I think Citrix would be a non-starter, due to licensing, but I haven't looked 
at Citrix in over 10 years, so if something has changed, I'd love to be 
enlightened.

Thanks for any and all input,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] Re: WOW!!! I had no idea I was going to be honored

2017-10-25 Thread James Rankin

It’s like a pyramid scheme, once you get pushed, you have to go out and push a 
few of your own.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 25 October 2017 12:38
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Re: WOW!!! I had no idea I was going to be honored

None of this would have happened if MBS hadn't pushed, I mean encouraged, me to 
start blogging and help me learn PowerShell.

Thanks

Carl Webster
Citrix Technology Professional Fellow  | iGel Tech Community Insider | 
Parallels VIPP
http://www.CarlWebster.com
The Accidental Citrix Admin

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jeff Steward
Sent: Wednesday, October 25, 2017 6:27 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Re: WOW!!! I had no idea I was going to be honored

Well done Carl.  Good to see that Citrix recognizes the value you bring to the 
community.

-Jeff

On Tue, Oct 24, 2017, 8:58 PM J- P 
> wrote:

Well deserved- Congrats

Jean-Paul Natola

From: listsad...@lists.myitforum.com 
> on 
behalf of Webster >
Sent: Tuesday, October 24, 2017 12:17 PM

To: NT Issues 
(ntsysadm@lists.myitforum.com)
Subject: [NTSysADM] WOW!!! I had no idea I was going to be honored

https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-classification/
[https://www.citrix.com/blogs/wp-content/uploads/2017/10/award-1036x479.jpg]

Announcing: CTP Fellow Award – A New 'Classification' | Citrix 
Blogs
www.citrix.com
It is with great pride and joy that I announce a new facet of the Citrix 
Technology Professional (CTP) program: The Citrix Technology Professional 
Fellow Award.

Deeply, deeply humbled and honored

Thanks

Carl Webster

Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP

http://www.CarlWebster.com

The Accidental Citrix Admin

[NTSysADM] RE: WOW!!! I had no idea I was going to be honored

2017-10-24 Thread James Rankin

Congrats, you old-timers have earned it :-0

And there's me thinking getting a CTP would be top of the pile haha

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 24 October 2017 17:18
To: NT Issues (ntsysadm@lists.myitforum.com) 
Subject: [NTSysADM] WOW!!! I had no idea I was going to be honored

https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-classification/

Deeply, deeply humbled and honored

Thanks

Carl Webster
Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP
http://www.CarlWebster.com
The Accidental Citrix Admin

[NTSysADM] RE: GPO application question.

2017-10-24 Thread James Rankin

It will write the Registry key, I presume, but the OS will just ignore it.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: 24 October 2017 18:57
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] GPO application question.

What happens with a setting that is in a GPO applied to a non-supported OS.  So 
for example the SMB setting below is on an OU with Win 10 boxes in it. Is it 
just ignored? So it will get ignored and not mess up the Win 10 
dependencies..correct?

[cid:image001.jpg@01D34CFB.3D086920]

[NTSysADM] RE: PowerShell brainfart

2017-10-12 Thread James Rankin

D’you know what – I read that page, and didn’t see the section on translating 
the SID ☹

Indeed, a bad day all round!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 12 October 2017 21:02
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: PowerShell brainfart

https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/04/use-powershell-to-find-detailed-windows-profile-information/

Try that.

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, October 12, 2017 2:45 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] PowerShell brainfart

OK, I’m having a ditzy moment

I’m trying to query profile type in PowerShell using gwmi

Specifically gwmi win32_userprofile | select localpath, status

But this returns all users on the machine – how can I make it return just the 
current user? I’m having a severe blonde moment – help!

(Apologies to all blondes on the list)

Cheers,

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D343A1.53015BF0]

James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

[NTSysADM] RE: PowerShell brainfart

2017-10-12 Thread James Rankin

Thankyou sir, that appears to work well indeed

A kick in the right direction would have sufficed, but that’s sorted me nicely 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: 12 October 2017 21:10
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: PowerShell brainfart

This isn’t the fastest (using .NET would be), but it’s easy to understand:

$username = ( gwmi win32_computersystem ).username.ToString()
$sid = ( gwmi win32_useraccount |? { $_.Caption -eq $username } ).SID
gwmi win32_userprofile |? { $_.SID -eq $sid }

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, October 12, 2017 3:45 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] PowerShell brainfart

OK, I’m having a ditzy moment

I’m trying to query profile type in PowerShell using gwmi

Specifically gwmi win32_userprofile | select localpath, status

But this returns all users on the machine – how can I make it return just the 
current user? I’m having a severe blonde moment – help!

(Apologies to all blondes on the list)

Cheers,

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D343A0.5CEB9E10]

James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

[NTSysADM] PowerShell brainfart

2017-10-12 Thread James Rankin

OK, I'm having a ditzy moment

I'm trying to query profile type in PowerShell using gwmi

Specifically gwmi win32_userprofile | select localpath, status

But this returns all users on the machine - how can I make it return just the 
current user? I'm having a severe blonde moment - help!

(Apologies to all blondes on the list)

Cheers,


[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D3439A.F6684710]






James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

Re: [NTSysADM] Oopsie in Azure.

2017-10-07 Thread James Rankin

The register is awesome. Cue cloud Discussion...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: mich...@smithcons.com
Sent: 7 October 2017 9:40 p.m.
To:
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Oopsie in Azure.

https://www.theregister.co.uk/2017/10/03/faulty_fire_systems_take_down_azure_across_northern_europe/

Gotta love the phrasing in the story…

[NTSysADM] RE: OT Meanwhile at Derbycon this weekend...

2017-09-25 Thread James Rankin

SECURITY BREACH

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: 25 September 2017 18:53
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: OT Meanwhile at Derbycon this weekend...

HAHAHAHAHAHAHA

You replied to the wrong thread on the wrong list!

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Monday, September 25, 2017 1:45 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: OT Meanwhile at Derbycon this weekend...

One more:

I really want to solve this problem for you but please Boss, try it my way for 
a little while.  If it doesn’t meet the needs of the org of course we will 
adjust.

And just do a regular domain user account added to the local admin group via 
gpo. Unless we are totally missing a need here it will work and it will be the 
last you will ever hear of it.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Monday, September 25, 2017 12:43 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: OT Meanwhile at Derbycon this weekend...

So I should not expect you to contribute to the Go Fund Me that I set up for 
Trevor’s family?

https://www.gofundme.com/trevor-the-roach-memorial-fund

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Monday, September 25, 2017 12:25 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: OT Meanwhile at Derbycon this weekend...

Good riddance!

*shakes fist* Get off my lawn!

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Monday, September 25, 2017 9:54 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] OT Meanwhile at Derbycon this weekend...

…we lost a close friend. Trevor the Roach.

https://www.csoonline.com/article/3227910/security/hackers-create-memorial-for-a-cockroach-named-trevor.html

[NTSysADM] RE: WSUS and Windows 10

2017-09-22 Thread James Rankin

I just had Windows 10, like you do in there, for my test lab

If you're using LTSB, obviously, check that

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 22 September 2017 17:13
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: WSUS and Windows 10

[cid:image001.jpg@01D333CE.5ABDBCE0]

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Friday, September 22, 2017 9:59 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: WSUS and Windows 10

What are the options you're faced with?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: 22 September 2017 14:24
To: NT Issues 
(ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] WSUS and Windows 10

I haven't had the "pleasure" of dealing with WSUS in over 9 years. Got handed a 
support ticket for a customer whose WSUS wants to download terabytes worth of 
updates. I remembered enough to make sure they had selected only English and 
unselected numerous OS options. Running the Server Cleanup Wizard took all 
night. When he went to do a sync, WSUS reported there were over 6TB of updates 
to download.

They are running Windows 10 Ent 1703. What Win10 options should be selected? 
There are several Win10 options and most of them I have no clue of what they 
are.

Thanks

Webster

[NTSysADM] RE: WSUS and Windows 10

2017-09-22 Thread James Rankin

What are the options you're faced with?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 22 September 2017 14:24
To: NT Issues (ntsysadm@lists.myitforum.com) 
Subject: [NTSysADM] WSUS and Windows 10

I haven't had the "pleasure" of dealing with WSUS in over 9 years. Got handed a 
support ticket for a customer whose WSUS wants to download terabytes worth of 
updates. I remembered enough to make sure they had selected only English and 
unselected numerous OS options. Running the Server Cleanup Wizard took all 
night. When he went to do a sync, WSUS reported there were over 6TB of updates 
to download.

They are running Windows 10 Ent 1703. What Win10 options should be selected? 
There are several Win10 options and most of them I have no clue of what they 
are.

Thanks

Webster

RE: [NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

2017-09-18 Thread James Rankin

Ironic that my predilection for the free version of this, which doesn’t 
auto-update, has prevented me from being a victim of this ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: 18 September 2017 20:46
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] CCleaner found to be backdoored for downloads between 
August 15 and September 12

CORRECTION for Google search:

https://www.google.com/search?q=ccleaner+infection

--
Espi


On Mon, Sep 18, 2017 at 12:35 PM, Micheal Espinola Jr 
> wrote:
https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/

https://www.google.com/search?q=ccleanup+infection

--
Espi

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

2017-09-14 Thread James Rankin

Just playing devil's advocate here - are you required by regulation to actually 
use AV?

Because I think it's had its day. App management and other tech are arguably so 
much better, and have much less of a resource footprint.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: 14 September 2017 17:32
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

RE: [NTSysADM] Win2012 R2 and offline files

2017-09-01 Thread James Rankin

Offline Files suck ass. But there's not much choice unless you want to put your 
hand in your pocket.

Wouldn't it be easier just to put more resiliency in the file share that hosts 
the stuff?

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: 01 September 2017 13:50
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Win2012 R2 and offline files

Here we use redirected folders (not the whole profile, just the Documents and 
Desktop parts). And so, we also have offline files configured (in case the 
server with the desktop and documents disappears for a bit, at least the 
clients can still work with a local copy of their stuff, until the server comes 
back and it syncs.

Been set that way for years, all was well. Then, we upgraded one of those file 
servers to Win2012 R2, and it stopped working. Went to check, and the option to 
make files available for offline use was turned off (on the server). It's still 
on for my 3 other file servers, but they're all Win2008 R2.

I haven't seen anything that says that making files available offline is broken 
on Win2012R2. Did we just miss that option, or did my (now
former) boss turn it off for some technical reason?

Anybody using redirected folders and offline file with a Win2012 R2 server? It 
all Just Works, right? We set all that via Group Policy, and all clients are 
Win 7.

This is just an oversight on somebody's part here, yes? Offline files are still 
the recommended way to go, when using redirected home folders, and Desktop and 
Documents?

Thanks

RE: [EXTERNAL][NTSysADM] RE: Imaging windows 10 1703 enterprise

2017-08-22 Thread James Rankin

Normally I sanitize the profile after copying it to the default area. The steps 
are listed in the article. It's possible that some of the stuff inside it is 
not initializing IE correctly. For instance, the %LOCALAPPDATA% folder will be 
fully populated and the Registry will contain many references to the 
pre-existing username.

If it works with GPOs blocked, then you would know the GPOs are to blame...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: 22 August 2017 15:00
To: ntsysadm@lists.myitforum.com
Subject: Re: [EXTERNAL][NTSysADM] RE: Imaging windows 10 1703 enterprise

Yes it worked
No sanitazation
I think my ad guys has grabbed some gpo's that are hurting me.

Sent from my iPhone

On Aug 22, 2017, at 9:58 AM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
Did it (IE) work OK before you copied it to the default profile area?

Did you do any sanitization of the profile once it was copied to the default 
profile area?

It sounds like there is some first-run stuff for IE (ActiveSetup entries) that 
maybe aren't running, but that's just a complete guess...

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 22 August 2017 14:41
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Ok.
Have reviewed your doc.
I have built an audit image.
Then sysprepped.
Then deployed to 10 testing machines.
Everything is awesome on Local Admin and Domain admin profiles.
User profile looks great and plays great with the Exception of Internet 
Explorer.
It just won't open.
It is set as default browser.
I have it pinned to taskbar and star menu.
Click or double click it and it does nothing.
About 4 minutes goes by and then it opens but in a Not Responding state and 
never actually opens anything.
Just doing an iexplore http://www.google.com gets nothing?
And this is only on the user profiles.
What have I screwed up?


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, August 16, 2017 12:48 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Notice:  This email is from an outside source.  Please do not open any 
attachments, click on any hyperlinks, or respond without first confirming the 
authenticity of the email.



Build your default profile in Audit Mode and use that, you can remove all the 
UWP apps with PowerShell while you are in Audit Mode.

GPOs to set FTAs are rubbish, they set for everyone and override anything 
defined by the user.

This article has a section on doing it in Audit Mode - 
http://www.htguk.com/everything-you-wanted-to-know-about_26/ - although this 
was pre-1703. In 1703 you may need some additional GPOs if using mandatory or 
roaming profiles.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 16 August 2017 17:29
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Imaging windows 10 1703 enterprise

I have a base image completely built.
Everything functions on the local admin account.
I have saved that image.
Then Sysprepped.
Then brought up the sysprepped image and my domain administrator can not access 
desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), 
etc...
What can I do to the save preSysPrepped image to have the default profiles come 
up nicely for the end users so they don't have to make the associations 
themselves?
Make GPO's or CopyProfile?
I have done neither thus far but am willing to do either if it helps.
Leaning into the GPO's a lot harder than copyprofile if I can.
What is everyone's opinion and how can I research this the quickest.
The few google searches are coming up with articles from 2009 and such.
I would like the latest best practices if we can.


David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
<http://imcu.com/>  
<https://www.facebook.com/IndianaMembersCU>  
<https://twitter.com/IndMembersCU>

<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002>


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message

[NTSysADM] RE: Imaging windows 10 1703 enterprise

2017-08-22 Thread James Rankin

Did it (IE) work OK before you copied it to the default profile area?

Did you do any sanitization of the profile once it was copied to the default 
profile area?

It sounds like there is some first-run stuff for IE (ActiveSetup entries) that 
maybe aren't running, but that's just a complete guess...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: 22 August 2017 14:41
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Ok.
Have reviewed your doc.
I have built an audit image.
Then sysprepped.
Then deployed to 10 testing machines.
Everything is awesome on Local Admin and Domain admin profiles.
User profile looks great and plays great with the Exception of Internet 
Explorer.
It just won't open.
It is set as default browser.
I have it pinned to taskbar and star menu.
Click or double click it and it does nothing.
About 4 minutes goes by and then it opens but in a Not Responding state and 
never actually opens anything.
Just doing an iexplore http://www.google.com gets nothing?
And this is only on the user profiles.
What have I screwed up?


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, August 16, 2017 12:48 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Notice:  This email is from an outside source.  Please do not open any 
attachments, click on any hyperlinks, or respond without first confirming the 
authenticity of the email.


Build your default profile in Audit Mode and use that, you can remove all the 
UWP apps with PowerShell while you are in Audit Mode.

GPOs to set FTAs are rubbish, they set for everyone and override anything 
defined by the user.

This article has a section on doing it in Audit Mode - 
http://www.htguk.com/everything-you-wanted-to-know-about_26/ - although this 
was pre-1703. In 1703 you may need some additional GPOs if using mandatory or 
roaming profiles.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 16 August 2017 17:29
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Imaging windows 10 1703 enterprise

I have a base image completely built.
Everything functions on the local admin account.
I have saved that image.
Then Sysprepped.
Then brought up the sysprepped image and my domain administrator can not access 
desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), 
etc...
What can I do to the save preSysPrepped image to have the default profiles come 
up nicely for the end users so they don't have to make the associations 
themselves?
Make GPO's or CopyProfile?
I have done neither thus far but am willing to do either if it helps.
Leaning into the GPO's a lot harder than copyprofile if I can.
What is everyone's opinion and how can I research this the quickest.
The few google searches are coming up with articles from 2009 and such.
I would like the latest best practices if we can.


David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
[Description: imcu email icon]<http://imcu.com/>  [Description: facebook email 
icon] <https://www.facebook.com/IndianaMembersCU>   [Description: twitter email 
icon] <https://twitter.com/IndMembersCU>
[Description: email logo]
[Image result for mcp 
logo]<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002>


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Re: [EXTERNAL]RE: [NTSysADM] RE: Imaging windows 10 1703 enterprise

2017-08-16 Thread James Rankin

If you look at some of my other articles about Windows 10 there is a section on 
ways to customise the start menu as well.

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: dav...@imcu.com
Sent: 16 August 2017 8:04 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: Re: [EXTERNAL]RE: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Ok
First thing in the morning
Grab a pc
Insert USB with 1703 ISO image
Boot
Go straight to sysprep
Switch to audit mode
Restart
Build without jointing domain
Install all updates
Install all drivers
Customize default apps
Customize desktop
Remove all tiles
Test all programs
Capture image at this point (so I can spawn from here later if needed)

Sysyprep with generalize
Capture image here to deploy to other like workstations.
Let sysprep finish
Join domain
(Default programs and apps should work on all profiles at this point)
Begin deployment of the last is I will ever need?

Sent from my iPhone

On Aug 16, 2017, at 2:39 PM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:

Also make sure you set your desired file type associations in Audit Mode too.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: 16 August 2017 18:48
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Imaging windows 10 1703 enterprise

This sender failed our fraud detection checks and may not be who they appear to 
be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>

Feedback<http://aka.ms/SafetyTipsFeedback>

Make sure you remove the UWP apps you don’t want while you’re in Audit Mode, 
and they won’t re-provision themselves back. You can also remove things like 
Contact Support now from Optional Features in Control Panel. Use PS for the 
main apps though.

If you’re using mandatory or roaming profiles, don’t forget to set the GPO for 
“allow deployment operations to special profiles” or the UWP apps you want 
(like Calculator) will not work properly.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 16 August 2017 18:34
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Well shit.
I did not build in audit mode.
My base option is to start over and work from audit mode.

Sent from my iPhone

On Aug 16, 2017, at 1:32 PM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
Notice:  This email is from an outside source.  Please do not open any 
attachments, click on any hyperlinks, or respond without first confirming the 
authenticity of the email.

Build your default profile in Audit Mode and use that, you can remove all the 
UWP apps with PowerShell while you are in Audit Mode.

GPOs to set FTAs are rubbish, they set for everyone and override anything 
defined by the user.

This article has a section on doing it in Audit Mode - 
http://www.htguk.com/everything-you-wanted-to-know-about_26/ - although this 
was pre-1703. In 1703 you may need some additional GPOs if using mandatory or 
roaming profiles.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 16 August 2017 17:29
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Imaging windows 10 1703 enterprise

I have a base image completely built.
Everything functions on the local admin account.
I have saved that image.
Then Sysprepped.
Then brought up the sysprepped image and my domain administrator can not access 
desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), 
etc…
What can I do to the save preSysPrepped image to have the default profiles come 
up nicely for the end users so they don’t have to make the associations 
themselves?
Make GPO’s or CopyProfile?
I have done neither thus far but am willing to do either if it helps.
Leaning into the GPO’s a lot harder than copyprofile if I can.
What is everyone’s opinion and how can I research this the quickest.
The few google searches are coming up with articles from 2009 and such.
I would like the latest best practices if we can.

David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
<http://imcu.com/>  
<https://www.facebook.com/IndianaMembersCU>  
<https://twitter.com/IndMembersCU>

<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002>

This e-mail and any files transmitted with it are property of Indiana

RE: [NTSysADM] RE: Imaging windows 10 1703 enterprise

2017-08-16 Thread James Rankin

Also make sure you set your desired file type associations in Audit Mode too.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: 16 August 2017 18:48
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Imaging windows 10 1703 enterprise

This sender failed our fraud detection checks and may not be who they appear to 
be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>

Feedback<http://aka.ms/SafetyTipsFeedback>

Make sure you remove the UWP apps you don't want while you're in Audit Mode, 
and they won't re-provision themselves back. You can also remove things like 
Contact Support now from Optional Features in Control Panel. Use PS for the 
main apps though.

If you're using mandatory or roaming profiles, don't forget to set the GPO for 
"allow deployment operations to special profiles" or the UWP apps you want 
(like Calculator) will not work properly.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 16 August 2017 18:34
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Well shit.
I did not build in audit mode.
My base option is to start over and work from audit mode.

Sent from my iPhone

On Aug 16, 2017, at 1:32 PM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
Notice:  This email is from an outside source.  Please do not open any 
attachments, click on any hyperlinks, or respond without first confirming the 
authenticity of the email.

Build your default profile in Audit Mode and use that, you can remove all the 
UWP apps with PowerShell while you are in Audit Mode.

GPOs to set FTAs are rubbish, they set for everyone and override anything 
defined by the user.

This article has a section on doing it in Audit Mode - 
http://www.htguk.com/everything-you-wanted-to-know-about_26/ - although this 
was pre-1703. In 1703 you may need some additional GPOs if using mandatory or 
roaming profiles.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 16 August 2017 17:29
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Imaging windows 10 1703 enterprise

I have a base image completely built.
Everything functions on the local admin account.
I have saved that image.
Then Sysprepped.
Then brought up the sysprepped image and my domain administrator can not access 
desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), 
etc...
What can I do to the save preSysPrepped image to have the default profiles come 
up nicely for the end users so they don't have to make the associations 
themselves?
Make GPO's or CopyProfile?
I have done neither thus far but am willing to do either if it helps.
Leaning into the GPO's a lot harder than copyprofile if I can.
What is everyone's opinion and how can I research this the quickest.
The few google searches are coming up with articles from 2009 and such.
I would like the latest best practices if we can.

David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
<http://imcu.com/>  
<https://www.facebook.com/IndianaMembersCU>  
<https://twitter.com/IndMembersCU>

<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002>

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Please consider the environment before printing this email.

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Please consider the environment before printing this email.

RE: [NTSysADM] RE: Imaging windows 10 1703 enterprise

2017-08-16 Thread James Rankin

Make sure you remove the UWP apps you don't want while you're in Audit Mode, 
and they won't re-provision themselves back. You can also remove things like 
Contact Support now from Optional Features in Control Panel. Use PS for the 
main apps though.

If you're using mandatory or roaming profiles, don't forget to set the GPO for 
"allow deployment operations to special profiles" or the UWP apps you want 
(like Calculator) will not work properly.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: 16 August 2017 18:34
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Imaging windows 10 1703 enterprise

Well shit.
I did not build in audit mode.
My base option is to start over and work from audit mode.

Sent from my iPhone

On Aug 16, 2017, at 1:32 PM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
Notice:  This email is from an outside source.  Please do not open any 
attachments, click on any hyperlinks, or respond without first confirming the 
authenticity of the email.



Build your default profile in Audit Mode and use that, you can remove all the 
UWP apps with PowerShell while you are in Audit Mode.

GPOs to set FTAs are rubbish, they set for everyone and override anything 
defined by the user.

This article has a section on doing it in Audit Mode - 
http://www.htguk.com/everything-you-wanted-to-know-about_26/ - although this 
was pre-1703. In 1703 you may need some additional GPOs if using mandatory or 
roaming profiles.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 16 August 2017 17:29
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Imaging windows 10 1703 enterprise

I have a base image completely built.
Everything functions on the local admin account.
I have saved that image.
Then Sysprepped.
Then brought up the sysprepped image and my domain administrator can not access 
desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), 
etc...
What can I do to the save preSysPrepped image to have the default profiles come 
up nicely for the end users so they don't have to make the associations 
themselves?
Make GPO's or CopyProfile?
I have done neither thus far but am willing to do either if it helps.
Leaning into the GPO's a lot harder than copyprofile if I can.
What is everyone's opinion and how can I research this the quickest.
The few google searches are coming up with articles from 2009 and such.
I would like the latest best practices if we can.


David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
<http://imcu.com/>  
<https://www.facebook.com/IndianaMembersCU>  
<https://twitter.com/IndMembersCU>

<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002>


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

[NTSysADM] RE: Imaging windows 10 1703 enterprise

2017-08-16 Thread James Rankin

Build your default profile in Audit Mode and use that, you can remove all the 
UWP apps with PowerShell while you are in Audit Mode.

GPOs to set FTAs are rubbish, they set for everyone and override anything 
defined by the user.

This article has a section on doing it in Audit Mode - 
http://www.htguk.com/everything-you-wanted-to-know-about_26/ - although this 
was pre-1703. In 1703 you may need some additional GPOs if using mandatory or 
roaming profiles.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: 16 August 2017 17:29
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Imaging windows 10 1703 enterprise

I have a base image completely built.
Everything functions on the local admin account.
I have saved that image.
Then Sysprepped.
Then brought up the sysprepped image and my domain administrator can not access 
desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), 
etc...
What can I do to the save preSysPrepped image to have the default profiles come 
up nicely for the end users so they don't have to make the associations 
themselves?
Make GPO's or CopyProfile?
I have done neither thus far but am willing to do either if it helps.
Leaning into the GPO's a lot harder than copyprofile if I can.
What is everyone's opinion and how can I research this the quickest.
The few google searches are coming up with articles from 2009 and such.
I would like the latest best practices if we can.


David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
[Description: imcu email icon]  [Description: facebook email 
icon]    [Description: twitter email 
icon] 
[Description: email logo]
[Image result for mcp 
logo]


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

[NTSysADM] RE: Imaging windows 10 1703 enterprise

2017-08-16 Thread James Rankin

Already answered, but my replies seem to take light years to appear :)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 16 August 2017 17:51
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Imaging windows 10 1703 enterprise

James Rankin is my go-to guy for these types of questions.

Thanks

Carl Webster
Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP
http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7>
The Accidental Citrix Admin

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Wednesday, August 16, 2017 11:29 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Imaging windows 10 1703 enterprise

I have a base image completely built.
Everything functions on the local admin account.
I have saved that image.
Then Sysprepped.
Then brought up the sysprepped image and my domain administrator can not access 
desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), 
etc...
What can I do to the save preSysPrepped image to have the default profiles come 
up nicely for the end users so they don't have to make the associations 
themselves?
Make GPO's or CopyProfile?
I have done neither thus far but am willing to do either if it helps.
Leaning into the GPO's a lot harder than copyprofile if I can.
What is everyone's opinion and how can I research this the quickest.
The few google searches are coming up with articles from 2009 and such.
I would like the latest best practices if we can.

David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
[Description: imcu email icon]<http://imcu.com/>  [Description: facebook email 
icon] <https://www.facebook.com/IndianaMembersCU>   [Description: twitter email 
icon] <https://twitter.com/IndMembersCU>
[Description: email logo]
[Image result for mcp 
logo]<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002>

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Please consider the environment before printing this email.

Re: [NTSysADM] Win10 1607 - Some installed programs don't show up to be uninstalled

2017-08-10 Thread James Rankin

There's a 64 bit key somewhere too for it IIRC

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: oozerd...@gmail.com
Sent: 10 August 2017 9:09 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Win10 1607 - Some installed programs don't show up to 
be uninstalled


On Thu, Aug 10, 2017 at 11:12 AM, James Rankin <ja...@htguk.com> wrote:
> If you look in the Registry subkeys under 
> HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall, do any of the 
> subkeys hold the Uninstall information for the application?

No.



https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail_term=icon;
target="_blank">https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif;
alt="" width="46" height="29" style="width: 46px; height: 29px;"
/>
Virus-free. https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail_term=link;
target="_blank" style="color: #4453ea;">www.avast.com

RE: [NTSysADM] An acquisition I can live with?!?

2017-08-03 Thread James Rankin

Yeah, they were pretty damn helpful when I spoke to their support recently…

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: 03 August 2017 15:13
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] An acquisition I can live with?!?

As long as doing so doesn’t degrade the service we get from Digicert.  I have 
to say they are probably the best vendor I’ve ever dealt with.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
Sent: Wednesday, August 2, 2017 7:44 PM
To: ntsysadm >
Subject: [NTSysADM] An acquisition I can live with?!?

https://www.digicert.com/news/digicert-to-acquire-symantec-website-security-business/

Yeah, I think so...

Regards,

 ASB
 http://XeeMe.com/AndrewBaker

 Providing Expert Technology Consulting Services for the SMB market…

 GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

[https://my-email-signature.link/signature.gif?u=162639=9061069=1197f41d283a1c06b4fc6f77a69931cde2479afa7cce736a671bb1a071124524]

[NTSysADM] RE: Folder redirection issues

2017-07-03 Thread James Rankin

FWIW I recorded a video about using FSLogix Profile Containers (which are 
simply UPD on steroids) to shunt profiles into an Azure Storage Account.

https://www.youtube.com/watch?v=7s_o1O8dBQQ=2s



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: 03 July 2017 16:38
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Folder redirection issues

The problem with DFS and profiles is when they switch replicas. It has the 
possibility to leave files out of sync and can cause all manner of weirdness 
because of it. As long as they can't access any other replicas (read-only, 
etc.) it works OK.  I don't know that it's unsupported, but it does have a big 
warning on it.  Never played with UPD, may have to take a look.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Monday, July 3, 2017 10:22 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Folder redirection issues

Didn't I read somewhere DFS for profiles is not supported? Why not use User 
Profile Disks instead?

You can use UPD on Windows 10 with a bit of tinkering as well.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: 03 July 2017 15:12
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Folder redirection issues

DFS for profiles?  It's possible but NEVER, repeat NEVER, allow multiple 
replicas to be active if you do. We recently migrated all our user profiles to  
a new server. The new server is accessed via the DFS name but there is only one 
replica.

You might confirm results with DNS domainname versus NETBIOS domainname to see 
if that helps.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dan Bartley
Sent: Friday, June 30, 2017 3:20 PM
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Folder redirection issues

I have a couple of issues with folder redirection and GPO. I have been using it 
for years. I am currently migrating everyone to a new file server. I use DFS 
for the drive mappings, so that part is easy. We are still on a 2003 Functional 
level domain (yes, I know but the CTO does not see the value in IT related 
matters until it hits him personally).

Folder redirection has always been set to the literal 
\\server\share name with Basic setting. If I simply update 
the server name in GPO almost no one actually changes in their Document 
settings, even with a gpupdate. Some Win 10 machines do, but none of the Win 7 
machines update for the Documents location. They are receiving the GPO as it 
shows in RSOP and won't allow manually changing the location. I have to turn it 
off altogether, go change them manually-after the tedious step of making the 
new share available offline for Win 7, then set the GPO to the same thing. This 
is only for existing users, any new users pick up the new location fine. Am I 
Missing something here? I can't get it to reliably update.

A thought I had for future proofing this was start changing people to the DFS 
link, then going forward I don't have to change anything for Folder 
redirection, just the DFS. HOWEVER, I set my PC to the DFS path for the new 
User\Documents share, did a gpupdate and upon logging back in it completely 
deleted everything I had in the Documents network share. Yes, I had a backup 
right before testing so I was able to restore it all, but I don't know why it 
did that and can't afford to have a bunch of users suddenly get everything 
deleted. I can restore, but they will fill my office with panic attacks until 
it is done. Any thoughts on this part?

Thanks in advance for any expertise on these.

Best Regards,

Dan Bartley


CONFIDENTIALITY NOTICE***The information contained in this message may be 
privileged, confidential, and protected from disclosure. If the reader of this 
message is not the intended recipient, or any employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that 
any dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer. 
Thank you.

[NTSysADM] RE: Folder redirection issues

2017-07-03 Thread James Rankin

Didn't I read somewhere DFS for profiles is not supported? Why not use User 
Profile Disks instead?

You can use UPD on Windows 10 with a bit of tinkering as well.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: 03 July 2017 15:12
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Folder redirection issues

DFS for profiles?  It's possible but NEVER, repeat NEVER, allow multiple 
replicas to be active if you do. We recently migrated all our user profiles to  
a new server. The new server is accessed via the DFS name but there is only one 
replica.

You might confirm results with DNS domainname versus NETBIOS domainname to see 
if that helps.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dan Bartley
Sent: Friday, June 30, 2017 3:20 PM
To: 'ntsysadm@lists.myitforum.com' 
>
Subject: [NTSysADM] Folder redirection issues

I have a couple of issues with folder redirection and GPO. I have been using it 
for years. I am currently migrating everyone to a new file server. I use DFS 
for the drive mappings, so that part is easy. We are still on a 2003 Functional 
level domain (yes, I know but the CTO does not see the value in IT related 
matters until it hits him personally).

Folder redirection has always been set to the literal 
\\server\share name with Basic setting. If I simply update 
the server name in GPO almost no one actually changes in their Document 
settings, even with a gpupdate. Some Win 10 machines do, but none of the Win 7 
machines update for the Documents location. They are receiving the GPO as it 
shows in RSOP and won't allow manually changing the location. I have to turn it 
off altogether, go change them manually-after the tedious step of making the 
new share available offline for Win 7, then set the GPO to the same thing. This 
is only for existing users, any new users pick up the new location fine. Am I 
Missing something here? I can't get it to reliably update.

A thought I had for future proofing this was start changing people to the DFS 
link, then going forward I don't have to change anything for Folder 
redirection, just the DFS. HOWEVER, I set my PC to the DFS path for the new 
User\Documents share, did a gpupdate and upon logging back in it completely 
deleted everything I had in the Documents network share. Yes, I had a backup 
right before testing so I was able to restore it all, but I don't know why it 
did that and can't afford to have a bunch of users suddenly get everything 
deleted. I can restore, but they will fill my office with panic attacks until 
it is done. Any thoughts on this part?

Thanks in advance for any expertise on these.

Best Regards,

Dan Bartley

CONFIDENTIALITY NOTICE***The information contained in this message may be 
privileged, confidential, and protected from disclosure. If the reader of this 
message is not the intended recipient, or any employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that 
any dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer. 
Thank you.

RE: [NTSysADM] Using GPP to fight Petya

2017-06-28 Thread James Rankin

Didn’t know that either. Educated!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: 28 June 2017 16:26
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Using GPP to fight Petya

On Wed, Jun 28, 2017 at 10:59 AM, Melvin Backus 
> wrote:
From GPMC select the OU, right click, Group Polcy Update.

I don't see this option in my GPMC (Win 7 Pro). I see it on GPMC from a Win2012 
R2 server ...

Part of the problem is, I set those changes to the Default Domain Policy, which 
isn't in an OU. And there's no such option at the domain level.

Still, I can push it to the servers, which are all in 1 OU. Since I do my GPOs 
from my Win 7 machine, I didn't know this option existed. Thanks!

It isn’t immediate on all systems but it will happen within the next 10-15 
minutes as it staggers them to avoid swamping the server.

RE: [NTSysADM] Using GPP to fight Petya

2017-06-28 Thread James Rankin

Pipe the server names from a text file to a command like psexec that runs 
gpupdate?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: 28 June 2017 15:11
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Using GPP to fight Petya

OK, so I've made that change in the GPO, and it creates the file appropriately.

So how do I force all my servers to refresh their GPOs, without going to each 
and doing a "gpupdate /force"? When they automatically check in the next time, 
this policy should be applied. But how to make that happen NOW, rather than 
within the next 24 hours (or whatever)?

On Wed, Jun 28, 2017 at 9:23 AM, Kennedy, Jim 
> wrote:
I will ground my son who wrote that.  It should be ‘replace’.  That will create 
it or replace it.

Now, why you are not seeing it in gpresult I dunno. You ran the gpresult as a 
local admin?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Michael Leone
Sent: Wednesday, June 28, 2017 9:13 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Using GPP to fight Petya

So I'm confused. Looking at this page:

https://www.binarydefense.com/petya-ransomware-without-fluff/

Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if this 
file exists, the malware stops (yes, I know that there will be a variant Real 
Soon Now that avoids this).

So I made this change:

Computer\Preferences\Windows Settings\Files

And followed the web page ("update", copy windowsupdate.log  to 
c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I keep 
around for this purpose.

Doing Group Policy Modeling Wizard, I see this being applied as a setting to my 
test VM. Yet when I go an look in c:\windows, I don't see the file.Nor do I see 
that setting in "gpresult /r /v".

What have I done wrong?

RE: [NTSysADM] Using GPP to fight Petya

2017-06-28 Thread James Rankin

Have you got a filter applied? You may need to add Domain Computers to it

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: 28 June 2017 14:13
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Using GPP to fight Petya

So I'm confused. Looking at this page:

https://www.binarydefense.com/petya-ransomware-without-fluff/

Shows using GPP to create a file "c:\windows\perfc.dat". Apparently, if this 
file exists, the malware stops (yes, I know that there will be a variant Real 
Soon Now that avoids this).

So I made this change:

Computer\Preferences\Windows Settings\Files

And followed the web page ("update", copy windowsupdate.log  to 
c:\windows\perfc.dat", make it read-only. Did all this on a testing GPO I keep 
around for this purpose.

Doing Group Policy Modeling Wizard, I see this being applied as a setting to my 
test VM. Yet when I go an look in c:\windows, I don't see the file.Nor do I see 
that setting in "gpresult /r /v".

What have I done wrong?

RE: [NTSysADM] PCI nightmare - c:\windows\csc files

2017-06-20 Thread James Rankin

Be aware a load of those GPOs are XP/2003 only.

Here’s an article documenting my adventures with it (admittedly from a while 
back)
http://www.htguk.com/appsense-desktopnow-and-offline-files/

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: 20 June 2017 19:28
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] PCI nightmare - c:\windows\csc files

You should looking into this Group Policy setting under Computer Configuration:
Administrative Templates > Network > Offline Files > Allow or disallow use of 
the Offline Files feature

There are other settings in there which might also help pass a PCI audit, such 
as Encrypt the Offline Files Cache. That setting could be used as an 
alternative in case you would like to keep the feature.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Richard McClary
Sent: Tuesday, June 20, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] PCI nightmare - c:\windows\csc files

Greetings!

Since MS had the annoying habit of enabling off-line caching, I have a PCI 
nightmare.  All our workstations are Window 7 Professional, SP1.

A scan by an application called “IdentityFinder” has located 3000+ files among 
several dozen machines it claims has either social security numbers or credit 
card information.  They are off-line cached files in c:\windows\CSC\...

So far, my Google searches seem to indicate I go to each machine (possibly 
remote desktop), log in, and delete off-line files (Sync Center, etc).  This 
seems to delete my own off-line cached files on that machine (and there are 
none).

I would prefer to do this remotely, also preferably accessing the C: drive on 
each machine without needing to log in (24x7 operation, and chances are most 
seats will be occupied).  An aggravation is, I do not know where these machines 
are.  They all have a 12-character “name”, and most differ from one another by 
1 or 2 characters, which makes things extra fun.

Trying to remotely access the C$ volume and taking ownership of the 
C:\Windows\CSC directory and whacking things has worked in the past (MS says to 
not do that – presumably because it damages the off-line caching system, which 
is just fine!), but there have been some machines where this has not worked.

So to summarize, is there a way to remotely clean out the c:\windows\CSC folder 
on a number of remote workstations?

Thank you…
The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is 
intended only for use by the addressee(s) named herein and may contain 
privileged and/or confidential information. If you are not the intended 
recipient(s) of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited unless authorized by the sender. If 
you have received this e-mail in error, please immediately notify the sender by 
reply email and permanently delete this e-mail and any printout thereof.

[NTSysADM] RE: PCI nightmare - c:\windows\csc files

2017-06-20 Thread James Rankin

Does using the Registry value to reset the database do this, or does that just 
whack the database and not the data?

As I recall it's 
HKLM\System\CurrentControlSet\Services\CSC\Parameters\FormatDatabase (DWORD 1) 
and then a restart...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Richard McClary
Sent: 20 June 2017 17:32
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] PCI nightmare - c:\windows\csc files

Greetings!

Since MS had the annoying habit of enabling off-line caching, I have a PCI 
nightmare.  All our workstations are Window 7 Professional, SP1.

A scan by an application called "IdentityFinder" has located 3000+ files among 
several dozen machines it claims has either social security numbers or credit 
card information.  They are off-line cached files in c:\windows\CSC\...

So far, my Google searches seem to indicate I go to each machine (possibly 
remote desktop), log in, and delete off-line files (Sync Center, etc).  This 
seems to delete my own off-line cached files on that machine (and there are 
none).

I would prefer to do this remotely, also preferably accessing the C: drive on 
each machine without needing to log in (24x7 operation, and chances are most 
seats will be occupied).  An aggravation is, I do not know where these machines 
are.  They all have a 12-character "name", and most differ from one another by 
1 or 2 characters, which makes things extra fun.

Trying to remotely access the C$ volume and taking ownership of the 
C:\Windows\CSC directory and whacking things has worked in the past (MS says to 
not do that - presumably because it damages the off-line caching system, which 
is just fine!), but there have been some machines where this has not worked.

So to summarize, is there a way to remotely clean out the c:\windows\CSC folder 
on a number of remote workstations?

Thank you...
The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
privileged and/or confidential information. If you are not the intended 
recipient(s) of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited unless authorized by the sender. If 
you have received this e-mail in error, please immediately notify the sender by 
reply email and permanently delete this e-mail and any printout thereof.

RE: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

2017-06-20 Thread James Rankin

Was just going to suggest that - that bites me all the time

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Miller Bonnie L.
Sent: 20 June 2017 17:30
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

Did you remember to add either "authenticated users" or "domain computers" with 
read access on the advanced tab after you added the security filtering to apply 
just to the group?

-Bonnie

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Tuesday, June 20, 2017 9:09 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Re: GPO being filtered out, denied by security - MORE

On Tue, Jun 20, 2017 at 11:52 AM, Mayo, Bill  wrote:
> I was just point out that denies override everything else. Is it possible 
> that you added a DENY entry to some other group of which these computers are 
> members?

Pretty sure I haven't a DENY to anything in this decade ... LOL .. no, 
seriously, I can't remember the last time I DENYed anything. So, no, I don't 
think that's the case.

Also, as I say, I have other servers that are not filtering it out, and all 
these server accounts are all members of the same groups (I checked).

Re: [NTSysADM] Ransonware protection

2017-06-12 Thread James Rankin

Ivanti Application Manager
Bromium vSentry

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: tominyorkt...@gmail.com
Sent: 12 June 2017 1:42 p.m.
To: NTSysADM@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Ransonware protection

Hi All,

What would you recommend as specific software solutions to protect against 
Ransomware?  In my company we use:

-  Sonicwall firewalls, and the gateway security component is enabled and is 
supposed to help block/prevent.
- Symantec AV.  Not specific to ransom-ware but appears to be reactive.

I'm looking at additional layers of security, such as the Barracuda e-mail 
filter.  I used that at past jobs and that reduced the "infected" e-mails 
considerably.

I also have used Malwarebytes enterprise.  That has an anti-ransomeware 
component.  I used that in a past job and was not impressed.  Malwarebytes sold 
is an an "enterprise" solution, but it was a stand alone product, had not 
integration with the management console, no configuration and no notifications. 
 It appeared to be a rush to market.

Sophos supposedly has a similar solution specific to Malwarebytes but I have 
not looked at it yet.

Internally, we also have targeted employee training and use a service to send 
"fake" messages from Amazon/UPS, etc to let them know that they need to be 
vigilant when reviewing messages from outside the company.

Thoughts appreciated.

Re: [NTSysADM] RE: VMware to Hyper-V transition

2017-06-08 Thread James Rankin

VDI in a box

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: webs...@carlwebster.com
Sent: 8 June 2017 8:58 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: VMware to Hyper-V transition

You left out Emergent Online, then Provision Networks, then Quest, then Dell 
and Wyse is in there somewhere.

Webster

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: Thursday, June 8, 2017 12:01 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: VMware to Hyper-V transition

vWorkspace, formerly Quest, then Dell, and now Quest again. :)

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Thursday, June 8, 2017 11:56 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: VMware to Hyper-V transition

What is your VDI solution?

Webster

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Thursday, June 8, 2017 10:48 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] VMware to Hyper-V transition

Anyone out there proficient in both VMware and Hyper-V who can point me at any 
good docs on doing a migration?  I’ve got a specific application I’m 
considering moving to Hyper-V to help stretch the life of our VDI solution. We 
will eventually have to change I’m sure, but migrating it may be a stopgap and 
I’ve got the extra hardware at the moment.  In particular I’m weak on the 
networking aspects of Hyper-V.

Service Desk | 404-497-1599 | 
https://servicedesk.byers.com
Melvin Backus | Sr. Systems Engineer | Byers Engineering Company | 404.497.1565
--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

[NTSysADM] RE: Windows 10 Explorer drag and drop issue

2017-06-02 Thread James Rankin

Well, the new names for the CB and CBB servicing branches certainly are 
telling. Can't remember the exact names but CB is now "pilot", which should 
give consumers a warm fuzzy feeling :)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Katherine M. Moss
Sent: 02 June 2017 18:12
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

I've noticed it's more Windows 10 than older versions. I seriously wonder 
whether this was done on purpose ...

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Friday, June 02, 2017 12:23 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

That's the number #1 Windows 10 troubleshooting tip, re-image. Sad but true

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: 02 June 2017 17:12
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

It does persist after a reboot, tried the escape key and resetting ie zone 
settings to without any effect. I also logged on a new user and the issue 
remains. Seems something system wide is broken on this desktop, I'll just 
re-image when convenient.

Thanks,
jlc

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Miller Bonnie L.
Sent: Friday, June 2, 2017 9:55 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Haven't seen this but if it doesn't follow through a restart, try tapping the 
esc key and see if it fixes it, as that is the common workaround for several 
weird windows interface bugs like this when they crop up.  If not, it sort of 
sounds like it could be an IE zone settings issue as well, so you might check 
there and see if anyone has been changing settings.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: Wednesday, May 31, 2017 3:05 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Actually, dragging to the desktop and apps appears to work, it seems limited to 
just within Explorer. I can assert the box is up to date with patches.

Thanks,
jlc

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, May 31, 2017 12:42 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Hmmm. Just wondering because I was battling against an issue with Edge crashing 
and I thought the machine was fully patched, but then all of a sudden a new 
update landed and hey presto! Issue resolved.

Does it manifest just within Explorer windows or also when you try to drag 
anything to the desktop or even to another application?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: 31 May 2017 19:24
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Yup.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, May 31, 2017 12:04 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

The usual Windows 10 reply...is it fully patched?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: 31 May 2017 18:51
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Windows 10 Explorer drag and drop issue

I have a Windows 10 1607 wkst that can drag and drop objects only within a 
folder, that is a file can be dropped into a directory in the same directory as 
the file. If you drag an object outside of its own directory regardless of 
local or network drives, the icon gets a red circle with a cross. It's not 
permissions, you can copy and paste via keyboard or mouse, you just can't drag.

Anyone come across this before?

Thanks,
jlc

[NTSysADM] RE: Windows 10 Explorer drag and drop issue

2017-06-02 Thread James Rankin

That's the number #1 Windows 10 troubleshooting tip, re-image. Sad but true

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Joseph L. Casale
Sent: 02 June 2017 17:12
To: 'ntsysadm@lists.myitforum.com' <ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

It does persist after a reboot, tried the escape key and resetting ie zone 
settings to without any effect. I also logged on a new user and the issue 
remains. Seems something system wide is broken on this desktop, I'll just 
re-image when convenient.

Thanks,
jlc

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Miller Bonnie L.
Sent: Friday, June 2, 2017 9:55 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Haven't seen this but if it doesn't follow through a restart, try tapping the 
esc key and see if it fixes it, as that is the common workaround for several 
weird windows interface bugs like this when they crop up.  If not, it sort of 
sounds like it could be an IE zone settings issue as well, so you might check 
there and see if anyone has been changing settings.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: Wednesday, May 31, 2017 3:05 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Actually, dragging to the desktop and apps appears to work, it seems limited to 
just within Explorer. I can assert the box is up to date with patches.

Thanks,
jlc

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, May 31, 2017 12:42 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Hmmm. Just wondering because I was battling against an issue with Edge crashing 
and I thought the machine was fully patched, but then all of a sudden a new 
update landed and hey presto! Issue resolved.

Does it manifest just within Explorer windows or also when you try to drag 
anything to the desktop or even to another application?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: 31 May 2017 19:24
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Yup.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, May 31, 2017 12:04 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

The usual Windows 10 reply...is it fully patched?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: 31 May 2017 18:51
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Windows 10 Explorer drag and drop issue

I have a Windows 10 1607 wkst that can drag and drop objects only within a 
folder, that is a file can be dropped into a directory in the same directory as 
the file. If you drag an object outside of its own directory regardless of 
local or network drives, the icon gets a red circle with a cross. It's not 
permissions, you can copy and paste via keyboard or mouse, you just can't drag.

Anyone come across this before?

Thanks,
jlc

[NTSysADM] RE: cloud service (VDI)

2017-05-31 Thread James Rankin

Oh right. I thought I'd been rumbled for pinching a living in IT these last 20 
years...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of J- P
Sent: 31 May 2017 18:22
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Re: cloud service (VDI)


everything on this list fails fraud detection, same goes for the exchange list 
as well.



I thought it was part of the "hotmail/outlook.com update"



Jean-Paul Natola



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of James Rankin <ja...@htguk.com<mailto:ja...@htguk.com>>
Sent: Wednesday, May 31, 2017 8:47 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: cloud service (VDI)


I've been failing fraud detection for a while too...



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: 31 May 2017 13:40
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: cloud service (VDI)



Hey! I didn't fail fraud detection this time and my reply showed up in less 
than four hours!!!







Webster



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Wednesday, May 31, 2017 7:33 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: cloud service (VDI)



With a minimum of 25 users though.



Thanks





Carl Webster

Citrix Technology Professional

http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7>

The Accidental Citrix Admin



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, May 31, 2017 7:14 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: cloud service (VDI)



Just go Citrix Cloud, all wrapped up as a service in Azure



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: 31 May 2017 03:10
To: NT <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] cloud service (VDI)



Hi all ,



I have a client that wans to do "cloud services"  VDI, they are a small firm 6 
users-



So i', wondering if a 3rd party (I.e Rackspace)  would make more sense then 
deploying a dedicated hyperv/citirx server on or offsite (to handle this)=



any thoughts?

[NTSysADM] RE: Windows 10 Explorer drag and drop issue

2017-05-31 Thread James Rankin

Hmmm. Just wondering because I was battling against an issue with Edge crashing 
and I thought the machine was fully patched, but then all of a sudden a new 
update landed and hey presto! Issue resolved.

Does it manifest just within Explorer windows or also when you try to drag 
anything to the desktop or even to another application?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Joseph L. Casale
Sent: 31 May 2017 19:24
To: 'ntsysadm@lists.myitforum.com' <ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

Yup.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, May 31, 2017 12:04 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Windows 10 Explorer drag and drop issue

The usual Windows 10 reply...is it fully patched?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale
Sent: 31 May 2017 18:51
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Windows 10 Explorer drag and drop issue

I have a Windows 10 1607 wkst that can drag and drop objects only within a 
folder, that is a file can be dropped into a directory in the same directory as 
the file. If you drag an object outside of its own directory regardless of 
local or network drives, the icon gets a red circle with a cross. It's not 
permissions, you can copy and paste via keyboard or mouse, you just can't drag.

Anyone come across this before?

Thanks,
jlc

[NTSysADM] RE: Windows 10 Explorer drag and drop issue

2017-05-31 Thread James Rankin

The usual Windows 10 reply...is it fully patched?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Joseph L. Casale
Sent: 31 May 2017 18:51
To: 'ntsysadm@lists.myitforum.com' 
Subject: [NTSysADM] Windows 10 Explorer drag and drop issue

I have a Windows 10 1607 wkst that can drag and drop objects only within a 
folder, that is a file can be dropped into a directory in the same directory as 
the file. If you drag an object outside of its own directory regardless of 
local or network drives, the icon gets a red circle with a cross. It's not 
permissions, you can copy and paste via keyboard or mouse, you just can't drag.

Anyone come across this before?

Thanks,
jlc

[NTSysADM] RE: recommended SNMP Monitoring tools

2017-05-23 Thread James Rankin

We've just started doing work with a company called Insentra that do a 
cloud-based monitoring tool (although you can run it on-premises as well) 
called Predictive Insights and Analytics (PIA). It's based on Lakeside Systrack 
but with a custom dashboard built on top. Might have to ask whether it can fit 
all your needs but we've found it invaluable because it requires no setup, no 
skilling up and you just pay for what you need instead of getting an 
off-the-shelf solution with long subscriptions and support costs attached.


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jimmy Tran
Sent: 23 May 2017 18:57
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] recommended SNMP Monitoring tools

Hi All,

I know there are a lot of options out available so I'm hoping you guys can 
provide some recommendations on software you guys prefer. The requirement I 
have is to be able to monitor hardware on physical servers (ESXi Included), NAS 
and Firewalls from different sites. Would be great if they all report back to 
one management console. Pricing is a factor so the lower the cost the better.

Thanks,

Jimmy

[NTSysADM] RE: Updating Windows 7 "Home" on old laptop

2017-05-15 Thread James Rankin

Not sure if this may help 
http://www.infoworld.com/article/3177323/microsoft-windows/microsoft-endorses-convoluted-technique-for-installing-win7-from-scratch.html

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Richard McClary
Sent: 15 May 2017 14:14
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Updating Windows 7 "Home" on old laptop

Greetings!  Now that OS patching has become an issue lately...

I have an HP laptop, about 5-6 years old (don't know date or model).  It came 
with a "home" version of Windows 7.

When the time came a couple of years ago, I let MS update it to Windows 10.  
About a year later, the screen would start to flicker, break into pixels, etc.  
Ultimately, the system crashed and became unbootable.  Given its age, I thought 
it was a hardware issue with the display.

A couple of months later, I booted off a "live linux" DVD and saw no problems 
with the display.  So, I dug out the original Windows recovery disk and 
re-installed Windows 7.  Unfortunately, MS pulled the support plug on older 
versions of Win 7.  Apparently, only installations past a certain patch level 
could receive MS updates.  (When I try anyway, it spends literally hours 
searching for updates and coming up with nothing.)

Aside from buying a copy of Win 10 (hardware is not worth it, and it is not my 
primary machine), is there anything I can download from MS so that it can again 
receive security patches (such as the one which was released in March but not 
applied on zillions of machines world-wide)?  Until then, I can no longer pay 
bills, etc while eating.

Thanks!

 /\_/\
/*--.__/ o o \
/ Richard ="= /
\  `-.   (
"--._)"-._m)m)

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
privileged and/or confidential information. If you are not the intended 
recipient(s) of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited unless authorized by the sender. If 
you have received this e-mail in error, please immediately notify the sender by 
reply email and permanently delete this e-mail and any printout thereof.

RE: [NTSysADM] Terminal server sizing

2017-05-02 Thread James Rankin

Much easier with a vehicle – simply buy German ;-)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 02 May 2017 15:08
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Terminal server sizing

Not enough info, way too many unanswered questions. Check out what RDS MVP and 
fellow CTP Benny Tritsch says on this topic.

http://drtritsch.com/tutorials/rdsh/rdsh-server-sizing/

i.e. I need a vehicle, what do you recommend?

Thanks


Carl Webster
Citrix Technology Professional
http://www.CarlWebster.com
The Accidental Citrix Admin

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall
Sent: Tuesday, May 2, 2017 8:40 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Terminal server sizing

Does anyone have a good, current reference for speccing out hardware for a new 
MS terminal server?

Thanks,
RS

RE: [NTSysADM] Folder Redirect

2017-04-20 Thread James Rankin

I wouldn't redirect APPDATA personally. Some applications really struggle with 
the network reads and writes, particularly if there are lots and lots of small 
files. Some out there say you can get away with it if your file services are 
architected right - there was an interesting discussion about it here 
https://helgeklein.com/blog/2014/10/folder-redirection-impacts-ux-breaks-applications/

What I've had great success with in the modern world is redirecting the entire 
user profile to a VHD on a remote file share. You can do this on Windows 10 
with some trickery using User Profile Disks (see here 
https://4sysops.com/archives/user-profile-disks-on-windows-10/) or 
alternatively, for a better experience, I prefer using FSLogix Profile 
Containers which you can even use on older operating systems and/or from an 
Azure file share (some videos on this in the links below). Abstracting away the 
entire profile leaves you with much less overhead of management, but of course 
you don't get the flexibility you might from a high-end profile management 
solution like RES, Ivanti DesktopNow, LiquidWare Labs ProfileUnity, Citrix WEM, 
VMware Immidio, etc.

https://www.youtube.com/watch?v=y3aHnEfMCtA
https://www.youtube.com/watch?v=7s_o1O8dBQQ

Of course, back to the original case about Folder Redirection, I generally find 
folders with lots of reads and writes (APPDATA, Cookies, History, Recent Items) 
have a detrimental effect on performance, particularly in VDI environments. YMMV


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Miller Bonnie L.
Sent: 20 April 2017 16:46
To: New NT System Admin List (NTSysADM@lists.myITforum.com) 
<ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Folder Redirect

And just a couple of other thoughts from issues we've seen over the years and 
found during testing:

1)  Don't try to redirect different users' folders to the same location

2)  Folder redirection REQUIRES the users have full control in the 
location, it doesn't work with modify

3)  File and folder ownership can be an issue, there are also some GPO 
options that can help with that.

We redirect everything except for appdata and also use DFS.  No 2016 yet 
besides testing, but we have Windows 7, 8.1, and 10 clients.  I'm not sure how 
many people do redirect appdata now, but way back in the day during testing we 
found it put quite a lot of additional burden on the servers and slowed down 
local application access, so we chose not to do it.  If anyone has any modern 
experience with redirecting appdata I'd love to hear your experiences.

-Bonnie

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, April 20, 2017 6:51 AM
To: New NT System Admin List 
(NTSysADM@lists.myITforum.com<mailto:NTSysADM@lists.myITforum.com>) 
<NTSysADM@lists.myITforum.com<mailto:NTSysADM@lists.myITforum.com>>; 
ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Folder Redirect

What do the event logs say when the GPO folder redirection fails?

The gpo for "prevent user from changing My Documents path" can interfere with 
folder redirection, but that would generally be a different behaviour to what 
you're seeing.

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: christoph...@slalom.com<mailto:christoph...@slalom.com>
Sent: 20 April 2017 2:45 p.m.
To: NTSysADM@lists.myITforum.com<mailto:NTSysADM@lists.myITforum.com>
Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Folder Redirect




We are in the process of deploying folder redirects and we can't seem to get it 
working for all users. The issue is that it works fine for the first user that 
logs onto the system but no other user will work on that same device.


Some background on the environment. We are running two DC with server 2016 
running active directory at 2016 functional leave. Our clients are all Windows 
10. The file share is also server 2016 DFS.

Re: [NTSysADM] Folder Redirect

2017-04-20 Thread James Rankin

What do the event logs say when the GPO folder redirection fails?

The gpo for "prevent user from changing My Documents path" can interfere with 
folder redirection, but that would generally be a different behaviour to what 
you're seeing.

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: christoph...@slalom.com
Sent: 20 April 2017 2:45 p.m.
To: NTSysADM@lists.myITforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Folder Redirect

We are in the process of deploying folder redirects and we can't seem to get it 
working for all users. The issue is that it works fine for the first user that 
logs onto the system but no other user will work on that same device.

Some background on the environment. We are running two DC with server 2016 
running active directory at 2016 functional leave. Our clients are all Windows 
10. The file share is also server 2016 DFS.

RE: [NTSysADM] UAC prompt when launching Chrome

2017-04-06 Thread James Rankin

Long shot, but there isn’t a value in HKCU\Software\Microsoft\Windows 
NT\CurrentVersion\ApPCompatFlags\Layers with a value referencing chrome.exe, is 
there?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jimmy Tran
Sent: 06 April 2017 16:41
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] UAC prompt when launching Chrome

@Michael: Yes, in this specific case it will prompt again on next launch as 
well as when I close the browser. No recent changes or browser integrations.

@Jim: No applocker or other similar apps.

@Joe: I already have implanted the GPO for Chrome and the issue still occurs 
after forcing a GP update and a reboot.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr
Sent: Thursday, April 6, 2017 8:16 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] UAC prompt when launching Chrome

To clarify, if you allow Chrome to run as admin once:  It will still require a 
UAC elevation for the next launch?

Have there been any recent policy changes?  Any software updates that feature 
browser integration?

--
Espi

On Wed, Apr 5, 2017 at 2:03 PM, Jimmy Tran 
> wrote:
This issue has been happening for a while now. A user will launch Chrome and 
they will get a UAC prompt immediately. They can hit no to continue but they 
will eventually get another UAC prompt after opening Chrome. This happens 
across the board for all standard users. I’ve tried the Chrome browser for 
business as wells as the standard version but both eventually give us the same 
problem. This does happen randomly on different computers running windows 7 or 
10.

I’ve found a bunch of people having this issue on forums but the only solution 
that was found was to set chrome.exe to run as administrator for all users. The 
problem is the user account is a standard account so it will prompt for 
elevated credentials again. I have also tried the Google ADM templates to 
disable auto updates but it still occurs.

Has anyone seen this issue and resolved it?

-Jimmy

RE: [NTSysADM] Question about Word

2017-03-27 Thread James Rankin

Gonna have a look in a bit, cheers...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of J- P
Sent: 27 March 2017 18:02
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Question about Word

Did you check the link to the video i posted?

Jean-Paul Natola

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of James Rankin <ja...@htguk.com<mailto:ja...@htguk.com>>
Sent: Monday, March 27, 2017 10:13:22 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Question about Word

That's fair enough, but I'm sure there must be some sort of Word-native 
function that can accommodate this and remove the requirement for the Search 
and Replace?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Erik Goldoff
Sent: 27 March 2017 15:03
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Question about Word

simple method, use the text <> in the template throughout the 
document, and then perform a Search and Replace ALL for <> with the 
actual customer name for each time the template is copied and used.

On Mon, Mar 27, 2017 at 8:19 AM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
My Microsoft Office skills are a bit limited and I can't seem to frame the 
Google query right today...

I am writing a template document. At the start of this I want to put a section 
for "Customer Name", the idea being that when a user uses the template they can 
simply put the correct customer name in here, and then it is updated in every 
part of the document where the customer name needs to appear.

What function is it I want to use here? I just can't seem to frame the right 
query to get Google to tell me the answer, and Alexa is simply telling me she 
doesn't understand...

TIA,

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D2A737.F6F6E060]

James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

RE: [NTSysADM] Question about Word

2017-03-27 Thread James Rankin

That’s fair enough, but I’m sure there must be some sort of Word-native 
function that can accommodate this and remove the requirement for the Search 
and Replace?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Erik Goldoff
Sent: 27 March 2017 15:03
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Question about Word

simple method, use the text <> in the template throughout the 
document, and then perform a Search and Replace ALL for <> with the 
actual customer name for each time the template is copied and used.

On Mon, Mar 27, 2017 at 8:19 AM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
My Microsoft Office skills are a bit limited and I can’t seem to frame the 
Google query right today…

I am writing a template document. At the start of this I want to put a section 
for “Customer Name”, the idea being that when a user uses the template they can 
simply put the correct customer name in here, and then it is updated in every 
part of the document where the customer name needs to appear.

What function is it I want to use here? I just can’t seem to frame the right 
query to get Google to tell me the answer, and Alexa is simply telling me she 
doesn’t understand…

TIA,

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D2A70C.A91334A0]

James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

[NTSysADM] Question about Word

2017-03-27 Thread James Rankin

My Microsoft Office skills are a bit limited and I can't seem to frame the 
Google query right today...

I am writing a template document. At the start of this I want to put a section 
for "Customer Name", the idea being that when a user uses the template they can 
simply put the correct customer name in here, and then it is updated in every 
part of the document where the customer name needs to appear.

What function is it I want to use here? I just can't seem to frame the right 
query to get Google to tell me the answer, and Alexa is simply telling me she 
doesn't understand...

TIA,




[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D2A6FC.B3880150]






James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

RE: [NTSysADM] %[SYSTEM]% environment variable

2017-03-21 Thread James Rankin

I’ve never seen SYSTEM declared as an environment variable, unless it’s a 
custom one.

SYSTEMDRIVE, SYSTEMROOT, but never SYSTEM

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Richard Stovall
Sent: 21 March 2017 15:15
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] %[SYSTEM]% environment variable

I have run across this in a path in a config file and I'm wondering exactly 
what it means / points to.

e.g. %[SYSTEM]%\filename

It doesn't seem to work as intended and my Google-fu is weak on this one.

Thanks,
RS

Re: [NTSysADM] RE: Persisting access to an Azure shared folder

2017-03-17 Thread James Rankin

It's a service doing the file copy in the user context, so a bit difficult to 
break it down like that. I've been in contact with the vendor to see if there's 
another option around this...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: st...@efini.co.uk
Sent: 17 March 2017 5:58 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Persisting access to an Azure shared folder

Can you put the file copy in to the logon script after the drive mapping? It 
would still fail the first time but then should complete when run again after 
the mapped drive is connected.

On 17 Mar 2017, at 14:43, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:

I did try Group Policy with the delay set to 0, but it didn’t manage to get in 
soon enough. However I didn’t configure any of the other settings, let me give 
that a try.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Gestwicki
Sent: 17 March 2017 13:49
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

· You can use Group Policy to change the logon script delay but that 
only applies to Server 2012 R2+ and Windows 8.1+.

o   Computer Configuration > Policies > Administrative Templates > System > 
Group Policy > Configure Logon Script Delay = Enabled and set to 0 minutes

· You can also try having the computer always wait for the network.

o   Computer Configuration > Policies > Administrative Templates > System > 
Logon > Always wait for the network at computer startup and logon = Enabled

· Another thing you can try is forcing each script to finish before 
allowing Group Policy to move on.

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Run startup scripts asynchronously = Disabled

Those settings may give you a shot at having Group Policy run the script first 
but they will also slow down your logins.

· I also like applying these settings to a test OU so I can see what is 
going on during my tests:

o   Computer Configuration > Policies > Administrative Templates > System > 
Display highly detailed status messages = Enabled

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Display instructions in shutdown scripts as they run = Enabled

§  Warning: users can close out your script before it finishes.

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Display instructions in startup scripts as they run = Enabled

§  Warning: users can close out your script before it finishes.

I hope that helps.

- Stephen

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Friday, March 17, 2017 6:37 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

Given Windows post-XP tendency to delay logon scripts, etc., I would fully 
expect that the scheduled task route would run earlier than a logon script. 
Whether would run soon enough remains to be tested, but in my experience they 
seem to run first before anything else I’ve found.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Friday, March 17, 2017 12:18 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Persisting access to an Azure shared folder

It needs to run in the user context, so it would have to be at logon. I wonder 
if a task would run earlier? Could be worth a bash...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>
Sent: 17 March 2017 12:40 a.m.
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Persisting access to an Azure shared folder

Scheduled task at startup?

Kurt

On Thu, Mar 16, 2017 at 3:48 PM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
That's what I've been trying, but the net use command, when run at logon, 
doesn't execute early enough to get in "ahead" of the write to the share, sadly.

In order to get it done for new users was the rationale around seeing if I 
could get it in the default profile, but unfortunately sysprep seems to remove 
saved passwo

Re: [NTSysADM] RE: Persisting access to an Azure shared folder

2017-03-17 Thread James Rankin

I'm going to the service vendor to see how they can possibly help with 
something along those lines

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: br...@briandesmond.com
Sent: 17 March 2017 7:51 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

Can you not supply the creds to your service or make your service dependent on 
another one so that it starts later?

Thanks,
Brian Desmond

w – 312.625.1438 | c – 312.731.3132

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Friday, March 17, 2017 11:46 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

OK, the problem with this seems to be timing.

Running a “cmdkey” command at logon allows the user access to the Azure share, 
but by then my service has already tried and failed to connect. So unless I can 
delay that action, I’m kinda snookered here. Either that or find some way to 
run the cmdkey command ridiculously early in the logon process, but even using 
tooling like AppSense this seems to be impossible.

Adding the credentials to the system default profile also seems to be a 
non-starter – the username for the share seems to persist, but the password is 
still prompted for. I’m thinking that stored password credentials are somehow 
hashed for or tied to the originating user, which to be honest I’d expect, 
otherwise credential theft would be incredibly easy.

Think I’m going to write this one off as unachievable in the present state – 
thanks all for suggestions.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: 17 March 2017 14:04
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

This sender failed our fraud detection checks and may not be who they appear to 
be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>

Feedback<http://aka.ms/SafetyTipsFeedback>

I did try Group Policy with the delay set to 0, but it didn’t manage to get in 
soon enough. However I didn’t configure any of the other settings, let me give 
that a try.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Gestwicki
Sent: 17 March 2017 13:49
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

  *   You can use Group Policy to change the logon script delay but that only 
applies to Server 2012 R2+ and Windows 8.1+.

 *   Computer Configuration > Policies > Administrative Templates > System 
> Group Policy > Configure Logon Script Delay = Enabled and set to 0 minutes

  *   You can also try having the computer always wait for the network.

 *   Computer Configuration > Policies > Administrative Templates > System 
> Logon > Always wait for the network at computer startup and logon = Enabled

  *   Another thing you can try is forcing each script to finish before 
allowing Group Policy to move on.

 *   Computer Configuration > Policies > Administrative Templates > System 
> Scripts > Run startup scripts asynchronously = Disabled

Those settings may give you a shot at having Group Policy run the script first 
but they will also slow down your logins.

  *   I also like applying these settings to a test OU so I can see what is 
going on during my tests:

 *   Computer Configuration > Policies > Administrative Templates > System 
> Display highly detailed status messages = Enabled
 *   Computer Configuration > Policies > Administrative Templates > System 
> Scripts > Display instructions in shutdown scripts as they run = Enabled

*   Warning: users can close out your script before it finishes.

 *   Computer Configuration > Policies > Administrative Templates > System 
> Scripts > Display instructions in startup scripts as they run = Enabled

*   Warning: users can close out your script before it finishes.

I hope that helps.

- Stephen

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Friday, March 17, 2017 6:37 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

Given Windows post-XP tendency to delay logon scripts, etc., I would fully 
expect that the scheduled task route would run earlier than a logon script. 
Whether would run soon enough remains to be tested, but in my experience they 
seem to run

RE: [NTSysADM] RE: Persisting access to an Azure shared folder

2017-03-17 Thread James Rankin

OK, the problem with this seems to be timing.

Running a "cmdkey" command at logon allows the user access to the Azure share, 
but by then my service has already tried and failed to connect. So unless I can 
delay that action, I'm kinda snookered here. Either that or find some way to 
run the cmdkey command ridiculously early in the logon process, but even using 
tooling like AppSense this seems to be impossible.

Adding the credentials to the system default profile also seems to be a 
non-starter - the username for the share seems to persist, but the password is 
still prompted for. I'm thinking that stored password credentials are somehow 
hashed for or tied to the originating user, which to be honest I'd expect, 
otherwise credential theft would be incredibly easy.

Think I'm going to write this one off as unachievable in the present state - 
thanks all for suggestions.


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: 17 March 2017 14:04
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder


This sender failed our fraud detection checks and may not be who they appear to 
be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>

Feedback<http://aka.ms/SafetyTipsFeedback>

I did try Group Policy with the delay set to 0, but it didn't manage to get in 
soon enough. However I didn't configure any of the other settings, let me give 
that a try.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Gestwicki
Sent: 17 March 2017 13:49
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder


* You can use Group Policy to change the logon script delay but that 
only applies to Server 2012 R2+ and Windows 8.1+.

o   Computer Configuration > Policies > Administrative Templates > System > 
Group Policy > Configure Logon Script Delay = Enabled and set to 0 minutes

* You can also try having the computer always wait for the network.

o   Computer Configuration > Policies > Administrative Templates > System > 
Logon > Always wait for the network at computer startup and logon = Enabled

* Another thing you can try is forcing each script to finish before 
allowing Group Policy to move on.

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Run startup scripts asynchronously = Disabled

Those settings may give you a shot at having Group Policy run the script first 
but they will also slow down your logins.


* I also like applying these settings to a test OU so I can see what is 
going on during my tests:

o   Computer Configuration > Policies > Administrative Templates > System > 
Display highly detailed status messages = Enabled

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Display instructions in shutdown scripts as they run = Enabled

?  Warning: users can close out your script before it finishes.

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Display instructions in startup scripts as they run = Enabled

?  Warning: users can close out your script before it finishes.

I hope that helps.

- Stephen

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Friday, March 17, 2017 6:37 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

Given Windows post-XP tendency to delay logon scripts, etc., I would fully 
expect that the scheduled task route would run earlier than a logon script. 
Whether would run soon enough remains to be tested, but in my experience they 
seem to run first before anything else I've found.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Friday, March 17, 2017 12:18 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Persisting access to an Azure shared folder

It needs to run in the user context, so it would have to be at logon. I wonder 
if a task would run earlier? Could be worth a bash...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>
Sent: 17 March 2017 12:40 a.m.
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysa

RE: [NTSysADM] RE: Persisting access to an Azure shared folder

2017-03-17 Thread James Rankin

I did try Group Policy with the delay set to 0, but it didn't manage to get in 
soon enough. However I didn't configure any of the other settings, let me give 
that a try.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Stephen Gestwicki
Sent: 17 March 2017 13:49
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

* You can use Group Policy to change the logon script delay but that 
only applies to Server 2012 R2+ and Windows 8.1+.

o   Computer Configuration > Policies > Administrative Templates > System > 
Group Policy > Configure Logon Script Delay = Enabled and set to 0 minutes

* You can also try having the computer always wait for the network.

o   Computer Configuration > Policies > Administrative Templates > System > 
Logon > Always wait for the network at computer startup and logon = Enabled

* Another thing you can try is forcing each script to finish before 
allowing Group Policy to move on.

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Run startup scripts asynchronously = Disabled

Those settings may give you a shot at having Group Policy run the script first 
but they will also slow down your logins.

* I also like applying these settings to a test OU so I can see what is 
going on during my tests:

o   Computer Configuration > Policies > Administrative Templates > System > 
Display highly detailed status messages = Enabled

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Display instructions in shutdown scripts as they run = Enabled

?  Warning: users can close out your script before it finishes.

o   Computer Configuration > Policies > Administrative Templates > System > 
Scripts > Display instructions in startup scripts as they run = Enabled

?  Warning: users can close out your script before it finishes.

I hope that helps.

- Stephen

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Friday, March 17, 2017 6:37 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Persisting access to an Azure shared folder

Given Windows post-XP tendency to delay logon scripts, etc., I would fully 
expect that the scheduled task route would run earlier than a logon script. 
Whether would run soon enough remains to be tested, but in my experience they 
seem to run first before anything else I've found.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Friday, March 17, 2017 12:18 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Persisting access to an Azure shared folder

It needs to run in the user context, so it would have to be at logon. I wonder 
if a task would run earlier? Could be worth a bash...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>
Sent: 17 March 2017 12:40 a.m.
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Persisting access to an Azure shared folder

Scheduled task at startup?

Kurt

On Thu, Mar 16, 2017 at 3:48 PM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
That's what I've been trying, but the net use command, when run at logon, 
doesn't execute early enough to get in "ahead" of the write to the share, sadly.

In order to get it done for new users was the rationale around seeing if I 
could get it in the default profile, but unfortunately sysprep seems to remove 
saved passwords (although not usernames, oddly)

So net use works, but somehow I need to get it to execute earlier than seems 
possible at the moment, hence trying to think of a different approach...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: mich...@smithcons.com<mailto:mich...@smithcons.com>
Sent: 16 March 2017 10:44 p.m.
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Persisting access to an Azure shared folder

I'm not saying that there isn't a better solution... and I'd love to know one.

But I've had people executing the "net use /persist" from a batch file (or 
sending around an intern to do it).

From: listsad...@lists.myitforum.com<mailto:listsad.

Re: [NTSysADM] RE: Persisting access to an Azure shared folder

2017-03-16 Thread James Rankin

It needs to run in the user context, so it would have to be at logon. I wonder 
if a task would run earlier? Could be worth a bash...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: kurt.b...@gmail.com
Sent: 17 March 2017 12:40 a.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Persisting access to an Azure shared folder

Scheduled task at startup?

Kurt

On Thu, Mar 16, 2017 at 3:48 PM, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
That's what I've been trying, but the net use command, when run at logon, 
doesn't execute early enough to get in "ahead" of the write to the share, sadly.

In order to get it done for new users was the rationale around seeing if I 
could get it in the default profile, but unfortunately sysprep seems to remove 
saved passwords (although not usernames, oddly)

So net use works, but somehow I need to get it to execute earlier than seems 
possible at the moment, hence trying to think of a different approach...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: mich...@smithcons.com<mailto:mich...@smithcons.com>
Sent: 16 March 2017 10:44 p.m.
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Persisting access to an Azure shared folder

I’m not saying that there isn’t a better solution… and I’d love to know one.

But I’ve had people executing the “net use /persist” from a batch file (or 
sending around an intern to do it).

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of James Rankin
Sent: Thursday, March 16, 2017 3:39 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Persisting access to an Azure shared folder

I have a shared folder set up in Azure which can be mapped via SMB. You can 
access this by a “net use” command which specifies a username and password.

However I want all of my users to be able to write out to this share, but I 
need the access to be available from quite early in the logon process (I’m 
writing some user-specific configuration files out to the share during user 
logon). How can I give *all* users access to this area? I thought I could use 
Audit Mode to create a custom default user profile that already has supplied 
the username and password and saved them into 
%LOCALAPPDATA%\Microsoft\Credentials, but set up in this way it still prompts 
for a username and password and henceforth the write to the Azure share fails 
with an Access Denied error.

Any ideas? Or should I really be standing up some Windows file servers in Azure 
along with some proper AD authentication?

All suggestions gratefully welcomed…

Cheers,

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[X]

James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

Re: [NTSysADM] RE: Persisting access to an Azure shared folder

2017-03-16 Thread James Rankin

That's what I've been trying, but the net use command, when run at logon, 
doesn't execute early enough to get in "ahead" of the write to the share, sadly.

In order to get it done for new users was the rationale around seeing if I 
could get it in the default profile, but unfortunately sysprep seems to remove 
saved passwords (although not usernames, oddly)

So net use works, but somehow I need to get it to execute earlier than seems 
possible at the moment, hence trying to think of a different approach...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: mich...@smithcons.com
Sent: 16 March 2017 10:44 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Persisting access to an Azure shared folder


I’m not saying that there isn’t a better solution… and I’d love to know one.

But I’ve had people executing the “net use /persist” from a batch file (or 
sending around an intern to do it).

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, March 16, 2017 3:39 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Persisting access to an Azure shared folder

I have a shared folder set up in Azure which can be mapped via SMB. You can 
access this by a “net use” command which specifies a username and password.

However I want all of my users to be able to write out to this share, but I 
need the access to be available from quite early in the logon process (I’m 
writing some user-specific configuration files out to the share during user 
logon). How can I give *all* users access to this area? I thought I could use 
Audit Mode to create a custom default user profile that already has supplied 
the username and password and saved them into 
%LOCALAPPDATA%\Microsoft\Credentials, but set up in this way it still prompts 
for a username and password and henceforth the write to the Azure share fails 
with an Access Denied error.

Any ideas? Or should I really be standing up some Windows file servers in Azure 
along with some proper AD authentication?

All suggestions gratefully welcomed…

Cheers,


[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D29E84.3B4C8D30]






James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

[NTSysADM] Persisting access to an Azure shared folder

2017-03-16 Thread James Rankin

I have a shared folder set up in Azure which can be mapped via SMB. You can 
access this by a "net use" command which specifies a username and password.

However I want all of my users to be able to write out to this share, but I 
need the access to be available from quite early in the logon process (I'm 
writing some user-specific configuration files out to the share during user 
logon). How can I give *all* users access to this area? I thought I could use 
Audit Mode to create a custom default user profile that already has supplied 
the username and password and saved them into 
%LOCALAPPDATA%\Microsoft\Credentials, but set up in this way it still prompts 
for a username and password and henceforth the write to the Azure share fails 
with an Access Denied error.

Any ideas? Or should I really be standing up some Windows file servers in Azure 
along with some proper AD authentication?

All suggestions gratefully welcomed...

Cheers,


[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D29E8C.F16761A0]






James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

RE: [NTSysADM] Sohpos disables UAC ?

2017-03-10 Thread James Rankin

That would be bad, very bad. Not just from a security perspective - certain UWP 
apps on Windows 10 misbehave considerably if UAC is disabled.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Klaus Hartnegg
Sent: 10 March 2017 16:24
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Sohpos disables UAC ?

Has anybody recently seen Sophos Antivirus ("Endpoint Security") disabling User 
Account control in Windows 7?

Many computers here suddenly have UAC off, and my research points to Sophos 
installer/updater as culprit: UAC stays on when rebooting normally, but 
reproducably switches to off after a reboot that followed an install, 
uninstall, or larger update of Sophos. Maybe it only happens if SRP is turned 
on. I will continue testing on Monday, but maybe others already know more??

I had previouosly read complaints that antivirus software sometimes disables 
certain security features, but UAC!?!

[NTSysADM] RE: Group Policy Settings Reference for Citrix XenApp and XenDesktop

2017-03-07 Thread James Rankin

Excellent stuff - I've referenced it already in my article here 
http://www.htguk.com/applying-citrix-policies-through/

I may update the article using this as a template, really handy, cheers!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 07 March 2017 11:21
To: NT Issues (ntsysadm@lists.myitforum.com) 
Subject: [NTSysADM] Group Policy Settings Reference for Citrix XenApp and 
XenDesktop

Webster's newest community project.

New article & file: Group Policy Settings Reference for Citrix XenApp and 
XenDesktop - 
http://carlwebster.com/group-policy-settings-reference-citrix-xenapp-xendesktop/

Thanks


Carl Webster
Citrix Technology Professional
http://www.CarlWebster.com
The Accidental Citrix Admin

RE: [NTSysADM] Hyper-V fun

2017-02-24 Thread James Rankin

SMB3 switching didn’t appear to change anything, but mounting an iSCSI LUN and 
associated targets allowed me to get it running. Bit of a shame I couldn’t 
simply use a file share but I have effectively got where I wanted to be now ☺

Thanks all

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: 23 February 2017 19:37
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Hyper-V fun

Has to be v3 on both sides. But 2012 R2 supports V3 natively.

I had no clue about Synology. But I googled that for you (and since I’m feeling 
particularly nice today, I wasn’t nasty about it ☺ ).

https://www.reddit.com/r/synology/comments/362xpe/dont_forget_to_enable_smb3/

You have to enable it.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, February 23, 2017 2:14 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Hyper-V fun

That’s v3 on the Synology end? Does that depend on firmware level or do you 
have to actually flip a switch somewhere? (Apologies for ignorance, storage is 
not normally my bag)

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall
Sent: 23 February 2017 19:04
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Hyper-V fun

SMB works great, if, as MBS said, you're running v3.

On Feb 23, 2017 9:46 AM, "James Rankin" 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
Ah. So looks like SMB share is a big no-go.

Time to do some LUN creation…

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Matt Hebbel
Sent: 23 February 2017 13:04
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>; 
ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Hyper-V fun

Have a look at the article below. I believe you need to change from using SMB...

https://social.technet.microsoft.com/wiki/contents/articles/30521.set-up-a-virtual-infrastructure-at-home-with-windows-8-hyper-v-manager-and-a-synology-ds412j.aspx

Matt

On Feb 23, 2017, 6:46 AM -0600, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>>, wrote:
I’m trying to build a model office for demo purposes. I have a Synology NAS to 
store all my VMs on and I am trying to connect them to a Hyper-V 2012 R2 
instance (just so I don’t have to convert all of my machines from VHD to VMDK, 
which would be the case if I used VMware). I’m using a straight SMB share on 
the Synology to connect up.

I managed to get the machines to import into the Hyper-V Manager by actually 
“joining” the Synology to the domain and adding Domain Computers to the share 
with the VMs in, but every time I try and turn one on, I get this error

[cid:image001.png@01D28EF4.C8EA7A20]

Is this just a failing of the Synology? I have no such problems if I move the 
VMs to a file share on a Windows server, but I simply don’t have the capacity 
available there that we do on the Synology unit.

Any advice greatly appreciated…

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image004.jpg@01D28EF4.C8EA7A20]

James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446<tel:0191%204813446>
Mobile: 07809 668579<tel:07809%20668579>
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 
004<tel:862%20666%20004>. Our registered office is at 2.30 One Trinity Green, 
Eldon Street, South Shields, Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

RE: [NTSysADM] Hyper-V fun

2017-02-23 Thread James Rankin

Why thankyou sir. I would have gotten around to it eventually, I’m busy having 
some fun with roaming profiles.

I shall give it a try presently.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: 23 February 2017 19:37
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Hyper-V fun

Has to be v3 on both sides. But 2012 R2 supports V3 natively.

I had no clue about Synology. But I googled that for you (and since I’m feeling 
particularly nice today, I wasn’t nasty about it ☺ ).

https://www.reddit.com/r/synology/comments/362xpe/dont_forget_to_enable_smb3/

You have to enable it.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, February 23, 2017 2:14 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Hyper-V fun

That’s v3 on the Synology end? Does that depend on firmware level or do you 
have to actually flip a switch somewhere? (Apologies for ignorance, storage is 
not normally my bag)

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall
Sent: 23 February 2017 19:04
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Hyper-V fun

SMB works great, if, as MBS said, you're running v3.

On Feb 23, 2017 9:46 AM, "James Rankin" 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
Ah. So looks like SMB share is a big no-go.

Time to do some LUN creation…

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Matt Hebbel
Sent: 23 February 2017 13:04
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>; 
ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Hyper-V fun

Have a look at the article below. I believe you need to change from using SMB...

https://social.technet.microsoft.com/wiki/contents/articles/30521.set-up-a-virtual-infrastructure-at-home-with-windows-8-hyper-v-manager-and-a-synology-ds412j.aspx

Matt

On Feb 23, 2017, 6:46 AM -0600, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>>, wrote:
I’m trying to build a model office for demo purposes. I have a Synology NAS to 
store all my VMs on and I am trying to connect them to a Hyper-V 2012 R2 
instance (just so I don’t have to convert all of my machines from VHD to VMDK, 
which would be the case if I used VMware). I’m using a straight SMB share on 
the Synology to connect up.

I managed to get the machines to import into the Hyper-V Manager by actually 
“joining” the Synology to the domain and adding Domain Computers to the share 
with the VMs in, but every time I try and turn one on, I get this error

[cid:image001.png@01D28E0D.2AE9F360]

Is this just a failing of the Synology? I have no such problems if I move the 
VMs to a file share on a Windows server, but I simply don’t have the capacity 
available there that we do on the Synology unit.

Any advice greatly appreciated…

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image004.jpg@01D28E0D.2AE9F360]

James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446<tel:0191%204813446>
Mobile: 07809 668579<tel:07809%20668579>
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 
004<tel:862%20666%20004>. Our registered office is at 2.30 One Trinity Green, 
Eldon Street, South Shields, Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

RE: [NTSysADM] Hyper-V fun

2017-02-23 Thread James Rankin

That’s v3 on the Synology end? Does that depend on firmware level or do you 
have to actually flip a switch somewhere? (Apologies for ignorance, storage is 
not normally my bag)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Richard Stovall
Sent: 23 February 2017 19:04
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Hyper-V fun

SMB works great, if, as MBS said, you're running v3.

On Feb 23, 2017 9:46 AM, "James Rankin" 
<ja...@htguk.com<mailto:ja...@htguk.com>> wrote:
Ah. So looks like SMB share is a big no-go.

Time to do some LUN creation…

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Matt Hebbel
Sent: 23 February 2017 13:04
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>; 
ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Hyper-V fun

Have a look at the article below. I believe you need to change from using SMB...

https://social.technet.microsoft.com/wiki/contents/articles/30521.set-up-a-virtual-infrastructure-at-home-with-windows-8-hyper-v-manager-and-a-synology-ds412j.aspx

Matt

On Feb 23, 2017, 6:46 AM -0600, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>>, wrote:
I’m trying to build a model office for demo purposes. I have a Synology NAS to 
store all my VMs on and I am trying to connect them to a Hyper-V 2012 R2 
instance (just so I don’t have to convert all of my machines from VHD to VMDK, 
which would be the case if I used VMware). I’m using a straight SMB share on 
the Synology to connect up.

I managed to get the machines to import into the Hyper-V Manager by actually 
“joining” the Synology to the domain and adding Domain Computers to the share 
with the VMs in, but every time I try and turn one on, I get this error

[cid:image001.png@01D28E08.F0BEE2D0]

Is this just a failing of the Synology? I have no such problems if I move the 
VMs to a file share on a Windows server, but I simply don’t have the capacity 
available there that we do on the Synology unit.

Any advice greatly appreciated…

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image004.jpg@01D28E08.F0BEE2D0]

James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446<tel:0191%204813446>
Mobile: 07809 668579<tel:07809%20668579>
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 
004<tel:862%20666%20004>. Our registered office is at 2.30 One Trinity Green, 
Eldon Street, South Shields, Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

RE: [NTSysADM] Hyper-V fun

2017-02-23 Thread James Rankin

Ah. So looks like SMB share is a big no-go.

Time to do some LUN creation…

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Matt Hebbel
Sent: 23 February 2017 13:04
To: ntsysadm@lists.myitforum.com; ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Hyper-V fun

Have a look at the article below. I believe you need to change from using SMB...

https://social.technet.microsoft.com/wiki/contents/articles/30521.set-up-a-virtual-infrastructure-at-home-with-windows-8-hyper-v-manager-and-a-synology-ds412j.aspx

Matt

On Feb 23, 2017, 6:46 AM -0600, James Rankin 
<ja...@htguk.com<mailto:ja...@htguk.com>>, wrote:

I’m trying to build a model office for demo purposes. I have a Synology NAS to 
store all my VMs on and I am trying to connect them to a Hyper-V 2012 R2 
instance (just so I don’t have to convert all of my machines from VHD to VMDK, 
which would be the case if I used VMware). I’m using a straight SMB share on 
the Synology to connect up.

I managed to get the machines to import into the Hyper-V Manager by actually 
“joining” the Synology to the domain and adding Domain Computers to the share 
with the VMs in, but every time I try and turn one on, I get this error

[cid:image001.png@01D28DE1.192FD990]

Is this just a failing of the Synology? I have no such problems if I move the 
VMs to a file share on a Windows server, but I simply don’t have the capacity 
available there that we do on the Synology unit.

Any advice greatly appreciated…

[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image004.jpg@01D28DE1.192FD990]

James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446<tel:0191%204813446>
Mobile: 07809 668579<tel:07809%20668579>
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>

COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 
004<tel:862%20666%20004>. Our registered office is at 2.30 One Trinity Green, 
Eldon Street, South Shields, Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

[NTSysADM] RE: Documenting Citrix XenApp and XenDesktop 7.8+ with Microsoft PowerShell V2.0

2017-02-23 Thread James Rankin

Wow, I'm surprised Unidesk don't. Ah well, dodged a bullet ;-)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 23 February 2017 13:20
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Documenting Citrix XenApp and XenDesktop 7.8+ with 
Microsoft PowerShell V2.0

Neither Unidesk nor WEM have any PoSH stuff.

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, February 23, 2017 6:05 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Documenting Citrix XenApp and XenDesktop 7.8+ with 
Microsoft PowerShell V2.0

Great stuff. Now get ready to update it all for the Unidesk and Norskale 
features ;-)

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: 23 February 2017 11:28
To: NT System Admin Issues 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Documenting Citrix XenApp and XenDesktop 7.8+ with 
Microsoft PowerShell V2.0

FINALLY! After 14 months of work and almost 29,000 lines of PowerShell:

http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/
Documenting Citrix XenApp and XenDesktop 7.x with Microsoft PowerShell V2.0 | 
Carl 
Webster<http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/>
carlwebster.com
FINALLY! After 14 months of development, almost 29,000 lines of PowerShell, 
many hours of my time and with the help of almost 200 testers, we are pleased t

Thanks

Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com<http://www.carlwebster.com/>

[NTSysADM] Hyper-V fun

2017-02-23 Thread James Rankin

I'm trying to build a model office for demo purposes. I have a Synology NAS to 
store all my VMs on and I am trying to connect them to a Hyper-V 2012 R2 
instance (just so I don't have to convert all of my machines from VHD to VMDK, 
which would be the case if I used VMware). I'm using a straight SMB share on 
the Synology to connect up.

I managed to get the machines to import into the Hyper-V Manager by actually 
"joining" the Synology to the domain and adding Domain Computers to the share 
with the VMs in, but every time I try and turn one on, I get this error

[cid:image001.png@01D28DCE.32468EF0]

Is this just a failing of the Synology? I have no such problems if I move the 
VMs to a file share on a Windows server, but I simply don't have the capacity 
available there that we do on the Synology unit.

Any advice greatly appreciated...


[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image004.jpg@01D28DCE.32468EF0]






James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

[NTSysADM] RE: Documenting Citrix XenApp and XenDesktop 7.8+ with Microsoft PowerShell V2.0

2017-02-23 Thread James Rankin

Great stuff. Now get ready to update it all for the Unidesk and Norskale 
features ;-)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 23 February 2017 11:28
To: NT System Admin Issues 
Subject: [NTSysADM] Documenting Citrix XenApp and XenDesktop 7.8+ with 
Microsoft PowerShell V2.0

FINALLY! After 14 months of work and almost 29,000 lines of PowerShell:

http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/
Documenting Citrix XenApp and XenDesktop 7.x with Microsoft PowerShell V2.0 | 
Carl 
Webster
carlwebster.com
FINALLY! After 14 months of development, almost 29,000 lines of PowerShell, 
many hours of my time and with the help of almost 200 testers, we are pleased t

Thanks

Carl Webster

Consultant and Citrix Technology Professional

http://www.CarlWebster.com

RE: [NTSysADM] Question re job interview

2017-02-22 Thread James Rankin

You may be right there…

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 21 February 2017 23:54
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Question re job interview

And because no one understands what you are saying so no questions are asked! 
LOL


Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Tuesday, February 21, 2017 7:37 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Question re job interview

Congrats.

Have to agree with Jeff, I am the master of turning 1 hour presentations into 
35 minutes through sheer speed of talking.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jeff Steward
Sent: 21 February 2017 13:07
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Question re job interview

Good job.  It speaks well of you that it went long rather than short.  Most 
people get nervous and speed up.

Congratulations!

-Jeff

On Tue, Feb 21, 2017 at 8:02 AM Graeme Carstairs 
<loonyto...@gmail.com<mailto:loonyto...@gmail.com>> wrote:
Just thought I would let you know

I went with Eric's advise and gave my presentation at the interview despit 
timing it at 8 minutes it actually lasted 15 minutes at the interview

They thanked me for a presentation said it showed I understood the topics and 
could communicate effectively

And I got the job

Thanks guys


On Thu, 2 Feb 2017 at 19:27, Kurt Buff 
<kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote:
Erik has some good advice, but I'd take a close look at the published
job description, and cast your discussion in terms that would fit
that, as you would to your next two layers of management.

For sure, 10 minutes isn't much time, as that's a huge subject, so
you'll of necessity need to do a rather broad overview, but take your
time and practice speaking/enunciating clearly.

I wouldn't make your submission a verbatim transcript of your talk;
just give the outline - unless they're specifically looking for that,
which seems unlikely.

Kurt

On Thu, Feb 2, 2017 at 7:09 AM, Graeme Carstairs 
<loonyto...@gmail.com<mailto:loonyto...@gmail.com>> wrote:
> hi,
>
> having just been made redundant I have been applying for al sorts of IT
> roles, whatI have been doing for the last 15 years (designing, implementing
> and supporting windows server based networks for small to large
> enterprises).
>
> I have just received my first interview confirmation, and they have asked
> that I submit in advance and give on the day a 10 minute presentation on the
> topic "Discuss Data Management, availability and Disaster Recovery"
>
> Now I have never been asked to do this before well more not on such a wide
> topic.
>
> anyone got any suggestions on what I can base it around, I am not looking
> for anyone to do it for me just some topics or ideas on what to do it on?
>
> TIA
>
>
> --
>
>
> e-mail :- loonyto...@gmail.com<mailto:loonyto...@gmail.com>
--
Graeme Carstairs

e-mail :- loonyto...@gmail.com<mailto:loonyto...@gmail.com>

RE: [NTSysADM] Question re job interview

2017-02-21 Thread James Rankin

Congrats.

Have to agree with Jeff, I am the master of turning 1 hour presentations into 
35 minutes through sheer speed of talking.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jeff Steward
Sent: 21 February 2017 13:07
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Question re job interview

Good job.  It speaks well of you that it went long rather than short.  Most 
people get nervous and speed up.

Congratulations!

-Jeff

On Tue, Feb 21, 2017 at 8:02 AM Graeme Carstairs 
> wrote:
Just thought I would let you know

I went with Eric's advise and gave my presentation at the interview despit 
timing it at 8 minutes it actually lasted 15 minutes at the interview

They thanked me for a presentation said it showed I understood the topics and 
could communicate effectively

And I got the job

Thanks guys


On Thu, 2 Feb 2017 at 19:27, Kurt Buff 
> wrote:
Erik has some good advice, but I'd take a close look at the published
job description, and cast your discussion in terms that would fit
that, as you would to your next two layers of management.

For sure, 10 minutes isn't much time, as that's a huge subject, so
you'll of necessity need to do a rather broad overview, but take your
time and practice speaking/enunciating clearly.

I wouldn't make your submission a verbatim transcript of your talk;
just give the outline - unless they're specifically looking for that,
which seems unlikely.

Kurt

On Thu, Feb 2, 2017 at 7:09 AM, Graeme Carstairs 
> wrote:
> hi,
>
> having just been made redundant I have been applying for al sorts of IT
> roles, whatI have been doing for the last 15 years (designing, implementing
> and supporting windows server based networks for small to large
> enterprises).
>
> I have just received my first interview confirmation, and they have asked
> that I submit in advance and give on the day a 10 minute presentation on the
> topic "Discuss Data Management, availability and Disaster Recovery"
>
> Now I have never been asked to do this before well more not on such a wide
> topic.
>
> anyone got any suggestions on what I can base it around, I am not looking
> for anyone to do it for me just some topics or ideas on what to do it on?
>
> TIA
>
>
> --
>
>
> e-mail :- loonyto...@gmail.com

--
Graeme Carstairs

e-mail :- loonyto...@gmail.com

RE: [NTSysADM] Some advice needed about allowing local C: drive access

2017-02-17 Thread James Rankin

Why don't they just browse to \\hostname\c$?

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: 17 February 2017 17:34
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Some advice needed about allowing local C: drive access

I know I've read about this procedure somewhere, but I'm not finding it at the 
moment.

We have this application that writes out it's debug log to c:\debug.
Now, we hide drive C; from domain users using GPO (User 
Configuration/Policies/Administrative Policies/Windows Components/File 
Explorer/Hide these specific drives ("Restrict A.B.C")).

So what my help desk staff needs to do is to log onto these workstations (as a 
specific domain account), run the software, and need to be able to see, read 
(and optionally write to) this C:\Debug location, to identify/fix problems.
(this is the "Check21" check processing software, if anyone else uses it)

What I don't know is how best to do this.

Oh, sure, I could create a whole new GPO, without that "Hide drives"
setting, and limit it only to this one domain login. But is there a better, 
more efficient way to do this? I want C: drive hidden from the majority of my 
users, but do need certain logons that aren't limited this way.

And I don't want the logon to be local admin, or have any access other than 
just standard domain user (or I could use a Restricted Group).

Thoughts? Advice?
(Win 2008 R2 domain)

RE: [NTSysADM] Minor mystery - Win 10 versions I don't recognize

2017-02-02 Thread James Rankin

Hmmm... didn't read the link  before replying :-(

Are they possibly eval versions or machines stuck outside of the grace period 
for their branch?

-Original Message-
From: James Rankin 
Sent: 02 February 2017 19:14
To: 'ntsysadm@lists.myitforum.com' <ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Minor mystery - Win 10 versions I don't recognize

The 10586s are 1511 versions with different cumulative updates, I presume.

The 14393s are 1607 versions again with different cumulative updates.

The RTM version was 10240.x.x

I'm sure the cumulative updates increment the minor version number somewhat, as 
I recall.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: 02 February 2017 19:01
To: ntsysadm <NTSysADM@lists.myitforum.com>; WSUS Mailing List 
<w...@listserv.patchmanagement.org>
Subject: [NTSysADM] Minor mystery - Win 10 versions I don't recognize

All,

I'm looking in my WSUS server for version of Win 10 in my user base, and am 
seeing some versions that aren't mentioned here:
https://technet.microsoft.com/en-us/windows/release-info.aspx

10.0.10586.103 - Not listed
10.0.10586.672 - Not listed, this is on the majority of my Win 10 machines
10.0.1.14393.351 - Listed
10.0.1.14393.594 - Not listed
10.0.1.14393.693 - Listed

Does anyone have a better source for versions?

Kurt

RE: [NTSysADM] Minor mystery - Win 10 versions I don't recognize

2017-02-02 Thread James Rankin

The 10586s are 1511 versions with different cumulative updates, I presume.

The 14393s are 1607 versions again with different cumulative updates.

The RTM version was 10240.x.x

I'm sure the cumulative updates increment the minor version number somewhat, as 
I recall.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: 02 February 2017 19:01
To: ntsysadm ; WSUS Mailing List 

Subject: [NTSysADM] Minor mystery - Win 10 versions I don't recognize

All,

I'm looking in my WSUS server for version of Win 10 in my user base, and am 
seeing some versions that aren't mentioned here:
https://technet.microsoft.com/en-us/windows/release-info.aspx


10.0.10586.103 - Not listed
10.0.10586.672 - Not listed, this is on the majority of my Win 10 machines
10.0.1.14393.351 - Listed
10.0.1.14393.594 - Not listed
10.0.1.14393.693 - Listed


Does anyone have a better source for versions?

Kurt

Re: [NTSysADM] Adding only reboot right for domain user to a local host, remotely ...

2017-01-20 Thread James Rankin

Looks right, but they might possibly also need the "shut down the system" right 
as well...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: oozerd...@gmail.com
Sent: 20 January 2017 5:49 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Adding *only* reboot right for domain user to a local host, 
remotely ...

(I really wish my boss wouldn't ask about this type of stuff at noon on a 
Friday, when I have to leave by 4PM ...)

Anyway, what he wants to do: he wants our techs to be able to use a domain 
account, log into domain member servers, run Windows Update, *and* then be able 
to tell it to reboot.
And he does NOT want to add this domain account to local Administrators group.

(don't ask, it's a long story)

I *think* I can do this with a GPO

Computer Configuration > Policies > Windows Settings > Security Settings > 
Local Policies > User Right Assignment > Force shutdown from a remote system

Simply add account(s) in question to this policy and they will be able to 
reboot servers remotely.

Problem is, I haven't tested this yet, and he (ideally) wants this in place so 
the techs can install windows updates on Sunday. And no way do I want to roll 
this out to all production servers, without testing it first (which I don't 
have time to do, before I have to leave today)

Is this the best way to give a domain user only the right to reboot a server, 
without giving them any other rights? (I have a GPO that assigns WSUS settings 
via OU and group membership; I could either add it to that one, or make a new, 
and assign it to that same OU and group membership)

RE: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

2017-01-18 Thread James Rankin

I’m doing a series of webinars on Windows 10 and my experiences deploying it, 
if anyone wants to try and get themselves ready and find out all the worst 
things you may encounter…

https://attendee.gotowebinar.com/register/2890274500477726465

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Link
Sent: 18 January 2017 17:18
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

Yes, but Windows X tries to actively hide this fact from you by installing 
updates as stealthily as possible...
It's always great to restart a computer only to be get a 5 minute delay because 
it's installing updates, and I only recognize that updates are being installed 
because it's taking an eternity to restart the computer.

I'm brand new to Windows X on a personal basis, and our organization isn't 
ready to embrace it yet.  It will probably be a couple of years before we are, 
to be honest.  I know that the enterprise has some capability of managing 
updates, just as it does for Windows 7, but I focus on small businesses, and 
that update process is a lot more disruptive and obscure than in previous 
generations of Windows.  I've also seen the effect it's had on my mom.  I tell 
her to change the settings, but she doesn't.  So the average consumer has a 
system where they get updates automatically, which may or may not fix things, 
make things worse and come at inconvenient times.  Love how my computer just 
restarted because of updates just the other day.  Wait, that's not supposed to 
happen, you say?  Well, it did.

On Wed, Jan 18, 2017 at 11:51 AM, Kent, Mark 
> wrote:
All software is a work in progress.

Mark Kent
Manager, Client Systems Engineering
Technology Support Services
Resources for Information, Technology and Education (RITE)
http://rite.buffalostate.edu

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Melvin Backus
Sent: Wednesday, January 18, 2017 11:36 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

A machine not attached to the network is even more secure, but usability is 
greatly reduced.  ☹

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Wednesday, January 18, 2017 10:51 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

Apparently perpetual Beta is more secure.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Link
Sent: Wednesday, January 18, 2017 10:50 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

But I don't want an OS in perpetual beta...

On Wed, Jan 18, 2017 at 10:16 AM, Kennedy, Jim 
> wrote:
Yea, click bait subject. Sorry, but they deserve it.

http://www.forbes.com/sites/gordonkelly/2017/01/17/microsoft-windows-7-security-hardware-support-problems/#7bd530f87836

Re: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

2017-01-18 Thread James Rankin

Come to my webinar and I can show you more of Microsoft 's slightly immoral 
marketing tactics.

Ok, will stop trying to drum up more attendees now :-)

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: kennedy...@elyriaschools.org
Sent: 18 January 2017 6:33 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

Exactly. I'm not opposed to Win 10. I like it a lot.  Not opposed to updates, I 
like them. But I am opposed to MS's ongoing disingenuous marketing plan for 
Windows 10. Remember the pop ups with the fake cancel button that violated 
their own published standards for Windows pop ups.

This is just more of that.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Link
Sent: Wednesday, January 18, 2017 12:27 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

You mean MS leveraged pure FUD.  The author is simply trying to expose the FUD.

Yeah, every piece of software gets updates.  Get that.  Software shouldn't hide 
the fact that it has been updated or in the process of updating.

On Wed, Jan 18, 2017 at 12:16 PM, Joseph L. Casale 
> wrote:
Couldn't agree more, I don't do today what I learned had a better way to do 
yesterday.
What that author simply leveraged pure FUD to describe was every piece of 
software ever written.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Kent, Mark
Sent: Wednesday, January 18, 2017 9:51 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Microsoft announces Windows 7 is a security disaster.

All software is a work in progress.

RE: [NTSysADM] Environment variable editing

2017-01-18 Thread James Rankin

If you wanted to modify SYSTEM variables you’d need some form of elevation, in 
order to write the relevant Registry keys.

This could be done with a script and something like CPAU from JoeWare, or a 
third-party tool, maybe.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Joe Tinney
Sent: 18 January 2017 12:04
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Environment variable editing

A user should be able to modify their own environment variables without issue.

About 7 paragraphs down it discusses the registry key and method of announcing 
an update: 
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682653(v=vs.85).aspx

If I had to do this quickly I would give the user account permission to add 
values to that key and instruct them to reboot.

There are more in depth approaches out there but I think those are the basics.

Good luck,
Joe

On Jan 18, 2017 04:36, "Liby Philip Mathew" 
> wrote:
HI,
I am trying to allow users to edit their environment variable both users & 
system on the laptop on which they don’t have local administrator privilege.  
Is there a way that I can let the users edit the variable using GP?
I am not looking for pushing the variable using GP from the DC, but trying to 
allow the users to do it as per their requirement.
TIA

Regards
Liby

Disclaimer

[The information contained in this e-mail message and any attached files are 
intended solely for the use of the individual or entity to whom they are 
addressed. This transmission may contain information that is confidential, Path 
Solutions Private, or exempt from disclosure under applicable law and/or Path 
Solutions information security policy. The receiver of this communication shall 
not transmit any part of this message unless the email subject clearly classify 
it as “Public” or a written permission has been given by the information assets 
owner. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies, any disclosure, copying, distribution, or 
use of the information contained herein is STRICTLY PROHIBITED. Path Solutions 
accepts no responsibility for any errors, omissions, computer viruses and other 
defects.]

P Protect our planet: Do not print this email unless necessary.

Re: [NTSysADM] Environment variable editing

2017-01-18 Thread James Rankin

Can I ask why you would need to do that?

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: lmat...@path-solutions.com
Sent: 18 January 2017 9:38 a.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Environment variable editing

HI,
I am trying to allow users to edit their environment variable both users & 
system on the laptop on which they don’t have local administrator privilege.  
Is there a way that I can let the users edit the variable using GP?
I am not looking for pushing the variable using GP from the DC, but trying to 
allow the users to do it as per their requirement.
TIA

Regards
Liby

Disclaimer

[The information contained in this e-mail message and any attached files are 
intended solely for the use of the individual or entity to whom they are 
addressed. This transmission may contain information that is confidential, Path 
Solutions Private, or exempt from disclosure under applicable law and/or Path 
Solutions information security policy. The receiver of this communication shall 
not transmit any part of this message unless the email subject clearly classify 
it as “Public” or a written permission has been given by the information assets 
owner. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies, any disclosure, copying, distribution, or 
use of the information contained herein is STRICTLY PROHIBITED. Path Solutions 
accepts no responsibility for any errors, omissions, computer viruses and other 
defects.]

P Protect our planet: Do not print this email unless necessary.

Re: [NTSysADM] TestUser2 Group Membership

2016-12-20 Thread James Rankin

Replication lag?

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: dav...@imcu.com
Sent: 20 December 2016 6:33 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] TestUser2 Group Membership

Why would a user be in a group but not in that group in attribute editor?

Question...I'm having an issue getting the PA Firewall to recognize the correct 
group in certain situations...Here is what I've found and believe could be part 
of the issue...

1)  TestUser2 has been added the Group _Coll

a.   [cid:image001.png@01D25AC3.4B13D840]

2)  We can verify that by looking at the Members of _Coll

a.   [cid:image002.png@01D25AC3.4B13D840]

3)  However, when you go to Attribute Editor and double click on Member, 
TestUser2 is not listed...

a.   [cid:image003.png@01D25AC3.4B13D840]

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Please consider the environment before printing this email.

[NTSysADM] RE: Good converter of WAV to MP3

2016-12-19 Thread James Rankin

Who's the best, Jack, or Rostov? ;-)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Maglinger, Paul
Sent: 19 December 2016 14:07
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Good converter of WAV to MP3

That webpage had a link to a ripper comparison chart that I thought was pretty 
good.

http://wiki.hydrogenaud.io/index.php?title=Comparison_of_CD_rippers

Paul

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrea 'ML' Suatoni
Sent: Monday, December 19, 2016 7:36 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Good converter of WAV to MP3

Have you ever tried CUERipper? I am using it since a year, and while it seems 
too spartan at first and focused mainly on the quality of the rip more than its 
speed, it's a very nice app. I save my ripped tracks as FLAC, but other formats 
are supported. Find the info and the download links here (and it's free): 
http://cue.tools/wiki/CUERipper

Andrea

[NTSysADM] Windows 10 servicing branches

2016-12-15 Thread James Rankin

I'm writing an article on CBB versus LTSB - I'd appreciate it if anyone could 
offer their insight to allow me to gauge the mood of admins out there, via my 
(single question!) survey link

https://www.surveymonkey.co.uk/r/KY6JHPK



[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D25711.C0BDA400]






James Rankin CTA ACA
EUC Solutions Architect
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal

[NTSysADM] OT: windows 10 stuff

2016-12-08 Thread James Rankin

If anyone is interested in hearing about my experiences with windows 10 
deployment, here's a link to a (possible series, dependent on uptake) of 
webinars.

http://bit.ly/2hp2OUA

End shameless self promotion :-)


Sent from my slightly schizophrenic, but rather cool, BlackBerry Android

Re: [NTSysADM] OT: IT Philosophy

2016-12-08 Thread James Rankin

Appsense, RES and Scense all have similar privilege management features. I've 
had best results with appsense, but that's probably related to familiarity with 
the suite.

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: melvin.bac...@byers.com
Sent: 8 December 2016 4:38 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] OT: IT Philosophy

Care to share what that software is?

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, December 8, 2016 9:46 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] OT: IT Philosophy

Software we use has a “rights discovery mode” that you can use to audit the 
environment first and find out exactly which software needs admin access, which 
really helps :)

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: 08 December 2016 14:17
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] OT: IT Philosophy

One thing we did when we pulled admin was make a very serious and very public 
declaration that we would jump all over their requests for additional software 
or taking care of issues related to no admin.  Then we made sure we delivered 
on that promise.  We also did it a department/building at a time so neither 
they nor us would be over whelmed.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, December 8, 2016 8:49 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] OT: IT Philosophy

In environments where people are used to having admin access we use a software 
feature called “self-elevation”. The users have their admin taken away, but 
when they want to do anything as an admin, they just right-click the file or 
folder and choose “Elevate to admin”. No need to type in username and password 
(which is the biggest hurdle people who are used to being admins find), they 
just invoke the context menu and elevate their access.

In this way, if malware strikes it isn’t doing it with admin access, yet the 
user can still “be an admin” as much as they want.

Once you get this foot in the door, it’s only a matter of time to slowly work 
on their processes and expectations to bring them down to a level where they 
maybe don’t need to be admins at all. Various ways you can approach this, which 
I won’t go into here.

Of course being a non-admin doesn’t protect you from ransomware. Application 
execution management is key here (Windows 10 brings cool stuff like Device 
Guard which can complement traditional app management methods like AppLocker). 
We use a further extension of the software to manage this in a hands-off way, 
but again, it’s a busy space and there are lots of solutions.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: 08 December 2016 13:22
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: RE: [NTSysADM] OT: IT Philosophy

1 and 2 are up to management as long as they give you the resources to do it.

3 really surprises me, knowingly allowing company resources for certain 
copyright infringement seems really negligent.

On 4 you can never have enough layers against malware.  In the environment you 
describe I would be scared to death of ransomware.  And I would argue that you 
currently have zero protections in place if your users are admin. Especially 
when they are at home, you have nothing to protect them.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kish N Kepi
Sent: Wednesday, December 7, 2016 11:29 PM
To: Kish N Kepi
Subject: [NTSysADM] OT: IT Philosophy

We keep a lax environment – our users are local admins on their Windows laptops 
and we not stop them from installing any software they want – the only caveat I 
ever say is ‘don’t be stupid’. And yes, we are a hi-tech house, well beyond the 
startup stage.

During a conversation about potential changes to the way we do backups today, I 
stated that the current back up routine specifically excludes most media files, 
and also that I’d used psexec to kill utorrent processes. My boss, who is 
actually quite knowledgeable in IT matters, had a response surprised me: why? 
Why not backup the media files? Why not allow torrent traffic? His points were 
as follows:

1.   We give them laptops and smartphones and expect them to be available 
at all hours of the day –

[NTSysADM] RE: Windows Hello for Business

2016-12-08 Thread James Rankin

I've never tried this in the enterprise myself, but I've been less than 
impressed with Windows Hello's propensity to activate when confronted with 
people of, erm, similar lack of hair...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of dylan.mar...@bench.com
Sent: 08 December 2016 14:40
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Windows Hello for Business

Hi all,

Has anyone looked into Windows Hello for Business with Windows 10? Trying to 
find out how it works and what is necessary to deploy it into the actual domain 
and not only for local sign on.
However, Technet is quite unhelpful regarding this all, can't seem to find any 
actual clear answers on wether it's AD only with Server 2016 or AD with Azure 
AD AND Server 2016, different articles state different requirements without any 
actual clear answer.

Would be a really bad implementation if it's Azure AD ONLY in my opinion, 
reading the different documentation parts right now does seem to point towards 
that though...

Any help/guidance would be appreciated.

- Dylan

RE: [NTSysADM] OT: IT Philosophy

2016-12-08 Thread James Rankin

Software we use has a "rights discovery mode" that you can use to audit the 
environment first and find out exactly which software needs admin access, which 
really helps :)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: 08 December 2016 14:17
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] OT: IT Philosophy

One thing we did when we pulled admin was make a very serious and very public 
declaration that we would jump all over their requests for additional software 
or taking care of issues related to no admin.  Then we made sure we delivered 
on that promise.  We also did it a department/building at a time so neither 
they nor us would be over whelmed.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, December 8, 2016 8:49 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] OT: IT Philosophy

In environments where people are used to having admin access we use a software 
feature called "self-elevation". The users have their admin taken away, but 
when they want to do anything as an admin, they just right-click the file or 
folder and choose "Elevate to admin". No need to type in username and password 
(which is the biggest hurdle people who are used to being admins find), they 
just invoke the context menu and elevate their access.

In this way, if malware strikes it isn't doing it with admin access, yet the 
user can still "be an admin" as much as they want.

Once you get this foot in the door, it's only a matter of time to slowly work 
on their processes and expectations to bring them down to a level where they 
maybe don't need to be admins at all. Various ways you can approach this, which 
I won't go into here.

Of course being a non-admin doesn't protect you from ransomware. Application 
execution management is key here (Windows 10 brings cool stuff like Device 
Guard which can complement traditional app management methods like AppLocker). 
We use a further extension of the software to manage this in a hands-off way, 
but again, it's a busy space and there are lots of solutions.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: 08 December 2016 13:22
To: 'ntsysadm@lists.myitforum.com' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: RE: [NTSysADM] OT: IT Philosophy

1 and 2 are up to management as long as they give you the resources to do it.

3 really surprises me, knowingly allowing company resources for certain 
copyright infringement seems really negligent.

On 4 you can never have enough layers against malware.  In the environment you 
describe I would be scared to death of ransomware.  And I would argue that you 
currently have zero protections in place if your users are admin. Especially 
when they are at home, you have nothing to protect them.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kish N Kepi
Sent: Wednesday, December 7, 2016 11:29 PM
To: Kish N Kepi
Subject: [NTSysADM] OT: IT Philosophy

We keep a lax environment - our users are local admins on their Windows laptops 
and we not stop them from installing any software they want - the only caveat I 
ever say is 'don't be stupid'. And yes, we are a hi-tech house, well beyond the 
startup stage.

During a conversation about potential changes to the way we do backups today, I 
stated that the current back up routine specifically excludes most media files, 
and also that I'd used psexec to kill utorrent processes. My boss, who is 
actually quite knowledgeable in IT matters, had a response surprised me: why? 
Why not backup the media files? Why not allow torrent traffic? His points were 
as follows:

1.   We give them laptops and smartphones and expect them to be available 
at all hours of the day - that's convergence of home and office life - why 
shouldn't we backup the photos of their kids, pets and vacations too?

2.   Do we have bandwidth issues? We have a broad link to the internet and 
only at periodic peaks do we hit anywhere near our limit

3.   Legality of torrents? Really? How many people care about the legality?

4.   Malware? We have other protections in place.

I couldn't come up with any answers that sounded reasonable to me, so at this 
stage, we're planning increase our backup storage capacity.

Does anyone here have answers that I lack? Sorry for cross-posting, but I this 
question is bothering me, and I know that many people in this for a have 
strong, well-formed (and well-expressed) opinions

Kish n Kepi

[NTSysADM] RE: ALL Flash Storage

2016-12-07 Thread James Rankin

I think - SuperFast :)

We mainly use Atlantis, but not being much of a storage bod, don't know much 
except my VDI sessions are a lot quicker than they used to be

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: 07 December 2016 14:25
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] ALL Flash Storage

What is eveyone's thoughts on All Flash Storage?
I am looking to replace the Storage I have attached to my VNX5400 from EMC with 
either:

EMC Unity

PureStorage

Nimble

I haven't gotten all the proposals in yet but was wondering what everyone else 
thought about them?

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Please consider the environment before printing this email.

RE: [NTSysADM] Windows 10 1607 and UE-V

2016-12-07 Thread James Rankin

Yeah, Enterprise State Roaming is their new Azure-backed roaming capability. It 
requires a premium AD subscription, and currently only handles Universal Apps 
(so Desktop Bridge conversion required).

I’ve had a good experience with User Profile Disks – but sadly they’re only 
supported on server desktops or Windows 10 VDI.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Markus Klocker
Sent: 07 December 2016 11:25
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Windows 10 1607 and UE-V

We have Enterprise and it doesn't work properly :)

If I'd speculate I'd say Microsoft pushes to Azure AD and Microsoft Accounts.
And that is a privacy no go for many.

Best,
Markus
Am 07.12.2016 um 11:39 schrieb James Rankin:
Just idle speculation, but I’m wondering if Microsoft are trying to push people 
more down the Enterprise State Roaming route than that of UE-V?

I have had a lot of problems testing UE-V myself on the 1607 release – in the 
end I gave up and just used User Profile Disks instead ☺

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Markus Klocker
Sent: 07 December 2016 10:08
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Windows 10 1607 and UE-V

Hello,

I wonder if some of you have already fought with UE-V and Windows 10 1607.
With nearly bleeding fingers I then discovered this social technet 
post<https://social.technet.microsoft.com/Forums/en-US/4ea4904f-e705-4682-a8a8-91462422e737/windows-10-build-1607-uev-templates-dont-register-automatically?forum=mdopuev>

So instead of working out of the box (as UE-V 2.1 SP1 did on Windows before) 
one has to manage templates central, distribute them via GPO and then run a 
script registering the templates so that UE-V works at all (this also includes 
Microsoft templates).

Can anyone bring some light into this.

All guides seem to address UE-V 2.1 SP1 deployments but not really Windows 10 
1607 with the integrated UE-V service.

Best,
Markus

RE: [NTSysADM] Windows 10 1607 and UE-V

2016-12-07 Thread James Rankin

Just idle speculation, but I’m wondering if Microsoft are trying to push people 
more down the Enterprise State Roaming route than that of UE-V?

I have had a lot of problems testing UE-V myself on the 1607 release – in the 
end I gave up and just used User Profile Disks instead ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Markus Klocker
Sent: 07 December 2016 10:08
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Windows 10 1607 and UE-V

Hello,

I wonder if some of you have already fought with UE-V and Windows 10 1607.
With nearly bleeding fingers I then discovered this social technet 
post

So instead of working out of the box (as UE-V 2.1 SP1 did on Windows before) 
one has to manage templates central, distribute them via GPO and then run a 
script registering the templates so that UE-V works at all (this also includes 
Microsoft templates).

Can anyone bring some light into this.

All guides seem to address UE-V 2.1 SP1 deployments but not really Windows 10 
1607 with the integrated UE-V service.

Best,
Markus

RE: [NTSysADM] Cloud Backup Service

2016-12-05 Thread James Rankin

We've used Azure Backup in-house - the guys at the sharp end tell me they've 
had no problems with it, but I can't speak personally.

Of course, we're very much trying to push a lot of the Azure stuff as part of 
our offerings, so it's to be expected we'd eat our own dog food.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kish N Kepi
Sent: 05 December 2016 13:15
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Cloud Backup Service

Anyone using a cloud backup service for enduser's laptops, that can be 
recommended?

In truth, I don't really know the right features to be looking for, so any 
information you pass on would be appreciate.

KnK

Re: [NTSysADM] List of major IT conferences in the US?

2016-11-28 Thread James Rankin

Also isn't Citrix Synergy 2017 in Orlando?

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: jra...@nwnit.com
Sent: 28 November 2016 11:50 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] List of major IT conferences in the US?

Hi everyone,

Back in April of this year I typed up this list of significant/notable/major IT 
conferences in the US and shared it with the collective. A number of you 
provided some good feedback. I figured I'd update it for 2017 and share it 
again. If there is something missing in the US that you believe is 
significant/worthwhile, please feel free to let me know!

Hope you find this useful!

Conference

2017 Date

Location

SANS

MANY, as early as Jan 9-14

many

RSA Conference

Feb 13 - 17

San Francisco

Red Hat 
Summit

May 2 - 5

Boston

EMC World

May 8 - 11

Las Vegas

Oxford Identity, Security, and Mobility 
Summit

May 9 - 11

Redmond, WA

Interop

May 15 - 19

Las Vegas

Citrix Synergy

May 23 - 25

Las Vegas

E2E Virtualization Conference

May 25 - 26

Orlando

Cloud Identity Summit

June 19 - 22

Chicago

Cisco Live

June 25 - 29

Las Vegas

Briforum

Not yet announced - Usually July

Boston?

Black Hat

July 22 - 27

Las Vegas

DEFCON

July 27 - 30

Las Vegas

VMWorld

August 27 - 31

Las Vegas

HP Global Partner Conf

Not yet announced - Usually Sept

Boston?

DerbyCon

Not yet announced - Usually Sept

Louisville, Ky

Microsoft Ignite

Sept 25 - 29

Orlando

NetApp Insight

Oct 2 - 5

Las Vegas

IT/Dev Connections

Oct 23 - 27

San Francisco

Gartner ITxpo

Oct 1 - 5

Orlando

Intel/McAfee FOCUS

Not yet announced - usually Oct/Nov

Las Vegas?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

Re: [NTSysADM] List of major IT conferences in the US?

2016-11-28 Thread James Rankin

Given that Brian Madden left tech target, not sure if there actually will be a 
briforum this year... certainly there will be no "bri" in it!

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: jra...@nwnit.com
Sent: 28 November 2016 11:50 p.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] List of major IT conferences in the US?

Hi everyone,

Back in April of this year I typed up this list of significant/notable/major IT 
conferences in the US and shared it with the collective. A number of you 
provided some good feedback. I figured I'd update it for 2017 and share it 
again. If there is something missing in the US that you believe is 
significant/worthwhile, please feel free to let me know!

Hope you find this useful!

Conference

2017 Date

Location

SANS

MANY, as early as Jan 9-14

many

RSA Conference

Feb 13 - 17

San Francisco

Red Hat 
Summit

May 2 - 5

Boston

EMC World

May 8 - 11

Las Vegas

Oxford Identity, Security, and Mobility 
Summit

May 9 - 11

Redmond, WA

Interop

May 15 - 19

Las Vegas

Citrix Synergy

May 23 - 25

Las Vegas

E2E Virtualization Conference

May 25 - 26

Orlando

Cloud Identity Summit

June 19 - 22

Chicago

Cisco Live

June 25 - 29

Las Vegas

Briforum

Not yet announced - Usually July

Boston?

Black Hat

July 22 - 27

Las Vegas

DEFCON

July 27 - 30

Las Vegas

VMWorld

August 27 - 31

Las Vegas

HP Global Partner Conf

Not yet announced - Usually Sept

Boston?

DerbyCon

Not yet announced - Usually Sept

Louisville, Ky

Microsoft Ignite

Sept 25 - 29

Orlando

NetApp Insight

Oct 2 - 5

Las Vegas

IT/Dev Connections

Oct 23 - 27

San Francisco

Gartner ITxpo

Oct 1 - 5

Orlando

Intel/McAfee FOCUS

Not yet announced - usually Oct/Nov

Las Vegas?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

Re: [NTSysADM] Windows 2012 R2 GPO Mapping Issue

2016-11-19 Thread James Rankin

There should be an event written to the logs as to why the mapping failed...

Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From: mkan...@cssu.org
Sent: 20 November 2016 3:02 a.m.
To: ntsysadm@lists.myitforum.com
Reply to: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Windows 2012 R2 GPO Mapping Issue

We have a GPO that is applied to Authenticated Users and linked to our domain.  
In it, we have a mapped drive which isn't work.  Looking at GPResult shows the 
policy being applied.  Using NET USE, we can map the drive with a user logged 
in.  We have unchecked, reconnect at logon and it still doesn't work.  The 
drive map action is Create. We also tried Update.  The GPO does work because 
other elements- a message on the logon screen is displayed.  The DC is a 
Windows 2012 R2 server and the workstation is a Windows 10 Pro version.  It 
also is not working on a Windows 2012 R2 terminal server.

Any help would be appreciated.

[NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)

2016-11-17 Thread James Rankin

I don't mind, I do my best work under the influence :)

322 pages of notes is quite heavy though. I just dump everything into OneNote - 
to the extent I now need to start a project to rationalize the file :-0

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 17 November 2016 19:20
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative 
synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)

Not at all, he has no screenshots! LOL

But seriously, I would have reached out for help before three months had 
passed. My personal limit is one hour for something this critical. Just ask MBS 
and Brian Desmond, I am not afraid to reach out for help. BUT, I make sure I 
have done my research first before I bother anyone. But I would not have done 3 
months' worth of effort and 322 very detailed pages of notes before I reached 
out.

Heck, I've even reached out to you while you were in a pub once (forgetting the 
6 hour time difference).

Thanks

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, November 17, 2016 6:22 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative 
synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)

322 pages of notes? Is he related to you? ;-0

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: 17 November 2016 12:13
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative 
synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)

Now that I am back in the "office".

Got brought into this call yesterday at 1500 and the customer had a hard stop 
at 1630.

Here is what I know:

Customer has two DCs, one in each datacenter on opposite sides of the state.
This issue of SYSVOL not replicating has been going on for over two months.
The main DC has the DFSR service but the second one does not.
Running dfsrmig /GetMigrationState on both DCs returns "eliminated".
It appears that even though the DFSR service does not appear in services.msc 
that dfsrmig still works.
The guy who originally handled IT stuff quit just over two months ago and the 
new guy steps in to a hornet's nest (SYSVOL was already broken).
This is a one guy IT shop for a company with 17 users.
He has 322 pages of meticulous notes of everything he has done over the past 
two months (that alone scares the crap out of me).
Why the guy waited over two months to ask for help is beyond me.
The company has known for months that electric work was scheduled at the "main" 
datacenter (main being the DC with all the FSMO roles).
Electric power will be down from 1800 this Friday and not guaranteed to be back 
before at least 0300 Monday.
>From what I was told they have been instructed that no sources of power are 
>allowed in this datacenter during this time.
Obviously if the second DC has no SYSVOL, "things" just aren't to work right 
for the users on that side.

I have asked for the results of "net share" from both DCs.
If the first DC has SYSVOL and NetLogon and the second one does not, then 
dcpromo down the second DC, reboot and dcpromo back.
If the first DC does not have SYSVOL share but has SYSVOL contents, then follow 
the Microsoft KB and take it from there.

Any advice, suggestions and thoughts are welcome.

Once they are back working, talk them in to putting in some 2012 R2 DCs since 
they have the licenses already.

Thanks

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Wednesday, November 16, 2016 6:44 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative 
synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)

You have a File Replication Service service, yes?

You want THAT KB instead.

Which is:

https://support.microsoft.com/en-us/kb/290762

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Wednesday, November 16, 2016 7:02 PM
To: NT Issues 
(ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>)
Subject: [NTSysADM] How to force an authoritative and non-authoritative 
synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)

Anyone ever had to use this KB to fix SYSVOL?

https://support.microsoft.com/en-us/kb/22

1 2 3 4 5 >

1 - 100 of 452 matches

Mail list logo