But, the only account needing administrators access to other servers is the
site server 's computer account.
Granting dp's access to the sysmgmgt container isn't best practice in my book,
but I wouldn't make a big deal out of it.
Granting dp's admin access to all other site systems and the
What’s the big deal after all? What’s the security risk?
It probably also depends on the number of systems overalls.
-R
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Kim Oppalfens
Sent: Montag, 9. Juni 2014 10:33
To: mssms@lists.myitforum.com
Convenience vs. security ?
In this case I’m not worried about the minor reduction in security, but
prefer the simplicity in managing it.
-R
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Johns, Damon (DoJ)
Sent: Montag, 9. Juni 2014 01:46
To:
I don't think I'll ever see it that way. I don't feel it is more convenient to
add a system to a group where it isn't needed, seems more inconvenient than
anything else.
I also don't agree with the minor reduction quote. You've, at best, doubled
your security risk, and that's for one remote
Yes, it’s a practical reason, accepting the imo added minor risk.
After all, the usual reason for an infection is not having proper access
with service or user accounts, much less with a computer account.
Pretty much of a stretch believing that a virus might actually deploy XP to
systems using
I agree that having it in a book doesn't always means it right, that's why I
said it was in my book which is entirely different :D.
And in regards to your MS quote, whenever a vendor of a piece of software
recommends something I like to threat it as best practice until I come up with
evidence
I found an issue with AutoCAD deployment, a single file was missing. I added
this file to the source location and then went under deployment for AutoCAD and
used the, Update content option. I thought this would only update that one
missing file on the DP but it seems to re-download the entire
I have a couple of msu files that I need to deploy during my OSD task sequence.
I've tried every combination of package/program and run command line that I can
think of. They all fail. File not found errors (exit code 2) or parameter is
incorrect (Exit code 87). How are you deploying msu files
Are you using the %sysnative% variable to call wusa.exe?
-Phil
_
Phil Schwan | Technical Architect, Enterprise Windows Services
Project Leadership Associates | 2000 Town Center, Suite 1900, Southfield, MI
48075
Lync: 312.756.1626
Something like this?
wusa.exe
AMD64-all-windows8-rt-kb2871777-x64_68b73ffc1a3efec11c252f76f9e90e6de65a2c9c.msu
/quiet /norestart
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Marcum, John
Sent: Monday, June 9, 2014 9:08 AM
To: SMS List
Sorry, it's an alias not a variable and the %'s are not needed. Use something
like %windir%\sysnative\wusa.exe at the beginning of your command line.
-Phil
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Schwan, Phil
Sent: Monday, June 9, 2014 10:32 AM
What do the red cross mean (see attached) ?
_
This email has been scanned by the MessageLabs Email Security System on behalf
of Leeds College of Building.
For more information please visit http://www.symanteccloud.com
Lol :)
The 2nd happens rather often, doesn’t it?
-R
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Kim Oppalfens
Sent: Montag, 9. Juni 2014 15:31
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Permissions on systems management container
I want to do some testing with one of my Applications, the applications in
questions has 4 different deployments, and I would like to test a specific one.
Is there a way to temporarily disable the remaining deployment types. Is this
possible?
Mark
What is leading you to that conclusion?
It's not downloading the entire 4GB package. It is checking every file though
to see what changed which in the case of packages with a large number of files
can still take a while. This process was greatly improved in R2 but pre-R2 is
rather inefficient
The determining factor for which deployment type runs comes down to first the
priority order then the requirements. The DT with the highest priority will be
evaluated first, if the PC meets the requirements for that DT it will run that
one and then stop. If the PC doesn't meet the
Make the requirement something that won't evaluate to true and then they
will basically be disabled.
For instance, set the total physical memory requirement to less than or
equal to 1.
On Mon, Jun 9, 2014 at 9:59 AM, Mark Evers evers_mark_...@hotmail.com
wrote:
I want to do some testing with
When I look at the PkgXferMgr.log it shows content being distrubuted to the DP.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Jason Sandys
Sent: Monday, June 09, 2014 11:25 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Updating a package
I've been running into some issues with updating ConfigMgr Applications.
Basically, if I create an application and deploy it (as available), I can see
it and run it on clients. If I change the application after deployment,
however, the clients seem to get confused and refuse to run it, saying
It's not though: http://blog.configmgrftw.com/content-distribution-myth/
J
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Chris Carbone
Sent: Monday, June 9, 2014 11:10 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Updating a package content
We had problems in CM07 when creating OSD task sequences if we did NOT check
the UTC box. Essentially, all of the ad hoc advertisements for application
installs would fail about 50% of the time during deployment. That was a fun
one to troubleshoot.
From: listsad...@lists.myitforum.com
I have a complicated situation where I have 6 tasks (file copies and registry
values) that are comprised of 4 computer locations and 2 user locations. What I
need to achieve is that the computer tasks are advertised as available for
installation, and the user tasks need to run immediately
I suspect the account you are using to view the policy has insufficent
rights to read the policy
(I have seen similar in group policy manager where the policy is filtered
on a particular group and the accoun tyou are using is not part of that
group or a domain admin )
On Tue, Jun 10, 2014 at 2:58
You could do this another way, GP isn't your only option. Scripts looking at
subnets or OUs or machine names or other location indicating variables along
with start menu scripts or HKCU run goodies could be an option. There's a whole
bag of tricks that can be thrown at this without involving
do this post
http://www.windows-noob.com/forums/index.php?/topic/7772-how-can-i-change-a-hkcu-setting-within-windows-during-an-osd-deployment/
and this post
http://www.windows-noob.com/forums/index.php?/topic/10471-customization-of-internet-explorer-9-hkcu-key-problems/#entry39447
give you any
25 matches
Mail list logo