RE: [NTSysADM] RE: Welcome a brand new CTP to the family
Well, Michael B. Smith encouraged me and I encouraged James. I just got an email off list from someone saying the same thing you did. Here is my reply. Tip #1 anonymize and generalize all these "neat" Citrix related issues you work on and resolve and write them up. Tip #2 share that info with the world either thru CUGC blog or start your own website. Tip #3 rinse, lather, repeat #s 1 and 2 If the community has no idea who you are, you will never become a CTA or CTP. http://www.citrixguru.com/2018/02/01/citrix-ctp-2018/ Read the blurb from Gareth Carson. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of D R Sent: Thursday, February 1, 2018 8:53 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: Welcome a brand new CTP to the family Way to go! I still aspire to be where you are at... hopefully, one day... before I die. ;) Daniel On Thu, Feb 1, 2018 at 8:41 AM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: Congratulations Mr. Rankin! From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Webster Sent: Thursday, February 1, 2018 9:08 AM To: NT Issues (ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) Subject: [NTSysADM] Welcome a brand new CTP to the family Our very own James Rankin is a brand-new CTP. Welcome to the family James. https://www.citrix.com/blogs/2018/02/01/welcome-ctp-class-of-2018/ https://www.citrix.com/community/ctp/awardees.html Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin -- Daniel Rodriguez drod...@gmail.com<mailto:drod...@gmail.com>
[NTSysADM] Welcome a brand new CTP to the family
Our very own James Rankin is a brand-new CTP. Welcome to the family James. https://www.citrix.com/blogs/2018/02/01/welcome-ctp-class-of-2018/ https://www.citrix.com/community/ctp/awardees.html Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] Advice: migrate to new file server
GWBASIC allowed you to create and delete files, folders, and redirections that were not allowed from the CLI. Used it all the time when some user somehow created a file or folder named CON, PRN, AUX, COM, etc. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, January 30, 2018 7:29 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Advice: migrate to new file server On Mon, Jan 29, 2018 at 10:23 PM, Kurt Buff <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote: Youngsters these days... If I change the DVD/CD drive letter, I change it to Y:, because long ago, under some really old version of windows (3.1? wfwg 3.1x? I'm getting old - get off my lawn) logon scripts used Z:. AHEM. We assign Z: to a user's home folder in AD ... I guess that makes us antiques (that's the way it was when I first got here 10 years ago, haven't found a compelling enough reason for the pain of changing it) You can find a vague reference to it here: http://www.oreilly.com/openbook/samba/book/ch06_06.html Heh. I remember from back in Win 3.1, you can assign "[:" as a drive letter, too ... Kurt On Mon, Jan 29, 2018 at 2:42 PM, Dave Lum <l...@ochin.org<mailto:l...@ochin.org>> wrote: > My typical buildout: > > Anything with a user share (other than a domain controller) gets a separate > volume than the OS and the files live there. Database servers get at least > two additional (logs for one, DB for the other). Server hosting applications > with a lot of read/writes and or file growth get an additional volume as this > allows easy movement/growth/reallocation of data volumes without impacting > the host OS. Doing a file recovery can be simplified with this setup as > there's lower risk of restoring the wrong applicaiotn file/setting* > > Single volume systems are infrastructure stuff like domain controllers, DHCP > servers, and print server (depending on its load and if it's not also a file > server). > > My OCD also sets the DVD drive to Z: so adding other drive letters is > contiguous. > > Dave > * This is probably legacy thinking as I haven't run into this in many, many > years. > > > -Original Message- > From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> > [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] > On Behalf Of Kurt Buff > Sent: Monday, January 29, 2018 2:10 PM > To: ntsysadm > <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> > Subject: Re: [NTSysADM] Advice: migrate to new file server > > Don't know about everybody, but I do it - because I hate it when someone > copies a ton of big files to the driver that data shares with the OS, and the > machine chokes. Makes for a very unpleasant time for the users. > > I've also had to do this on machines with hyperactive print queues. > Now, if I'm building a print server, the spool directory goes on a separate > partition - doesn't really matter how big the partition is, even just a few > gigs, as long as it doesn't share the OS partition. > > Kurt > > On Mon, Jan 29, 2018 at 1:40 PM, Gantry Zettler > <gan...@gmail.com<mailto:gan...@gmail.com>> wrote: >> "I'm hoping that the data is on a separate partition from the OS. >> That's pretty critical. " >> >> Is this what everyone else does? Even on VMs? >> >> >> >> On Mon, Jan 29, 2018 at 3:16 PM, Melvin Backus >> <melvin.bac...@byers.com<mailto:melvin.bac...@byers.com>> >> wrote: >>> >>> Ditto. I usually do this over a span of days or weeks. Big initial >>> copy, then incrementals periodically depending on normal usage, etc. >>> Last pass as I’m ready to make the move. By that time we’re talking >>> about a few minutes because everything should be the same anyway, >>> just the time to scan the file systems. >>> >>> >>> >>> -- >>> There are 10 kinds of people in the world... >>> those who understand binary and those who don't. >>> >>> >>> >>> ¯\_(ツ)_/¯ >>> >>> >>> >>> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> >>> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] >>> On Behalf Of Charles F >>> Sullivan >>> Sent: Monday, January 29, 2018 2:58 PM >>> To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> >>> Subject: Re: [NTSysADM] Advice: migrate to new file server >>> >>> >>>
Re: [NTSysADM] Palo Alto Endpoint Security Trapps?
Yes, my employer sells them Webster Get Outlook for iOS<https://aka.ms/o0ukef> From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of David McSpadden <dav...@imcu.com> Sent: Friday, January 26, 2018 7:57:05 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Palo Alto Endpoint Security Trapps? Anyone using or heard of this? David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190| F: 317.554.8106 [Description: imcu email icon]<http://imcu.com/> [Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: email logo] [Image result for mcp logo]<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
[NTSysADM] RE: domain admin account passwords management
I used to have a security doc from MS (or maybe an MVP) that stated no more than 5 DA accounts and until needed, the SA and EA groups should be empty. Now I can't find the doc or the link to the original blog post. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, January 17, 2018 11:15 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: domain admin account passwords management I would suggest you should only have 4 (maximum) domain admin accounts. If Ford can get by with 4, so can you. And the actual Administrator account should have a disgustingly long password that is written down and put in a safe. I doubt highly that your service accounts need to be domain admins. They may need some specific privileges delegated, but actual domain admin? Probably not. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Wednesday, January 17, 2018 12:01 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] domain admin account passwords management I know we have LAPS for local admins. What is everyone doing for domain admin account passwords management and compliance? We are being asked to change passwords every 90 days and most of the domain admins are service accounts? So...what does everyone else do to automate/management this? David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190| F: 317.554.8106 [Description: imcu email icon]<http://imcu.com/> [Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: email logo] [Image result for mcp logo]<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
RE: [NTSysADM] Using PS to query date of latest Windows Updates installed
And you are running from an elevated PoSH session? Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Wednesday, January 17, 2018 10:27 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Using PS to query date of latest Windows Updates installed PS P:\software\PHA Scripts> Get-Help Get-WULastResults NAME Get-WULastResults SYNOPSIS Get Windows Update results. SYNTAX Get-WULastResults [-ComputerName <string[]>] [-Debuger ] [-PSWUSettings ] [-SendReport ] [] DESCRIPTION Use Get-WULastResults cmdlet to get Windows Update LastSearchSuccessDate and LastInstallationSuccessDate. RELATED LINKS Author Blog http://commandlinegeeks.com/ REMARKS To see the examples, type: "get-help Get-WULastResults -examples". For more information, type: "get-help Get-WULastResults -detailed". For technical information, type: "get-help Get-WULastResults -full". For online help, type: "get-help Get-WULastResults -online" PS P:\software\PHA Scripts> Get-WULastResults WARNING: To perform some operations you must run an elevated Windows PowerShell console. Get-WULastResults : Object reference not set to an instance of an object. At line:1 char:1 + Get-WULastResults + ~ + CategoryInfo : NotSpecified: (:) [Get-WULastResults], NullReferenceException + FullyQualifiedErrorId : System.NullReferenceException,PSWindowsUpdate.GetWULastResults So this cmdlet should return exactly what I am looking for, but for some reason it isn't working for me ... On Tue, Jan 16, 2018 at 4:46 PM, Michael Leone <oozerd...@gmail.com<mailto:oozerd...@gmail.com>> wrote: On Tue, Jan 16, 2018 at 4:31 PM, Matt Stork <mst...@northwestern.edu<mailto:mst...@northwestern.edu>> wrote: I find the Get-WUHistory from the PSWindowsUpdate module provides far more useful information regarding which updates are installed. It has an option -SendReport but the help for the cmdlet does not provide any information on how to use the option. For the purposes of this report, I don't need any more detail than "When were updates last applied?". Thanks, -Matt -Original Message- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Kurt Buff Sent: Tuesday, January 16, 2018 2:51 PM To: ntsysadm <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: Re: [NTSysADM] Using PS to query date of latest Windows Updates installed help get-hotfix -full For your purposes this might work, if you have a small number of computers: ( get-hotfix -computername work1, work2, work3 | sort installedon )[-1] Kurt On Tue, Jan 16, 2018 at 12:37 PM, Michael Leone <oozerd...@gmail.com<mailto:oozerd...@gmail.com>> wrote: > I'm drawing a blank on this. I need to query a set of clients, and return > the date that Windows Updates was last run (date updates were installed). > Then I will email this to the appropriate person. > > I'm finding lots of ways to query for the list of needed updates, or a list > of the installed updates, but not for the last date/time when updates were > actually installed. Clue/pointer, anyone? I remember something about a user > created WSUS module that might have that as a function, but for the life of > me, I'm not finding it. > > Thanks > > (I originally sent this to the > powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> , but > it said > I didn't have permission to post there. Dunno why, I used to be able to post > there .. and the return message didn't include instructions on how to sign > back up) >
[NTSysADM] Access database compatibility question
I am on a project where the company still runs EOL Presentation Server 4.0 on EOL Server 2003 using EOL Access 97 and 2003 and 2007. Is there a tool available I can use to analyze the 92 databases to see which are compatible, or not, with a current version of Access? My GoogleFu is weak today. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Microsoft Configuration Manager 2012 R2 PowerShell Documentation Script Version 2.33
Thanks to all those whose helped. http://carlwebster.com/microsoft-configuration-manager-2012-r2-powershell-documentation-script-version-2-33/ Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] New Blog Post: Get-FrameworkVersion
Can you translate to normal American English please? I couldn't understand that accent of yours. LOL Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Thursday, December 7, 2017 2:47 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] New Blog Post: Get-FrameworkVersion Webster makes good tweeting, ASB too... my feed is probably unintelligible to left-pondians though Sent from my slightly schizophrenic, but rather cool, BlackBerry Android From: mich...@smithcons.com<mailto:mich...@smithcons.com> Sent: 7 December 2017 8:43 p.m. To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] New Blog Post: Get-FrameworkVersion You should. Several people on this list have feeds worth following. Not just me. :) From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Tuesday, December 5, 2017 7:32 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] New Blog Post: Get-FrameworkVersion I don't follow anyone on Twitter. (That I know of. My Twitter registration is defensive.) But now I'm tempted. :) On Sun, Dec 3, 2017 at 7:23 PM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: That's what I always like to hear! -Original Message- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Kurt Buff Sent: Sunday, December 3, 2017 7:12 PM To: ntsysadm Subject: Re: [NTSysADM] New Blog Post: Get-FrameworkVersion Thanks - this will prove quite useful. Kurt On Sun, Dec 3, 2017 at 3:21 PM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: > New Blog Post: Get-FrameworkVersion > > http://www.essential.exchange/2017/12/03/get-frameworkversion/ > >
[NTSysADM] Config Mgr doc script help
Does anyone on this list use my Cong Manager documentation script? If so, would be open to testing an update? A user reported an invalid variable used for one WMI cmdlet. I fixed that according to his suggestion and took this as an opportunity to bring that script up to the changes made in all the other doc scripts. This user is claiming that parts of the script are broken even though no changes were made in those sections. Since I know nothing about SCCM and don't have access to SCCM to test with, I would appreciate any assistance anyone could help me with. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Microsoft Active Directory Documentation Script Update Version 2.16
With a lot of help from Michael B. Smith. http://carlwebster.com/microsoft-active-directory-documentation-script-update-version-2-16/ Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] A puzzlement I hope you can help with
Since I don't spend my time doing day-to-day admin work or installs, I need the help of you experts. I received this request from a customer with permission to ask you all. Who knows, maybe someone here uses the same software. Here is the original request: Our calyx point system is installed per user on our domain workstations. The install request is sent out when I create that user online in the calyx point user management site. Each user is put into an installation group based on their domain login rights. This has never been an issue before because we did not have the option to install Point on more than one device. Now we can install it on our home PC's or Laptops. When the users in the general user group try to install outside of their domain workstations they get a user name and password error. Point tech support says this is due to the install trying to use the admin login to do the install on a computer that is not on the domain. What I am hoping for is to somehow run a script on the domain computers that allows point to install and do updates as admin so I don't have to have the admin credentials in the point installation group. This will allow everyone to install and update point at work as needed as well as install at home without any problems. I don't know how to accomplish what he needs or wants. I can reach out to the customer if you have any questions or need more info. Thanks Webster
[NTSysADM] RE: Crosspost: clearing the autocomplete cache
Be glad CA is not a concealed carry state! Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, November 30, 2017 10:05 AM To: 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com>; excha...@lists.myitforum.com Subject: [NTSysADM] Crosspost: clearing the autocomplete cache Recently, we did a cleanup of proxy addresses that were no longer needed. Unfortunately, this has caused an issue with our users, as some of their autocomplete entries are using the old, now gone, proxy addresses. I've been directed to clear everyone's autocomplete cache. I found a quick and easy command to do this, but it opens Outlook in order to perform the clean. (outlook.exe /CleanAutoCompleteCache). Having Outlook open spontaneously, or a second instance opening, would be very disconcerting and worrisome for our users, so I'd like to find a way to clean the cache, without opening Outlook. Does anyone have a method? For the most part, all users are using Outlook 2016, but there are a few 2013, and 2010. Thanks, Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: 916-323-1284
RE: [NTSysADM] DHCP role
I would migrate DHCP first. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, November 30, 2017 9:00 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] DHCP role That's what we're doing as well. Not sure why, but our service account is member of DNSUpdateProxy, but also a member of DNSAdmins. Anyone have an idea why that group? I didn't set this up initially, I'm just trying to get things in best practices, and address a current issue I'm working through, of replacing a DC, that happens to be our main DHCP server. My thoughts at the moment, are to add a new DC, with only DC roles. Then, DCpromo the old DC (with DHCP), then migrate DHCP to a new server, that is only a member server, not a DC. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Mark Gottschalk Sent: Wednesday, November 29, 2017 6:21 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] DHCP role https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/ https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx This is what we've done with DHCP on DC. Have a user "DHCP_user" in Protected User group, DNSUpdateProxy group. Use this for alternate credentials. Note that first article says: "A common error is to think that the DHCP Server service running in a DC will use its service account security context to register records in DNS if no alternate credentials are configured, and then there is security risk. In fact, this is not the behavior of the DHCP Server in a DC. If the DHCP Server service detects that it is running in a domain controller, and no alternate credentials for DNS registrations have been configured, then it decides to not do any registrations for DHCP clients and logs event DHCP/1056." It also starts with: "One common deployment scenario for the DHCP Server service is to have it installed in domain controllers. When this scenario is used it is necessary to define the alternate credentials to be used by DHCP when doing DNS registrations on behalf of the DHCP clients." If you can separate them with no downside, go for it. However, running DHCP on a DC appears to be accounted for and can be addressed by above. -- Mark From:"Heaton, Joseph@Wildlife" <joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> To:'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Date:11/29/2017 02:49 PM Subject:[NTSysADM] DHCP role Sent by: "listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>"
[NTSysADM] What's Coming in the AD Documentation Script V2.16
So far (with the help of MBS): #Version 2.16 # Adding checking for users with home drive set in Active Directory Users and Computers (ADUC) # Added function OutputHDUserInfo # Adding checking for users with RDS home drive set in ADUC # Added function from Jeff Hicks Get-RDUserSetting # Added function OutputRDSHDUserInfo # Adding checking for users whose Primary Group is not Domain Users # Added function OutputPGUserInfo # Add new parameter ADDomain to restrict report to a single domain in a multi-domain Forest # Add schema extension checking for the following items and add to Forest section: # 'User-Account-Control', #Flags that control the behavior of a user account # 'msNPAllowDialin', #RAS Server # 'ms-Mcs-AdmPwd', #LAPS # 'ms-Mcs-AdmPwdExpirationTime', #LAPS # 'mS-SMS-Assignment-Site-Code', #SCCM # 'mS-SMS-Capabilities', #SCCM # 'msRTCSIP-UserRoutingGroupId', #Lync/SfB # 'msRTCSIP-MirrorBackEndServer' #Lync/SfB # 'ms-exch-schema-version-pt' #Exchange # Remove several large blocks of code that has been commented out # Revise how $LinkedGPOs and $InheritedGPOs variables are set to work around invalid property # name DisplayName when collection is empty # Updated Exchange schema versions # When run for a single domain in a multi-domain forest # Revise gathering list of domains # Revise testing for $ComputerName # Revise variable $ADContext in Function ProcessAllDCsInTheForest What would you like added to the script? I can't read your mind, you should actually tell me what you want added. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Updating the AD documentation script
The first update to the Active Directory documentation script (V2.16) is on Github. Working on making the script work for a single domain in a multi-domain Forest. https://github.com/CarlWebster/ActiveDirectory/tree/V2.16 There are other changes coming to the script, with the help of MBS, but I am working on single domain functionality first. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Microsoft DNS Documentation Script Update Version 1.07
http://carlwebster.com/microsoft-dns-documentation-script-update-version-1-07/ #Version 1.07 13-Nov-2017 # Added Scavenge Server(s) to Zone Properties General section # Added the domain name of the computer used for -ComputerName to the output filename # Fixed output of Name Server IP address(es) in Zone properties # For Word/PDF output added the domain name of the computer used for -ComputerName to the report title # General code cleanup # In Text output, fixed alignment of "Scavenging period" in DNS Server Properties # Removed code that made sure all Parameters were set to default values if for some reason they did exist or values were $Null # Reordered the parameters in the help text and parameter list so they match and are grouped better # Replaced _SetDocumentProperty function with Jim Moyle's Set-DocumentProperty function # Updated Function ProcessScriptEnd for the new Cover Page properties and Parameters # Updated Function ShowScriptOptions for the new Cover Page properties and Parameters # Updated Function UpdateDocumentProperties for the new Cover Page properties and Parameters # Updated help text Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] Crosspost: Do you have a complex certificate services environment?
Mmmm, "If you are interested, please reply to me directly - OFF LIST. Again OFF LIST." Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Sean Martin Sent: Tuesday, October 31, 2017 6:18 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Crosspost: Do you have a complex certificate services environment? Hey Michael, I wouldn't mind testing it out for you. We have a fairly simple CA environment (offline root, online intermediate) in a Windows 2008 R2 AD environment. - Sean On Tue, Oct 31, 2017 at 12:40 PM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: Forgive the crosspost. Webster and myself have some mutual customers that had Certificate Services issues. That being one of my areas of expertise, I worked through the problems and got everyone happy, but then realized the job would’ve been much much simpler with a script that dumped out everything that Active Directory knows about AD Certificate Services. So, viola, I wrote one; and I’ve enhanced it while working through some complex customer scenarios. Webster has offered to do the nice things he does to scripts (Word output, HTML output, code-signing, etc.) but I’d like to make sure that the script is complete before I hand it over to him. So I’m looking for a few good testers. I’d like for you to run the script and send me the output. If it bombs, let me fix it and try again. IT DOESN’T CHANGE ANYTHING. It just reads from AD and the registry. If you have a single server CA, you probably aren’t my target scenario – unless it’s been migrated and upgraded more than once. Or it was installed by someone who had no clue what they were doing and may have installed the CA a dozen times (it happens – that was a PIECE of the problem at one of my clients). I’m looking for environments with multiple roots, multiple servers in a hierarchy, potentially offline roots with an enterprise hierarchy, etc. If you are interested, please reply to me directly - OFF LIST. Again OFF LIST. Thanks! Regards, Michael B. P.S. There are some things the script could do that it doesn’t do – most specifically, validate certs and cross-check CA certs between AIA, CA, CDP, and KRA endpoints. It’s doable and a good idea (I needed that in a project a year or two ago), but out of scope for this Version 1. But almost anything else I can think of is fair game.
RE: [NTSysADM] Re: WOW!!! I had no idea I was going to be honored
None of this would have happened if MBS hadn't pushed, I mean encouraged, me to start blogging and help me learn PowerShell. Thanks Carl Webster Citrix Technology Professional Fellow | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jeff Steward Sent: Wednesday, October 25, 2017 6:27 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Re: WOW!!! I had no idea I was going to be honored Well done Carl. Good to see that Citrix recognizes the value you bring to the community. -Jeff On Tue, Oct 24, 2017, 8:58 PM J- P <jnat...@hotmail.com<mailto:jnat...@hotmail.com>> wrote: Well deserved- Congrats Jean-Paul Natola From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on behalf of Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> Sent: Tuesday, October 24, 2017 12:17 PM To: NT Issues (ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) Subject: [NTSysADM] WOW!!! I had no idea I was going to be honored https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-classification/ [https://www.citrix.com/blogs/wp-content/uploads/2017/10/award-1036x479.jpg]<https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-classification/> Announcing: CTP Fellow Award – A New 'Classification' | Citrix Blogs<https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-classification/> www.citrix.com<http://www.citrix.com> It is with great pride and joy that I announce a new facet of the Citrix Technology Professional (CTP) program: The Citrix Technology Professional Fellow Award. Deeply, deeply humbled and honored Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] WOW!!! I had no idea I was going to be honored
https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-classification/ Deeply, deeply humbled and honored Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] RE: PowerShell brainfart
https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/04/use-powershell-to-find-detailed-windows-profile-information/ Try that. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Thursday, October 12, 2017 2:45 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] PowerShell brainfart OK, I'm having a ditzy moment I'm trying to query profile type in PowerShell using gwmi Specifically gwmi win32_userprofile | select localpath, status But this returns all users on the machine - how can I make it return just the current user? I'm having a severe blonde moment - help! (Apologies to all blondes on the list) Cheers, [cid:image001.png@01D21FCA.D5DD9850] [cid:image002.jpg@01D21FCA.D5DD9850] [cid:image003.jpg@01D3436B.148CCD90] James Rankin CTA ACA vExpert Technical Evangelist / Media Hound Howell Technology Group Office: 0191 4813446 Mobile: 07809 668579 Email: ja...@htguk.com<mailto:ja...@htguk.com> www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | Linkedin<https://www.linkedin.com/in/markhtg> | Facebook<https://www.facebook.com/HTGUK> COMPANY INFORMATION Howell Technology Group Ltd is a limited company registered in England with registered number 5520670 and VAT registered number GB 862 666 004. Our registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, Tyne & Wear, NE33 1SA CONFIDENTIALITY NOTICE This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to us, and immediately and permanently delete it. Do not use, copy or disclose the information contained in this message or in any attachment. PRIVACY POLICY For information about how we process data and monitor communications please see our Privacy Policy. To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal
[NTSysADM] A Look Inside Webster’s Lab – September 2017
http://carlwebster.com/look-inside-websters-lab-september-2017/ Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] RE: WSUS and Windows 10
I configured WSUS for: Critical Updates Definition Updates (shouldn't be needed since they use Defender) Security Updates Office 2010 Office 2013 Office 2016 Office 365 Client Windows 10 Windows 7 Windows 8.1 After the initial synch. There were 5580 updates available. I can't find anything that tell me how much disk space is needed for all those updates. I have no idea where he is getting his 6TB figure from. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale Sent: Friday, September 22, 2017 9:49 AM To: 'ntsysadm@lists.myitforum.com' <ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: WSUS and Windows 10 Upgrades and feature updates in all language's... I have not used WSUS directly in a long time, but instead use it underneath Config Mgr and you need to be very specific about what you elect to distribute. In my case, I choose filters that are specific to versions and languages in use, rather than all language's for all versions which would be unutilized. Additionally, with the magnitude of patches nowadays, you need to routinely schedule maintenance of the database or both it and iis will soon encounter issues. I schedule a task which removes superseded updates and reindexes the database. jlc From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Friday, September 22, 2017 7:24 AM To: NT Issues (ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: [NTSysADM] WSUS and Windows 10 I haven't had the "pleasure" of dealing with WSUS in over 9 years. Got handed a support ticket for a customer whose WSUS wants to download terabytes worth of updates. I remembered enough to make sure they had selected only English and unselected numerous OS options. Running the Server Cleanup Wizard took all night. When he went to do a sync, WSUS reported there were over 6TB of updates to download. They are running Windows 10 Ent 1703. What Win10 options should be selected? There are several Win10 options and most of them I have no clue of what they are. Thanks Webster
[NTSysADM] RE: WSUS and Windows 10
[cid:image001.jpg@01D33393.BC87ECB0] Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Friday, September 22, 2017 9:59 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: WSUS and Windows 10 What are the options you're faced with? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: 22 September 2017 14:24 To: NT Issues (ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: [NTSysADM] WSUS and Windows 10 I haven't had the "pleasure" of dealing with WSUS in over 9 years. Got handed a support ticket for a customer whose WSUS wants to download terabytes worth of updates. I remembered enough to make sure they had selected only English and unselected numerous OS options. Running the Server Cleanup Wizard took all night. When he went to do a sync, WSUS reported there were over 6TB of updates to download. They are running Windows 10 Ent 1703. What Win10 options should be selected? There are several Win10 options and most of them I have no clue of what they are. Thanks Webster
[NTSysADM] WSUS and Windows 10
I haven't had the "pleasure" of dealing with WSUS in over 9 years. Got handed a support ticket for a customer whose WSUS wants to download terabytes worth of updates. I remembered enough to make sure they had selected only English and unselected numerous OS options. Running the Server Cleanup Wizard took all night. When he went to do a sync, WSUS reported there were over 6TB of updates to download. They are running Windows 10 Ent 1703. What Win10 options should be selected? There are several Win10 options and most of them I have no clue of what they are. Thanks Webster
RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?
That's because no one has figured how to say "I love you" in Russian. Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, September 14, 2017 1:35 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with? But he doesn't say anything is wrong. It's just another step in the increasing tension between Russia and the USA as far as I can see. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Thursday, September 14, 2017 2:26 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with? Looks like the WH's cybersecurity dude announced it. http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9 -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, September 14, 2017 2:18 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with? As I've recommended Kaspersky for about a decade now, I'm interested in knowing your source. :-) I know that the USA is less and less happy with Russia... But I've not found anything that even seems official... -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Thursday, September 14, 2017 12:32 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with? We use Kaspersky for our AV needs, and to be honest, it's worked out well for us. It's certainly caught things that McAfee, our previous AV solution, didn't. However, they have this slight problem with being a covert arm of the Russian government, apparently .. So we need to drop them, as the federal agencies are doing. There are lots of reviews, such as av-test.org, that we are looking at. But tell me, who do you have? And - more importantly - if you had your say in the matter, would you keep them? We're an sort of enterprise level organization, maybe 1K users, bunch of laptops issued to remote users. So far, all Win 7 for workstations, but obviously that will change in the future. Servers are all Win 2008/2012 R2 (so far). So we need something with a centralized console, to push out rules, updates, etc. We use Proofpoint as an email gateway, so it does mail scanning. We have Checkpoint firewalls for managing that sort of traffic. Thoughts? I know I've heard good things about ESET and Sophos, among others. Just soliciting some real world opinions, along with our own research.
RE: [NTSysADM] Group Policy - Enforce screensaver and password
How about testing it on a test user account so you will know exactly what happens??? It is a user policy setting so you can restrict it to a single user account for testing. Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Wednesday, September 6, 2017 11:03 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Group Policy - Enforce screensaver and password On Wed, Sep 6, 2017 at 11:38 AM, Wolf, Daniel <da.w...@neopost.com> wrote: > Don't specify a screensaver. It will just lock the machine with the screen > off. OK. So what if the user doesn't choose a screensaver. Then nothing happens, right? No screensaver, and - more importantly - no password needed to unlock the PC (presuming the display turns off, for power saving). I got the impression that this is what he is trying to prevent. Doesn't want people just walking away from a PC, and leaving it unlocked, for anyone to walk up and do nefarious things ... > > -Original Message- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone > Sent: Wednesday, September 6, 2017 10:26 AM > To: ntsysadm@lists.myitforum.com > Subject: [NTSysADM] Group Policy - Enforce screensaver and password > > I've had a "suggestion" from my CIO. :-) He would like to use GP to enforce > that all domain computers have a screensaver (set to like 15 minutes), and > that the screensaver is password enabled. He didn't seem to care which > screensaver, as long as one is set. > > (these are all Win 7 PCs, BTW) > > I see the options in User Config/Policies/Admin Templates/Control > Panel/Personalization that I can Enable Screen saver and password protect the > screen saver. But if I read it right, I either have to specify which screen > saver to use, or depend on the user to pick one. > > So what happens if I choose > > Enable screen saver: ENABLED > Password protect the screen saver: ENABLED screen saver timeout: 900 > seconds > > and the user does *not* set a screensaver? If I use the above settings, do I > really also need to force a specific screen saver, so that I can be sure that > at least a passworded screen saver is set? > > What do the rest of you do? I'm assuming at least some of you enforce > passworded screensavers. > > Thanks for any advice. > >
RE: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0
You talking about me? Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, August 17, 2017 3:00 PM To: ntsysadm <ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0 Who was just on a list asking for help with VMware configuration? H? 樂 Kurt On Thu, Aug 17, 2017 at 10:59 AM, Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: Everyone has their faults. Webster -Original Message- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Michael B. Smith Sent: Thursday, August 17, 2017 12:52 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0 Yes, it will work. I cannot say anything whatsoever about VMware. I'm a Hyper-V guy. -Original Message- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Kurt Buff Sent: Thursday, August 17, 2017 1:18 PM To: ntsysadm Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0 Right. Server Datacenter. Knew that. Habit to type Enterprise. The rest is stuff I'm trying to figure out, since I haven't played around much with real SQL Server since the 2000 edition, and not even much with Express since then. We are planning a 2-node cluster, so it sounds like Windows Server 2016 Standard and SQL Server 2016 (2017?) Standard will do exactly what we want. We do have restrictions in our EA regarding the number of licenses for SQL Server (2), and we also want to reduce the clutter of old versions of SQL Standard and SQL Express scattered amongst our servers. I intend to deploy on our VMware cluster (vSphere 6.0 Standard, 6 nodes, backed by a Nimble SAN), unless testing indicates it's a bad fit. Kurt On Thu, Aug 17, 2017 at 8:53 AM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: > I think y’all are confusing yourselves. Words mean things. > > > > For the purposes of this discussion, there is no such thing as > “Windows Server Enterprise”. > > > > The editions are Windows Server Standard and Windows Server Datacenter. > Since Windows Server 2012, both Standard and Datacenter include > Windows Failover Clustering (WFC). (So does Nano Server in Windows > Server 2016, but I digress.) > > > > There ARE features that a SQL installation may want to use, such as > SOFS (Scale-Out File Servers), that may require Windows Server > Datacenter; but WFC itself does not require Datacenter. > > > > SQL Server also comes in two editions, for the purposes of this discussion. > They are Standard and Enterprise. > > > > SQL Server Standard supports WFC for EXACTLY two nodes (this is also > called SQL Server Always On Failover Clustering). No more nodes than > two. SQL Server Standard does NOT support Always On Availability Groups. > > > > SQL Server Enterprise supports WFC for the operating system maximum > number of nodes. SQL Server Enterprise supports Always On Availability Groups. > > > > Define the deployment plan FIRST, then you can determine the necessary > software. Alternately, the licenses you have may restrict your > deployment plan. > > > > Regards, > > Michael B. > > > > From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> > [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] > On Behalf Of D R > Sent: Thursday, August 17, 2017 11:00 AM > > > To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> > Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server > cluster on vSphere 6.0 > > > > According to the Techs and Sales people in my org, it seems that they did. > > > > They are telling me that every SQL Clustering needs Enterprise on > 2016, or it's a 'no go'. > > > > Daniel > > > > On Thu, Aug 17, 2017 at 9:22 AM, Micheal Espinola Jr > <michealespin...@gmail.com<mailto:michealespin...@gmail.com>> wrote: > > As best as I can r
RE: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0
http://carlwebster.com/implementing-microsoft-sql-server-2016-standard-basic-availability-groups-use-citrix-xenapp-xendesktop-7-9/ Someone wrote on article on that very topic. Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, August 17, 2017 3:18 PM To: ntsysadm <ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0 The link you provided is helpful - thanks. According to our EA summary, I have an effective quantity of 4 x SQL Server Standard Core 2016 licenses, with an unresolved quantity of 20 and an SA quantity of 16, though I'm not entirely sure what all that means. Kurt On Thu, Aug 17, 2017 at 11:17 AM, Nathan Shelby <ntshe...@gmail.com<mailto:ntshe...@gmail.com>> wrote: "Server Standard does NOT support Always On Availability Groups" Sort of? As of SQL 2016, It supports Basic Availability Groups which are AGs with limitations, they are managed the same way as a standard AG. They don't scale particularly well but they avoid the pitfalls of a WSFC SQL implementation where you wait for the resource to come back up with a node failure. (differences here: https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/basic-availability-groups-always-on-availability-groups). Another thing that Kurt should be aware of is the licensing model for SQL 2016 Virtual Machines. With the consolidation mentioned are you planning to license the cluster as SQL Server Standard Core (depending on size this may make the most sense) or SQL Server Standard and SQL Client CALs? If you're running SQL Standard Core a VM requires running a minimum of 4 core licenses (2x 2 core packs, which is how SQL Core licensing is sold). I assume with a 6 node cluster you'll be covering the license with Software Assurance to take advantage of License Mobility so you can move the VM between hosts more than once per 90 day period. Nathan Shelby ntshe...@gmail.com<mailto:ntshe...@gmail.com> 425-205-9047<tel:(425)%20205-9047> On Thu, Aug 17, 2017 at 10:52 AM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: Yes, it will work. I cannot say anything whatsoever about VMware. I'm a Hyper-V guy. -Original Message- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Kurt Buff Sent: Thursday, August 17, 2017 1:18 PM To: ntsysadm Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0 Right. Server Datacenter. Knew that. Habit to type Enterprise. The rest is stuff I'm trying to figure out, since I haven't played around much with real SQL Server since the 2000 edition, and not even much with Express since then. We are planning a 2-node cluster, so it sounds like Windows Server 2016 Standard and SQL Server 2016 (2017?) Standard will do exactly what we want. We do have restrictions in our EA regarding the number of licenses for SQL Server (2), and we also want to reduce the clutter of old versions of SQL Standard and SQL Express scattered amongst our servers. I intend to deploy on our VMware cluster (vSphere 6.0 Standard, 6 nodes, backed by a Nimble SAN), unless testing indicates it's a bad fit. Kurt On Thu, Aug 17, 2017 at 8:53 AM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: > I think y’all are confusing yourselves. Words mean things. > > > > For the purposes of this discussion, there is no such thing as > “Windows Server Enterprise”. > > > > The editions are Windows Server Standard and Windows Server Datacenter. > Since Windows Server 2012, both Standard and Datacenter include > Windows Failover Clustering (WFC). (So does Nano Server in Windows > Server 2016, but I digress.) > > > > There ARE features that a SQL installation may want to use, such as > SOFS (Scale-Out File Servers), that may require Windows Server > Datacenter; but WFC itself does not require Datacenter. > > > > SQL Server also comes in two editions, for the purposes of this discussion. > They are Standard and Enterprise. > > > > SQL Server Standard supports WFC for EXACTLY two nodes (this is also > called SQL Server Always On Failover Clustering). No more nodes than > two. SQL Server Standard does NOT support Always On Availability Groups.
RE: [NTSysADM] Help setting up my new lab VMware hosts
Probably too boring for most people. I am NOT a networking virtualization host setting up person, so my request is probably too basic for most on this list. The new hosts are build, new 10G switch is up and connected to the other switch and the new Synology 1817 NAS is up and going. The three hosts and NAS are connected to the 10G switch and DR says I need to redo my Bond config on the NAS to the 10G switch. So, after customer calls today, I still have a bit of work to do that DR has given me. Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Don Ely Sent: Thursday, August 17, 2017 9:55 AM To: NT Issues (ntsysadm@lists.myitforum.com) <ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] Help setting up my new lab VMware hosts You don't wanna do it here? :) On Thu, Aug 17, 2017 at 6:16 AM Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: 10G switch and new NAS are up and running. Configuring network on the XenServer host for networking was dead simple. I am stumped trying to figure out how to configure the networking on the two ESXi 6.5U1 hosts. Is there someone who wouldn't mind reaching out to me off list to help me out? The new hosts have dual 10G and 1G NICs. Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0
Everyone has their faults. Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, August 17, 2017 12:52 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0 Yes, it will work. I cannot say anything whatsoever about VMware. I'm a Hyper-V guy. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, August 17, 2017 1:18 PM To: ntsysadm Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0 Right. Server Datacenter. Knew that. Habit to type Enterprise. The rest is stuff I'm trying to figure out, since I haven't played around much with real SQL Server since the 2000 edition, and not even much with Express since then. We are planning a 2-node cluster, so it sounds like Windows Server 2016 Standard and SQL Server 2016 (2017?) Standard will do exactly what we want. We do have restrictions in our EA regarding the number of licenses for SQL Server (2), and we also want to reduce the clutter of old versions of SQL Standard and SQL Express scattered amongst our servers. I intend to deploy on our VMware cluster (vSphere 6.0 Standard, 6 nodes, backed by a Nimble SAN), unless testing indicates it's a bad fit. Kurt On Thu, Aug 17, 2017 at 8:53 AM, Michael B. Smith <mich...@smithcons.com> wrote: > I think y’all are confusing yourselves. Words mean things. > > > > For the purposes of this discussion, there is no such thing as > “Windows Server Enterprise”. > > > > The editions are Windows Server Standard and Windows Server Datacenter. > Since Windows Server 2012, both Standard and Datacenter include > Windows Failover Clustering (WFC). (So does Nano Server in Windows > Server 2016, but I digress.) > > > > There ARE features that a SQL installation may want to use, such as > SOFS (Scale-Out File Servers), that may require Windows Server > Datacenter; but WFC itself does not require Datacenter. > > > > SQL Server also comes in two editions, for the purposes of this discussion. > They are Standard and Enterprise. > > > > SQL Server Standard supports WFC for EXACTLY two nodes (this is also > called SQL Server Always On Failover Clustering). No more nodes than > two. SQL Server Standard does NOT support Always On Availability Groups. > > > > SQL Server Enterprise supports WFC for the operating system maximum > number of nodes. SQL Server Enterprise supports Always On Availability Groups. > > > > Define the deployment plan FIRST, then you can determine the necessary > software. Alternately, the licenses you have may restrict your > deployment plan. > > > > Regards, > > Michael B. > > > > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] > On Behalf Of D R > Sent: Thursday, August 17, 2017 11:00 AM > > > To: ntsysadm@lists.myitforum.com > Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server > cluster on vSphere 6.0 > > > > According to the Techs and Sales people in my org, it seems that they did. > > > > They are telling me that every SQL Clustering needs Enterprise on > 2016, or it's a 'no go'. > > > > Daniel > > > > On Thu, Aug 17, 2017 at 9:22 AM, Micheal Espinola Jr > <michealespin...@gmail.com> wrote: > > As best as I can recall, it was listed as a requirement in the last > SQL clustering requirements doc I read on Microsoft's website. I > thought it was up-to-date, but perhaps I am mistaken? > > > > > > On Aug 17, 2017 6:55 AM, "Melvin Backus" <melvin.bac...@byers.com> wrote: > > Windows clustering doesn’t require Enterprise any more. It moved to > std with 2012. We run both LB and FO clusters on 2012 std. Please > don’t tell me they went back with 2016. L > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] > On Behalf Of Micheal Espinola Jr > Sent: Wednesday, August 16, 2017 9:24 PM > To: ntsysadm@lists.myitforum.com > Subject: Re: [NTSysADM] A new task for me - setting up a SQL Server > cluster on vSphere 6.0 > > > > The minimum requirement would be Windows. > > > -- > Espi > > > > > > On Wed, Aug 16, 2017 at 6:07 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > > Windows or SQL or both? > > > On Wed, Aug 16, 2017 at 5:27 PM, D R <drod...@gmail.com> wrote: >> Well, for 1, I thin
[NTSysADM] Help setting up my new lab VMware hosts
10G switch and new NAS are up and running. Configuring network on the XenServer host for networking was dead simple. I am stumped trying to figure out how to configure the networking on the two ESXi 6.5U1 hosts. Is there someone who wouldn't mind reaching out to me off list to help me out? The new hosts have dual 10G and 1G NICs. Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] RE: Imaging windows 10 1703 enterprise
James Rankin is my go-to guy for these types of questions. Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Wednesday, August 16, 2017 11:29 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Imaging windows 10 1703 enterprise I have a base image completely built. Everything functions on the local admin account. I have saved that image. Then Sysprepped. Then brought up the sysprepped image and my domain administrator can not access desktop icons, my default apps are back to Microsoft defaults (Edge not IE11), etc... What can I do to the save preSysPrepped image to have the default profiles come up nicely for the end users so they don't have to make the associations themselves? Make GPO's or CopyProfile? I have done neither thus far but am willing to do either if it helps. Leaning into the GPO's a lot harder than copyprofile if I can. What is everyone's opinion and how can I research this the quickest. The few google searches are coming up with articles from 2009 and such. I would like the latest best practices if we can. David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190| F: 317.554.8106 [Description: imcu email icon]<http://imcu.com/> [Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: email logo] [Image result for mcp logo]<https://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ=1493471205430002> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
RE: [NTSysADM] 10GBASE-T to SFP+
Thanks for all the help and those who reached out to me off list. I changed the 10G switch to a Netgear one, everything has been ordered and should start arriving tomorrow. Ordering cables was the only setback. Even though Amazon would state they had them in stock, when I went to complete the order, every cable would show "to be delivered in 1 to 4 weeks". Tried multiple vendors and had the same result for all of them. Oh well, I will get everything connected to the 10G switch when the cables do show up. Watch for an updated lab article on my site. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Tuesday, August 8, 2017 10:13 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 10GBASE-T to SFP+ If I break the seal on the server's case, I void the warranty. I have never worked with 10GbE before and never thought of adding it to the lab but that UBNT 10G switch looked affordable considering the cost of other 10G managed switches. Webster From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Tuesday, August 8, 2017 9:27 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] 10GBASE-T to SFP+ I’m not a hardware dude, but couldn’t you get a fiber NIC for your server? Something like this: https://www.newegg.com/Product/Product.aspx?Item=N82E16833114123 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Tuesday, August 8, 2017 9:43 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] 10GBASE-T to SFP+ With those prices, I will have to rethink the switch I plan to use!!! Webster From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jack Kramer Sent: Tuesday, August 8, 2017 8:21 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] 10GBASE-T to SFP+ It used to be that 10GBASE-T was outside of the SFP+ power envelope but there’s a couple of SFP+ modules with 10GBASE-T media now—they work by “modifying” the 10GBASE-T spec to reduce its power usage. The downside is reduced cable length support and what I assume is an absolute ton of heat output. https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html<https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html?utm_source=google_medium=cpc_term=10265_ppc_id=2221_kw=10265=Cj0KCQjwwqXMBRCDARIsAD-AQ2h38iIq21O-aAHRwTZnz38BC96Yyu6SaV-QYBZUHYm8RqjsXnIHXHMaAnO4EALw_wcB> http://www.prolabs.com/products/optical-transceivers/cisco/SFP_Plus/SFP-10G-T-C/ https://www.serversupply.com/products/part_search/pid_lookup.asp?pid=264498 I would be somewhat concerned about running a bunch of those in my switch but one or two would probably be fine. You could also look for a standalone media converter that takes SFP+ on one end and delivers 10GBASE-T on the other side—probably the more expensive but safer solution since it’s full power and dumping its heat somewhere that’s not directly into your switch. Jack Kramer, Senior Consultant Small Type Computing--www.smalltype.net<http://www.smalltype.net> W: 855-765-8973 x101 / C: 248-635-4955 On Aug 8, 2017, at 8:55 AM, Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: I have a SuperMicro server with dual 10GBASE-T ports. I am looking at a Ubiquiti UniFi Switch 16 XG. I know that switch has four 10GBASE-T ports but I plan on using those for my NAS that has 10GBASE-T ports. Is it possible to connect the server's 10GBASE-T ports to an SFP+ port with a specific cable and connectors? If so, any recommendations on what to use? Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] 10GBASE-T to SFP+
If I break the seal on the server's case, I void the warranty. I have never worked with 10GbE before and never thought of adding it to the lab but that UBNT 10G switch looked affordable considering the cost of other 10G managed switches. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Tuesday, August 8, 2017 9:27 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 10GBASE-T to SFP+ I’m not a hardware dude, but couldn’t you get a fiber NIC for your server? Something like this: https://www.newegg.com/Product/Product.aspx?Item=N82E16833114123 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Tuesday, August 8, 2017 9:43 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] 10GBASE-T to SFP+ With those prices, I will have to rethink the switch I plan to use!!! Webster From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jack Kramer Sent: Tuesday, August 8, 2017 8:21 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] 10GBASE-T to SFP+ It used to be that 10GBASE-T was outside of the SFP+ power envelope but there’s a couple of SFP+ modules with 10GBASE-T media now—they work by “modifying” the 10GBASE-T spec to reduce its power usage. The downside is reduced cable length support and what I assume is an absolute ton of heat output. https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html<https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html?utm_source=google_medium=cpc_term=10265_ppc_id=2221_kw=10265=Cj0KCQjwwqXMBRCDARIsAD-AQ2h38iIq21O-aAHRwTZnz38BC96Yyu6SaV-QYBZUHYm8RqjsXnIHXHMaAnO4EALw_wcB> http://www.prolabs.com/products/optical-transceivers/cisco/SFP_Plus/SFP-10G-T-C/ https://www.serversupply.com/products/part_search/pid_lookup.asp?pid=264498 I would be somewhat concerned about running a bunch of those in my switch but one or two would probably be fine. You could also look for a standalone media converter that takes SFP+ on one end and delivers 10GBASE-T on the other side—probably the more expensive but safer solution since it’s full power and dumping its heat somewhere that’s not directly into your switch. Jack Kramer, Senior Consultant Small Type Computing--www.smalltype.net<http://www.smalltype.net> W: 855-765-8973 x101 / C: 248-635-4955 On Aug 8, 2017, at 8:55 AM, Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: I have a SuperMicro server with dual 10GBASE-T ports. I am looking at a Ubiquiti UniFi Switch 16 XG. I know that switch has four 10GBASE-T ports but I plan on using those for my NAS that has 10GBASE-T ports. Is it possible to connect the server's 10GBASE-T ports to an SFP+ port with a specific cable and connectors? If so, any recommendations on what to use? Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] 10GBASE-T to SFP+
With those prices, I will have to rethink the switch I plan to use!!! Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jack Kramer Sent: Tuesday, August 8, 2017 8:21 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 10GBASE-T to SFP+ It used to be that 10GBASE-T was outside of the SFP+ power envelope but there’s a couple of SFP+ modules with 10GBASE-T media now—they work by “modifying” the 10GBASE-T spec to reduce its power usage. The downside is reduced cable length support and what I assume is an absolute ton of heat output. https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html<https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html?utm_source=google_medium=cpc_term=10265_ppc_id=2221_kw=10265=Cj0KCQjwwqXMBRCDARIsAD-AQ2h38iIq21O-aAHRwTZnz38BC96Yyu6SaV-QYBZUHYm8RqjsXnIHXHMaAnO4EALw_wcB> http://www.prolabs.com/products/optical-transceivers/cisco/SFP_Plus/SFP-10G-T-C/ https://www.serversupply.com/products/part_search/pid_lookup.asp?pid=264498 I would be somewhat concerned about running a bunch of those in my switch but one or two would probably be fine. You could also look for a standalone media converter that takes SFP+ on one end and delivers 10GBASE-T on the other side—probably the more expensive but safer solution since it’s full power and dumping its heat somewhere that’s not directly into your switch. Jack Kramer, Senior Consultant Small Type Computing--www.smalltype.net<http://www.smalltype.net> W: 855-765-8973 x101 / C: 248-635-4955 On Aug 8, 2017, at 8:55 AM, Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: I have a SuperMicro server with dual 10GBASE-T ports. I am looking at a Ubiquiti UniFi Switch 16 XG. I know that switch has four 10GBASE-T ports but I plan on using those for my NAS that has 10GBASE-T ports. Is it possible to connect the server's 10GBASE-T ports to an SFP+ port with a specific cable and connectors? If so, any recommendations on what to use? Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] 10GBASE-T to SFP+
The two switches would be next to each other in my "server room". http://carlwebster.com/look-inside-websters-lab-august-2017/ Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jack Kramer Sent: Tuesday, August 8, 2017 8:21 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 10GBASE-T to SFP+ It used to be that 10GBASE-T was outside of the SFP+ power envelope but there’s a couple of SFP+ modules with 10GBASE-T media now—they work by “modifying” the 10GBASE-T spec to reduce its power usage. The downside is reduced cable length support and what I assume is an absolute ton of heat output. https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html<https://www.cablesandkits.com/cisco-compatible-10gbase-t-sfp-module-rj45-connector-sfp-10g-t-p-10265.html?utm_source=google_medium=cpc_term=10265_ppc_id=2221_kw=10265=Cj0KCQjwwqXMBRCDARIsAD-AQ2h38iIq21O-aAHRwTZnz38BC96Yyu6SaV-QYBZUHYm8RqjsXnIHXHMaAnO4EALw_wcB> http://www.prolabs.com/products/optical-transceivers/cisco/SFP_Plus/SFP-10G-T-C/ https://www.serversupply.com/products/part_search/pid_lookup.asp?pid=264498 I would be somewhat concerned about running a bunch of those in my switch but one or two would probably be fine. You could also look for a standalone media converter that takes SFP+ on one end and delivers 10GBASE-T on the other side—probably the more expensive but safer solution since it’s full power and dumping its heat somewhere that’s not directly into your switch. Jack Kramer, Senior Consultant Small Type Computing--www.smalltype.net<http://www.smalltype.net> W: 855-765-8973 x101 / C: 248-635-4955 On Aug 8, 2017, at 8:55 AM, Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: I have a SuperMicro server with dual 10GBASE-T ports. I am looking at a Ubiquiti UniFi Switch 16 XG. I know that switch has four 10GBASE-T ports but I plan on using those for my NAS that has 10GBASE-T ports. Is it possible to connect the server's 10GBASE-T ports to an SFP+ port with a specific cable and connectors? If so, any recommendations on what to use? Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] 10GBASE-T to SFP+
I have a SuperMicro server with dual 10GBASE-T ports. I am looking at a Ubiquiti UniFi Switch 16 XG. I know that switch has four 10GBASE-T ports but I plan on using those for my NAS that has 10GBASE-T ports. Is it possible to connect the server's 10GBASE-T ports to an SFP+ port with a specific cable and connectors? If so, any recommendations on what to use? Thanks Carl Webster Citrix Technology Professional | iGel Tech Community Insider | Parallels VIPP http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
Re: Huzzah! Re: [NTSysADM] RPC not available on remote machine while doing DFSR config
Comic Sans 72 point font of knowledge webster Get Outlook for iOS<https://aka.ms/o0ukef> From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of Kurt Buff <kurt.b...@gmail.com> Sent: Thursday, July 27, 2017 7:52:07 PM To: ntsysadm Subject: Re: Huzzah! Re: [NTSysADM] RPC not available on remote machine while doing DFSR config Another thing I didn't know. You, sir, are a veritable font of knowledge. I guess we're either lucky or good, or both. We have Exchange 2010 servers (CAS server and DB server in the US, and single machine with CAS/DB in AU) in these two offices as well, and haven't seen any problems between them Kurt On Thu, Jul 27, 2017 at 5:38 PM, Michael B. Smith <mich...@smithcons.com> wrote: > I think there is a pretty good chance that I would've suggested you try > bypassing them. :-) > > I know that they can break Exchange if not properly precisely configured. > > -Original Message- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Thursday, July 27, 2017 8:18 PM > To: ntsysadm > Subject: Re: Huzzah! Re: [NTSysADM] RPC not available on remote machine while > doing DFSR config > > If you had known, would you have figured it out? :) > > I'm sure I'll remember this for quite a while, though. > > And thank you very much for your help, BTW - as always, much appreciated. > > Kurt > > On Thu, Jul 27, 2017 at 4:02 PM, Michael B. Smith <mich...@smithcons.com> > wrote: >> >> Well, I never would’ve figured that out! I didn’t even know you had WAN >> accelerators. J >> >> >> >> I’m glad you got it resolved! > >
RE: [NTSysADM] Running a command with parameters using PSEXEC
Try "c:\windows\system32\klist -li 0x3e7 purge" Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, July 18, 2017 8:29 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Running a command with parameters using PSEXEC On Tue, Jul 18, 2017 at 9:13 AM, David McSpadden <dav...@imcu.com<mailto:dav...@imcu.com>> wrote: I would move the first quote to in front of the c:\windows and maybe add user permissions to the remote box in the command line. No joy. Different error, tho ... C:\SysinternalsSuite>psexec \\dctrweb026 -u XX -p XX "c:\windows\system32\klist" "-li 0x3e7 purge" PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com<http://www.sysinternals.com> Usage: klist.exe [command] Command list: [tickets] [-lh ] [-li ] tgt [-lh ] [-li ] purge [-lh ] [-li ] sessions [-lh ] [-li ] kcd_cache [-lh ] [-li ] get [-lh ] [-li ] [-kdcoptions ] add_bind query_bind purge_bind c:\windows\system32\klist exited on dctrweb026 with error code -1.
RE: [NTSysADM] Perhaps of general interest...
It is 2020. https://blogs.office.com/en-us/2017/04/20/office-365-proplus-updates/ https://techcommunity.microsoft.com/t5/Office-365-Blog/Office-365-system-requirements-changes-for-Office-client/ba-p/62327 Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, July 6, 2017 3:04 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Perhaps of general interest... I would be interested in seeing any resources you mention. We signed a 5 yr EA last year, with the plan of keeping on-prem Office 2016 throughout, connecting to our O365. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, July 06, 2017 12:29 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Perhaps of general interest... I'm just curious. Sorry if my question seemed overly blunt. My understanding was that Outlook, PowerPoint, and OneNote from MSI would stop connecting to online services in 2018. But I can't find the resource where I read that... perhaps I imagined it. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, July 6, 2017 3:14 PM To: ntsysadm Subject: Re: [NTSysADM] Perhaps of general interest... I believe so. I'll have to check. At the worst, we have the MSI installs grandfathered in to whatever is current. Kurt On Thu, Jul 6, 2017 at 12:09 PM, Michael B. Smith <mich...@smithcons.com> wrote: > For office msi? > > -Original Message- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff > Sent: Thursday, July 6, 2017 2:50 PM > To: ntsysadm > Subject: Re: [NTSysADM] Perhaps of general interest... > > Not for at least another 3 years, and possibly longer - we just signed an EA. > > Kurt > > On Thu, Jul 6, 2017 at 11:20 AM, Michael B. Smith <mich...@smithcons.com> > wrote: >> Then you are going to need to switch to something other than Microsoft >> Office. >> >> -Original Message- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> Sent: Thursday, July 6, 2017 2:07 PM >> To: ntsysadm >> Subject: Re: [NTSysADM] Perhaps of general interest... >> >> Yes, but I prefer to "own" my software, not rent it. That way we can upgrade >> at need, rather than when the vendor says so, and will probably spend far >> less money doing so. >> >> The "own" in quotes merely points to not paying monthly rental - we all know >> that commercial software is only licensed, not truly sold. >> >> I just don't want to be a piggybank for the software publishers - I don't >> mind paying for good functionality, nor paying for ongoing support. >> >> On Thu, Jul 6, 2017 at 10:51 AM, Andrew S. Baker <asbz...@gmail.com> wrote: >>> Many big vendors today are pushing a cloud strategy, as it more >>> readily facilitates ongoing revenue and supporting a smaller number >>> of disparate configurations. >>> >>> Regards, >>> >>> ASB >>> http://XeeMe.com/AndrewBaker >>> >>> Providing Expert Technology Consulting Services for the SMB market… >>> >>> GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 >>> >>> >>> >>> On Sun, Jul 2, 2017 at 6:26 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >>>> >>>> Very interesting. >>>> >>>> MSFT is shoving very, very hard to push everyone into their cloud, >>>> and this fits their strategy... >>>> >>>> On Sun, Jul 2, 2017 at 2:41 PM, Michael B. Smith >>>> <mich...@smithcons.com> >>>> wrote: >>>> > >>>> > https://techcrunch.com/2017/07/02/microsoft-is-laying-off-thousan >>>> > d >>>> > s >>>> > -of-staff/?ncid=rss >>>> > >>>> > >>>> >>>> >>> >> >> > >
RE: [NTSysADM] Perhaps of general interest...
No, you did not imagine it. I have read it in multiple sources but now, also, cannot find a single source. Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, July 6, 2017 2:29 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Perhaps of general interest... I'm just curious. Sorry if my question seemed overly blunt. My understanding was that Outlook, PowerPoint, and OneNote from MSI would stop connecting to online services in 2018. But I can't find the resource where I read that... perhaps I imagined it. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, July 6, 2017 3:14 PM To: ntsysadm Subject: Re: [NTSysADM] Perhaps of general interest... I believe so. I'll have to check. At the worst, we have the MSI installs grandfathered in to whatever is current. Kurt On Thu, Jul 6, 2017 at 12:09 PM, Michael B. Smith <mich...@smithcons.com> wrote: > For office msi? > > -Original Message- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff > Sent: Thursday, July 6, 2017 2:50 PM > To: ntsysadm > Subject: Re: [NTSysADM] Perhaps of general interest... > > Not for at least another 3 years, and possibly longer - we just signed an EA. > > Kurt > > On Thu, Jul 6, 2017 at 11:20 AM, Michael B. Smith <mich...@smithcons.com> > wrote: >> Then you are going to need to switch to something other than Microsoft >> Office. >> >> -Original Message- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> Sent: Thursday, July 6, 2017 2:07 PM >> To: ntsysadm >> Subject: Re: [NTSysADM] Perhaps of general interest... >> >> Yes, but I prefer to "own" my software, not rent it. That way we can upgrade >> at need, rather than when the vendor says so, and will probably spend far >> less money doing so. >> >> The "own" in quotes merely points to not paying monthly rental - we all know >> that commercial software is only licensed, not truly sold. >> >> I just don't want to be a piggybank for the software publishers - I don't >> mind paying for good functionality, nor paying for ongoing support. >> >> On Thu, Jul 6, 2017 at 10:51 AM, Andrew S. Baker <asbz...@gmail.com> wrote: >>> Many big vendors today are pushing a cloud strategy, as it more >>> readily facilitates ongoing revenue and supporting a smaller number >>> of disparate configurations. >>> >>> Regards, >>> >>> ASB >>> http://XeeMe.com/AndrewBaker >>> >>> Providing Expert Technology Consulting Services for the SMB market… >>> >>> GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 >>> >>> >>> >>> On Sun, Jul 2, 2017 at 6:26 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >>>> >>>> Very interesting. >>>> >>>> MSFT is shoving very, very hard to push everyone into their cloud, >>>> and this fits their strategy... >>>> >>>> On Sun, Jul 2, 2017 at 2:41 PM, Michael B. Smith >>>> <mich...@smithcons.com> >>>> wrote: >>>> > >>>> > https://techcrunch.com/2017/07/02/microsoft-is-laying-off-thousan >>>> > d >>>> > s >>>> > -of-staff/?ncid=rss >>>> > >>>> > >>>> >>>> >>> >> >> > >
[NTSysADM] RE: Does Separating Data and Log Files Make Your Server More Reliable?
>From the comments, I gather it is not about speed, nor performance, nor >reliability. At least that is how I am reading the article and comments. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Monday, June 26, 2017 11:55 AM To: NT Issues (ntsysadm@lists.myitforum.com) <ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: Does Separating Data and Log Files Make Your Server More Reliable? I never viewed it as a reliability decision, but as a speed/performance decision. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Monday, June 26, 2017 12:30 PM To: NT Issues (ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) Subject: [NTSysADM] Does Separating Data and Log Files Make Your Server More Reliable? I had always been told to separate everything in SQL Server. https://www.brentozar.com/archive/2017/06/separating-data-log-files-make-server-reliable/ Webster
[NTSysADM] Does Separating Data and Log Files Make Your Server More Reliable?
I had always been told to separate everything in SQL Server. https://www.brentozar.com/archive/2017/06/separating-data-log-files-make-server-reliable/ Webster
[NTSysADM] Another busy weekend at Webster's Lab
http://carlwebster.com/citrix-xenappxendesktop-7-8-documentation-script-update-version-2-05/ http://carlwebster.com/citrix-xenappxendesktop-7-x-documentation-script-update-version-1-36/ http://carlwebster.com/microsoft-active-directory-documentation-script-update-version-2-15/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] RE: Group policy admx question
Darren Mar-Elia uses this example as a shortcoming of the Central Store. https://sdmsoftware.com/group-policy-blog/tips-tricks/admx-files-for-windows-10-build-1703-creators-update-now-available/ Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, June 15, 2017 3:13 PM To: 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Group policy admx question I just downloaded the admx file for Win 10 (1703) Creators Update, from here: https://www.microsoft.com/en-us/download/confirmation.aspx?id=55080 I then went looking for Server 2016 admx, and found a combined Win 10 and Server 2016, here: https://www.microsoft.com/en-us/download/details.aspx?id=53430 Is there not a separate Server 2016 admx, or do they use the same files? Also, there are a ton of admx files in this download. Is it best practice just to add/update all of them into the central store, or just ones that you think you'll need right away? Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [SaveOurWater_Logo]<http://saveourwater.com/> SaveOurWater.com<http://saveourwater.com/> * Drought.CA.gov<http://drought.ca.gov/>
RE: [NTSysADM] Ransonware protection
Ones I have personal experience with at customer sites: Cylance Bromium (headed by former CTO of Citrix) Citrix XenServer with BitDefender Hypervisor Introspection (HVI) Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Tom Miller Sent: Monday, June 12, 2017 7:35 AM To: NTSysADM@lists.myitforum.com Subject: [NTSysADM] Ransonware protection Hi All, What would you recommend as specific software solutions to protect against Ransomware? In my company we use: - Sonicwall firewalls, and the gateway security component is enabled and is supposed to help block/prevent. - Symantec AV. Not specific to ransom-ware but appears to be reactive. I'm looking at additional layers of security, such as the Barracuda e-mail filter. I used that at past jobs and that reduced the "infected" e-mails considerably. I also have used Malwarebytes enterprise. That has an anti-ransomeware component. I used that in a past job and was not impressed. Malwarebytes sold is an an "enterprise" solution, but it was a stand alone product, had not integration with the management console, no configuration and no notifications. It appeared to be a rush to market. Sophos supposedly has a similar solution specific to Malwarebytes but I have not looked at it yet. Internally, we also have targeted employee training and use a service to send "fake" messages from Amazon/UPS, etc to let them know that they need to be vigilant when reviewing messages from outside the company. Thoughts appreciated.
[NTSysADM] RE: VMware to Hyper-V transition
You left out Emergent Online, then Provision Networks, then Quest, then Dell and Wyse is in there somewhere. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, June 8, 2017 12:01 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: VMware to Hyper-V transition vWorkspace, formerly Quest, then Dell, and now Quest again. :) -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Thursday, June 8, 2017 11:56 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: VMware to Hyper-V transition What is your VDI solution? Webster From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, June 8, 2017 10:48 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] VMware to Hyper-V transition Anyone out there proficient in both VMware and Hyper-V who can point me at any good docs on doing a migration? I've got a specific application I'm considering moving to Hyper-V to help stretch the life of our VDI solution. We will eventually have to change I'm sure, but migrating it may be a stopgap and I've got the extra hardware at the moment. In particular I'm weak on the networking aspects of Hyper-V. Service Desk | 404-497-1599 | https://servicedesk.byers.com<https://servicedesk.byers.com/> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company | 404.497.1565 -- There are 10 kinds of people in the world... those who understand binary and those who don't.
[NTSysADM] RE: VMware to Hyper-V transition
What is your VDI solution? Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, June 8, 2017 10:48 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] VMware to Hyper-V transition Anyone out there proficient in both VMware and Hyper-V who can point me at any good docs on doing a migration? I've got a specific application I'm considering moving to Hyper-V to help stretch the life of our VDI solution. We will eventually have to change I'm sure, but migrating it may be a stopgap and I've got the extra hardware at the moment. In particular I'm weak on the networking aspects of Hyper-V. Service Desk | 404-497-1599 | https://servicedesk.byers.com<https://servicedesk.byers.com/> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company | 404.497.1565 -- There are 10 kinds of people in the world... those who understand binary and those who don't.
[NTSysADM] RE: cloud service (VDI)
With a minimum of 25 users though. Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Wednesday, May 31, 2017 7:14 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: cloud service (VDI) Just go Citrix Cloud, all wrapped up as a service in Azure From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: 31 May 2017 03:10 To: NT <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: [NTSysADM] cloud service (VDI) Hi all , I have a client that wans to do "cloud services" VDI, they are a small firm 6 users- So i', wondering if a 3rd party (I.e Rackspace) would make more sense then deploying a dedicated hyperv/citirx server on or offsite (to handle this)= any thoughts?
[NTSysADM] RE: First 2016 DC
I have seen the same un my lab. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Friday, May 19, 2017 4:34 PM To: 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com> Subject: [NTSysADM] First 2016 DC So, I just built a new Server 2016 box, and have made it a DC. It is the first 2016 DC in my environment. The install seemed to go fine, but the reboot is taking forever to happen. It has been sitting on the "Getting Windows ready, Don't turn off your computer" screen for at least 30 minutes plus. I really don't want to shut it down hard, so I'm going to continue to let it sit here and watch the dots go in circles, but is this normal? Should I be concerned at all? Thanks, Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [SaveOurWater_Logo]<http://saveourwater.com/> SaveOurWater.com<http://saveourwater.com/> * Drought.CA.gov<http://drought.ca.gov/>
RE: [NTSysADM] Which drives for Synology?
Agreed. I only buy stuff that is validated and approved by Synology. I have two of their NAS in my lab. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Art DeKneef Sent: Friday, May 19, 2017 11:55 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Which drives for Synology? Check with their tested drive list. I have used the Red 2TB drives in the past. I haven't deployed any of the 3 or 4 TB drives yet. Sensitivity: Internal From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jesse Rink Sent: Friday, May 19, 2017 9:31 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Which drives for Synology? Looking at a Synology DS916+ for a small customer... never really used Synology stuff before. Can someone recommend what drives I should look at getting? Looking for either 3TB or 4TB drives in the four-disk unit. Brand/model?? https://www.synology.com/en-us/products/DS916+ Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 Website<http://www.sourceonetechnology.com/> | Blog<http://www.sourceonetechnology.com/blog/> | LinkedIn<https://www.linkedin.com/in/jesse-rink> | Twitter<https://twitter.com/SourceOne_WI>
[NTSysADM] Three script updates released
http://carlwebster.com/finding-microsoft-folder-redirection-errors-using-microsoft-powershell-v2-0/ http://carlwebster.com/finding-group-policy-processing-time-using-microsoft-powershell-v2-0/ http://carlwebster.com/finding-microsoft-home-folder-errors-using-microsoft-powershell-v2-0/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] New script: Finding Service with Account Name Using Microsoft PowerShell V1.0
http://carlwebster.com/finding-service-account-name-using-microsoft-powershell-v1-0/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Microsoft Active Directory Documentation Script Update Version 2.14 (aka The Michael B. Smith Update)
http://carlwebster.com/microsoft-active-directory-documentation-script-update-version-2-14-aka-michael-b-smith-update/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] O365 and RDS
Well that explains the message “you can’t run this version of office 2016 in terminal services, get thee a volume license”. They bought the wrong O365 plan. Looks like they will be stuck with LibreOffice and Chrome for OWA. They also found out they originally bought the wrong OS RDS CALs. Some expensive mistakes. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Joe Tinney Sent: Wednesday, May 10, 2017 6:29 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] O365 and RDS Any license that gives you ProPlus. I install it with Shared Activation turned on. The users will have to sign in to activate Office for themselves and if they don't have the assigned license it won't activate. Same for Visio installed with Shared Activation. https://blogs.technet.microsoft.com/uspartner_ts2team/2016/01/27/rds-and-shared-computer-activation-walkthrough-for-office-365-pro-plus/ https://support.office.com/en-us/article/Deploy-Office-365-ProPlus-by-using-Remote-Desktop-Services-af9d7621-8c2c-4181-84b4-27778b1e7920 On May 10, 2017 18:35, "Webster" <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: What license level is needed for O365 to run on RDS? Webster
[NTSysADM] O365 and RDS
What license level is needed for O365 to run on RDS? Webster
RE: [NTSysADM] Terminal server sizing
Not enough info, way too many unanswered questions. Check out what RDS MVP and fellow CTP Benny Tritsch says on this topic. http://drtritsch.com/tutorials/rdsh/rdsh-server-sizing/ i.e. I need a vehicle, what do you recommend? Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Tuesday, May 2, 2017 8:40 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Terminal server sizing Does anyone have a good, current reference for speccing out hardware for a new MS terminal server? Thanks, RS
RE: [NTSysADM] Anyone see this VMware announcement and deal with it?
I don't install them but recently I have been building a lot of servers and templates on Nutanix. With RSS enabled, the servers scream with network throughput. I built a 2008 R2 server from the original RTM ISO, installed all Windows Updates, optimized and ran cleanmgr and the server was a template - all in less than 3 hours. I am sure part of it is the Nutanix hardware and the Nutanix optimized infrastructure but enabling RSS made a huge difference in performance. It also didn't hurt they had 1 GB Internet pipe to get all those hundreds of updates. Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Posner Sent: Thursday, March 30, 2017 12:03 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Anyone see this VMware announcement and deal with it? Come to find out we've not been utilizing RSS on our 2012r2 (all deployed with VMXNet3 by default). And nobody really knew about it when I asked. The few 2008 servers I've checked have it turned on, which is default. This will be something I revisit once VMware fixes the current issue. Look forward to testing on a few servers to see if there's a noticeable difference. Jason Posner Systems Administrator Weis Markets, Inc -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F Sullivan Sent: Tuesday, March 28, 2017 9:26 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Anyone see this VMware announcement and deal with it? That's okay, got it anyway. Both points are very relevant to me and I've passed on the information about the packet loss to the rest of my group, as I didn't know about this until you posted here. If I check a Windows 2012 VM that is current with its Tools on a 5.5 host, it's at the latest unaffected version. We are just adding 6.0 hosts and I suspect that if I were to upgrade any VMs on those hosts, they would be at an affected version, so I've let everyone know to hold off until there is a patch. Thanks again for the information. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Monday, March 27, 2017 5:41 PM To: ntsysadm <ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] Anyone see this VMware announcement and deal with it? Dang it... I forgot to put in the point of the post: Win2012 and Win2012R2 machines with current-ish VMware tools and RSS enabled can experience some packet loss. Current recommendation until VMware fixes the VMWare Tools is to older version. Yuck. Kurt On Mon, Mar 27, 2017 at 1:30 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > The comments section is very interesting, including the author stating > that best practice is to turn on RSS in multi-cpu machines with > VMXNet3 adapters > https://blogs.vmware.com/apps/2017/03/rush-post-vmware-tools-rss-incom > patibility-issues.html > >
RE: [NTSysADM] Anyone see this VMware announcement and deal with it?
Same with XenServer. If a server has multiple vCPUs, then enable RSS. I have seen it increase performance dramatically, especially with Nutanix boxes. Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com The Accidental Citrix Admin -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Monday, March 27, 2017 3:30 PM To: ntsysadm <NTSysADM@lists.myitforum.com> Subject: [NTSysADM] Anyone see this VMware announcement and deal with it? The comments section is very interesting, including the author stating that best practice is to turn on RSS in multi-cpu machines with VMXNet3 adapters https://blogs.vmware.com/apps/2017/03/rush-post-vmware-tools-rss-incompatibility-issues.html
[NTSysADM] Webster's next Citrix policy setting project
Group Policy Default Computer Settings Reference for Citrix XenApp and XenDesktop V1.00 http://carlwebster.com/group-policy-default-computer-settings-reference-citrix-xenapp-xendesktop-v1-00/ Group Policy Default User Settings Reference for Citrix XenApp and XenDesktop V1.00 http://carlwebster.com/group-policy-default-user-settings-reference-citrix-xenapp-xendesktop-v1-00/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Group Policy Settings Reference for Citrix XenApp and XenDesktop
Webster's newest community project. New article & file: Group Policy Settings Reference for Citrix XenApp and XenDesktop - http://carlwebster.com/group-policy-settings-reference-citrix-xenapp-xendesktop/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
Works fine for me in Chrome. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Friday, March 3, 2017 9:31 AM To: ntsysadm@lists.myitforum.com Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage Interesting, it does for me too…in IE. In Chrome I get nothing. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Erik Goldoff Sent: Friday, March 3, 2017 10:29 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [EXTERNAL]Re: [NTSysADM] AWS East Outage Jim, your link redirects to http://goodworks.sprint.com/1millionproject/index.cfm when I try. On Fri, Mar 3, 2017 at 10:09 AM, Kennedy, Jim <kennedy...@elyriaschools.org<mailto:kennedy...@elyriaschools.org>> wrote: And FYI, O365 links in emails that are forwarded are being mangled all to heck with the safelinks URL: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsetda.us1.list-manage.com%2Ftrack%2Fclick%3Fu%3D1f18c643d052d9f509a7060f4%26id%3D4468f8ea88%26e%3Df6ca991d43=01%7C01%7CKirk.Ross%40education.ohio.gov%7C37f0e0e838cb408d4bab08d46238bbff%7C50f8fcc494d84f0784eb36ed57c7c8a2%7C0=b9EZV2pC5iDLa9skdivN6PkET49ceN01wFdK6GoB2L8%3D=0 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Kennedy, Jim Sent: Friday, March 3, 2017 10:06 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage What do we call it when URL detonation is detonated? https://www.trustedsec.com/blog/office-365-advanced-threat-protection-features-shortfalls/ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Friday, March 3, 2017 9:52 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [EXTERNAL]Re: [NTSysADM] AWS East Outage Do you mean like this? https://blogs.office.com/2017/01/25/evolving-office-365-advanced-threat-protection-with-url-detonation-and-dynamic-delivery/ -- Espi On Thu, Mar 2, 2017 at 2:02 PM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: I was in an NDA call last week regarding some upcoming changes to a particular vendor's anti-malware product, and was introduced to the term "link detonation". -Original Message- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Calvin McLennan Sent: Thursday, March 2, 2017 4:10 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage I'm much more unnerved by the term 'blast radius' Cal -Original Message- From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Michael B. Smith Sent: March 2, 2017 3:36 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage OMG. “we have not completely restarted the index subsystem or the placement subsystem in our larger regions for many years.” That sentence scares me. But perhaps it shouldn’t. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Kennedy, Jim Sent: Thursday, March 2, 2017 3:12 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage So the facts are out. Short version, basically someone fat fingered a command and deleted a bunch of really important servers. https://aws.amazon.com/message/41926/ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Melvin Backus Sent: Thursday, March 2, 2017 9:47 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage That’s probably what caused the problem to being with. All that conversion and somebody missed a decimal point. -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of David McSpadden Sent: Thursday, March 2, 20
RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
MBS, Do you remember the project I was doing in Gallipolis, OH back in January 2010? It was like 10 degrees with a wind chill of 10 below. Some female went into the datacenter and decided it was too cold in there so she yanked the cover off the A/C system and turned it off. About 30 minutes later, alarms went off when the inside temp hit 85 degrees. Soon after, SANS, NAS units, servers and UPS systems started powering off. By the time we got there, the inside temp had reach over 100% (not good for a full datacenter). The only things still powered on were a few UPS systems. Every server and storage system had hard shutdown. The problems? No servers were labeled No one knew what servers should be powered up in which order There were Unix systems no one knew what they did or what the logon creds were or even if they logged on, what to do SANs were reporting failed drives, there were no replacement drives and the SANs were out of warranty We found a fully populated HP SAN with fibre drives that had all the cables dangling in the back and not connected to a single server or device!!! (some HP sales rep made some money on that deal) The HVAC unit was now frozen and could not be powered on so the HVAC team went on the roof and removed a portion of the roof to get cold are in the datacenter That was a fun day. Customer wanted me for a 6-week project to help fix everything and I was terminated by my employer the next day due to lack of work to keep me busy? Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, March 2, 2017 2:36 PM To: ntsysadm@lists.myitforum.com Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage OMG. “we have not completely restarted the index subsystem or the placement subsystem in our larger regions for many years.” That sentence scares me. But perhaps it shouldn’t. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Thursday, March 2, 2017 3:12 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage So the facts are out. Short version, basically someone fat fingered a command and deleted a bunch of really important servers. https://aws.amazon.com/message/41926/ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, March 2, 2017 9:47 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage That’s probably what caused the problem to being with. All that conversion and somebody missed a decimal point. -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Thursday, March 2, 2017 7:17 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage I believe it was an US-Converted-Metric S-ton IMHO. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Thursday, March 2, 2017 7:05 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [EXTERNAL]Re: [NTSysADM] AWS East Outage Is that a metric S-ton, or the other kind? The is a difference. On Mar 2, 2017 2:38 AM, "Don Ely" <don@gmail.com<mailto:don@gmail.com>> wrote: It is pretty trivial if you're setup correctly, but the setup takes an S-Ton of work and testing... On Wed, Mar 1, 2017 at 3:30 PM Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: I have to say, what surprised me most about this outage was the lack of failover to alternate datacenters for some pretty big names. I have no idea how this works in AWS, but in Azure it’s fairly trivial; I would expect the same of AWS. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Andrew S. Baker Sent: Wednesday, March 1, 2017 12:22 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] AWS East Outage If not S3, then what? You're always going to be relying on someone else's something. Some data center provider (okay, so you might run your own) Some power provider Some Internet provider It's not like they have internet outages every week, and it's not like various organizations relying upon them haven't had outages for their own reasons. Technology bre
[NTSysADM] RE: Group Policy settings
Do you have "Wait for network" set? Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Tuesday, February 28, 2017 12:16 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Group Policy settings I have some Group Policy settings that sometimes apply on first logon and sometimes require a reboot of the workstation to see them in the HKCU hive as they should be. What can I do to get my HKCU updated on first boot for every user? David McSpadden System Administrator Indiana Members Credit Union P: 317.554.8190 [Description: Description: imcu email icon]<http://imcu.com/> [Description: Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: Description: email logo] [http://www.amuletsolutions.com/images/mcp.gif]<http://www.google.com/url?sa=i=j==s=images==rja=8=0ahUKEwjFztf-tePJAhXK5iYKHcPtAxEQjRwIBw=http://www.amuletsolutions.com/awards.aspx=bv.110151844,d.amc=AFQjCNHkrx8CednTEOOq4zUxYyrRUGzUsg=1450459757284499> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
[NTSysADM] RE: Documenting Citrix XenApp and XenDesktop 7.8+ with Microsoft PowerShell V2.0
Neither Unidesk nor WEM have any PoSH stuff. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Thursday, February 23, 2017 6:05 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Documenting Citrix XenApp and XenDesktop 7.8+ with Microsoft PowerShell V2.0 Great stuff. Now get ready to update it all for the Unidesk and Norskale features ;-) From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: 23 February 2017 11:28 To: NT System Admin Issues <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: [NTSysADM] Documenting Citrix XenApp and XenDesktop 7.8+ with Microsoft PowerShell V2.0 FINALLY! After 14 months of work and almost 29,000 lines of PowerShell: http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/ Documenting Citrix XenApp and XenDesktop 7.x with Microsoft PowerShell V2.0 | Carl Webster<http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/> carlwebster.com FINALLY! After 14 months of development, almost 29,000 lines of PowerShell, many hours of my time and with the help of almost 200 testers, we are pleased t Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/>
[NTSysADM] Documenting Citrix XenApp and XenDesktop 7.8+ with Microsoft PowerShell V2.0
FINALLY! After 14 months of work and almost 29,000 lines of PowerShell: http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/ Documenting Citrix XenApp and XenDesktop 7.x with Microsoft PowerShell V2.0 | Carl Webster<http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/> carlwebster.com FINALLY! After 14 months of development, almost 29,000 lines of PowerShell, many hours of my time and with the help of almost 200 testers, we are pleased t Thanks Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/>
RE: [NTSysADM] Question re job interview
And because no one understands what you are saying so no questions are asked! LOL Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Tuesday, February 21, 2017 7:37 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Question re job interview Congrats. Have to agree with Jeff, I am the master of turning 1 hour presentations into 35 minutes through sheer speed of talking. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jeff Steward Sent: 21 February 2017 13:07 To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] Question re job interview Good job. It speaks well of you that it went long rather than short. Most people get nervous and speed up. Congratulations! -Jeff On Tue, Feb 21, 2017 at 8:02 AM Graeme Carstairs <loonyto...@gmail.com<mailto:loonyto...@gmail.com>> wrote: Just thought I would let you know I went with Eric's advise and gave my presentation at the interview despit timing it at 8 minutes it actually lasted 15 minutes at the interview They thanked me for a presentation said it showed I understood the topics and could communicate effectively And I got the job Thanks guys On Thu, 2 Feb 2017 at 19:27, Kurt Buff <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>> wrote: Erik has some good advice, but I'd take a close look at the published job description, and cast your discussion in terms that would fit that, as you would to your next two layers of management. For sure, 10 minutes isn't much time, as that's a huge subject, so you'll of necessity need to do a rather broad overview, but take your time and practice speaking/enunciating clearly. I wouldn't make your submission a verbatim transcript of your talk; just give the outline - unless they're specifically looking for that, which seems unlikely. Kurt On Thu, Feb 2, 2017 at 7:09 AM, Graeme Carstairs <loonyto...@gmail.com<mailto:loonyto...@gmail.com>> wrote: > hi, > > having just been made redundant I have been applying for al sorts of IT > roles, whatI have been doing for the last 15 years (designing, implementing > and supporting windows server based networks for small to large > enterprises). > > I have just received my first interview confirmation, and they have asked > that I submit in advance and give on the day a 10 minute presentation on the > topic "Discuss Data Management, availability and Disaster Recovery" > > Now I have never been asked to do this before well more not on such a wide > topic. > > anyone got any suggestions on what I can base it around, I am not looking > for anyone to do it for me just some topics or ideas on what to do it on? > > TIA > > > -- > > > e-mail :- loonyto...@gmail.com<mailto:loonyto...@gmail.com> -- Graeme Carstairs e-mail :- loonyto...@gmail.com<mailto:loonyto...@gmail.com>
RE: [NTSysADM] Some advice needed about allowing local C: drive access
Or \\ip.ad.dr.ress\c$ that bypasses drive letter blocking. Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com The Accidental Citrix Admin -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Friday, February 17, 2017 11:56 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Some advice needed about allowing local C: drive access Why don't they just browse to \\hostname\c$? -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: 17 February 2017 17:34 To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Some advice needed about allowing local C: drive access I know I've read about this procedure somewhere, but I'm not finding it at the moment. We have this application that writes out it's debug log to c:\debug. Now, we hide drive C; from domain users using GPO (User Configuration/Policies/Administrative Policies/Windows Components/File Explorer/Hide these specific drives ("Restrict A.B.C")). So what my help desk staff needs to do is to log onto these workstations (as a specific domain account), run the software, and need to be able to see, read (and optionally write to) this C:\Debug location, to identify/fix problems. (this is the "Check21" check processing software, if anyone else uses it) What I don't know is how best to do this. Oh, sure, I could create a whole new GPO, without that "Hide drives" setting, and limit it only to this one domain login. But is there a better, more efficient way to do this? I want C: drive hidden from the majority of my users, but do need certain logons that aren't limited this way. And I don't want the logon to be local admin, or have any access other than just standard domain user (or I could use a Restricted Group). Thoughts? Advice? (Win 2008 R2 domain)
RE: [NTSysADM] Some advice needed about allowing local C: drive access
A Deny? Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Friday, February 17, 2017 11:34 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Some advice needed about allowing local C: drive access I know I've read about this procedure somewhere, but I'm not finding it at the moment. We have this application that writes out it's debug log to c:\debug. Now, we hide drive C; from domain users using GPO (User Configuration/Policies/Administrative Policies/Windows Components/File Explorer/Hide these specific drives ("Restrict A.B.C")). So what my help desk staff needs to do is to log onto these workstations (as a specific domain account), run the software, and need to be able to see, read (and optionally write to) this C:\Debug location, to identify/fix problems. (this is the "Check21" check processing software, if anyone else uses it) What I don't know is how best to do this. Oh, sure, I could create a whole new GPO, without that "Hide drives" setting, and limit it only to this one domain login. But is there a better, more efficient way to do this? I want C: drive hidden from the majority of my users, but do need certain logons that aren't limited this way. And I don't want the logon to be local admin, or have any access other than just standard domain user (or I could use a Restricted Group). Thoughts? Advice? (Win 2008 R2 domain)
[NTSysADM] RE: DHCP 2012 R2 failover
Doesn't depend on a DFL or FFL. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Christopher Bodnar Sent: Monday, February 6, 2017 11:58 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] DHCP 2012 R2 failover Does this require 2012 DFL or FFL? Or will it work on 2008 R2 DFL/FFL? Thanks Christopher Bodnar Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com [cid:image001.png@01D1326B.600058E0] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
[NTSysADM] RE: can't set NTP time source on PDC
I like using this script from my friend and former CTP Jeremy Saunders. http://www.jhouseconsulting.com/2014/01/10/script-to-create-group-policy-objects-and-wmi-filters-to-manage-the-time-server-hierarchy-1153 Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jimmy Tran Sent: Thursday, February 2, 2017 8:11 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] can't set NTP time source on PDC Hi Guys, I’ve been having trouble changing the Windows time source to any outside NTP server. It is current set to local but the time is off so I wanted to set it to an outside time source. When I run “w32tm /query /status”, it shows (source name: “LOCL”). So now I run “w32tm /config /syncfromflags:manual /manualpeerlist:pool.ntp.org /reliable:yes /update” and it completes successfully. I’ll restart the time service and do a query again but it still shows LOCL. I am doing this on the PDC on the domain. I’ve tried a reboot and even unregistering w32tm but nothing helps. I’m out of ideas. Thanks, JT
RE: [NTSysADM] 48 port poe
My 48-port non-PoE switch arrived yesterday for my lab. Layer3, managed with shipping and taxes less than $450US. Webster -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Wednesday, January 25, 2017 3:44 PM To: ntsysadm <ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] 48 port poe Ubiquiti switches have worked well for us. A bit funky to configure until you figure them out, but after that no sweat. Price is outstanding. Kurt On Wed, Jan 25, 2017 at 11:08 AM, J- P <jnat...@hotmail.com> wrote: > Hi all, > > Looking for advice on a layer 2 poe switch, We had a linksys 48 port > tos switch, amd half of the poorts no longer do POE
RE: [NTSysADM] Problems installing RSAT on WIn 7 SP1
Did you try that troubleshooter link? That worked for me. Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Tuesday, January 3, 2017 11:34 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Problems installing RSAT on WIn 7 SP1 Did all that, still taking forever to scan ... I installed the July update, as that what the link for the June update redirected to, as it said July superseded ... Oh, well ... On Thu, Dec 29, 2016 at 3:13 PM, Susan E Bradley <sbrad...@pacbell.net<mailto:sbrad...@pacbell.net>> wrote: https://support.microsoft.com/en-us/kb/3161608 You gotta get that on the box as you are hitting the "long scan" bug of Windows 7 On 12/29/2016 11:54 AM, Michael Leone wrote: This is weird. My work PC got corrupted, and I got a new hard drive of our WIn 7 SP1 image. And I'm trying to install RSAT on it, and it seems to just be hanging on "Searching for updates on this computer". Looking into WindowsUpdate.log I see this: 7756 1dcc Misc === Logging initialized (build: 7.6.7600.320, tz: -0500) === 7756 1dcc Misc = Process: C:\Windows\system32\wusa.exe 7756 1dcc Misc = Module: C:\Windows\system32\wuapi.dll 7756 1dcc COMAPI --- COMAPI: IUpdateServiceManager::AddScanPackageService --- 7756 1dcc COMAPI - ServiceName = Windows Update Standalone Installer 7756 1dcc COMAPI - ScanFileLocation = C:\5801e7aa26267eca7c\wsusscan.cab 1152 a74 Misc Validating signature for C:\Windows\SoftwareDistribution\ScanFile\f9550e7e-d05e-4ef0-9643-29723ef36353\Source.cab with dwProvFlags 0x0080: 1152 a74 Misc Microsoft signed: Yes 1152 a74 DtaStor Default service for AU is {7971F918-A847-4430-9279-4A52D1EFE18D} 7756 1dcc COMAPI - Added scan package service, ServiceID = {F9550E7E-D05E-4EF0-9643-29723EF36353} Third party service 7756 1dcc COMAPI - 7756 1dcc COMAPI -- START -- COMAPI: Search [ClientId = wusa] 7756 1dcc COMAPI - 7756 1dcc COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = wusa] And now it's just sitting there. I see nothing in the Event log. Any ideas? The image shows last Windows Update was April 2015 (don't say anything, I have nothing to do with workstation imaging). I did install the April 2015 Servicing Stack Update, and updated from IE10 to IE11 (successfully). Ideas? I'll be off for the New Year's holiday, so I won't be able to really do anything about it for a few days, but any ideas for when I get back? (saw the same issue when I tried to update my Powershell v2; just sat there at "searching for updates"). Thanks
RE: [NTSysADM] Problems installing RSAT on WIn 7 SP1
There are hundreds if not thousands of hits on that issue. I found a windows update diagnostic tool from Microsoft that fixed it on a Win7 machine a customer gave me to use. I needed PoSH V3 on that VM and that updates issue was a royal PITA. https://support.microsoft.com/en-us/instantanswers/512a5183-ffab-40c5-8a68-021e32467565/windows-update-troubleshooter Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Thursday, December 29, 2016 1:55 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Problems installing RSAT on WIn 7 SP1 This is weird. My work PC got corrupted, and I got a new hard drive of our WIn 7 SP1 image. And I'm trying to install RSAT on it, and it seems to just be hanging on "Searching for updates on this computer". Looking into WindowsUpdate.log I see this: 77561dccMisc=== Logging initialized (build: 7.6.7600.320, tz: -0500) === 77561dccMisc = Process: C:\Windows\system32\wusa.exe 77561dccMisc = Module: C:\Windows\system32\wuapi.dll 77561dccCOMAPI--- COMAPI: IUpdateServiceManager::AddScanPackageService --- 77561dccCOMAPI - ServiceName = Windows Update Standalone Installer 77561dccCOMAPI - ScanFileLocation = C:\5801e7aa26267eca7c\wsusscan.cab 1152a74 MiscValidating signature for C:\Windows\SoftwareDistribution\ScanFile\f9550e7e-d05e-4ef0-9643-29723ef36353\Source.cab with dwProvFlags 0x0080: 1152a74 MiscMicrosoft signed: Yes 1152a74 DtaStor Default service for AU is {7971F918-A847-4430-9279-4A52D1EFE18D} 77561dccCOMAPI - Added scan package service, ServiceID = {F9550E7E-D05E-4EF0-9643-29723EF36353} Third party service 77561dccCOMAPI- 77561dccCOMAPI-- START -- COMAPI: Search [ClientId = wusa] 77561dccCOMAPI- 77561dccCOMAPI<<-- SUBMITTED -- COMAPI: Search [ClientId = wusa] And now it's just sitting there. I see nothing in the Event log. Any ideas? The image shows last Windows Update was April 2015 (don't say anything, I have nothing to do with workstation imaging). I did install the April 2015 Servicing Stack Update, and updated from IE10 to IE11 (successfully). Ideas? I'll be off for the New Year's holiday, so I won't be able to really do anything about it for a few days, but any ideas for when I get back? (saw the same issue when I tried to update my Powershell v2; just sat there at "searching for updates"). Thanks
[NTSysADM] RE: Opinions on reasonably inexpensive NAS storage
I have two Synology units in my lab. The second one I splurged and went all 1TB SSD. Made a HUGE difference in my lab. I can now run over 20 VMs concurrently. With spinning disks, the other NAS died at 5 VMs and was basically unusable at 4. Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jesse Rink Sent: Tuesday, December 20, 2016 12:44 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Opinions on reasonably inexpensive NAS storage In the past, we've used a lot of Netgear ReadyNAS models for cheap (sub $1,800) entry level NAS storage, mostly for the purpose of backup storage with Veeam. Been very popular in the past with our SMB sized customers. Lately some of my team/engineers have noticed various problems/crashes with the Netgear units so I'm curious what other options out there people have had good success with. These are situations where a customer doesn't want to spend a lot of money of disk storage, so enterprise class storage is completely out. Think along the lines of, 4 or 8 disks, SATA, no SAN connectivity, just NAS... Thoughts? Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 Website<http://www.sourceonetechnology.com/> | Blog<http://www.sourceonetechnology.com/blog/> | LinkedIn<https://www.linkedin.com/in/jesse-rink> | Twitter<https://twitter.com/SourceOne_WI>
RE: [NTSysADM] OT: IT Philosophy
Knowing James, I bet it is an AppSense product. Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, December 8, 2016 10:28 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] OT: IT Philosophy Care to share what that software is? -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Thursday, December 8, 2016 9:46 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] OT: IT Philosophy Software we use has a "rights discovery mode" that you can use to audit the environment first and find out exactly which software needs admin access, which really helps :) From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: 08 December 2016 14:17 To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] OT: IT Philosophy One thing we did when we pulled admin was make a very serious and very public declaration that we would jump all over their requests for additional software or taking care of issues related to no admin. Then we made sure we delivered on that promise. We also did it a department/building at a time so neither they nor us would be over whelmed. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Thursday, December 8, 2016 8:49 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] OT: IT Philosophy In environments where people are used to having admin access we use a software feature called "self-elevation". The users have their admin taken away, but when they want to do anything as an admin, they just right-click the file or folder and choose "Elevate to admin". No need to type in username and password (which is the biggest hurdle people who are used to being admins find), they just invoke the context menu and elevate their access. In this way, if malware strikes it isn't doing it with admin access, yet the user can still "be an admin" as much as they want. Once you get this foot in the door, it's only a matter of time to slowly work on their processes and expectations to bring them down to a level where they maybe don't need to be admins at all. Various ways you can approach this, which I won't go into here. Of course being a non-admin doesn't protect you from ransomware. Application execution management is key here (Windows 10 brings cool stuff like Device Guard which can complement traditional app management methods like AppLocker). We use a further extension of the software to manage this in a hands-off way, but again, it's a busy space and there are lots of solutions. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: 08 December 2016 13:22 To: 'ntsysadm@lists.myitforum.com' <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: RE: [NTSysADM] OT: IT Philosophy 1 and 2 are up to management as long as they give you the resources to do it. 3 really surprises me, knowingly allowing company resources for certain copyright infringement seems really negligent. On 4 you can never have enough layers against malware. In the environment you describe I would be scared to death of ransomware. And I would argue that you currently have zero protections in place if your users are admin. Especially when they are at home, you have nothing to protect them. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kish N Kepi Sent: Wednesday, December 7, 2016 11:29 PM To: Kish N Kepi Subject: [NTSysADM] OT: IT Philosophy We keep a lax environment - our users are local admins on their Windows laptops and we not stop them from installing any software they want - the only caveat I ever say is 'don't be stupid'. And yes, we are a hi-tech house, well beyond the startup stage. During a conversation about potential changes to the way we do backups today, I stated that the current back up routine specifically excludes most media files, and also that I'd used psexec to kill utorrent proc
[NTSysADM] RE: code-signing cert for PS untrusted
I use http://timestamp.digicert.com for all my signed PowerShell scripts. Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Miller Bonnie L. Sent: Wednesday, December 7, 2016 9:28 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: code-signing cert for PS untrusted I didn't know about the timestamping-thanks, I just googled that and am adding it into our process. Is it normal to use a public timestamp server such as http://timestamp.verisign.com/scripts/timestamp.dll, or should we be doing something to run one internally and stamp from there? But, adding a timestamp didn't help. Since I'm currently on the machine doing the signing (Win 8.1), the cert is both in the user's personal store and in the machine's trusted publishers store. I've also tried from another Win 10 pc under another account where it's just in the machine's trusted publishers. I did remove the old certs from both personal and trusted publishers in an attempt to fix the issue and have re-signed the file since (and again with a timestamp today), but no luck on that. I can see that the new template is being used and that the "Intended Purposes" lists Code Signing. To Damien, I just looked at the explorer properties of the signed file and as far as I can see, it all looks good and says "This digital signature is OK". I can view the certificate and everything in the certification path (Root, Intermediate, and cert) also says "This certificate is OK". -Bonnie From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond Sent: Tuesday, December 6, 2016 3:13 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: code-signing cert for PS untrusted Is there a behavior difference whether it's in the local user or local machine Trusted Publishers store? I haven't done much with this but that comes to mind as something to check. Also don't forget to timestamp the signature when you do the signing. Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Miller Bonnie L. Sent: Tuesday, December 6, 2016 4:03 PM To: ntsysadm <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: [NTSysADM] code-signing cert for PS untrusted I feel like I must be missing a step here, so am hoping someone has seen this. I'm most of the way through standing up a new internal CA root/subordinate combo for our internal AD and migrating certificates, but have run into a problem with code signing certs. The new servers are 2012 R2, done mostly to best practice with root not in the domain (offline) and subordinate in the domain for issuing certs. The old single server is 2008 R2. I already have most of our certs migrated and working, including those for Kerberos (Domain controllers) authentication, client pcs, web server, etc. The Root CA is showing up in the client's Trusted root store, and both the root and subordinate are in the Intermediate Certificates store. I've published a new template for (powershell) code signing today from the new intermediate server, and was able to follow all of the same steps to get a cert enrolled for my user account that I had done with 2008 R2. I see the new cert in the Personal store and have imported it into Trusted publishers. But, if I sign some code with the new cert, I still get prompted by powershell with "Do you want to run software from this untrusted publisher?". I've tried deleting the old cert from Personal and from Trusted publishers, and even re-signed the code to verify it's using the new one that I think it is. Is there another place I need to be adding the cert that I'm missing here? Is there an issue with signing it from the Intermediary vs the root CA when it comes to code signing? I'm not a PS guru and there are really only two of us using this, in an attempt to not allow unrestricted PS on our domain workstations. Code signing certs have worked fine from our 2008 R2, but there is only the one server involved. Any pointers would be appreciated. -Bonnie
Re: [NTSysADM] File permission question
windows deletes the original file and saves the updated version. users need the delete right to save changes. webster Get Outlook for iOS<https://aka.ms/o0ukef> From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of David McSpadden <dav...@imcu.com> Sent: Wednesday, November 23, 2016 3:59:13 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] File permission question Server 2012 Active directory Windows 7 32 bit Office 2010 Created a file share Everyone full on share Created ad security group Set security for group with modify Trying to prevent users from deleting or moving folders/files Users in group were still able to move Changed permissions to special by removing delete files from advanced permissions. Then users could not make changes to files they were not creator owner of? What am I missing? Sent from my iPhone This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
RE: [NTSysADM] Windows 2012 R2 GPO Mapping Issue
https://blogs.technet.microsoft.com/askds/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership/ "I can only get this to work if I disable UAC on the Windows 7 client. Is this expected?" "This should only happen with administrative user accounts. The drive mapping occurs in an elevated user process. The Windows Explorer process is a non-elevated process. Mapped drives, regardless of how they are mapped, by default do not span across processes of different elevation. Normal User accounts should not have this problem. You can bypass the problem by mapping the drive as a scheduled task, which would occur under the non-elevated process. Or, you can enable the registry setting in MSKB Article ID: 937624." Thanks Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Kanfer Sent: Sunday, November 20, 2016 9:42 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Windows 2012 R2 GPO Mapping Issue Bingo! That's was it. Thank you!! On Sun, Nov 20, 2016 at 9:11 AM, Eric Wittersheim <eric.wittersh...@gmail.com<mailto:eric.wittersh...@gmail.com>> wrote: Are the users local admins? UAC can block mapped drives when the users are administrators. You can check this by opening up a cmd prompt and switch to the mapped drive letter. This shows the gpo is working but it's mapping the drive for Administrator instead of the intended user. Eric On Sat, Nov 19, 2016 at 9:00 PM Mike Kanfer <mkan...@cssu.org<mailto:mkan...@cssu.org>> wrote: We have a GPO that is applied to Authenticated Users and linked to our domain. In it, we have a mapped drive which isn't work. Looking at GPResult shows the policy being applied. Using NET USE, we can map the drive with a user logged in. We have unchecked, reconnect at logon and it still doesn't work. The drive map action is Create. We also tried Update. The GPO does work because other elements- a message on the logon screen is displayed. The DC is a Windows 2012 R2 server and the workstation is a Windows 10 Pro version. It also is not working on a Windows 2012 R2 terminal server. Any help would be appreciated.
Re: [NTSysADM] Windows 2012 R2 GPO Mapping Issue
what is recorded in the group policy event log? webster Get Outlook for iOS<https://aka.ms/o0ukef> From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of Mike Kanfer <mkan...@cssu.org> Sent: Saturday, November 19, 2016 8:52:35 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Windows 2012 R2 GPO Mapping Issue We have a GPO that is applied to Authenticated Users and linked to our domain. In it, we have a mapped drive which isn't work. Looking at GPResult shows the policy being applied. Using NET USE, we can map the drive with a user logged in. We have unchecked, reconnect at logon and it still doesn't work. The drive map action is Create. We also tried Update. The GPO does work because other elements- a message on the logon screen is displayed. The DC is a Windows 2012 R2 server and the workstation is a Windows 10 Pro version. It also is not working on a Windows 2012 R2 terminal server. Any help would be appreciated.
[NTSysADM] Update on the updated broken DFSR issue
Microsoft can't fix it. They wanted to uninstall McAfee because they said it may be causing issues. Customer said no. MS said nothing else we can do then. Customer thought they could just dcpromo down the last DC, bring up a new AD with the same name as the old and be back in business. Nope, not going to work that way. Oh well. Sometimes the PHB wins and everyone else loses. Thanks Webster
RE: [NTSysADM] Update on the broken DFSR issue
Yep, they are in a "highly secure" industry with federal oversight. When I proposed adding a 2008 R2 or 2012 R2 DC, it was quickly shot down by a list of acronyms I had never heard of before. They said they have to get security baselines for any server that is involved with authentication and it took so long to get for Server 2008 SP2 that have no interest in going thru it again. They were overjoyed when I told them 2008 SP2 was on extended support for almost another 3 years. I doubt I could get permission to write this up as an article because without screenshots, event log entries and dcdiag reports, it would be very difficult to explain and show what all happened. I guess I could just publish a series of black boxes connect by "a", "and", "the", "but", and "or" and call it a day. story about when happened and solved it. Thanks Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Thursday, November 17, 2016 3:32 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Update on the broken DFSR issue Too bad you can't write a book about this one. Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Expert Technology Consulting Services for the SMB market… GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 On Thu, Nov 17, 2016 2:16 PM, Webster webs...@carlwebster.com<mailto:webs...@carlwebster.com> wrote: Boss man got on out GTM and explained the history of the issue. About a year ago they moved from FSR to DFSR for SYSVOL. Sometime after that, an admin who no longer works there, restored the main DC from a snapshot pre DFSR migration and pre adprep for 2008 R2. So you had the main DC now thought it was on schema 44 and the other thought it was on schema 47. One thought it was using DFSR and one thought it was using FRS. That admin attempted to trick the DCs thru a series or regedits and ADSIEdits. He then went and restored a copy of the SYSVOL tree to a file share and then copied and pasted that to both DCs. They have been operating in this screwed up, unreliable, non-steady state for over a year now. Three months ago (I was originally told two) the new admin comes in to all this fiasco and also tries to reverse the travesty thru a bunch of regedits and adsiedits. Why no one thought or bothered to get Microsoft support involved over a year ago is beyond me. I talked the boss into us getting Microsoft support involved. My co-worker who got me involved in this call is now getting an AD backup and will open a call with MS. When he finishes up with MS support, I will let you know "the rest of the story". Thanks Webster
RE: [NTSysADM] Group Policy cleanup/maintenance
I look for GPOs that are completely disabled, not linked anywhere, no security filtering, empty or orphaned in SYSVOL. Give the customer a list of each category and let them decide. Thanks Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Thursday, November 17, 2016 11:31 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Group Policy cleanup/maintenance How do you define "stale"? As in not being applied to anything any more? Or being applied but no longer relevant? Obviously the former is much more achievable than they latter, IMHO Sent from my slightly schizophrenic, but rather cool, BlackBerry Android From: joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov> Sent: 17 November 2016 5:29 p.m. To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Reply to: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Group Policy cleanup/maintenance How do you guys deal with Group Policy objects, in regards to discovery and cleanup of "stale" objects? I have to come up with a procedural document for this process. Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [SaveOurWater_Logo]<http://saveourwater.com/> SaveOurWater.com<http://saveourwater.com/> * Drought.CA.gov<http://drought.ca.gov/>
[NTSysADM] Update on the broken DFSR issue
Boss man got on out GTM and explained the history of the issue. About a year ago they moved from FSR to DFSR for SYSVOL. Sometime after that, an admin who no longer works there, restored the main DC from a snapshot pre DFSR migration and pre adprep for 2008 R2. So you had the main DC now thought it was on schema 44 and the other thought it was on schema 47. One thought it was using DFSR and one thought it was using FRS. That admin attempted to trick the DCs thru a series or regedits and ADSIEdits. He then went and restored a copy of the SYSVOL tree to a file share and then copied and pasted that to both DCs. They have been operating in this screwed up, unreliable, non-steady state for over a year now. Three months ago (I was originally told two) the new admin comes in to all this fiasco and also tries to reverse the travesty thru a bunch of regedits and adsiedits. Why no one thought or bothered to get Microsoft support involved over a year ago is beyond me. I talked the boss into us getting Microsoft support involved. My co-worker who got me involved in this call is now getting an AD backup and will open a call with MS. When he finishes up with MS support, I will let you know "the rest of the story". Thanks Webster
[NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
Not at all, he has no screenshots! LOL But seriously, I would have reached out for help before three months had passed. My personal limit is one hour for something this critical. Just ask MBS and Brian Desmond, I am not afraid to reach out for help. BUT, I make sure I have done my research first before I bother anyone. But I would not have done 3 months' worth of effort and 322 very detailed pages of notes before I reached out. Heck, I've even reached out to you while you were in a pub once (forgetting the 6 hour time difference). Thanks Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Thursday, November 17, 2016 6:22 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) 322 pages of notes? Is he related to you? ;-0 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: 17 November 2016 12:13 To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) Now that I am back in the "office". Got brought into this call yesterday at 1500 and the customer had a hard stop at 1630. Here is what I know: Customer has two DCs, one in each datacenter on opposite sides of the state. This issue of SYSVOL not replicating has been going on for over two months. The main DC has the DFSR service but the second one does not. Running dfsrmig /GetMigrationState on both DCs returns "eliminated". It appears that even though the DFSR service does not appear in services.msc that dfsrmig still works. The guy who originally handled IT stuff quit just over two months ago and the new guy steps in to a hornet's nest (SYSVOL was already broken). This is a one guy IT shop for a company with 17 users. He has 322 pages of meticulous notes of everything he has done over the past two months (that alone scares the crap out of me). Why the guy waited over two months to ask for help is beyond me. The company has known for months that electric work was scheduled at the "main" datacenter (main being the DC with all the FSMO roles). Electric power will be down from 1800 this Friday and not guaranteed to be back before at least 0300 Monday. >From what I was told they have been instructed that no sources of power are >allowed in this datacenter during this time. Obviously if the second DC has no SYSVOL, "things" just aren't to work right for the users on that side. I have asked for the results of "net share" from both DCs. If the first DC has SYSVOL and NetLogon and the second one does not, then dcpromo down the second DC, reboot and dcpromo back. If the first DC does not have SYSVOL share but has SYSVOL contents, then follow the Microsoft KB and take it from there. Any advice, suggestions and thoughts are welcome. Once they are back working, talk them in to putting in some 2012 R2 DCs since they have the licenses already. Thanks Webster From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, November 16, 2016 6:44 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) You have a File Replication Service service, yes? You want THAT KB instead. Which is: https://support.microsoft.com/en-us/kb/290762 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, November 16, 2016 7:02 PM To: NT Issues (ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) Subject: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) Anyone ever had to use this KB to fix SYSVOL? https://support.microsoft.com/en-us/kb/2218556 Unfortunately, the two DCs are Server 2008 so they can't call Microsoft for support. I was looking at the section How to perform an authoritative synchronization of DFSR-replicated SYSVOL (like "D4" for FRS) and Steps 4 and 10 confuse me. Those steps say to start the DFSR service but there are no previous instructions that say to stop the service. On one of the broken DCs, there is no DFSR service that shows in services.msc. Any advice on using that KB would be appreciated. Thanks Webster
RE: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
We demoted the "bad" DC and on the DC that holds all FSMO roles, dcdiag reports "Could not open DFSR Service on , error 0x424 "The specified service does not exist as an installed service". Google returns nothing. How do we get DFSR Service back? Thanks Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Thursday, November 17, 2016 12:12 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) Thanks for that link. On Thu, Nov 17, 2016 at 12:21 PM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: Yes, that was a change. Regardless of which, you won’t get much support for either. https://support.microsoft.com/en-us/help/17140 “Extended Support will be available to all customers*. Extended Support includes paid technical assistance** (technical assistance that is charged on an hourly basis or per incident), security updates at no additional cost, and paid non-security updates. To receive non-security updates, Extended Hotfix Support must be purchased in conjunction with or addition to Premier Support, obtained within the first 90 days following the end of the Mainstream Support phase. (The 90-day requirement is waived if Software Assurance or Dynamics Business Ready Enhancement Plan has been purchased for the product in question.) Microsoft will not accept requests for warranty support, design changes, or new features during the Extended Support phase.” From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Richard Stovall Sent: Thursday, November 17, 2016 12:05 PM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) https://blogs.technet.microsoft.com/rmilne/2014/07/24/save-the-date-end-of-exchange-2010-windows-7-and-2008-mainstream-support-t-minus-6-months/ Looks like 2008 and R2 are on the same schedule? Currently out of mainstream support and in extended support? Not true? On Wed, Nov 16, 2016 at 10:18 PM, Don Ely <don@gmail.com<mailto:don@gmail.com>> wrote: Non R2, yes On Wed, Nov 16, 2016, 19:17 Richard Stovall <rich...@gmail.com<mailto:rich...@gmail.com>> wrote: 2008 is EOL for MS support? On Nov 16, 2016 7:25 PM, "Webster" <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: Anyone ever had to use this KB to fix SYSVOL? https://support.microsoft.com/en-us/kb/2218556 Unfortunately, the two DCs are Server 2008 so they can't call Microsoft for support. I was looking at the section How to perform an authoritative synchronization of DFSR-replicated SYSVOL (like "D4" for FRS) and Steps 4 and 10 confuse me. Those steps say to start the DFSR service but there are no previous instructions that say to stop the service. On one of the broken DCs, there is no DFSR service that shows in services.msc. Any advice on using that KB would be appreciated. Thanks Webster
[NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
Now that I am back in the "office". Got brought into this call yesterday at 1500 and the customer had a hard stop at 1630. Here is what I know: Customer has two DCs, one in each datacenter on opposite sides of the state. This issue of SYSVOL not replicating has been going on for over two months. The main DC has the DFSR service but the second one does not. Running dfsrmig /GetMigrationState on both DCs returns "eliminated". It appears that even though the DFSR service does not appear in services.msc that dfsrmig still works. The guy who originally handled IT stuff quit just over two months ago and the new guy steps in to a hornet's nest (SYSVOL was already broken). This is a one guy IT shop for a company with 17 users. He has 322 pages of meticulous notes of everything he has done over the past two months (that alone scares the crap out of me). Why the guy waited over two months to ask for help is beyond me. The company has known for months that electric work was scheduled at the "main" datacenter (main being the DC with all the FSMO roles). Electric power will be down from 1800 this Friday and not guaranteed to be back before at least 0300 Monday. >From what I was told they have been instructed that no sources of power are >allowed in this datacenter during this time. Obviously if the second DC has no SYSVOL, "things" just aren't to work right for the users on that side. I have asked for the results of "net share" from both DCs. If the first DC has SYSVOL and NetLogon and the second one does not, then dcpromo down the second DC, reboot and dcpromo back. If the first DC does not have SYSVOL share but has SYSVOL contents, then follow the Microsoft KB and take it from there. Any advice, suggestions and thoughts are welcome. Once they are back working, talk them in to putting in some 2012 R2 DCs since they have the licenses already. Thanks Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, November 16, 2016 6:44 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) You have a File Replication Service service, yes? You want THAT KB instead. Which is: https://support.microsoft.com/en-us/kb/290762 From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, November 16, 2016 7:02 PM To: NT Issues (ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>) Subject: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) Anyone ever had to use this KB to fix SYSVOL? https://support.microsoft.com/en-us/kb/2218556 Unfortunately, the two DCs are Server 2008 so they can't call Microsoft for support. I was looking at the section How to perform an authoritative synchronization of DFSR-replicated SYSVOL (like "D4" for FRS) and Steps 4 and 10 confuse me. Those steps say to start the DFSR service but there are no previous instructions that say to stop the service. On one of the broken DCs, there is no DFSR service that shows in services.msc. Any advice on using that KB would be appreciated. Thanks Webster
Re: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
yes, it looked like it went out january 2015. webster Get Outlook for iOS<https://aka.ms/o0ukef> From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of Richard Stovall <rich...@gmail.com> Sent: Wednesday, November 16, 2016 9:09:54 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) 2008 is EOL for MS support? On Nov 16, 2016 7:25 PM, "Webster" <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: Anyone ever had to use this KB to fix SYSVOL? https://support.microsoft.com/en-us/kb/2218556 Unfortunately, the two DCs are Server 2008 so they can't call Microsoft for support. I was looking at the section How to perform an authoritative synchronization of DFSR-replicated SYSVOL (like "D4" for FRS) and Steps 4 and 10 confuse me. Those steps say to start the DFSR service but there are no previous instructions that say to stop the service. On one of the broken DCs, there is no DFSR service that shows in services.msc. Any advice on using that KB would be appreciated. Thanks Webster
Re: [NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
from the dc holding all fsmo roles, dfrsmig shows the state as eliminated. web Get Outlook for iOS<https://aka.ms/o0ukef> From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of Michael B. Smith <mich...@smithcons.com> Sent: Wednesday, November 16, 2016 6:44:29 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) You have a File Replication Service service, yes? You want THAT KB instead. Which is: https://support.microsoft.com/en-us/kb/290762 From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, November 16, 2016 7:02 PM To: NT Issues (ntsysadm@lists.myitforum.com) Subject: [NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS) Anyone ever had to use this KB to fix SYSVOL? https://support.microsoft.com/en-us/kb/2218556 Unfortunately, the two DCs are Server 2008 so they can't call Microsoft for support. I was looking at the section How to perform an authoritative synchronization of DFSR-replicated SYSVOL (like "D4" for FRS) and Steps 4 and 10 confuse me. Those steps say to start the DFSR service but there are no previous instructions that say to stop the service. On one of the broken DCs, there is no DFSR service that shows in services.msc. Any advice on using that KB would be appreciated. Thanks Webster
[NTSysADM] How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
Anyone ever had to use this KB to fix SYSVOL? https://support.microsoft.com/en-us/kb/2218556 Unfortunately, the two DCs are Server 2008 so they can't call Microsoft for support. I was looking at the section How to perform an authoritative synchronization of DFSR-replicated SYSVOL (like "D4" for FRS) and Steps 4 and 10 confuse me. Those steps say to start the DFSR service but there are no previous instructions that say to stop the service. On one of the broken DCs, there is no DFSR service that shows in services.msc. Any advice on using that KB would be appreciated. Thanks Webster
[NTSysADM] Microsoft Active Directory Documentation Script Update Version 2.12
http://carlwebster.com/microsoft-active-directory-documentation-script-update-version-2-12/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] RE: Kerberos over UDP on Windows 10 and Server 2012 R2
My 2016 DC/DNS has both _tcp and _udp entries for _kerberos port 88. That's all the info I have. Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Christopher Bodnar Sent: Thursday, November 10, 2016 8:30 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Kerberos over UDP on Windows 10 and Server 2012 R2 A colleague told me that these operating systems no longer use UDP 88 for Kerberos, that they only use TCP. Is that correct? If so, can someone point me to an MS document that discusses this? I’ve looked and haven’t been able to find anything. I am aware that you can force Kerberos to use TCP: https://support.microsoft.com/en-us/kb/244474 But that isn’t what he is talking about. Thanks Christopher Bodnar Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com [cid:image001.png@01D1326B.600058E0] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
RE: [NTSysADM] Managed Anti-Malware for Servers
Have you looked at Cylance or Bromium? Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Thursday, November 10, 2016 7:24 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Managed Anti-Malware for Servers Not that I have seen, but I have not tested them all. We got hit with a very targeted attack with ransomware. We were fine with our regular defenses, but I was playing around looking at it and one of the things I did was try a few AV’s on it. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Gantry Zettler Sent: Thursday, November 10, 2016 12:38 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] Managed Anti-Malware for Servers That said, can recent AV detect ransomware encrypted files?
[NTSysADM] Script update: Microsoft Active Directory Documentation Script Update Version 2.11
http://carlwebster.com/microsoft-active-directory-documentation-script-update-version-2-11/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Script update: VMware vCenter Documentation Script Update Version 1.70
http://carlwebster.com/vmware-vcenter-documentation-script-update-version-1-70/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Script update: Microsoft DHCP Documentation Script Update Version 1.31
http://carlwebster.com/microsoft-dhcp-documentation-script-update-version-1-31/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
[NTSysADM] Script update: Citrix NetScaler Documentation Script Version 3.5
http://carlwebster.com/citrix-netscaler-documentation-script-version-3-5/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin
RE: [NTSysADM] Script Update: Microsoft DNS Documentation Script Update Version 1.03
What the heck is Maltego? Is that the island in the middle of the Mediterranean? Or the place with the falcon statue? Webster From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ed Ziots Sent: Friday, October 21, 2016 7:08 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Script Update: Microsoft DNS Documentation Script Update Version 1.03 Another idea is if you could import the output from the script into Maltego for Visualization of the environment and additional documentation and updates. On Oct 21, 2016 8:05 AM, "David McSpadden" <dav...@imcu.com<mailto:dav...@imcu.com>> wrote: You want these DHCP test in HTML and Word mostly right? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Webster Sent: Friday, October 21, 2016 7:49 AM To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com> Subject: RE: [NTSysADM] Script Update: Microsoft DNS Documentation Script Update Version 1.03 Yeah, released five script updates on the 19th and started work on the NetScaler script update and worked on it until 0130 on the 20th. Sent that script to testers and then started adding HTML output to the DHCP script. Sent two updates to that script to testers yesterday. Basically seven scripts in two days. Webster From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, October 20, 2016 8:57 PM To: ntsysadm <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> Subject: Re: [NTSysADM] Script Update: Microsoft DNS Documentation Script Update Version 1.03 That's fair - but he *has* released a bunch of new versions of scripts in the past two days, and those are the visible, to us, work product... On Thu, Oct 20, 2016 at 2:53 PM, Andrew S. Baker <asbz...@gmail.com<mailto:asbz...@gmail.com>> wrote: Again? I think you mean "still" . Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Expert Technology Consulting Services for the SMB market… GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 On Wed, Oct 19, 2016 3:19 PM, Kurt Buff kurt.b...@gmail.com<mailto:kurt.b...@gmail.com> wrote: You've been a busy bee again - thanks for this... Kurt On Wed, Oct 19, 2016 at 4:59 AM, Webster <webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote: > http://carlwebster.com/microsoft-dns-documentation-script-update-version-1-03/ > > > > Thanks > > > > > > Carl Webster > > Citrix Technology Professional > > http://www.CarlWebster.com > > The Accidental Citrix Admin > > This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
[NTSysADM] Script update: Citrix XenDesktop 5.x Documentation Script Update 1.15
http://carlwebster.com/citrix-xendesktop-5-x-documentation-script-update-1-15/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F=6012126861197312=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin