TomF

As in the site the device is using will have to have the server 2012 admx files to apply group policies properly? Even if another domain controller in a different site has the new admx files. Do I have that right?

Really, that's it? I would have thought at least the domain function level would have to be raised. If that's all it really is, then rock on! Thanks

My place of business is currently looking at introducing some Windows 8 machines into our environment (mainly Surface RT/Pro) and I'm curious as to some of the details to get this done properly. Our current environment is one domain/forest with ~25 domain controllers (GC's, one located at each site) running Server 2008 R2 and managing all Windows 7 clients (nothing previous). From what I gather, this is the process, and please correct me if I'm wrong: 1. Build and introduce Server 2012 to our environment 2. Promote (I understand there is no longer dcpromo) to domain controller 3. Raise domain/forest function levels to 2012 The questions I have around this are: 1. With the domain/forest function levels raised to 2012, can our current Server 2008 R2 domain controllers manage Windows 8 machines (group policy)? 2. If the Windows 8 devices are mainly located at one location that has the Server 2012 managing them (AD Sites and Services), can the device move to another location where it will pull a new IP and use the domain controller at that site (Server 2008 R2) for authentication and group policies? Or do we need to build/upgrade to have a Server 2012 at each site? Unfortunately I haven't had the time to research the details of a deployment, so any help is much appreciated!

My place of business is currently looking at introducing some Windows 8 machines into our environment (mainly Surface RT/Pro) and I'm curious as to some of the details to get this done properly. Our current environment is one domain/forest with ~25 domain controllers (GC's, one located at each site) running Server 2008 R2 and managing all Windows 7 clients (nothing previous). From what I gather, this is the process, and please correct me if I'm wrong: 1. Build and introduce Server 2012 to our environment 2. Promote (I understand there is no longer dcpromo) to domain controller 3. Raise domain/forest function levels to 2012 The questions I have around this are: 1. With the domain/forest function levels raised to 2012, can our current Server 2008 R2 domain controllers manage Windows 8 machines (group policy)? 2. If the Windows 8 devices are mainly located at one location that has the Server 2012 managing them (AD Sites and Services), can the device move to another location where it will pull a new IP and use the domain controller at that site (Server 2008 R2) for authentication and group policies? Or do we need to build/upgrade to have a Server 2012 at each site? Unfortunately I haven't had the time to research the details of a deployment, so any help is much appreciated!

Hey everyone, I had a quick question about a situation that I think would cause AD and/or SCCM issues but couldn't really find much to back it up or prove otherwise. I work for a school division and we occasionally have the odd computer hardware issue. We then take the hd and place it in a working machine and put the new computer back in the classroom to get them back up and running faster while we work on the defective machine. My question is, does a simple remove from domain/re-add to domain completely resolve any AD issues? Or does the machine have to be re-imaged through SCCM to make sure everything is fine? I'm also curious if SCCM would have any issues with this machine now as the hardware ID/MAC is now different. Any answers or direction would be appreciated, thanks! *edit* We are using WinXP w/ SP3 on clients, Win 2003 on servers, and forest/domain level is 2003.

Both good ideas but couldn't find anything in the Queries or the client log files Still can't find much info on it being logged somewhere. Would seem kind of odd that the clear PXE advertisement task wouldn't be logged somewhere since you need specific permission to do so in the SCCM client. Thanks for the reply and please let me know if you ever come across something!

Hey everyone, we recently ran into an issue where one of our tech's cleared the pxe advertisement on an entire collection, causing multiple machines to reimage themselves. I have been researching and looking through the logs, but unable to find any details as to who did it, and when. We have our security rights setup where only a select few users (based on AD accounts) have the ability to clear advertisements and am hoping this action is logged somewhere with their username. Does anyone know where these are stored? I have also looked through some of the available Reports but can't find much information on PXE Advertisements being cleared. Any help would be greatly appreciated!!!

Hey Brian, thanks for the reply. I ran a nslookup and ping to one of the machines that has dropped from a Collection and it does resolve properly. So not sure if it could still be DNS or not :S Another note, we use DeepFreeze in our environment but the SCCM client is installed on a Thawed partition so shouldn't cause an issue but figured I'd mention it for troubleshooting purposes Any other ideas would be greatly appreciated!

Hey all, we are noticing some strange behaviour with our SCCM collections. We've been using SCCM for about 6 months and are noticing machines disappearing from our Collections. SCCM is currently installed on Win Srv 2008 R2, and we have 1 domain with ~27 child domains. Our currently structure is manually created Collections, with the "Update this collection on a schedule" unchecked. We then assign Task Sequences to the Collections (imaging machines from bare metal) and import computers manually into their proper collections (via file/individual). It seems that about 1/2-3/4 of our machines are now missing from our Collections. If we go into the properties of the Collection, then Membership Rules, we can search for the computer (System Resource, Name) and can manually re-add them that way. But this brings a big problem when we try to distribute any software to our current structure without having to re-add all our machines. Also, if we import a file that has, for example, 100 machines and 50 of the machines are ones that are missing from SCCM they will not show up in the collection we're trying to add them too. This means if i want to create a brand new Collection and import ALL computers, only 1/4 of them will show up and I have to manually add all of them through the Membership Rules. Any help would be greatly appreciated! Just a note, the only Discovery Method I've enabled is the Heartbeat Discovery and is running at a 6 hour interval. I'm also attaching a screenshot of our current SQL tasks to run, incase I have something setup incorrectly.

Hey all, I'm usually viewing the SCCM forums but have run into an Exchange issue that I am having some issues finding an answer to. We currently have Exchange 2010 OWA and are curious if we can have it so when a user access it internally, it uses the standard authentication (windows auth.) and automatically logs them in. But if they access the page externally, it gives them the form based authentication. I'm not seeing a way to do this easily, but have thought up of a solution that may work but no clue if it will. My thought was to create a seperate OWA virtual directory (eg. mailserver.domain.com/owa2) with the same internal/external url's as the default one (mailserver.domain.com/owa). Then on the Default Page, code a page (possibly with Java or php) to determine the users IP and if it belongs to one of our subnets, route to X page, otherwise route to Y page. Would this setup work? Anyone see an issue with it? I'm assuming this can be done for Exchange 2007 OWA and isn't specific to 2010. Any help/suggestions would be greatly appreciated, and thanks!

Nope, no resolution other than waiting.. yay

My understanding is Enforced just means that it cannot be overwritten by a policy being applied further down the chain. It is currently set at the domain level policy for all users, I also tried applying this at the OU level of where the user account is and had the same results. By quick I mean them authenticating within 5 seconds of the Ctrl+Alt+Del window appearing after the machine wakes up from a sleep state. We are working on limiting our internet access to only go out from our proxy, but unfortunately as a school division we have software that cannot be configured to do so. This is common with education/health care facilities, but we are going in that direction, but it doesn't fix the fact the rest of the policies are not being applied in time. They are getting access to Start Menu items, Control Panel items, etc that they shouldn't. And working for an education division, we have a firewall that can do this Just current software limitations won't allow it, but again, isn't much of a fix if we're only resolving 1/4th of the issues that come of them bypassing it this way. We also use HP dc5800 PC's, so they are not slow/outdated with a GIG LAN between it and the domain controller.

We have found out by our users we're having an issue with group policies being applied to our students (I work for a school division). What is happening is that our computers will go to standby mode after a time period and the students have learned that if they wake the machine and log in extremely quick, the User portion of their Group Policy is not getting applied by the time they login. Things we can see that are not being applied because of this is their wallpaper, folder redirection, proxy settings, etc. I have done some searching but haven't found much for help We currently have the "Computer-Admin Temp-System-Logon-Always wait for teh network at computer startup and logon" set to Enabled, but it is still happening. Any ideas would be greatly appreciated, thanks!!

Unfortunately we don't have that option at the moment, but using app-v is something on our plates for next school year to be looking at. I have ran into a small issue with this. During the image deployment of our machines, it has the "Setup Windows and ConfigMgr" task in the task sequence. Using this command in that location doesn't seem to change the install location of the SCCM client, but it does work if I manually install SCCM onto a machine. If the SCCM client is already installed on a machine, is there a way to either reinstall or move it to another location? If it's possible, we can package and set it up later in our task sequence, but just not sure if it's even possible once it's installed to C:\. Or is there a way to uninstall the SCCM client via the package then run it again as a reinstall with the ccminstalldir command? Please let me know, any info is greatly appreciated!

Awesome! The reason we're asking is we currently use DeepFreeze on our machines and found a few issues in reporting software/hardware when all files were reverted back to the Frozen point. If we change the install location to another drive (eg. D:\), I am assuming this will resolve the issues of our reports and information pulling inaccurate information? I'll be testing this command out this afternoon, just curious if this makes sense as a fix for our environment. Thanks for the speedy response! Just incase you're not familiar with DeepFreeze, it's a piece of software that will allow you to "snapshot" your computer in a point in time and whenever it is restarted, it reverts all changes back to that snapshot. I work for a school division, so it comes in handy when kids start to play