TomF

As in the site the device is using will have to have the server 2012 admx files to apply group policies properly? Even if another domain controller in a different site has the new admx files. Do I have that right?

Really, that's it? I would have thought at least the domain function level would have to be raised. If that's all it really is, then rock on! Thanks

My place of business is currently looking at introducing some Windows 8 machines into our environment (mainly Surface RT/Pro) and I'm curious as to some of the details to get this done properly. Our current environment is one domain/forest with ~25 domain controllers (GC's, one located at each site) running Server 2008 R2 and managing all Windows 7 clients (nothing previous). From what I gather, this is the process, and please correct me if I'm wrong: 1. Build and introduce Server 2012 to our environment 2. Promote (I understand there is no longer dcpromo) to domain controller 3. Raise domain/forest function levels to 2012 The questions I have around this are: 1. With the domain/forest function levels raised to 2012, can our current Server 2008 R2 domain controllers manage Windows 8 machines (group policy)? 2. If the Windows 8 devices are mainly located at one location that has the Server 2012 managing them (AD Sites and Services), can the device move to another location where it will pull a new IP and use the domain controller at that site (Server 2008 R2) for authentication and group policies? Or do we need to build/upgrade to have a Server 2012 at each site? Unfortunately I haven't had the time to research the details of a deployment, so any help is much appreciated!

My place of business is currently looking at introducing some Windows 8 machines into our environment (mainly Surface RT/Pro) and I'm curious as to some of the details to get this done properly. Our current environment is one domain/forest with ~25 domain controllers (GC's, one located at each site) running Server 2008 R2 and managing all Windows 7 clients (nothing previous). From what I gather, this is the process, and please correct me if I'm wrong: 1. Build and introduce Server 2012 to our environment 2. Promote (I understand there is no longer dcpromo) to domain controller 3. Raise domain/forest function levels to 2012 The questions I have around this are: 1. With the domain/forest function levels raised to 2012, can our current Server 2008 R2 domain controllers manage Windows 8 machines (group policy)? 2. If the Windows 8 devices are mainly located at one location that has the Server 2012 managing them (AD Sites and Services), can the device move to another location where it will pull a new IP and use the domain controller at that site (Server 2008 R2) for authentication and group policies? Or do we need to build/upgrade to have a Server 2012 at each site? Unfortunately I haven't had the time to research the details of a deployment, so any help is much appreciated!

Hey everyone, I had a quick question about a situation that I think would cause AD and/or SCCM issues but couldn't really find much to back it up or prove otherwise. I work for a school division and we occasionally have the odd computer hardware issue. We then take the hd and place it in a working machine and put the new computer back in the classroom to get them back up and running faster while we work on the defective machine. My question is, does a simple remove from domain/re-add to domain completely resolve any AD issues? Or does the machine have to be re-imaged through SCCM to make sure everything is fine? I'm also curious if SCCM would have any issues with this machine now as the hardware ID/MAC is now different. Any answers or direction would be appreciated, thanks! *edit* We are using WinXP w/ SP3 on clients, Win 2003 on servers, and forest/domain level is 2003.

Both good ideas but couldn't find anything in the Queries or the client log files Still can't find much info on it being logged somewhere. Would seem kind of odd that the clear PXE advertisement task wouldn't be logged somewhere since you need specific permission to do so in the SCCM client. Thanks for the reply and please let me know if you ever come across something!

Hey everyone, we recently ran into an issue where one of our tech's cleared the pxe advertisement on an entire collection, causing multiple machines to reimage themselves. I have been researching and looking through the logs, but unable to find any details as to who did it, and when. We have our security rights setup where only a select few users (based on AD accounts) have the ability to clear advertisements and am hoping this action is logged somewhere with their username. Does anyone know where these are stored? I have also looked through some of the available Reports but can't find much information on PXE Advertisements being cleared. Any help would be greatly appreciated!!!

Hey Brian, thanks for the reply. I ran a nslookup and ping to one of the machines that has dropped from a Collection and it does resolve properly. So not sure if it could still be DNS or not :S Another note, we use DeepFreeze in our environment but the SCCM client is installed on a Thawed partition so shouldn't cause an issue but figured I'd mention it for troubleshooting purposes Any other ideas would be greatly appreciated!

Hey all, we are noticing some strange behaviour with our SCCM collections. We've been using SCCM for about 6 months and are noticing machines disappearing from our Collections. SCCM is currently installed on Win Srv 2008 R2, and we have 1 domain with ~27 child domains. Our currently structure is manually created Collections, with the "Update this collection on a schedule" unchecked. We then assign Task Sequences to the Collections (imaging machines from bare metal) and import computers manually into their proper collections (via file/individual). It seems that about 1/2-3/4 of our machines are now missing from our Collections. If we go into the properties of the Collection, then Membership Rules, we can search for the computer (System Resource, Name) and can manually re-add them that way. But this brings a big problem when we try to distribute any software to our current structure without having to re-add all our machines. Also, if we import a file that has, for example, 100 machines and 50 of the machines are ones that are missing from SCCM they will not show up in the collection we're trying to add them too. This means if i want to create a brand new Collection and import ALL computers, only 1/4 of them will show up and I have to manually add all of them through the Membership Rules. Any help would be greatly appreciated! Just a note, the only Discovery Method I've enabled is the Heartbeat Discovery and is running at a 6 hour interval. I'm also attaching a screenshot of our current SQL tasks to run, incase I have something setup incorrectly.

Hey all, I'm usually viewing the SCCM forums but have run into an Exchange issue that I am having some issues finding an answer to. We currently have Exchange 2010 OWA and are curious if we can have it so when a user access it internally, it uses the standard authentication (windows auth.) and automatically logs them in. But if they access the page externally, it gives them the form based authentication. I'm not seeing a way to do this easily, but have thought up of a solution that may work but no clue if it will. My thought was to create a seperate OWA virtual directory (eg. mailserver.domain.com/owa2) with the same internal/external url's as the default one (mailserver.domain.com/owa). Then on the Default Page, code a page (possibly with Java or php) to determine the users IP and if it belongs to one of our subnets, route to X page, otherwise route to Y page. Would this setup work? Anyone see an issue with it? I'm assuming this can be done for Exchange 2007 OWA and isn't specific to 2010. Any help/suggestions would be greatly appreciated, and thanks!

Nope, no resolution other than waiting.. yay

My understanding is Enforced just means that it cannot be overwritten by a policy being applied further down the chain. It is currently set at the domain level policy for all users, I also tried applying this at the OU level of where the user account is and had the same results. By quick I mean them authenticating within 5 seconds of the Ctrl+Alt+Del window appearing after the machine wakes up from a sleep state. We are working on limiting our internet access to only go out from our proxy, but unfortunately as a school division we have software that cannot be configured to do so. This is common with education/health care facilities, but we are going in that direction, but it doesn't fix the fact the rest of the policies are not being applied in time. They are getting access to Start Menu items, Control Panel items, etc that they shouldn't. And working for an education division, we have a firewall that can do this Just current software limitations won't allow it, but again, isn't much of a fix if we're only resolving 1/4th of the issues that come of them bypassing it this way. We also use HP dc5800 PC's, so they are not slow/outdated with a GIG LAN between it and the domain controller.

We have found out by our users we're having an issue with group policies being applied to our students (I work for a school division). What is happening is that our computers will go to standby mode after a time period and the students have learned that if they wake the machine and log in extremely quick, the User portion of their Group Policy is not getting applied by the time they login. Things we can see that are not being applied because of this is their wallpaper, folder redirection, proxy settings, etc. I have done some searching but haven't found much for help We currently have the "Computer-Admin Temp-System-Logon-Always wait for teh network at computer startup and logon" set to Enabled, but it is still happening. Any ideas would be greatly appreciated, thanks!!

Unfortunately we don't have that option at the moment, but using app-v is something on our plates for next school year to be looking at. I have ran into a small issue with this. During the image deployment of our machines, it has the "Setup Windows and ConfigMgr" task in the task sequence. Using this command in that location doesn't seem to change the install location of the SCCM client, but it does work if I manually install SCCM onto a machine. If the SCCM client is already installed on a machine, is there a way to either reinstall or move it to another location? If it's possible, we can package and set it up later in our task sequence, but just not sure if it's even possible once it's installed to C:\. Or is there a way to uninstall the SCCM client via the package then run it again as a reinstall with the ccminstalldir command? Please let me know, any info is greatly appreciated!

Awesome! The reason we're asking is we currently use DeepFreeze on our machines and found a few issues in reporting software/hardware when all files were reverted back to the Frozen point. If we change the install location to another drive (eg. D:\), I am assuming this will resolve the issues of our reports and information pulling inaccurate information? I'll be testing this command out this afternoon, just curious if this makes sense as a fix for our environment. Thanks for the speedy response! Just incase you're not familiar with DeepFreeze, it's a piece of software that will allow you to "snapshot" your computer in a point in time and whenever it is restarted, it reverts all changes back to that snapshot. I work for a school division, so it comes in handy when kids start to play

Hey all, I have been looking around but haven't been able to find a yes or no answer to this question. Is it possible to install the SCCM client to another location other than C:\Windows\system32\CCM? If so, what would need to be done server side to make sure the reporting would work properly, and if not, thanks for the info

Hey everyone, I have a specific question for you guys and hoping for some quick feedback We are currently running SCCM 2007 SP2 in a all Windows Server 2003 environment. In the summer of 2011 we are moving to all servers Windows Server 2008 (work for an education facility). Due to storage and a long story of how SCCM was introduced into our environment, we are going to be starting again from scratch sooner than that. I am wondering if it's possible, or would cause any issues, to have the Primary Site installed on a Srv2008 box, and still use our currently Srv2003 boxes as deployment points (after being resetup of course). Also, from what I've read, am I correct to think the best environment is to have 1 SCCM server with the SQL server, Reporting Services/reporting point role and the site database server role. Then have your Primary Site that has your other roles needed for management? Please let me know if there will be any issues with the mixed environment, and if my understanding of what the "best practice" setup is is accurate or not. Thanks a ton!

No, but good question. Just checking it now (we currently use Symantec EndPoint) and everything seems to check out fine. I'm not seeing any reports of virus' or threats on the server, but we also have no folder exceptions in place on the DP so is it possible that it's still causing issues? I also checked our performance logs on the server incase AV or another service is kicking the **** out of the box while this is happening and the highest cpu spike in the past 2 days (during a deploy) was 40% and 45% ram utilization. Just a side note, I added the OSI to the distribution point yesterday at 1:15pm and it JUST finished today at 2:55pm (shows the Source Version when looking at the Package Status). Thanks for the quick reply!

Hey all, I have a question but also want to point out the amazing work/guides/posts on this site! Tons of information and has definately pointed me in the right direction multiple times.. but now back to business We currently have SCCM 2007 SP2 with 1 primary site and multiple distribution points in the same forest but different domains. We have been deploying OS Images and some packages via SCCM for a while and have been experiencing this issue since day 1 (started this past summer) and have run out of ideas. When adding the OSI to SCCM, and setting up a Distribution Point it takes HOURS (almost 24 hours in total) to transfer the file to the Distribution Point. The connection between the 2 points is 100mb/s and file size is about 17gigs (a .wim file). - BITS is enabled in IIS on both sites. - BITS throttling is set to Not Configured in SCCM. - All BITS throttling GPO's are set to Not Configured. - Priority for the OSI's are set to High before setting up a Distribution Point. - Both servers are Win Srv 2003 (latest SP). - I can copy/paste the file between the points in roughly 11 minutes. - The package will eventually be successful in sending, but is not realistic for it to take this long. - Running a constant ping between the 2 sites shows excellent latency and no dropped response times. So with that, I have 2 questions. 1) Is there anything else you can think of that can be causing this? 2) I haven't been able to find a guide on how to manually copy the OSI to the DP properly (where to put it, what to setup, etc) so does anyone know of one? Please help!