Does anyone know of any resources that explain the inner-workings of MDT? I'm just about at my wit's end trying to tweak our build and deploy process.

Basically here are the elements that I'm trying to get to work together:

• MDT BUILD W10 IMAGE - Settings
  -- MDT to install W10 with updates as authorized by our in-house WSUS
  -- MDT to install certain free software and (VLC, foxit reader, citrix plugins)
  -- Basic settings for domain join set in unattend.xml via the MDT console / SIM
• MDT BUILD W10 IMAGE - RUN BUILD
  -- Boot VM to MDT using iso
  -- Launch task sequence
  -- Select option to "Prepare to capture the machine" (this puts MDT generated unattend.xml files in both %windir%\Panther and %windir%\System32\Sysprep)
  -- Finalize / sysprep image by going into c:\windows\system32\sysprep and executing
  --- sysprep.exe /oobe /generalize /shutdown /unattend:unattend.xml
• CAPTURE IMAGE TO FOG
  --Nothing to explain here....
• DEPLOY IMAGE FROM FOG (with custom scripting)
  -- Based on instructions and examples
  --- https://forums.fogproject.org/topic/7391/deploying-a-single-golden-image-to-different-hardware-with-fog
  --- https://forums.fogproject.org/topic/7740/the-magical-mystical-fog-post-download-script
  --- I'm setting timezone and ou based on our naming convention so that we can still image stuff for other sites here at the main office

When trying to deploy I keep getting errors about LTIBootstrap.vbs
If I take the references to LTIBootstrap out of the unattend file then the build process doesn't work
With almost everything working (deploy with auto-rename and auto domain-join) , MDT's auto admin logon settings don't get removed like they're supposed to...

Does anyone know what purposes are of the 2 different unattend.xml (panther vs sysprep)?

My apologies if this is rambling.... any help is appreciated

@gjacobse said in I can't even:

@dustinb3403 said in I can't even:

Taking from a previous post I made about a certain piece of equipment, I've just learned that the equipment must run Windows 7... because of course it does for legacy hardware.

(Nuclear Eye Roll)
So know that pain. State Unemployment app was like that for scanning... Pain ITA.

I see your state unemployment app and raise you old-ass manufacturing equipment.... XP + serial ports... luckily it didn't fall to me to try to convince it to work on something newer, but still. one of the other guys was trying to get virtualized XP to talk nice to the gear with serial pass-through from vbox and couldn't convince things to play ball

For the Dells, the newest dock (WD19 IIRC) is much better (than the WD15) based on preliminary testing and a couple that we've deployed so far. I'll strongly suggest getting the version with the 180W power so as to minimize the chances of your user having to connect the dock and the laptop's power if he's got some especially power hungry gadgets connected to the dock.

Although, knock on wood we haven't had many problems with the WD15 lately, so maybe the latest FW has fixed some of the bugs that we'd run into initially.

@Dashrender said in Softphones - complaints:

@JaredBusch said in Softphones - complaints:

@Dashrender said in Softphones - complaints:

@notverypunny said in Softphones - complaints:

On the home bandwith issue: Keep in mind that even if they're home alone, there may be other devices in the home hogging bandwidth like Win10 machines with the P2P updates and various game consoles / platforms that also do P2P style shared update platform. If they've got kids or other people at home at the same time (or share their wifi with a neighbor) then who knows what the other person is streaming / downloading etc.

This is an excellent point -

Actually, no it is not. If you put aside a shitty router, assuming some kind of quality gear was installed, then normal use on home connections will never cause a problem.

I have nearly 50 devices on my network at home.

I never have issues with service related to all the gear in the house.

The main point that I took from his post was network saturation - if you've never had network saturation - that simply amazes me. I definitely have.
And that point itself was actually already pointed out above - and definitely something I mentioned to my users when they complain - of course they fire back with - my 7 year old is home, I can't just take netflix away from them - to which I currently don't have a corporate response. Personally I would say - well, if your 7 year old is more important than you getting paid, then we will be happy to furlough you until this is over.

To your point about quality hardware - man, what planet do you live on? You're sounding like Scott now - while you didn't say you had an expectation of that - the post definitely comes off that way. These people have never worked from home a day in their lives. They also generally are on the bottom of the pay scale, top that with the fact that they don't know jack or shit about IT and even more importantly, they don't give two shits about it - they simply ask the flunky at Best Buy what they should get and they generally ignore them anyhow and just buy the cheapest shit they can. Assuming it connects to their phone and TV, they consider it good enough.

As a non WFH company, we don't supply jack for this. Most users are using 100% of their own gear, a few who don't own laptops have been given one from our spare lot to use until they return to work.... If they end up staying at home after this is all said and done, then we can look at other options.

Yeah, my point was more about saturation than shitty wifi, but that's always a possible factor as well. One of our first level guys can apparently saturate his 1G connection to the point that it starts to affect Netflix streaming at home when he's running downloads or updates on Steam. And in his case it wouldn't be a wifi issue 'cause his gaming rig is wired and he's running a ubiquity AP for the wireless.

Point being that if Steam can kill an IT guy's 1G fiber line, just imagine what kind of hell it could / can / does wreak on the average user's crappy home setup.

Good to see that you were able to resolve this. From a security perspective I'd suggest disabling that SMBv1 access that we're seeing in your screenshot.

-- Cheers!

@travisdh1
++ XO also exposes and simplifies a lot of functionality that would otherwise require mucking around in the xen CLI

Spun up a Zabbix 5.2 server on Monday and am in the process of moving our NagiosXI monitoring over. Losing our grandfathered pricing combined with something going sideways with the XI to core interface (can't create or update objects, can delete just fine) means that nagios is "buh-bye".

To reinforce @DustinB3403's point, I don't know how much training might be needed. The documentation is decent from what I've seen and google has been able to point me in the right direction for anything else.

Cheers!

@openit So for your POTS fax line, I don't think you're going to be able to monitor that unless it's actually a VoIP ATA or something that you can monitor.

We've recently moved from NagiosXI to Zabbix and I'd strongly suggest looking into it. Might seem daunting at first, but it's only as complex as you want it to be. Lots of great templates out of the box, tons more available online / in the community and overall just a really great tool. If you're only using ping to check for up/down at the moment the visibility you can gain with SNMP as well as the windows server agents will blow your mind. You can go from reactive to pro-active, as well as using it to validate what users are telling you (for example, zabbix snmp on our xerox MFCs will flag if a door or cover isn't properly closed)

@bishnitro Assuming that they support SNMP as @Dashrender inquired, Zabbix can do this for you. Nedi is great for managing switches, not sure if it can alert on individual ports or just the device as a whole.

Saw this too. Using it for a server never crossed my mind, but having a couple at remote sites or that could be express-shipped to WFH staff for desktop / laptop troubleshooting seems like an interesting possibility.

Just a reminder to step back and make sure that CPU and / or RAM are really your bottlenecks here. Network tuning / QoS can do wonders for the RDP experience and then there's the other side of the equation for the RDS server accessing those LoB apps. Some time spent with with processhacker watching not just RAM and CPU usage but process IO, network and disk / filesystem use is always a worthy investment to confirm your course of action. As soon as you've got users directly interacting with a system, be ready for surprises.

@Dashrender said in One man IT shop looking for additional help options when needed. Hire a MSP?:

@JasGot said in One man IT shop looking for additional help options when needed. Hire a MSP?:

@Dashrender said in One man IT shop looking for additional help options when needed. Hire a MSP?:

@JasGot said in One man IT shop looking for additional help options when needed. Hire a MSP?:

A topic in Self Promotion for ITSPs and their geographic area may be helpful to this group.

ITSPs aren't limited by geography.
I know what you're trying to say - you'd like to see someone post where they have remote hands immediately if they are needed without waiting for a flight, etc...

Yes. That seems to be what most of us are missing with national support.

HP, Dell, Lenovo - they have all solved this by hiring companies local to an area to be those hands - presuming the ITSPs can find those companies, they could possibly become another customer of those companies.

The challenge might be what you would have to pay. The local guy that get's all of the Dell work (don't know about the others) is the 3rd or 4th sub down from the actual Dell organization if I recall correctly. Not that he's the 3rd or 4th choice, but that the request / ticket has gone from Dell to company A who subs to company B etc etc until it gets to him. So either he's only making peanuts off the call or the initial cost to Dell is more than a small shop might consider reasonable.

I'll concede that we're not exactly a bustling metropolis, so this might be a very uncommon scenario.

All depends on budget and if the existing switch has enough interfaces available. @gjacobse proposes a good option but $40 worth of monoprice cables would get the job done too.

If anyone else needs something for IPAM / network documentation I've just fallen in love with phpipam (https://phpipam.net/)

I'd tried netbox in the past but this just seems to work better for me. You can also set up polling / discovery of the configured ranges (on a per-range basis) either from the central server or from remote agents.

Anyways, it's rare that I'll advocate for something out of the blue, but I'm almost enjoying moving our horrible excel spreadsheet documentation over to this.

Happy Friday all

@jaredbusch I thought I'd figured out the magic formula as it ran clean through the huge collection that it had problems with yesterday, but it just went bork on a smaller one. Some quick google-foo looks like it's getting into trouble with multi-threading so if it continues to be a pain I might try cutting back the threads in the command or increasing the cpu allocation for the VM... Knowing how much of an impatient sob I tend to be I'll probably boost the cpu count from it's current 8 to 16 and see if that does the trick. Although from the error message that might not do anything since google-foo leads me to believe that it's the exporter that isn't cleanly releasing or closing the process thread so that another child process can be invoked.... this thing is an unholy combination of java, mssql and some other Autonomy / IDOL bits.... the exporter is a .bat file ffs

<end rant>

@braswelljay Check with the insurance carrier to see if there's any credentials / certifications etc that they require your auditing company to have. It'd suck to go through the audit only to find out that it didn't meet the insurance company's requirements.

@pete-s said in POTS EOL?:

@dashrender said in POTS EOL?:

uh - whats IP? VOIP is IP, does it really matter if you have an ATA in the picture?

Hell, yes it matters. Alarm systems may dial the central with DTMF tones but when they start communicating it's a totally different ballgame.

If voip could transfer all the analog audio signals exactly as they appear without any jitter or compression then it would work flawlessly. But that is not how voip works. To save bandwidth voip compresses the shit out of the audio signal. If the receiving modem can understand what the sender is saying then it work, but if it's too garbled the receiving end can't understand and it won't work. That's why it might work sometimes and sometimes not.

So, to throw some relevant tech info from another lifetime (once upon a time I worked call center for VoIP and ISP). One of the main factors to be able to run alarm or fax over a voip ata is the ata's ability to support G711 or G722 audio. This is likely going to be impacted by latency and / or jitter on the underlying internet connection. If the ATA is left in an auto-selection mode (or is centrally managed by the VoIP provider) it might be too eager to use a lower bandwidth codec which might not transmit the full frequency range needed for analog systems.

@stuartjordan said in Looking to learn/research MeshCentral:

Tatical RMM integrates with meshcentral as well apparently. Although I've only tried the demo but looks promising. https://github.com/wh1te909/tacticalrmm

Doesn't just integrate, mesh now appears to be an integral part. Stood up a tactical server and it automatically installed and configured a mesh instance. Have to say that I'm pretty impressed with things so far.

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

they generally come with AV and other crap you don't want at purchase

Oh I see, that sucks. Are the company devices being bought from Walmart or something?

Seriously?

I order these from DCW. I haven't had a laptop not come with at least some third party AV in ages...

I suppose one of the reasons to not order Dell/HP, or at least not the default stuff.

Can't speak to HP, but with Dell, unless you get setup with their imaging program (you provide them with your desired stock image and it's $$$ from what I recall) they're sending you their stock OEM image with a significant amount of bloat-ware. In a corporate / enterprise setup consistency is king so it's normal that you want to reimage with something that's tested and known to play nice in your environment.