Roaming Profiles can be a real bear to manage and when they break they break hard.

We've been using Redirected Folders since the 2000/2003 days. We redirect My Docs and subfolders, Desktop, Links (Favourites/Quick Access links in File Explorer), IE Favourites, and that's it.

Redirecting AppData can be a bad thing. There's certificate and security service content in there that tends to not like being redirected.

Some pearls and caveats involved with Redirected Folders:
1: If user content needs to be redirected back to their machines logon times can be very long especially if they have a lot of content.
2: If a new server destination is set logon times can also be very long as files/content get transferred to the new destination.
3: Destination permissions need to be set as per Microsoft's KB to allow for traverse but exclusive to user access.
4: Be mindful of user OU structure and Redirected Folder destinations relative to Sites especially WAN based sites.
5: If exclusive access is set in the GPO then don't mess with the permissions on the user's home folder (they get created automagically).
6: In cases where the destination server's name is different use the Disable Strict Naming setting in Group Policy to allow DNS to point to the new location and just connect the old file server VM's VHDX/VMDK and share it. Note that the new destination will need to have a new share name.
7: Make sure to use File Resource Manager to set quotas and file type filters and have e-mail set up to warn the user and the admin(s).
8: Offline Files should be set via Group Policy with file types such as .PST, .QBxx, and other active content excluded from redirection.
9: Limit the Offline Files cache size based on the smallest storage being delivered to users or GPO/OU delimit the size for different groups.
10: Redirected Folders and the GPO settings tend to tattoo so keep this in mind.
11: We use GPPreferences to create a set of folders on the C : drive: C:\ClientData\AppName\SubFolders <-- Users are trained to put their active data such as archive PSTs, QB, Sage, ETC data there.

Long story short, there would be a lot less grief with Redirected Folders.

EDIT:
12: Enable Access-based Enumeration on the root share (we do this for all shares)

Some posts that have aged well:
http://blog.mpecsinc.ca/2009/06/sbs-2003-to-sbs-2008-migrations-folder.html
Root folders permissions setup:
http://blog.mpecsinc.ca/2010/12/sbs-2008-and-sbs-2011-folder.html
Microsoft's official doc:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj649078(v%3Dws.11)

For anyone curious, recovery mode does not even query DHCP.
0_1532740986246_93BA8716-236E-4B42-80F3-EC4CACCD776E.jpeg

@gjacobse
0_1532728681408_c397e705-dd72-4251-bb31-da87f21b9d1f-image.png

@dafyre said in Fedora - Low disk space on root.:

@irj said in Fedora - Low disk space on root.:

Maybe it is my Windows virtual machine!

I always fix my KVM to use /home/virtualmachines for the VMs. 🙂

I decided to delete it. I am able to RDP into Windows if I need it anyway. My total disk size is only 128GB. So I dont really have room for a 30GB VM anyway.

Sorry, guys. pasted the link to this thread. The correct one is https://www.altaro.com/hyper-v/restoring-virtual-machine-creation-time/

I'm awaiting the user testing the hardware acceleration disablement.

Did you use the Libreswan or Strongswan setting in your previous post?

@pete-s said in ARM Desktop I Finally Want:

Add $30 for 4GB of memory and you're at the same price as the board you mentioned but with 2-3 times the performance of the rockchip. The J3455 is an older NUC so it can only take 8GB RAM.

Well that's at least $160 vs. $129. But a bigger deal is power consumption, I think. I'd like to see the numbers, but I bet that the RC is dramatically lower.

Meh, what difference does it really make? If anything, I'm glad. Having high quality hardware allowed a lot of shops to try to justify buying something that was fundamentally wrong for an unrelated reason.

@lj said in user CALS:

Thanks. That's what I thought but you never are sure when reading Microsoft terms. As Eric Siron who writes @ Altaro Hyper- V blog says "Concise and Microsoft Licensing will never intersect".

Of course not, that is one way they sell way more licenses than are actually needed.

Post can be closed. I found our GPO's are not tied to the OU's so was fine to simply re-create new OUs. Cheers.

@phlipelder said in SSH SCP - Need Pointers for "server" on Windows:

@scottalanmiller said in SSH SCP - Need Pointers for "server" on Windows:

@jaredbusch said in SSH SCP - Need Pointers for "server" on Windows:

@scottalanmiller said in SSH SCP - Need Pointers for "server" on Windows:

@phlipelder said in SSH SCP - Need Pointers for "server" on Windows:

I'm looking for something to serve that file that I can run on a Win10 machine. My search foo is failing probably due to not having the right search terms.

Nothing needed, Windows 10 does that natively.

Really? WTF are you on today?

Mine does. We use it constantly. It's how we use SSH to automate Windows 10 PowerShell.

Suweet! Thanks for that! 🙂

You bet. We've been SO happy with it. It's allowed us to make Windows so much more efficient by using Linux front ends that contact Windows via SSH. So our users are on Windows only for seconds, and get to do all of their real work on Linux.

@irj said in Encrypt Disk After Installation on Fedora:

@scottalanmiller said in Encrypt Disk After Installation on Fedora:

@irj said in Encrypt Disk After Installation on Fedora:

@travisdh1 said in Encrypt Disk After Installation on Fedora:

@irj said in Encrypt Disk After Installation on Fedora:

How can I do full disk encryption post installation on Fedora?

Do you need encryption on the OS for some reason? General you'd just encrypt /home. That assumes the system is secured properly in the first place.

I don't know how to enable full day of encryption after installation of the top of my head. Reinstalling is really easy tho, just backup and restore /home. All you're settings should persist with just that, and reinstalling you're programs is easy and quick as well.

hmmm... So no real reason to encrypt the OS? If my laptop is lost, and a someone resets password, will they be able to access my home directory?

No, that's the point of encryption.

So just encrypting the home directory will accomplish what I need?

Yes.

@phlipelder said in Default printer Webex on Remote Desktop Session:

I gather that the terminal client MSTSC has local resources unchecked?

Are the printers set up on the Session Host(s) that the users would be using? Are they allowed to choose the default printer via Devices & Printers (Control Panel) or are they not able to get into any Control Panel applets?

Yes local resources unchecked.

Yes, each session has printers setup on them. They are allowed to choose the printer they want.

Everything works except the default printer keeps changing to WebEx.

@storageninja said in Cisco SmartNet:

@dave247 it’s basically a people management platform. Can have a system do a sales manager can tap calls and recordings and do all kinds of metrics they integrate to the CRM. I’d argue avaya is more powerful, but call manager isn’t something you Casual replace with an open source PBX.

Now call manager express (its little cousin) is a basic PBX with unity for voicemail. If you went call manager instead of express I assume someone had some fancy needs.

We actually had an old Avaya PBX for the last 7 years or longer. It was quite simple and did the job.. CCM is a fucking nightmare with how many menus, sub-menus, sub-sub-sub-sub-sub-sub menus and such.. not to mention all the servers and sub-server-applications involved. You'd think it was designed for companies with thousands of employess, not under 100. OH WAIT.

@joel said in OBR10 - Server Setup:

@scottalanmiller said in OBR10 - Server Setup:

@joel said in OBR10 - Server Setup:

Then, I can provision DomainController
Add Virtual Hard Drive - C:\OS (130GB) - (Location: D:\VM\DomainController)
Add Virtual Hard Drive - D:\Logs (20GB) - (Location: D:\VM\DomainController)

Why would you make a domain controller like this? Of all workloads, should not be this way.

I recall reading a MS article stating 😄 should have the OS installed but then a second drive should be used as SysVOL/Logs

No, that's not a normal or recommended setup. Maybe for some very specific scenario, but absolutely is not a good default. Default is one 😄 for everything. For DCs, always a single drive, never do this extra stuff. This is what we call "getting weird."

@dafyre said in Microsoft VPN client: Error 809:

@gjacobse said in Microsoft VPN client: Error 809:

Ran the Diagnostics logging and came back with this:

https://msdn.microsoft.com/en-us/library/ms821096.aspx

Explanation:
RASGTWY.DLL is missing or corrupted.
User Action:
Either copy RASGTWY.DLL from your installation disks to the C:\WINNT\system32 directory or reinstall the Remote Access Service. Use the Network option in the Control Panel to remove and then reinstall the Remote Access Service.

Okay.. What/where i that. since RAS is not checked in Windows Features

Check the destination folder... C:\WINNT hasn't been used in... along time.

Folder does not exist.

@guyinpv said in Lots of Nextcloud issues:

I'm feeling like Dr. House right now, I think everybody is lying.

That's what most people do.

@momurda if you doubt what type (object/string/anything) is returned, try using $a.GetType() and it will return you the variable type.

Since I was working with only ONE user this is what I needed to change it to, else was getting Parameter set cannot be resolved

Import-module ActiveDirectory Get-ADUser -Filter {Name -eq "SomeUser"} -SearchBase "OU=Users,OU=OUGroup,DC=DOMAINname,DC=com" | Set-ADUser –scriptPath “\\SERVERNAME\netlogon\2018ADUC-script.txt”

But it worked!