@notverypunny said in Automation thought:

Syncthing on the reports directory?

Definitely an option.

Sorted this out.
For some reason the install was setting Allow Global IP and Allow Default Route.
Once I unticked these and ticked All Managed IP it all began working.

@teece I haven't seen that happened ever, no other transport rules modified the DKIM at all.

@black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?:

@wrx7m said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?:

@black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?:

@wrx7m Is that a computer configuration or user configuration policy? Try applying the rules to only non-admins groups.

Yeah, it is at the computer level. I would like to do it via user config but I only want them to apply to users on the RD servers. I need to figure out the proper way to structure AD/GPOs to not screw up everything else.

I am guessing creating another OU as a sub container and move the RD servers into.

Edit: Since it isn't GPP, there isn't any item level targeting, so I can't do it that way.

If you can make those changes directly in the registry, maybe can allow you to use GPP and item level targeting.

Hmmm. That makes sense. Let me mull it over.

@Emad-R said in One Time, Non-Image, Windows Backup Client:

@scottalanmiller said in One Time, Non-Image, Windows Backup Client:

@Emad-R said in One Time, Non-Image, Windows Backup Client:

better to use it on another VM close to that VM

No other VM. If we open the only other VM, ESXi can't work. So that tool, I'd expect, couldn't actually run.

Oh you can run it from any where, as long as you can ping the ESXi or reach it. but i prefer a VM cause its faster

I see. That was a problem for us because we couldn't transfer off of the server, their network wasn't fast enough 😞

@Romo said in Does Windows 2016 Server have SSH?:

@Pete-S start and type winver

Awesome!

Unfortunately it's a version 1607 build 14393.3243.
So I can't install with powershell according to the article above.

Best way to run Chrome on 2016 RDS.

Use this as a reference.

https://support.google.com/chrome/a/answer/187202?hl=en

Use enterprise edition and configure admx with GPO

Set
Disk Cache Directory
Roaming Profiles Directory
User Data Directory
Setting up Legacy Browsers and Plugin
Turning off Hardware accel and other settings for performance.

Just read that 💫 and configure what policies you need. Took me a day to set up but works smooth.

@wrx7m said in Server 2016 - Force Default Update Server to WSUS Server Via GPO:

@dbeato said in Server 2016 - Force Default Update Server to WSUS Server Via GPO:

This would have happened on Server 2012 R2 as well, dual scan has been around and causes a lot of problems as you noted.

It is strange that I didn't have these issues in 2012 R2. I essentially copied the same GPO for 2012 R2 and made some minor changes to it to convert it for 2016. My 2012 R2 show the correct default service.

Weird, I have various Server 2016and now 2019 with WSUS and while dual scan was an issue for me on Server 2012/ 2012 R2 not anymore.

@pmoncho said in Windows RDS User Profiles - Migrate, Recreate or User Profile Disks?:

@Dashrender said in Windows RDS User Profiles - Migrate, Recreate or User Profile Disks?:

Cool, then you should have it easy.

FYI - Published apps still create a full profile on the RDS box, Just the desktop isn't presented to the user. If the application allows them to browse around, they could typically see the drive letters, the mapped printers, etc... that's why you still need to lock all that stuff down.

Thanks for the info. I will keep that in mind. I was debating about using UPD's like @wrx7m and that was my interest in this post.

Also, still planning out where to put Connection Broker, WebAccess and Licensing but that is another post.

For local profile management, UPDs are a lot cleaner. If we are not putting them on a file server across the network then a second partition/VHDX is set up for that task to keep them separate.

With the inclusion of FSLogix with RDS CALs/SALs now it's a no-brainer, IMNSHO, to set the project up on the FSLogix version.

Storage management is another reason why UPDs on a network or separate partition make sense. Keeping a local profile on the C:\ of the session host is messy and can cause issues down the road with users coming and going.

As far as the Broker/Gateway/Web put those roles on one VM but separate from the Session Host.

@ilyas said in Reset 120 Day Grace Period for Windows RDS Server with PowerShell:

@scottalanmiller

Hi, Thanks for wonderful script that save my time.
Could You please guide me how we can run this script on multiple servers?

I tried foreach PowerShell method but it does not work.

From the ISE, load the script and then enter-pssession for each system. Once connected, run the script from the ise. Sorted.

I would recommend to use the UEFI PXE Boot and that any UEFI boot settings on the devices to be deployed have UEFI settings enabled, including the UEFI Network stack (At least on dell devices).

For testing I always run a VM to test my deployments before using on a Desktop and prepare it as much as I can and then deploy it to the devices. It helps to add all the drive packs from the Hardware Manufacturer (Say Dell, HP and so forth).
Dell
https://www.dell.com/support/article/us/en/04/sln312414/dell-command-deploy-driver-packs-for-enterprise-client-os-deployment?lang=en
HP
http://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html
http://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x86.html
Lenovo
https://support.lenovo.com/us/en/solutions/ht074984
Acer
https://www.acer.com/sccm/
Microsoft
https://docs.microsoft.com/en-us/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices

With Pre-Staging machines you need to rely on adding the device mac addresses manually or use Microsoft AD to add them with a Script or Manually to be ready to WDS. This makes it that you can add the devices before hand and only those devices will get the deployment. However you can setup an specific network or VLAN to have the WDS

For Multicast, I like this article
https://specopssoft.com/blog/wds-multicast-configuration/
However I like the option to disconnect the clients when their speeds go way low and then go unicast instead of multicast. Multicast makes sense that way that way the slow clients do not slow the faster clients.

I am still not sure why MDT is not being implemented but that is for another post.

@scottalanmiller said in Let's Encrypt Windows Server:

@WLS-ITGuy said in Let's Encrypt Windows Server:

@JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

What would be the concern?

Curious more than anything.

Not yet.

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

@scottalanmiller said in Need to Join Windows XP Clients to a 2016 Domain:

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

@scottalanmiller said in Need to Join Windows XP Clients to a 2016 Domain:

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

Does the XP machine need to be part of the domain? What about working around that issue?

We removed the domain completely.

So now you're what - trying to use a 2019 SMB file share or something?

What does file share have to do with AD? Completely disconnected concepts.

True - I was making my own leap -

So - where does this stand now then??

We removed AD. It turned out that it had been installed without evaluation and was serving no real purpose, but was posing a significant risk.

@pmoncho said in Slow MS SQL Queries between Windows 10 VMs and MS SQL 2014 on same host:

@JasGot said in Slow MS SQL Queries between Windows 10 VMs and MS SQL 2014 on same host:

Winner Winner, Chicken Dinner. It was MDTC and Windows Firewall. (Which is frustrating, because the firewall is turned off for the domain!)

Good job at troubleshooting. I'm wondering what led you down this path versus something related to Networking, hard drives or software drivers?

Remembered it from several years ago with another SQL based application. Don't know what made me think of it at 1:30am. But I'm ok with it!

@scottalanmiller sorry I wanted to answer @flaxking but ended up replying to yours reply xD

@NerdyDad

You can use Loopback Processing also.

https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/

/proc doesn't differ too much with LXC.

[[email protected] ~]# ls /proc 1 24924 24951 25368 275 322 bus diskstats interrupts key-users locks net slabinfo thread-self zoneinfo 12471 24925 24952 25369 295 323 cgroups dma iomem kmsg mdstat pagetypeinfo softirqs timer_list 12581 24926 24953 25370 316 54 cmdline driver ioports kpagecgroup meminfo partitions stat tty 24897 24937 24955 25381 318 56 consoles execdomains irq kpagecount misc sched_debug swaps uptime 24908 24938 25157 25382 319 69 cpuinfo fb kallsyms kpageflags modules schedstat sys version 24909 24939 25258 25383 32 acpi crypto filesystems kcore latency_stats mounts scsi sysrq-trigger vmallocinfo 24910 24950 25286 25386 320 buddyinfo devices fs keys loadavg mtrr self sysvipc vmstat [[email protected] proc]$ ls /proc 1 112 2 24453 24612 31 38 427 532 644 674 759 acpi diskstats ioports kpageflags mtrr softirqs uptime 10 12 20 24455 24613 32 39 428 557 645 676 8 buddyinfo dma irq latency_stats net stat version 100 13 21 24460 24621 326 393 429 598 646 677 9 bus driver kallsyms loadavg pagetypeinfo swaps vmallocinfo 101 13532 21810 24461 2599 33 4 43 599 647 681 9133 cgroups execdomains kcore locks partitions sys vmstat 102 14 22 24510 27 332 403 430 6 648 682 9214 cmdline fb keys mdstat sched_debug sysrq-trigger zoneinfo 103 15 23 24512 28 34 421 431 612 654 683 968 consoles filesystems key-users meminfo schedstat sysvipc 105 16 23974 24520 29 35 424 432 613 659 684 969 cpuinfo fs kmsg misc scsi thread-self 106 17 24 24562 3 36 425 44 615 662 694 98 crypto interrupts kpagecgroup modules self timer_list 11 18 24449 24568 30 37 426 517 643 664 752 99 devices iomem kpagecount mounts slabinfo tty

Container on top. KVM on bottom.

Thanks all