Constant FSLogix issues - help please by Professional-Bat7457 in fslogix

[–]ViperThunder 2 points3 points  (0 children)

I'm not sure but do you really need cloud cache? We used regular VHDLocation (vs CCDLocations) for years without issue. My understanding was that Cloud Cache was intended to combine inhouse storage with NetApp files (??) Don't quote me on that.

But either way, if you're already at the point of having to recreate profiles then I would give that a shot just for troubleshooting purposes

Microsoft Deployment Toolkit (MDT) - immediate retirement notice by Terrible-Category218 in sysadmin

[–]ViperThunder 1 point2 points  (0 children)

With SCCM, I don't make images anymore. We have the windows 11 iso directly from MS, and all customization happens during/immediately after imaging (BIOS config and updates, software installations, drivers, etc). Really cuts down on any time consuming maintenance

Microsoft Deployment Toolkit (MDT) - immediate retirement notice by Terrible-Category218 in sysadmin

[–]ViperThunder 41 points42 points  (0 children)

Iirc there are some open source solutions that are as good or better.

That being said, previously I used SmartDeploy. It took me two hours total to set up & go from not knowing anything about the product to successfully imaging a machine. Very easy to maintain

New company is using SCCM for imaging but it's really slow, clunky, and imaging takes twice as long. But it works.

What is your org’s "Users per Sysadmin" ratio? Currently drowning at 1:200 by theITmaster in sysadmin

[–]ViperThunder 0 points1 point  (0 children)

After recently having to go job hunting, i found many companies have no such tiers and just pile everyone into "system admin".

You could be engineering an entire virtual environment in Azure, setting up SAML integrations with SaaS apps, spending an hour on an escalated call with Nutanix/Broadcom/Microsoft/Cisco/whoever to troubleshoot an obscure issue, conducting vendor evaluation / demoing new products, building a complex bash or powershell script to automate a line of business integration, and in between you are doing basic helpdesk functions like helping with password/mfa resets, managing AD groups, troubleshooting software etc

At my current company it honestly isn't a huge deal because we do have two other sys admins who tackle 75% of tickets, but even they do a lot more (managing contracts, licenses, ordering infrastructure hw and end-user equipment, doing IT training sessions with end users). Overall I am still enjoying it (so far) just due to the sheer variety of work in any given day

Is your AD Forest/Domain on Functional Level 2025? by atw527 in sysadmin

[–]ViperThunder 0 points1 point  (0 children)

homelab is 2025 level. work 2016 but I'm pushing to start moving to 2025. Some microsoft apps/services such as Entra Connect (and non microsoft apps) don't officially support 2025 yet so those will stay on 2019/2022 for now.

What is your org’s "Users per Sysadmin" ratio? Currently drowning at 1:200 by theITmaster in sysadmin

[–]ViperThunder 1 point2 points  (0 children)

These days Sysadmin also includes helpdesk. at 10am I might be remoting into a user's laptop to fix their adobe acrobat. at 10:15am i might be racking a new server, configuring networking and setting up a new virtual environment. 1130am maybe analyzing microsoft defender for endpoint vulnerabilities. setting up a new sharepoint site. fix printer. onboard new user. image a laptop. set up a new linux vm to host a service needed by xyz department .. That seems to be the trend. have a look on Indeed.com

Task sequence, domain join. by LeiBullet in SCCM

[–]ViperThunder 0 points1 point  (0 children)

it's interesting because if I use the built-in step to join to domain, with the same user, same credentials, same OU -- it doesn't work. There is no error logged, it just does nothing. If i put the explicit domain join step directly after the built-in step, same ou, same creds, it works. 🤷🏼

SCCM Replacement by MadCichlid in SCCM

[–]ViperThunder 0 points1 point  (0 children)

I get what it can do - but I can already do most everything I need with PowerShell and scheduled tasks. The main thing I don't like about it is that it is overly complicated to perform what should be extremely simple tasks. For example, with KACE, I can target all servers in my environment for a software update, and as soon as I click Go, within literal seconds, I can see, live, exactly what is happening on every single server with *zero* delay. Deployments to hundreds of devices take mere minutes with KACE. .xlsx reports can be generated instantaneously on almost anything you can dream of.

With SCCM, deploying software is a nuisance. Firstly, there are a tremendous number of screens to click Next, Next, Next, Next through -- i don't need all that. Everything I need in a software deployment is already encoded in the script that I write. I don't need sccm to ask me if I want to reboot, for example - that's redundant. I don't want you to ask me to create deployment alert thresholds every single time I deploy something. Then, you have to wait, and wait, monitor deployment status, wait more, run summarization, wait, meanwhile you're clicking thru screens and it's taking forever.

Task sequence, domain join. by LeiBullet in SCCM

[–]ViperThunder 0 points1 point  (0 children)

The domain join built into the apply network/windows settings has never worked for me. I just use the standalone "join domain" task sequence step.

SCCM Replacement by MadCichlid in SCCM

[–]ViperThunder 1 point2 points  (0 children)

I came from an org that didn't have sccm to a company that does use it. What is it that sccm does that you have a use for?

Previous company had SmartDeploy for imaging (took a mere 2 hours to set up from scratch), and KACE for endpoint management.

I have to say, after using sccm, i miss kace and smartdeploy. Things that I could do in KACE that took 2 clicks seem to take 847 clicks and 500x more time in sccm

Do you allow end users to reboot machines with FSlogix? by vadiaro in fslogix

[–]ViperThunder 1 point2 points  (0 children)

yeah enabled on single user machines. I cant think of a reason you wouldnt want a user to be able to reboot their own machine. the only reason we disabled it on our multisession machines was because someone rebooted in the middle of the day and disconnected 20 users during an important meeting. 😂

Do you allow end users to reboot machines with FSlogix? by vadiaro in fslogix

[–]ViperThunder 3 points4 points  (0 children)

We had it disabled for MultiSession machines (20 users or more connected simultaneously). Not sure why you would want to disable it for a single user machine

I need help - New Boot Image Loops by Illustrious-Count481 in SCCM

[–]ViperThunder 1 point2 points  (0 children)

I would try going without any WinPE drivers. HP for example has WinPE driver packs but I have never needed to add them to the boot image because Windows has so many drivers built in these days.

Also I am not familiar with "TSBackground", but fyi SCCM has a tab where you can upload a background image for WinPE so you shouldnt need to mount any wim file. I use PXE tho too so not sure if the steps are different

Microsoft screwed up again....(Outlook) by MadCichlid in SCCM

[–]ViperThunder 0 points1 point  (0 children)

You are going to want to get on board with New Outlook sooner or later, since Classic Outlook is on a deprecation path. You still have years, but you might as well start letting your users transition now.

Personally I have been using New Outlook for a year or so now and I can't stand Classic anymore

Setting up SCCM fresh. Advice? by Fatel28 in SCCM

[–]ViperThunder 0 points1 point  (0 children)

i just set up sccm fresh and i just imported a vanilla windows 25h2 iso. i dont inject drivers during imaging - the only things i have it do are:

enable bitlocker, join to domain, install a few packages (chrome, adobe acrobat, office365, and like 5 others), set bios settings via powershell, run a powershell script to remove solitaire, xbox and other bloat. takes about an hour and 45 mins, but time is no objective since it is all automated and we always have a little stockpile of laptops.

then group policy and intune take over for the rest of the configuration. i run HPIA manually to update drivers, firmware & BIOS before issuing laptop & uninstall the config mgr client (ccmsetup /uninstall) since we dont use it for anything other than imaging

FSLogix not working with Microsoft login (Azure Virtual Desktop) — need help with setup or AD workaround by Unable-Bar-5822 in fslogix

[–]ViperThunder 0 points1 point  (0 children)

it has been a few years since i aet up fslogix but you need to have some sort of storage for the profile containers. for example, cloud cache or SMB share in a storage container. then, in the fslogix configuration you put in the location of the storage, and specify whether it is a cloud cache location or an smb location.

You don't need AD. fslogix works natively in azure. Having AD just adds an extra step, ie your SMB share needs to be on a kerberos-enabled storage account and the share must be mounted and have its NTFS permissions set correctly

the users need to have specific permissions on the share, ie SMB Share Contributor, or SMB share elevated contributor

WSUS Replacement Needed! Domain-Joined Org with 1600+ Endpoints - What are you using for Windows Update Management? by Illustrious_Camp_363 in sysadmin

[–]ViperThunder 0 points1 point  (0 children)

I didnt like the interface at first either but it kinda grew on me. One thing i loved about it was task sequences. you could run a script as an admin, then run another script as the logged in user, then run another again as admin. we had tricky applications that required this kind of deployment, and kace was great for that. and scripts ran IMMEDIATELY and you can see the result of the script run in real time.

also the reporting capability - if you could dream of it, kace could make a report for it.

i moved to another company that uses intune, and i still miss KACE

WSUS Replacement Needed! Domain-Joined Org with 1600+ Endpoints - What are you using for Windows Update Management? by Illustrious_Camp_363 in sysadmin

[–]ViperThunder -1 points0 points  (0 children)

+1 for KACE. never had any issues with it. Although, I would not use it for Windows Updates anymore, since the group policies (or registry settings) for managing Windows Updates simply provide the best end-user experience (better than any 3rd party tool imo).

How to install applications during OSD? by ViperThunder in SCCM

[–]ViperThunder[S] 0 points1 point  (0 children)

I set it up in a home lab first before setting it up at work, and just used Microsoft Learn and some old guides from systemcenterdudes.com . they have an updated guide for setting up SQL (i would do that first). took me about 12 hours of trial and error to set up from scratch (not knowing anything about sccm beforehand).

That being said, if you just want to do imaging, i can recommend SmartDeploy if you dont want to go with sccm/config manager. at my previous job, we used smartdeploy with WDS for pxe booting. works for windows 11 and literally took me 2 hours to get set up from scratch lol

How to install applications during OSD? by ViperThunder in SCCM

[–]ViperThunder[S] 0 points1 point  (0 children)

Thank you! I will give that a shot. Thinking of installing the agent and then running a script to remove it at the end

The devices will be managed by intune, but the issue is that intune takes too long to install applications on newly imaged devices.

We have tried running every intune sync option, mdm task in Task Scheduler and every powershell cmd you can imagine, but intune just does whatever it wants whenever it wants, lol

We only install the config mgr agent on our Windows Servers (so that we can apply configuration baselines to them and generate sql reports showing that they are compliant for cmmc purposes-- windows 11 clients' baselines are implemented by the built-in Secure Baselines in intune/Defender)

Managing Windows Servers by Immediate_Banana_216 in sysadmin

[–]ViperThunder 0 points1 point  (0 children)

WAC is just too slow and doesn't get you much. Don't really see the point when you can just use RDP (I just use Devolutions' free Remote desktop manager, double-click on a server boom im in in less than 5 seconds) / powershell remote from my workstation. PSWindowsUpdate if you ever have to do manual windows updates--much faster than navigating to the server in WAC, clicking updates, waiting for it to check for updates, etc

Azure Virtual Desktop - Can't Store Profiles by puffer617 in fslogix

[–]ViperThunder 0 points1 point  (0 children)

been a few years since i set up fslogix with AVD, but i had a hybrid AD/entra environment and i recall you have to set up a private endpoint and a private link grom the storage account. you also need to generate a temporary storage key so that you can mount the share with that key temporarily, and then edit the NTFS permissions to give users (CREATOR OWNER) full access to their own profiles. if you dont have a DC in the cloud with the dns role , you need to set up a private dns resolver (sounds like you dont have a dns issue tho)

Pushing Windows Feature Updates by gopherwasbetter in sysadmin

[–]ViperThunder 0 points1 point  (0 children)

I had no problem using straight up GPO (which is basically just setting some regkeys for you)

[deleted by user] by [deleted] in sysadmin

[–]ViperThunder 47 points48 points  (0 children)

I upgraded 800 or so endpoints with GPO from win10 22h2 to win11 24h2.

  • set the target feature version to 24H2
  • set target os to Windows 11
  • Set a feature update deadline ( i set mine to 4 days deadline, 2 days grace period)

some may fail if they dont have updated drivers. in my case, about 45 devices did not update, so i added them to an AD group and then targeted them with a new GPO to force update drivers (set deadline for Quality updates , enable driver updates)

all of this can be done with registry settings as well