cluberti

If you know what updates you need, you can download them from the Windows Update Catalog: http://v4.windowsupdate.microsoft.com/catalog/en/default.asp

I personally use AdminStudio from Installshield/Macrovision, but I've been known to use Orca for basic .msi tasks.

Well, if you want free, it likely won't be "easy". However, you can download the platform SDK from Microsoft, and use the included ORCA msi editor to create your own .msi packages - the ORCA package, as well as the SDK, are free.

That's the hardest part about making the internet secure - most people think security is something you can buy, rather than something you practice. The A/V and antispyware vendors make a killing because the earth contains a vastly uneducated user base, security-wise. And since most people now consider a PC an appliance, rather than a tool, this isn't going to ever improve - it's become to be thought of in the same vein as a refrigerator or stove for most people.

"1. Will this computer be powerful enough given the info?" That depends on how many users will be attached at any one time - terminal servers are heavily dependant on system RAM, so I'd say you'd want as much of the 4GB maximum you can put in that machine for starters. 1GB of RAM is enough for 2 or 3 users, but if you plan on having 5 to 10 (or more) users on the box at any one time, you'll want a lot more RAM than 1GB. Not to mention the kernel memory constraints that 1GB of RAM brings to the table, which are going to be heavily exacerbated with TS installed... "2. Is there a way to make a shortcut that would launch a TS session, but execute a different application depending on the shortcut config? So my for the people who need it, they would have a time clock icon as well as a quickbooks icon." Yes, but this isn't something that is easy to do - you'd have to replace the explorer.exe shell with your own, and doing so makes group policy processing not work. If you REALLY want to do this, you should strongly consider Citrix and Application Publishing, rather than a full TS login. "3. How do profiles play into this? I understand that since it's running the session locally there will be new profiles made. I'm not concerned about the profiles...a manditory one would be nice. Can I make just one profile that all users have to use, and then only have to backup one profile?" If you create a profile on the TS in the Default User profile called "ntuser.man" (rather than ntuser.dat), the profile becomes mandatory for the user and by default no changes can be saved (they can be made, but they aren't saved on logoff). "4. I know Quickbooks isn't certified for TS, but it's just a registry access permissions issue. There is info to get around this. The time clock one might not even work...it's that shaddy. If I run into an issue with the time clock, are there any possible workarounds?" Possibly - you need to know what registry and file level permissions need to be made for the application to work - and if the application doesn't play nicely registry-wise, you may be out of luck. These sorts of things are always trial and error - and sometimes, you just can't run something in a TS environment no matter what. Perhaps the vendor of the software in question may have some tips that you can gather from their support line, or perhaps even an updated version that does run natively in a TS environment. "5. When thinking about backup, what should I be concerned with. The profiles? Are there any extra TS only files that I should watch out for?" The only time a TS profile is different is when a user is actually logged on - otherwise, TS profiles are really not any different than regular profiles. You can create "roaming" TS profiles via AD as well (you'll notice the Terminal Server Profile tab in the properties of most user accounts), but that makes it harder to do mandatory profiles. "6. Once this is all configured, can I run it headless? For most admin work I could logon with my domain admin account and be able to configure like normal right?" As long as the server hardware can boot headless, sure. Most newer machines, desktop or otherwise, can run headless. You can always use the /console switch via mstsc to gain access to the server console as necessary. "7. I've seen figures saying each session will require 3-6K per user of bandwidth...that sounds too good to be true." It all depends on your network, the quality of the TS session being sent, audio, printer, and drive redirection, etc. You can probably reach those numbers without any redirection, 256bit color, and 800x600, but using the "advanced" features will likely make that closer to 10K per user. There's no hard and fast numbers that I'm aware of, but those numbers don't seem too far off for "low quality" TS sessions. "8. There is the problem that there will be a 'spike' when everyone uses the time clock software...everybody is only the same 9-5 grind. Given that it's such a simple app I would think it could handle that, but I could be wrong." This goes back to your initial question - you're going to need more RAM, likely. "9. HAHAHA!" Indeed . "10. Is the licensing gonna kill me on this...one per user right? So that's 20 licenses for one stupid little application..grrrr." Yes, either one per user or one per machine - either way, it's going to cost you plenty. "And this is a bonus question...since I've never used one I don't fully understand the capabilties, but could I run this whole setup on a hosted server? To be clear, I'm talking about when you pay a monthly fee for a server that they own but you configure and use. I see a lot that can be purchased with 2003, which makes me think I should be able to configure it to be a TS server. But since I always see Plesk or some other management software I don't know if I can get in low enough to do this. It would seem to me it would make a great disaster recovery plan, which we are trying to develop as we speak. Since the hosting companies have fast connections, it should still run just as efficiently then right? Hell, if it's the same I might just forget running this locally and do it all on the hosted server...unless there is some big issue with that." It's possible, but you'd have to find a hosting company that would 1) let you do it and 2) will sell you a hosted server just for you - this will cost you quite a bit more than the other "hosting" packages they sell, because most hosting companies put multiple customers on one server and provision (hence the management software). It can be done, but I think you'd have to purchase a whole server to be able to get lower-level access to the box to do this (which you'd probably want anyway). Either way you cut it, you're going to be paying for it .

What you believe doesn't change the truth . Seriously, use whatever works for you, especially with antivirus. Just be aware that NOD32 does have some kernel and handle resource issues, although these should be somewhat mitigated in x64.

Sorry, but you're making quite a request. I suggest visiting here, as you've got a LOT that you need to learn: https://www.microsoftelearning.com/default.aspx

Well, there are two versions of IE on Windows XP x64 - the 32bit version and the 64bit version. We'd need the 64bit version.

No, I'm not implying it's bloatware, but it is a resource hog - not in the sense that you may be thinking, but in kernel resource usage (a finite, non-upgradeable resource, unlike physical RAM).

No no no no no - I'm not talking about a root domain with 7 child domains - I'm talking about a SINGLE domain with 7 SITES. This is MUCH different. 7 sites is not enough, at least in my opinion, for multiple domains. You need to get to thousands of users in more than 20 sites to even need to think about multiple domains. Please pm or email me, rakem, if you have any further questions. I think I may be confusing some people with my suggestions, and I don't want to muddy the waters any further.

It could be a driver, or perhaps something else forcing the registry open - try uphclean or disabling your A/V (as a test) to see if the problem is resolved.

Exactly my point. Sometimes we can't see the forest for the trees sometimes, but I'll still point them out .

Are there any VM's running while you are trying to shut down?

Does the BIOS have an option for console redirection over the serial port permanently, or is it just for the BIOS boot process? If it's the latter, it seems really silly...

No, I wouldn't suggest it, but I have done it without issue. As long as the ctfmon.exe components aren't being installed (http://support.microsoft.com/?kbid=282599), I doubt it matters.

Since IE6 is integrated into the install, you're going to have one heck of a time removing it - the add/remove Windows components links are just for hiding the icons.

That's like saying, "I don't know what the problem is - works on my box". 99% of A/V installations work fine, but for the 1% that do not, the big three are the worst - NOD32, McAfee, and Symantec. Just because you have no problems doesn't mean others won't.

You can configure a domain controller to host a copy of the GC in the Sites and Services snapin. And yes, GC is related to AD - it's the Global Catalog of AD objects, and having one at each site increases redundancy. If you do so, you'll have multiple copies of the GC at multiple sites; not only will it increase the speed and accuracy of AD searches at each site, you'll be OK if you lose a GC AD domain controller to a disaster. What I meant was, whatever your public domain is, use that internally for your AD as well. So, for example, if you own the domain "domain.com", you would name your AD "domain.com" and use split DNS. Hopefully that makes more sense. Well, if you ever plan on using Exchange 12 or Longhorn server, you won't have a choice - better to do it now and get used to it, rather than continue growing 7 separate domains and go through the pain later.

Didn't look to hard on the Microsoft site, I guess : http://www.microsoft.com/downloads/details...&displaylang=en

The error indicates a security trust issue - it's either those .dll's or a group policy software restriction policy. Since most people don't run an AD at home or muck with the local security policies, it's likely an unregistered security .dll. The command should rectify that.

Actually, if you've got Office in a terminal server environment, unless you're using multiple languages and actually need it, it can be a HUGE performance penalty. Just an FYI - we actually recommend removing the components completely in a TS environment if they aren't used, as they can cause issues in certain configurations (albeit rare, it does happen).

Assuming you can press F12 to boot and replace startrom.com, you should be OK. I'd still recommend using the ILO board if you have one, otherwise it'll be tricky.

I am suggesting the converse of mommay's suggestion - I use an Athlon 64 X2 myself, and have absolutely nothing bad to say about Windows XP x64. However, all of my hardware is either on the HCL for WinXP x64, or has signed WHQL drivers for x64, and the box runs like a champ. It makes a great workstation, that doubles as a VM tester and code compiler. If you've got supported hardware and software, x64 is the way to go for sure - conversely, if you have unsupported hardware or try to use a 32bit antivirus or antispyware application, you should stay far, far away from x64 Windows and stick to a 32bit variant until you can have supported drivers and/or applications.

The most important thing for an x64 system is proper driver support - without that, almost anything can (and does) happen to the detriment of the system. If you don't have signed, quality, supported drivers for (ALL) of your componenets, I'd say stick with 32bit until you can either get supported components, or drivers do come out for everything you currently have. It's no use troubleshooting application performance issues if you have driver issues - that could be the root cause of the application's problems, and you wouldn't know until you resolved the driver issues.

Actually, if you had one single AD domain with 7 separate sites within it, that would be MUCH more redundant. I am quite sure your Exchange guy is onto something there with his assessment .You've created a 7-headed monster, when all you really needed was 7 (or more) subnets and 7 AD sites - all could be centrally managed much easier from one AD domain (which Exchange is going to require if all of those users are to be in one Exchange cluster). I'd suggest the following, at a minimum: 1. AD domain migration into a new domain (and not yourdomain.local, but yourdomain.tld for a split DNS if you plan on publishing Exchange via ISA 2004, which I also suggest as it makes life much easier on your user base regarding email access). Create trusts from all 7 domains to the new domain, and migrate EVERY object into the new domain, machines, users, and printers all. 2. Decommission all of your old domains, moving each domain's old DC into the new AD and promoting to a DC in that domain (I'd also suggest a complete rebuild of each DC, so as not to bring any invalid data into the new AD schema, but that's just a suggestion). 3. Create 7 sites and 7 subnets (or more) in your AD Sites and Services snapin, and move the requisite servers into their proper sites. Assign the proper subnets to their respective site - this will help clients and servers "know" where they are by the IP they get from DHCP, and will use the closest DC and DFS root (which I explain later). 4. Make sure you have at least one global catalog server at each site, preferably two. 5. If you've got fileservers at each site, migrate them all into a domain DFS root, so that all shares appear to come from \\DOMAIN\SHARE, rather than \\fileserver\share. This data can be replicated amongst all file servers in the DFS root (since you value redundancy, STRONGLY suggested if you have the disk space), or the data can simply reside on each file server and not be redundant. This way, all old (and new) file shares you create in your domain are always available via \\DOMAIN\SHARE, no matter which file server it's on. If you choose to replicate, users will attach to the closest working DFS root based on their IP and site in the AD. Well, actually, Exchange 2003 REQUIRES a working, well laid-out AD (which you will have just created). It goes without saying that until you do this, you will find that Exchange 2000 or 2003 just won't work right for you (unless you plan on purchasing Exchange 5.5 and paying over $200,000 USD a year for support for said product) - Exchange requires all users to be in the same domain unless you plan on some hacks to make it work, which actually won't work if you upgrade to Exchange 12 in the future. Your Exchange guy isn't entirely right (you CAN make this work, but you SHOULDN'T ), but he will be in about a year. I'd suggest embarking on a clean (and well laid-out) AD before Exchange 12, not after. 6. At this point, you can sit back, relax, have a few adult beverages, and watch your daily grind become a little easier to manage - not to mention that Exchange 2003 will now work properly for everyone in the organization without convoluted hacks that will cease to work when Exchange 12 comes out!!!