A few super basic Win2016 Standard questions. (Migrating from SBS2008)

A few super basic Win2016 Standard questions.

We would be using this only for central user/pc management.  Maybe a little file sharing, but probably not.  

About 50 users and 50-100 devices.

I would be running this in a vmware vm.

1. I was told I might be able to get away with as little as 2GB of RAM... does that sound practical?  \

2. What is the easiest way to run a script (bat, ps1, etc) on all remote PC's?  (Say I want to push out a script that will grab an install file for something and run a silent install)

3. Can this server enforce strict patch management?  (i.e. force updates to be installed and force reboot if needed)....
3a. does that include MS Office updates?

4. Can i get a patch management report?  (i.e. for clients who ask to see the patching status of our network?

5. I am upgraded from SBS 2008... It has a LOT of stale users/computers... is there an easy way to tell it to only migrate users/computers seen in the last 90 days?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
1) 2GB for the OS (not including memory for VMware itself), yes if the VM was JUST a domain controller and with that small of a user/device count. It is possible. But each environment is different.

2) Group policies can do this. Though for program installs, I recommend not using scripts. You get very little feedback suon success, failure, and no long term auditing or license management on there are inexpensive deployment and lifecycle management products on the market. I strongly recommend using them. For anything over about 30 machines, it really is a necessity.

3) WSUS can do this. Plan on more RAM. Ideally a second VM so it's not on your DC. Yes, it can manage office updates too.

4) yes see #3

5) no. Clean up before introducing a new DC.
Schnell SolutionsSystems Infrastructure EngineerCommented:
1. If you will use the core management of AD only and a "few of fire sharing" 2 GBs will be ok. It is because you have very few objects, I assume that you have none or very few agents (antivirus, monitoring software, etc), and you are not planning to do much more than that. However, your server will be able to move faster with more Ram, but it will make the job without issues.

2. Using GPOs associated to your script. (It sounds that you will be using your primary server as a file server for it :)

3. You can control the behavior of your system devices regarding the updates that can be updated from the Internet (you can control restart behabior, time for updates, you can also include office polices). Note: Be aware that I am assuming here that you are using direct connections from the internet from each device to download the updates. Ff you are planning to use a local repository on your server (that would be the most efficient method) it will require much more resources of your server (i.e WSUS will require a DB engine and the WSUS application as well).

4. Going to the previous point, a good method would be WSUS, which will require additional resources on your main server. But it will be integrated with status reports (updates levels, failures of updates, etc). There are other third party tools, but the good ones might require licenses or will require a centralized component on your main server (again, the use of more resources).

 5. You better cleanup your unused computer objects before or after the migration.
dsquery computer -inactive x
('x' corresponds to the number of weeks that you want to query as not getting communication with your DC). After you identify these objects you can carefully analyze them and delete them.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
1. I was told I might be able to get away with as little as 2GB of RAM... does that sound practical?  \

90% or more of people in here run out of disk space. It does not matter what is theoretically possible. I would give it more - disk space is cheap at the beginning.
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

XetroximynAuthor Commented:

@John - I am talking about RAM not disk space :-) but now that you mentioned it -

@all - Im curious how much diskspace I should plan for?

@cliff @Schnell - So my server will be in a data center - PC's are in 3 remote locations... Do you think it's still worth WSUS?  Can I not get the patch reports if I just enforce updating from internet?  (And can I force (and report on) office updates from the internet)?

What "inexpensive deployment and lifecycle management products" would you recommend?  BTW My needs are minimal... pretty much Office on some PC's, putty, splashtop... a few have filezilla...

is there a command like dsquery computer -inactive x but for users?  

If I did WSUS or have this server do more, how much RAM would you recommend?  

Perhaps it would help to describe my situation.  I have a call center.  Servers are in a data center, there is office space, and 2 call centers.  80% of the 200 or so agent PC's are Ubuntu... (And our production call center software runs on linux servers)... I have scripts I centrally deploy to those machines, to do what I need... install stuff... put links on the desktop, etc. ALL these need are putty and a browser basically.

Windows machines are what we have for administrative... perhaps 30-50... These people need office, splashtop... sometimes filezilla, accounting software, putty, etc.  

I am not a windows person... but I would like to be able to manipulate the windows PC's as easily as I do the ubuntu PC's.  

I just don't know how to deploy stuff centrally with group policy, etc.

And for example, those 40 or so windows PC's that are actually call center PC's not administrative PC's are NOT on the domain right now... but it seems cheap to add them... Seems the most annoying part would be someone would have to go add all them to the domain... (That and once they are on the domain, I would want to be able to easily make sure the user profile for them would have putty on the desktop with the needed settings, as well as web links on the desktop as needed. (BTW all these PC's would just have one generic user that it is logged in with...)

Can I do this reasonably easily/intuitively with windows alone?  Or do I need third party endpoint management you think?

My CDW guy doesn't even know where to get me windows support... I could probably convince by boss to pay for a few hours of training from a guru, to get me started, but I don't even know where to look for that... does microsoft sell support directly?
JohnBusiness Consultant (Owner)Commented:
Sorry. For RAM you should have 8 GB at least. 2 GB will have you crawling.

For Disk, we allocate 300 GB to a DC. Overkill yes, but I refuse to spend time worrying or thinking about it. Disk is cheap.
Schnell SolutionsSystems Infrastructure EngineerCommented:
You made the command yourself, for users:
dsquery user –inactive x
Schnell SolutionsSystems Infrastructure EngineerCommented:
As far as your server is at a remote location you will not receive the benefit of bandwidth savings from WSUS. Just certain control and reports, maybe not worth for you... but is an option that just needs to be enabled for the OS (of course, requiring more resources).

You can also force with GPOs the updates for your machines. For the reports I personally do not remember names of these free aps, but you can make some quick searches on the internet and test some of them or you can also wait for the answers of the Experts here :).
Lee W, MVPTechnology and Business Process AdvisorCommented:
Sorry. For RAM you should have 8 GB at least. 2 GB will have you crawling.
NO WAY.  8 GB is almost certainly overkill.  I don't use VMWare, but all my DC/File Server VMs for myself run as Hyper-V VMs using Dynamic RAM - starting with 2 GB, a minimum of 500 MB and a maximum of 4 GB.  They never come close to use 4GB.  

For Disk, we allocate 300 GB to a DC. Overkill yes, but I refuse to spend time worrying or thinking about it. Disk is cheap.
Disk is not that cheap and Windows is not that bloated.  This too is WAY overkill... not just overkill.  If you manage the server appropriate, 120 GB is more than enough.  And since this is a VM, it SHOULD be easy to expand that disk if you really need to.  (It is in Hyper-V - and I've never had to do it for a system disk of 120 GB running 2008, 2012, or 2016).  The Windows install typically takes up 30-40GB.  And while it does grow over time, it doesn't grow that much or that fast. 120 GB should well more than enough for any competently managed Windows server, in my opinion.

WSUS can be configured to manage the update schedule but download the updates from Microsoft so it should be a usable solution for you.  *IF* you run WSUS, I would increase the RAM to 8 GB static (not dynamic).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.