Buddy, you have THE life. Is the Doge going to be in addition TO the Jeep, or are you bagging that?
Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Saturday, July 23, 2005 10:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] [Even further OT]Delegation of privilege No problem. :o) I grew up in Northern Lower[1] Michigan myself, the village, yes village, of Manton to be specific. joe P.S. To Rick's comment... Close, I was waiting for her to get home so we could go out for dinner and look at Dodge Ram 1500's. ;o) [1] This is not way up north but up north enough I spent my summers without shoes, socks, and shirts at some fishing hole, swimming hole, creek, or lake or in the woods camping. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Saturday, July 23, 2005 5:33 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] [Even further OT]Delegation of privilege Hmm I'm from Michigan and much described is pretty accurate. And I'm from up north, not way up north but the further towards the north pole you go the more of the Red Neck, hillbilly and fish pole in your hand a majority of the time is sooooooo true! Really Joe didn't mention that there are two states in Michigan. (Detroit being one and the rest of the state of Michigan being another.) Only those from Michigan probably understand that but hey, move here and you would understand! My ramblings over and out! PS: Thanks Joe for the description of fishing I will be using this. Steve Schofield [EMAIL PROTECTED] ----- Original Message ----- From: "joe" <[EMAIL PROTECTED]> To: "'Send - AD mailing list'" <[EMAIL PROTECTED]> Sent: Friday, July 22, 2005 6:56 PM Subject: RE: [ActiveDir] [Even further OT]Delegation of privilege Red Neck - Hilly Billy or Country Person, not a city person. Called a red neck because usually outside with a shirt on, get a red neck and a farmer's tan on the arms. Michigander - Person from Michigan, USA Smelt Dippin - More properly known as Smelt Dipping. Process to use a net to catch small fish that are usually fried. See http://www.seagrant.wisc.edu/greatlakesfish/rainbowsmelt.html Snagging Suckers - Snagging is another way to capture fish. You havea lead weight and a big nasty hook and put the fish line under the fish and pull it up suddenly to hook the fish's underside. Suckers are a type of fish (formally known as a White Sucker or Mullet) that you catch this way because they don't respond to normal bait fishing and are tough to net unless they are spawning. You usually "smoke" sucker fish. By smoke I mean you put them in a special cooker that cooks through indirect heat and flavors the fish with the flavor of the wood used to create the heat. See http://www.seagrant.wisc.edu/greatlakesfish/whitesucker.html Bullheads - Yet another type of fish, more formally known as the Yellow Belly Bullhead. It is sort of like a catfish but with nasty spines on the fins that can tear through your skin and infect you with whatever bacteria comes from the bottom of a sludge filled lake. You tend to catch these fish at night with nightcrawlers or pieces of corn on hooks. You will usually fry bullheads. See http://www.thejump.net/id/yellow-bullhead.htm Nightcrawlers - Name for large earthworms also called red wrigglers you capture at night on the surface of the ground. Great for fishing. See http://www.sarep.ucdavis.edu/worms/image7.htm Crick - A small stream only a few inches deep. Also known as creek. See http://www.bartleby.com/68/61/5761.html Brookies - Brook trout. Another type of fish. Very pretty fish. They tend towards smaller sizes but are extremely tasty, probably one of the best tasting fish you can catch in Michigan along with the Walleye. Brookies are generally grilled or pan fried in butter though some insane people will bake them like Salmon or Tuna. They prefer very cold water and hang out in areas that aren't generally the most conducive to fishing. They tend to be more conducive to getting tied up in branches and nettles and bitten by mosquitos and gnats and horse flies. See http://www.cffcm.org/gallery/images/trout/brook-05.jpg Crayfish - Also known as a crawdad, smallish lobster like animal. For some reason the older Michiganders like to make these into soups with various other shellfish and turtles. See http://www.mackers.com/crayfish/crayfis2.jpg Viddles - Food. Dandilion Wine/Greens - Proper spelling is Dandelion but the E is strongly pronounced as a short I in northern Michigan so it tends to get spelled with an I. Wine and Salad made from a common Michigan plant with pretty flower. This plant is generally considered a weed because it grows of its own accord whereever it wants very quickly upsetting many homeowners who only want grass on their lawn. See http://koti.mbnet.fi/~kakoskin/photos/dandelion.jpg Snapper soup - Soup made from the fresh water Snapping Turtle. An extremely agressive and hard biting turtle that is commonly caught and tossed into soups with crayfish. You catch a snapping turtle by touching its head with a stick, it will then clamp onto the stick and will not let go. You can carry it all the way home this way, I used to carry them literally miles when I was a kid to get them from various ponds and streams and rivers back to my parent's house. See http://www.chelydra.org/snapping_turtle_serpentina.html Walleye - Another fish. Great tasting like the Brookie. Completely different type of fishing to get Walleye though, you usually have to sit in a boat on a lake and spin cast for them. These fish are usually grilled or pan fried in butter like brookies but are ok to bake if they are larger. See http://www.fishweb.com/recreation/fishing/fishfacts/fish/walleye/walleye.htm l You will note that most of that paragraph was about fish or fishing or other creatures that live in fresh water. Michigan, being surrounded by freshwater lakes, and having internal freshwater lakes and rivers and streams and creeks everywhere is very much a fisherman's hangout. If you grow up in Michigan, especially mid to northern Michigan, say Lansing or further north, you will probably have a fishing pole or other fishing device in your hand for a good portion of your childhood, even the dead of winter as you are ice fishing[1]. You will often hear no end of fishing stories from Northern Michigan people unless they have realized that most everyone else really doesn't care[2]. Most people get fish at the store, they don't have any exciting stories of wrestling with a 10lb can of tuna for 90 minutes on 2lbs test filament. joe [1] This is fishing through a hole in the ice, not actually fishing for ice - I could see where this might throw Dean so I put in the explanation. ;o) [2] My brother and I once when we were about 10 and 9 caught 2 18 inch steelheads by hand that were trying to escape from a private stocked pond into the small stream (larger than a crick) that fed the pond that was gated off. I won't explain any more there as I don't know what the statute of limitations is on something like that. We were barefoot and covered in mud and mosquito bites from following the stream through the woods. Ran like crazy the entire 8 or so miles home holding the fish out away from the front of us so we wouldn't get whacked with the flapping tails, too afraid too look back to see if we were being chased. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Friday, July 22, 2005 4:09 AM To: ActiveDir@mail.activedir.org; Send - AD mailing list Subject: RE: [ActiveDir] [OT]Delegation of privilege >> English? Is that what we are supposed to be speaking? >> I speak a red neck northern lower Michigander form of North American. Anyone want to go smelt dippin? How about goin' and snagging >> us some suckers? Or fishing fer bullheads, I got the nightcrawlers all ready. Course we could always hit the crick lookin for brookies and >> crayfish too... We had some good viddles for supper last night, we had dandilion wine with dandilion greens and snapper soup, Uncle >> >> Herbert cleaned the snapper shell up so he can use it for a hat. >> Hehe. dictionary please! ;-) >> BTW, what's a meta for? <eg> don't know.... get rid of it with the meta data cleanup procedure ;-) #JORGE# _____ From: [EMAIL PROTECTED] on behalf of joe Sent: Thu 7/21/2005 11:34 PM To: 'Send - AD mailing list' Subject: RE: [ActiveDir] [OT]Delegation of privilege English? Is that what we are supposed to be speaking? I speak a red neck northern lower Michigander form of North American. Anyone want to go smelt dippin? How about goin' and snagging us some suckers? Or fishing fer bullheads, I got the nightcrawlers all ready. Course we could always hit the crick lookin for brookies and crayfish too... We had some good viddles for supper last night, we had dandilion wine with dandilion greens and snapper soup, Uncle Herbert cleaned the snapper shell up so he can use it for a hat. Hehe. Yann, don't worry. I figure you speak my native language far better than I speak your native language. I am working on a book though, so I guess I should be more careful with when I say "in my book". It would be easy for someone to think, hmmm cool, joe is going to put this in his book, another reason to not buy it. I am refreshing an AD book, it doesn't much speak about the underlying OS as I am not much caring about the underlying OS. If AD ran on FreeBSD I might try working on it there. BTW, what's a meta for? <eg> joe P.S. I caught Dean spelling humour as humor a little while back. I had to catch it and correct it for him. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, July 21, 2005 5:07 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Delegation of privilege Fear not, joe's knowledge and use of English is only marginally better than yours and he's been at it for decades ... PS - I'm just teasing for those that didn't catch that ;o) -- Dean Wells MSEtechnology * Email: dwells <mailto:[EMAIL PROTECTED]> @msetechnology.com <http://msetechnology.com/> http://msetechnology.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Thursday, July 21, 2005 5:00 PM To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Delegation of privilege OOOooopppsss .... sorry... i did not understand joe's metaphors.... i'm a bit ashame :( So please, do not laught at me, i try my best to improve my english :o) Now it is time for me to go to the next chapter of my english training: Chap 3 "Understanding metaphors" :-) Cheers, Yann _____ De: [EMAIL PROTECTED] de la part de Rick Kingslan Date: jeu. 21/07/2005 22:20 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Delegation of privilege >> "You honestly have two real answers in my book" joe currently has one book (in process) - and chapters in others. :o) When he uses the phrase above, he is saying - "To my way of thinking, best practices say you have two things you can do" English is a very strange language, and then us 'native speakers' go and mess it up even more with metaphors and analogies. ;o) Rick _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Thursday, July 21, 2005 3:04 PM To: ActiveDir@mail.activedir.org Subject: RE : [ActiveDir] Delegation of privilege Hi joe, I now realize that my question was not safefull in an AD design. I wanted to do the same as a NT4 domain where it is (not very sure, but i think it is) possible to give someone admin privilege on only one DC. I thought i could do the same thing with AD 2003. Yes this DC is also file&print server, but for more secure operations, we will probably (and certainly) move this role to a another member server, and so give THAT user server op privilege :) Anyway, u said "You honestly have two real answers in my book". May i ask u what is the title of your book ? is it an AD or/and w2k3 book ? I would be interested about it's content... Cheers, Yann _____ De: [EMAIL PROTECTED] de la part de joe Date: jeu. 21/07/2005 02:37 À: ActiveDir@mail.activedir.org Objet : RE: [ActiveDir] Delegation of privilege Sakari, you are scaring me here... Yann, you are basically saying. "Hi, I need to give someone I don't trust enhanced rights on only a single domain controller so they can not hurt other domain controllers.". This is not really possible. You can do a lot of one of delegation pieces but you aren't really doing a whole lot to protect yourself from the fact that you don't trust this person to have access to all of your DCs. Once on the one DC, one of many techniques can be used to get themselves access to the rest. You honestly have two real answers in my book. 1. Break the work up into something the non-trusted person can do and the rest is given to a DA to do. 2. Find some other way to do the work, usually some form of proxy based solution that has rules you can apply so the person can't just do what they want, but instead only what you allow them. Of course the other thing to do is not do what it is you are doing with that DC which is probably something like sharing files or printers or something like that. joe _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti Sent: Monday, July 18, 2005 6:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Delegation of privilege Hi Yann, You could grant your user those privileges that are listed as User Rights, by applying a corresponding Group Policy Object to only one DC. However, this is probably not enough for you. For example, you cannot grant a privilege to format hard drives or share folders this way. Yours, Sakari _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Monday, July 18, 2005 8:39 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Delegation of privilege Hello AD Gurus :) I would like to give to one of my user "server operator" privilege on only one DC, and not the whole DCs of my AD 2003. I know that DCs do not have sam locally, and the only way to give this privilege is to use the Built-in Groups in the Built-in Container. But doing this allow my user to be server op for all DCs in my domain. The purpose of my question is; => to give one user the privilege to fully manage *only one* DC with "server operator" privilege, without having the right to use MMCs such as ADUC, Schema, dssite, replmon, repadmin commands. Is this possible ? Thanks for input. Cheers, Yann List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
