[ActiveDir] Deploying certificate using group policy
Greetings This one certificate needed by a Cisco VPN client is giving me some hard time. The certificate or client itself is not the problem, but the cert is needed on a few hundred clients and I need to deploy it using group policy. Now, I've deployed it just fine, but the only certificate store I can put it in, is the Trusted Root Certificate Authorities and of course, the only place the VPN client looks in, is Personal. (GP editor Computer Windows Security Public key policies) The domain is W2k, DCs are W2k, clients are XP. Is there a way to slip the certificate in different store or folder? -Sami List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Exchange Mail Forwarding
I provide all services. I provide OWA as a student email client against exchange 2000. Alumni are considered the same as regular students. The accounts are essentially perpetual. Ken -Original Message- From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 18, 2005 9:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange Mail Forwarding Are you providing any mail services for the students, or just a forwarding service? Or do you provide one level of service for the current students, and a lesser level for alumni? Hunter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garello, Kenneth Sent: Tuesday, January 18, 2005 6:23 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Exchange Mail Forwarding I'm looking to provide students in my college a way to set up mail forwarding using a web interface. I don't want to provide outlook to the students. I am utilizing exchange 2000 (soon upgrading to 2003). I have investigated creating an asp.net application via adsi/directoryentry, but it is proving to be too complex for my experience. Does anyone have any ideas? Thanks, Ken List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Urgent!!: exchange 2000
Where can I check/modify the settings on my exchange box... I am trying to send to aol domain.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, January 18, 2005 8:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 MessageWall is the receiving server, or at least one of. It's the server that your Exchange server is trying to talk to. Any idea what domain it's for? This is all that was in the NDR olusanyab so you may need to track it in the tracking logs to see what domain it was destined for before proceeding. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aramide Adebanjo Sent: Tuesday, January 18, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 Hi, The server ewn-lges008.domain is ours. It is the exchange box. But the message wall server isnt ours ( I think!!). What is a message wall server cos I was under the impression that it was probably the receiving server running its mailer...ie..the destination server rejecting my mails... N.b thx for explaining the LF. Hope we resolve this soon enough -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, January 18, 2005 4:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 So this server was trying to talk to a message wall server? ewn-lges008.econet-nigeria.com Is this one of your servers? Is the message wall server yours? A bare LF is considered a special control character, but you need to find out where that's getting generated and if the message wall server is properly checking for it. If it's in the quoted text, it's valid, if not, then it's not. x ::= any one of the 128 ASCII characters (no exceptions) special ::= | | ( | ) | [ | ] | \ | . | , | ; | : | @ | the control characters (ASCII codes 0 through 31 inclusive and 127) Let us know where it's getting generated from and we can hopefully help you out. If you own that server, then it may just be a format change (go to plain text vs. ?) or it could be the message wall server that needs adjusting. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aramide Adebanjo Sent: Tuesday, January 18, 2005 10:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 Hi, There are no front end servers. I have actually looked at the webpage and it mentioned something about bare LFs and the message being generated by qmail(an internet message transfer agent)..it put fixes for mailers like eudora,sendmail.but none for exchange...i just need to know what I have to do to fix this!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jack Eales Sent: Monday, January 17, 2005 9:29 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Urgent!!: exchange 2000 Have you looked at http://cr.yp.to/docs/smtplf.html it might give you some pointers as to what is wrong. Do you have another SMTP server front of your Exchange server i.e between it and the internet? If so, does the above page help? Just a thought Jack On Mon, 17 Jan 2005 20:56:54 +0100, Aramide Adebanjo [EMAIL PROTECTED] wrote: Hi guys, A real urgent one. I have this problem on my exhange server 2000. I want to set up forwarding from an internal address to an internet address like aol or yahoo. I create a contact on AD 2000, specify the SMTP address I want to use, and then set my message delivery on the original account to forward to the contact email address and keep a copy on the local account. However on checking, the mail gets delivered to yahoo or wherever but the senders get this notification message as below... Your message did not reach some or all of the intended recipients. Subject: Sent: 1/17/2005 7:49 PM The following recipient(s) could not be reached: olusanyab on 1/17/2005 7:49 PM There was a SMTP communication problem with the recipient's email server. Please contact your system administrator. ewn-lges008.econet-nigeria.com #5.5.0 smtp;501 MessageWall: SMTP/FATAL: Server sent a bare LF; please see http://cr.yp.to/docs/smtplf.html Can anyone pls bail me out!!! List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
[ActiveDir] Push GPO's to become Local Policies
On our domain we have 2 Win2K3 Standard Edition Domain Controllers and around 30 Win2K Pro Domain Members. All of the member machines have a default configuration of Services, Security Settings, Services and other related areas. There areas are then updated by GPOs defined by the Domain. For a while now, I have been paying attention to how long it takes for a machine to reboot and become ready for use. The time it takes is not something to cause great concern, but I would like to do something about it. If I could get the configurations defined within the GPOs to become local policies then I am sure that the machine would become ready for use much faster. This is because the server would already have the configuration needed, as defined by GPO, which should return a simple check versus a check and modify of settings. So here is my question. How can I make those settings become local policies on each workstation without visiting each machine? Thank you all for your replies. Edwin
RE: [ActiveDir] Push GPO's to become Local Policies
Title: Message I would suggest creating a local security policy template with the settings you want, the use a batch file in each machine's user's logon script to apply the policy. Ken Adams -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EdwinSent: Wednesday, January 19, 2005 6:57 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Push GPO's to become Local Policies On our domain we have 2 Win2K3 Standard Edition Domain Controllers and around 30 Win2K Pro Domain Members. All of the member machines have a default configuration of Services, Security Settings, Services and other related areas. There areas are then updated by GPOs defined by the Domain. For a while now, I have been paying attention to how long it takes for a machine to reboot and become ready for use. The time it takes is not something to cause great concern, but I would like to do something about it. If I could get the configurations defined within the GPOs to become local policies then I am sure that the machine would become ready for use much faster. This is because the server would already have the configuration needed, as defined by GPO, which should return a simple check versus a check and modify of settings. So here is my question. How can I make those settings become local policies on each workstation without visiting each machine? Thank you all for your replies. Edwin
RE: [ActiveDir] Urgent!!: exchange 2000
Better bet is to send a note to the postmaster at AOL and find out what's going on and why they're rejecting your mail. You're not likely the only Microsoft Exchange user out there that would send email to an AOL domain, right. You need to be able to isolate the exact offending component. It's not enough to say there was a bare linefeed. A network trace might be useful to that end. As for settings, you can set per-domain settings for SMTP. The rich-text settings might be useful, but until you check with the receiving domain, there's no way to know other than to test it yourself. http://www.support.microsoft.com/kb/821881 Useful information: http://support.microsoft.com/default.aspx?scid=kb;en-us;294736sd=tech Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aramide Adebanjo Sent: Wednesday, January 19, 2005 7:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 Where can I check/modify the settings on my exchange box... I am trying to send to aol domain.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, January 18, 2005 8:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 MessageWall is the receiving server, or at least one of. It's the server that your Exchange server is trying to talk to. Any idea what domain it's for? This is all that was in the NDR olusanyab so you may need to track it in the tracking logs to see what domain it was destined for before proceeding. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aramide Adebanjo Sent: Tuesday, January 18, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 Hi, The server ewn-lges008.domain is ours. It is the exchange box. But the message wall server isnt ours ( I think!!). What is a message wall server cos I was under the impression that it was probably the receiving server running its mailer...ie..the destination server rejecting my mails... N.b thx for explaining the LF. Hope we resolve this soon enough -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, January 18, 2005 4:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 So this server was trying to talk to a message wall server? ewn-lges008.econet-nigeria.com Is this one of your servers? Is the message wall server yours? A bare LF is considered a special control character, but you need to find out where that's getting generated and if the message wall server is properly checking for it. If it's in the quoted text, it's valid, if not, then it's not. x ::= any one of the 128 ASCII characters (no exceptions) special ::= | | ( | ) | [ | ] | \ | . | , | ; | : | @ | the control characters (ASCII codes 0 through 31 inclusive and 127) Let us know where it's getting generated from and we can hopefully help you out. If you own that server, then it may just be a format change (go to plain text vs. ?) or it could be the message wall server that needs adjusting. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aramide Adebanjo Sent: Tuesday, January 18, 2005 10:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Urgent!!: exchange 2000 Hi, There are no front end servers. I have actually looked at the webpage and it mentioned something about bare LFs and the message being generated by qmail(an internet message transfer agent)..it put fixes for mailers like eudora,sendmail.but none for exchange...i just need to know what I have to do to fix this!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jack Eales Sent: Monday, January 17, 2005 9:29 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Urgent!!: exchange 2000 Have you looked at http://cr.yp.to/docs/smtplf.html it might give you some pointers as to what is wrong. Do you have another SMTP server front of your Exchange server i.e between it and the internet? If so, does the above page help? Just a thought Jack On Mon, 17 Jan 2005 20:56:54 +0100, Aramide Adebanjo [EMAIL PROTECTED] wrote: Hi guys, A real urgent one. I have this problem on my exhange server 2000. I want to set up forwarding from an internal address to an internet address like aol or yahoo. I create a contact on AD 2000, specify the SMTP address I want to use, and then set my message delivery on the original account to forward to the contact email address and keep a copy on the local account. However on checking, the mail gets delivered to yahoo or wherever but the senders get this notification message as below... Your message did not reach some or all of the
RE: [ActiveDir] OT: Exchange Mail Forwarding
OWA 2K3 would be easier to upgrade to if you wanted OOF or rules based forwarding to. If you want a permanent alternate recipient, then you'll need to do a few things: 1) provide a way for them to create a contact item in Active Directory 1a) provide a way for them to be able to update that contact item over time 2) provide a way for the user to specifiy the contact as an alternate recipient 3) make it easy and intuitive for them to do this Basically, if they want an alternate recipient, you also have to figure out if you want them to get mail in both the alternate recipient mailbox as well as the local, or if you want them to be able to pick one or the other. If both, you just need to provide that data. I'm sure a few folks might have some other ideas, but cdoexm (hi Joe ;), and adsi on an asp page are likely the direction you're headed. There are examples on the net that show the individual steps, but you'd have to tie them together for your app. Most of the examples you'll find on Microsoft's web site. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garello, Kenneth Sent: Wednesday, January 19, 2005 7:23 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange Mail Forwarding I provide all services. I provide OWA as a student email client against exchange 2000. Alumni are considered the same as regular students. The accounts are essentially perpetual. Ken -Original Message- From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 18, 2005 9:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Exchange Mail Forwarding Are you providing any mail services for the students, or just a forwarding service? Or do you provide one level of service for the current students, and a lesser level for alumni? Hunter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garello, Kenneth Sent: Tuesday, January 18, 2005 6:23 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Exchange Mail Forwarding I'm looking to provide students in my college a way to set up mail forwarding using a web interface. I don't want to provide outlook to the students. I am utilizing exchange 2000 (soon upgrading to 2003). I have investigated creating an asp.net application via adsi/directoryentry, but it is proving to be too complex for my experience. Does anyone have any ideas? Thanks, Ken List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT how to change how explorer lists computers
I have been looking for a way to change this myself and have not found one. The only thing I have found is that supposedly this is a design decision and unchangeable. The most annoying part of this is that not only does it display the comment first, but the comments are not even alphabetized, but the computer names are. This is really frustrating. If you find a way to do this please let me know - [EMAIL PROTECTED] Thanks, Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Tuesday, January 18, 2005 5:07 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT how to change how explorer lists computers Does anyone know how or if you can change how explorer lists the computers when you go to network places and view the entire network. Under 2000 it showed the computer name. Under XP it is showing the comment/description and then the computer name in parenthesis. We would like to only have the computer name. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] OT how to change how explorer lists computers
http://www.windowsitpro.com/Article/ArticleID/26418/26418.html http://support.microsoft.com/default.aspx?scid=kb;en-us;330193 -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On Wed, 19 Jan 2005 09:44:09 -0500, Dan DeStefano [EMAIL PROTECTED] wrote: I have been looking for a way to change this myself and have not found one. The only thing I have found is that supposedly this is a design decision and unchangeable. The most annoying part of this is that not only does it display the comment first, but the comments are not even alphabetized, but the computer names are. This is really frustrating. If you find a way to do this please let me know - [EMAIL PROTECTED] Thanks, Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Tuesday, January 18, 2005 5:07 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT how to change how explorer lists computers Does anyone know how or if you can change how explorer lists the computers when you go to network places and view the entire network. Under 2000 it showed the computer name. Under XP it is showing the comment/description and then the computer name in parenthesis. We would like to only have the computer name. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Name to SID
Dsget computer dn of computer -sid Or: Dsquery computer -name computername | dsget computer -sid Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, January 19, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Name to SID Hi all If I have a computer's account name how do I go about deciphering it's SID? Thanks Peter Johnson List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Name to SID
Thank you very much!!! Much appreciated!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: 19 January 2005 20:12 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Name to SID Dsget computer dn of computer -sid Or: Dsquery computer -name computername | dsget computer -sid Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johnson Sent: Wednesday, January 19, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Name to SID Hi all If I have a computer's account name how do I go about deciphering it's SID? Thanks Peter Johnson List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Name to SID
adfind -gc -b -f name=computername objectsid [Wed 01/19/2005 9:10:44.16]F:\DEV\cpp\SecTokadfind -gc -b -f name=fastmofo objectsid AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) January 2005 Using server: 2k3dc01.joe.comDirectory: Windows Server 2003 dn:CN=fastmofo,CN=Computers,DC=joe,DC=comobjectSid: S-1-5-21-1862701446-4008382571-2198042679-1114 1 Objects returned The command completed successfully. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter JohnsonSent: Wednesday, January 19, 2005 12:59 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Name to SID Hi all If I have a computers account name how do I go about deciphering its SID? Thanks Peter Johnson
RE: [ActiveDir] Group Security Rights Problem
Title: Group Security Rights Problem You have to log off and log on. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver RebollidoSent: Wednesday, January 19, 2005 1:35 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group Security Rights Problem I downloaded whoami and installed it on an XP machine. It has been over one hour since I added the user to a security group and whoami /groups is not reporting it's group membership. Anything we can go on from here? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sakari KoutiSent: Tuesday, January 18, 2005 4:01 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group Security Rights Problem Hi Oliver, If User1 can log on to a WS2003 computer, he or she can type WHOAMI /GROUPS to see that part of the access token. You can also download and install Win2000 version of WHOAMI at http://www.microsoft.com/downloads/details.aspx?FamilyID=3e89879d-6c0b-4f92-96c4-1016c187d429DisplayLang=enand that version seems to work in WinXP also. Yours, Sakari From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver RebollidoSent: Wednesday, January 19, 2005 12:06 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group Security Rights Problem We did allow the update to replicate. Actually, we let it sit for a month just to see and during that time the user has logged off and on multiple times. How do I check if Group1 is in User1's token when he tries to connect to the resource? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Tuesday, January 18, 2005 10:08 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group Security Rights Problem Has user1 allowed for the group update that added him to the group to replicate around and then logged off and logged on? I.E. Do you know for sure group1 is in user1's token when he tries to connect to the resource? joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver RebollidoSent: Tuesday, January 18, 2005 12:46 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Group Security Rights Problem We're having a very strange problem with our AD security rights. I'll try to give the best example I can. User1 is part of security Group1. Group1 has access to a secure folder. User1 cannot access the secure folder even though he is part of Group1. The only solution we have done so far is to give User1 security rights at the user and group level. User1 is now able to access the folder. Once we remove User1 from folder's security settings, he's also able to access the folder with Group1's rights. Has anyone experienced anything like this? If so, can you point me to a solution? Thanks in advance. ATTENTION The information contained in this message may be legally privileged and confidential. It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. If you have received this message in error, please immediately notify the sender and/or Fenwick West LLP by telephone at (650) 988-8500 and delete or destroy any copy of this message.
RE: [ActiveDir] Changing to Native mode and running AdPrep
No, you can continue to operate in mixed mode and still run adprep. You only need to be in mixed mode if you have NT4 BDCs ... the functional level of the domain forest doesn't affect the operation of your clients from a user standpoint... --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 From: [EMAIL PROTECTED] on behalf of Alonzo Hess Sent: Wed 1/19/2005 1:05 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Changing to Native mode and running AdPrep We are planning on introducing a Win2k3 server(this at some point will become a Exchange2k3 machine) to our domain which consists of one Win2k DC that everyone uses to login to the domain. I'm assuming that I need to switch to native mode before running Adprep on the Win2k DC. Is this correct and if so will the server need to be rebooted after this? Also, after running Adprep on the Win2k DC, will this change the way that clients(WinXP Pro, Win2k Pro and Win98) login to the domain (will anything have to be changed on the clients)? Thanks, Alonzo List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
[ActiveDir] Cconnect.exe: Con-Current Connection Limiter
Hi all, Actually I want to limit that one person should login in any single workstation at any time. Microsoft Resource cd suggests that Cconnect.exe will solve my purpose. Is anybody having this utility please mail me. Regards, K.SENTHIL KUMAR Do you Yahoo!? All your favorites on one personal page Try My Yahoo!
Re: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter
I tried it out, and didn't like it. I work in a high school, and what it does might have caused a problem for me here. Students, you know. I did find another product though, that I like a lot, and bought. it's from ISDecisions called UserLock. Right now, it's kinda pricey right now but I really like it. - Original Message - From: Senthil Kumar To: activedir@mail.activedir.org Sent: Wednesday, January 19, 2005 3:15 PM Subject: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter Hi all, Actually I want to limit that one person should login in any single workstation at any time. Microsoft Resource cd suggests that Cconnect.exe will solve my purpose. Is anybody having this utility please mail me. Regards, K.SENTHIL KUMAR Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Changing to Native mode and running AdPrep
Title: [ActiveDir] Changing to Native mode and running AdPrep The domain functional level may not matter but the forest functional level can have side affects. See KB 831809 http://support.microsoft.com/default.aspx?scid=kb;en-us;831809 From: Brian Desmond [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Wednesday, January 19, 2005 12:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Changing to Native mode and running AdPrep No, you can continue to operate in mixed mode and still run adprep. You only need to be in mixed mode if you have NT4 BDCs ... the functional level of the domain forest doesn't affect the operation of your clients from a user standpoint... --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 From: [EMAIL PROTECTED] on behalf of Alonzo Hess Sent: Wed 1/19/2005 1:05 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Changing to Native mode and running AdPrep We are planning on introducing a Win2k3 server(this at some point will become a Exchange2k3 machine) to our domain which consists of one Win2k DC that everyone uses to login to the domain. I'm assuming that I need to switch to native mode before running Adprep on the Win2k DC. Is this correct and if so will the server need to be rebooted after this? Also, after running Adprep on the Win2k DC, will this change the way that clients(WinXP Pro, Win2k Pro and Win98) login to the domain (will anything have to be changed on the clients)? Thanks, Alonzo List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter
cconnect was not fully developed, IMO. I think it was abandoned in the middle of development. I have never met or heard of anyone who has successfully implemented it. Senthil, you said you want to limit one person to one workstation. You don't need cconnect or any fancy tool to do that. You should be able to set this on the user's account's properties. You can specify which computer the account is allowed to log into. Now, if you have a lot of users and you want to allow them to log on to more than 10(?) computers each, then it may be easier to reverse the approach and just identify the computers you DON'T want them to log into. By doing this, you could then create one Security Group, add the users to this Group, then set a group policy that denies Logon Locally access to this Group. Apply the Policy to the computers your are trying to protect. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Ernesto Sent: Wed 1/19/2005 1:57 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter I tried it out, and didn't like it. I work in a high school, and what it does might have caused a problem for me here. Students, you know. I did find another product though, that I like a lot, and bought. it's from ISDecisions called UserLock. Right now, it's kinda pricey right now but I really like it. - Original Message - From: Senthil Kumar To: activedir@mail.activedir.org Sent: Wednesday, January 19, 2005 3:15 PM Subject: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter Hi all, Actually I want to limit that one person should login in any single workstation at any time. Microsoft Resource cd suggests that Cconnect.exe will solve my purpose. Is anybody having this utility please mail me. Regards, K.SENTHIL KUMAR Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter
Hi Deji, Your concept is good if the user logs on particular workstation every day. But in my environment ( call centre ) the user logs on any machine which is free. so, I can't take computer account as a controlling parameter.That's why I want some tool to impliment my idea. Regards, K.SENTHIL KUMAR[EMAIL PROTECTED] wrote: cconnect was not fully developed, IMO. I think it was abandoned in the middleof development. I have never met or heard of anyone who has successfullyimplemented it.Senthil, you said you want to "limit one person to one workstation". Youdon't need cconnect or any fancy tool to do that. You should be able to setthis on the user's account's properties. You can specify which computer theaccount is allowed to log into.Now, if you have a lot of users and you want to allow them to log on to morethan 10(?) computers each, then it may be easier to reverse the approach andjust identify the computers you DON'T want them to log into. By doing this,you could then create one Security Group, add the users to this Group, thenset a group policy that denies "Logon Locally" access to this Group. Applythe Policy to the computers your are trying to protect.Sincerely,Dèjì Akómöláfé, MCSE+M MCSA+M MCP+IMicrosoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried aboutYesterday? -anonFrom: [EMAIL PROTECTED] on behalf of ErnestoSent: Wed 1/19/2005 1:57 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Cconnect.exe: Con-Current Connection LimiterI tried it out, and didn't like it. I work in a high school, and what itdoesmight have caused a problem for me here. Students, you know.I did find another product though, that I like a lot, and bought.it's from ISDecisions called UserLock. Right now, it's kinda pricey rightnowbut I really like it.- Original Message -From: Senthil KumarTo: activedir@mail.activedir.orgSent: Wednesday, January 19, 2005 3:15 PMSubject: [ActiveDir] Cconnect.exe: Con-Current Connection LimiterHi all,Actually I want to limit that one person should login in any singleworkstation at any time. Microsoft Resource cd suggests that Cconnect.exewill solve my purpose. Is anybody having this utility please mail me.Regards,K.SENTHIL KUMARDo you Yahoo!?All your favorites on one personal page - Try My Yahoo!List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
RE: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter
So youre looking for a system which prevents them from logging into multiple workstations simultaneously? Im not sure I follow the scenario. Thanks. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Senthil Kumar Sent: Wednesday, January 19, 2005 7:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter Hi Deji, Your concept is good if the user logs on particular workstation every day. But in my environment ( call centre ) the user logs on any machine which is free. so, I can't take computer account as a controlling parameter.That's why I want some tool to impliment my idea. Regards, K.SENTHIL KUMAR [EMAIL PROTECTED] wrote: cconnect was not fully developed, IMO. I think it was abandoned in the middle of development. I have never met or heard of anyone who has successfully implemented it. Senthil, you said you want to limit one person to one workstation. You don't need cconnect or any fancy tool to do that. You should be able to set this on the user's account's properties. You can specify which computer the account is allowed to log into. Now, if you have a lot of users and you want to allow them to log on to more than 10(?) computers each, then it may be easier to reverse the approach and just identify the computers you DON'T want them to log into. By doing this, you could then create one Security Group, add the users to this Group, then set a group policy that denies Logon Locally access to this Group. Apply the Policy to the computers your are trying to protect. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Ernesto Sent: Wed 1/19/2005 1:57 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter I tried it out, and didn't like it. I work in a high school, and what it does might have caused a problem for me here. Students, you know. I did find another product though, that I like a lot, and bought. it's from ISDecisions called UserLock. Right now, it's kinda pricey right now but I really like it. - Original Message - From: Senthil Kumar To: activedir@mail.activedir.org Sent: Wednesday, January 19, 2005 3:15 PM Subject: [ActiveDir] Cconnect.exe: Con-Current Connection Limiter Hi all, Actually I want to limit that one person should login in any single workstation at any time. Microsoft Resource cd suggests that Cconnect.exe will solve my purpose. Is anybody having this utility please mail me. Regards, K.SENTHIL KUMAR Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Re: [ActiveDir] Changing to Native mode and running AdPrep
Thanks for the replies, but I actually don't have an Exchange server in the domain. The Win2k3 server that we are going to join the domain will have a new install of Exchange2k3. Does this still apply? Alonzo Brian Desmond wrote: I missed that he had Exhcange2k. Thanks. Thanks. --Brian Desmond [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Payton on the web! www.wpcp.org http://www.wpcp.org v - 773.53**4.0034 x135** f - 773.53**4.8101** *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Passo, Larry *Sent:* Wednesday, January 19, 2005 4:59 PM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Changing to Native mode and running AdPrep The domain functional level may not matter but the forest functional level can have side affects. See KB 831809 http://support.microsoft.com/default.aspx?scid=kb;en-us;831809 *From:* Brian Desmond [mailto:[EMAIL PROTECTED] *On Behalf Of *Brian Desmond *Sent:* Wednesday, January 19, 2005 12:22 PM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Changing to Native mode and running AdPrep No, you can continue to operate in mixed mode and still run adprep. You only need to be in mixed mode if you have NT4 BDCs ... the functional level of the domain forest doesn't affect the operation of your clients from a user standpoint... **--Brian Desmond*** [EMAIL PROTECTED] **Payton on the web! www.wpcp.org** ** ** **v - 773.534.0034 x135** **f - 773.534.8101*** *From:* [EMAIL PROTECTED] on behalf of Alonzo Hess *Sent:* Wed 1/19/2005 1:05 PM *To:* ActiveDir@mail.activedir.org *Subject:* [ActiveDir] Changing to Native mode and running AdPrep We are planning on introducing a Win2k3 server(this at some point will become a Exchange2k3 machine) to our domain which consists of one Win2k DC that everyone uses to login to the domain. I'm assuming that I need to switch to native mode before running Adprep on the Win2k DC. Is this correct and if so will the server need to be rebooted after this? Also, after running Adprep on the Win2k DC, will this change the way that clients(WinXP Pro, Win2k Pro and Win98) login to the domain (will anything have to be changed on the clients)? Thanks, Alonzo List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Changing to Native mode and running AdPrep
You're set. That's a 2k only issue. Thanks. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Alonzo Hess Sent: Wednesday, January 19, 2005 8:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Changing to Native mode and running AdPrep Thanks for the replies, but I actually don't have an Exchange server in the domain. The Win2k3 server that we are going to join the domain will have a new install of Exchange2k3. Does this still apply? Alonzo Brian Desmond wrote: I missed that he had Exhcange2k. Thanks. Thanks. --Brian Desmond [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Payton on the web! www.wpcp.org http://www.wpcp.org v - 773.53**4.0034 x135** f - 773.53**4.8101** *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Passo, Larry *Sent:* Wednesday, January 19, 2005 4:59 PM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Changing to Native mode and running AdPrep The domain functional level may not matter but the forest functional level can have side affects. See KB 831809 http://support.microsoft.com/default.aspx?scid=kb;en-us;831809 *From:* Brian Desmond [mailto:[EMAIL PROTECTED] *On Behalf Of *Brian Desmond *Sent:* Wednesday, January 19, 2005 12:22 PM *To:* ActiveDir@mail.activedir.org *Subject:* RE: [ActiveDir] Changing to Native mode and running AdPrep No, you can continue to operate in mixed mode and still run adprep. You only need to be in mixed mode if you have NT4 BDCs ... the functional level of the domain forest doesn't affect the operation of your clients from a user standpoint... **--Brian Desmond*** [EMAIL PROTECTED] **Payton on the web! www.wpcp.org** ** ** **v - 773.534.0034 x135** **f - 773.534.8101*** *From:* [EMAIL PROTECTED] on behalf of Alonzo Hess *Sent:* Wed 1/19/2005 1:05 PM *To:* ActiveDir@mail.activedir.org *Subject:* [ActiveDir] Changing to Native mode and running AdPrep We are planning on introducing a Win2k3 server(this at some point will become a Exchange2k3 machine) to our domain which consists of one Win2k DC that everyone uses to login to the domain. I'm assuming that I need to switch to native mode before running Adprep on the Win2k DC. Is this correct and if so will the server need to be rebooted after this? Also, after running Adprep on the Win2k DC, will this change the way that clients(WinXP Pro, Win2k Pro and Win98) login to the domain (will anything have to be changed on the clients)? Thanks, Alonzo List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail- archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
