RE: [ActiveDir] MVP mini summit at DEC 2006
Daft question maybe, but is this open to MVPs only? neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: 23 February 2006 00:09 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MVP mini summit at DEC 2006 Alym has scheduled a MVP mini summit session at the conclusion of DEC 2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of the DEC session rooms (tbd). Drugs, booze, and loose women will follow... or at least that's what I was led to believe. :) Alym is swamped with another project, but will be providing the official announcement in a few days. I just wanted to make MVPs aware of it in case you had scheduled a flight out on Wednesday afternoon. -gil List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] MVP mini summit at DEC 2006
I believe Vegas comes standard with Drugs, booze and loose women. [EMAIL PROTECTED] wrote: Daft question maybe, but is this open to MVPs only? neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: 23 February 2006 00:09 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MVP mini summit at DEC 2006 Alym has scheduled a MVP mini summit session at the conclusion of DEC 2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of the DEC session rooms (tbd). Drugs, booze, and loose women will follow... or at least that's what I was led to believe. :) Alym is swamped with another project, but will be providing the official announcement in a few days. I just wanted to make MVPs aware of it in case you had scheduled a flight out on Wednesday afternoon. -gil List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] MVP mini summit at DEC 2006
Forgot the ;-) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: I believe Vegas comes standard with Drugs, booze and loose women. [EMAIL PROTECTED] wrote: Daft question maybe, but is this open to MVPs only? neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: 23 February 2006 00:09 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MVP mini summit at DEC 2006 Alym has scheduled a MVP mini summit session at the conclusion of DEC 2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of the DEC session rooms (tbd). Drugs, booze, and loose women will follow... or at least that's what I was led to believe. :) Alym is swamped with another project, but will be providing the official announcement in a few days. I just wanted to make MVPs aware of it in case you had scheduled a flight out on Wednesday afternoon. -gil List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] IIS 6.0 LDAP Auth
Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Re Service Pack Level
I would use saved queries in users and computers. This way you can dynamically watch as they drop from one query to another. If you have W2K change the 5.2 to 5.0 DC's With SP1 ((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=516) (operatingSystemServicePack=Service Pack 1)) DC's Without SP1 ((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=516) (!operatingSystemServicePack=Service Pack 1)) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OWA with Active Directory
Dear All, 1- we have Firewall ( HW ) Cisco-PIX firewall, and it has this Real IP Address 213.255.2.62 2- we dicede to host our exchange server On-line and the MX record for our mail server will be the external IP-address of Firewall which is ( 213.255.2.62 ). 3- We will use NAT inside the Firewall, and it will deliver the E-mails to Internal IP of Exchange server . 4- We opend all the Ports Internal external on the Fortigate. 5- we dicide to use OWA . For example :- if one of this users has already an Exchange account , in side his Office, and this Account Configured to deliver the E-mails to Personal Folder on his PC rather than Mailbox on the exchange server, and this user left for temp work in USA. now this user wants the following ( during his Temp Work in USA ) :- A- Access the E-mails which came to him directly during his temp work. B- want in the same time to access his Old inbox, contact Calender His Task sent itmes which he worked on it while in the office . if he type from the web browser ( http://webmail.mydomain.com ), will he be able to see the following :- A- Access the E-mails which came to him directly during his temp work. B- want in the same time to access his Old inbox, contact Calender His Task sent itmes which he worked on it while in the office . = Please Note, i have only One Domain Controller One exchange server , and all of them is Win 2033 Enterprise Edition, Exchange has SP2 . i do not have at all, another server for exchange , and i did not implement at all Front End / Back End server at all. please try to guide me , if you do not mind guys . thanks for you in advanced . Thanks Best Regards, Marwa, List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Windows 2000 profile migration
Hi every body I need your help again. We’re joining many windows 2000 workstations to our domain. In Windows Xp, we can copy profiles from and user to another (many users log on the same machine). How can we migrate windows 2000 ser profiles, and make them work fine, since we have had many problems just copying. Is there any utility to help us? That is a great problem for us, cause users don’t want to lose (of course) their personal settings when creating a new profile Thanks Adrião Ferreira Ramos Superintendência de Tecnologia da Informação Depto. de Operações e Infra-estrutura - CII * [EMAIL PROTECTED] ( 11 - 3388-8193
RE: [ActiveDir] OWA with Active Directory
A. No. B. Yes (unless they are downloaded into the personal store and removed). While there can certainly be exceptions, generally speaking, the right place for e-mail is the Exchange store. Having the delivery location as a personal store removes a large number of benefits - including access to those items via OWA. Prior to Exchange Server 2003 and Outlook 2003, a common reason for using a personal store was speed and easy remote access. With cached mode, that reason is gone. In terms of opening all ports, I hope you are actually only referring to (http, https, smtp, pop3, and imap). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marwahashem Sent: Wednesday, February 22, 2006 5:52 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OWA with Active Directory Dear All, 1- we have Firewall ( HW ) Cisco-PIX firewall, and it has this Real IP Address 213.255.2.62 2- we dicede to host our exchange server On-line and the MX record for our mail server will be the external IP-address of Firewall which is ( 213.255.2.62 ). 3- We will use NAT inside the Firewall, and it will deliver the E-mails to Internal IP of Exchange server . 4- We opend all the Ports Internal external on the Fortigate. 5- we dicide to use OWA . For example :- if one of this users has already an Exchange account , in side his Office, and this Account Configured to deliver the E-mails to Personal Folder on his PC rather than Mailbox on the exchange server, and this user left for temp work in USA. now this user wants the following ( during his Temp Work in USA ) :- A- Access the E-mails which came to him directly during his temp work. B- want in the same time to access his Old inbox, contact Calender His Task sent itmes which he worked on it while in the office . if he type from the web browser ( http://webmail.mydomain.com ), will he be able to see the following :- A- Access the E-mails which came to him directly during his temp work. B- want in the same time to access his Old inbox, contact Calender His Task sent itmes which he worked on it while in the office . = Please Note, i have only One Domain Controller One exchange server , and all of them is Win 2033 Enterprise Edition, Exchange has SP2 . i do not have at all, another server for exchange , and i did not implement at all Front End / Back End server at all. please try to guide me , if you do not mind guys . thanks for you in advanced . Thanks Best Regards, Marwa, List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] MVP mini summit at DEC 2006
I think the statement works either with it or without it. :-) (And remember, it's in -Henderson-, not Las Vegas! No gambling, no showgirls, just a quiet little geek conference in the middle of the desert. Nothing to see here, move along. ;-)) On 2/23/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: Forgot the ;-) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: I believe Vegas comes standard with Drugs, booze and loose women. [EMAIL PROTECTED] wrote: Daft question maybe, but is this open to MVPs only? neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: 23 February 2006 00:09 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MVP mini summit at DEC 2006 Alym has scheduled a MVP mini summit session at the conclusion of DEC 2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of the DEC session rooms (tbd). Drugs, booze, and loose women will follow... or at least that's what I was led to believe. :) Alym is swamped with another project, but will be providing the official announcement in a few days. I just wanted to make MVPs aware of it in case you had scheduled a flight out on Wednesday afternoon. -gil List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- --- Laura E. Hunter Microsoft MVP - Windows Server Networking Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] MVP mini summit at DEC 2006
Cool - that's the little town where a dead body shows up week after week on CSI mc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Laura E. Hunter Sent: Thursday, February 23, 2006 9:10 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] MVP mini summit at DEC 2006 I think the statement works either with it or without it. :-) (And remember, it's in -Henderson-, not Las Vegas! No gambling, no showgirls, just a quiet little geek conference in the middle of the desert. Nothing to see here, move along. ;-)) On 2/23/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [EMAIL PROTECTED] wrote: Forgot the ;-) Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: I believe Vegas comes standard with Drugs, booze and loose women. [EMAIL PROTECTED] wrote: Daft question maybe, but is this open to MVPs only? neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: 23 February 2006 00:09 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MVP mini summit at DEC 2006 Alym has scheduled a MVP mini summit session at the conclusion of DEC 2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of the DEC session rooms (tbd). Drugs, booze, and loose women will follow... or at least that's what I was led to believe. :) Alym is swamped with another project, but will be providing the official announcement in a few days. I just wanted to make MVPs aware of it in case you had scheduled a flight out on Wednesday afternoon. -gil List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- --- Laura E. Hunter Microsoft MVP - Windows Server Networking Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] MVP mini summit at DEC 2006
I dunno for sure... I sort of suspect it is, but Alym will clarify it when he gets his head above water. But I don't see any reason why you couldn't join in the DBLW/M (tm) after the MVP session. -g -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 1:39 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] MVP mini summit at DEC 2006 Daft question maybe, but is this open to MVPs only? neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: 23 February 2006 00:09 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MVP mini summit at DEC 2006 Alym has scheduled a MVP mini summit session at the conclusion of DEC 2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of the DEC session rooms (tbd). Drugs, booze, and loose women will follow... or at least that's what I was led to believe. :) Alym is swamped with another project, but will be providing the official announcement in a few days. I just wanted to make MVPs aware of it in case you had scheduled a flight out on Wednesday afternoon. -gil List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Stupid Group Policy CSE behavior
Well, it won't be the first time I've heard something about GP called "stupid" :). I suspect it depends upon how you think about this.Certain CSEs are more resilient than others. I honestly haven't come across your scenario but in a lot of cases, if a CSE fails to do something, GPprocessing will simply continue along. I will try to take a deeperlook at this and see if I can understand why that is happening. One thing I usually recommend is to stay away from using registry and/or file security policy to set perms. First of all, I find it kind of a klunky way to manage permissions. Secondly, if you do a lot of it in policy, it canreally slow down processing. I think its just better to manage security permissions on files and registry keys with a different, and more deterministic method. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh ParmarSent: Wednesday, February 22, 2006 11:48 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Stupid Group Policy CSE behavior I had high hopes for group policy, but now it has started waning... Simply stated, what happens is ... you have different policies applying to machine. And say allpolicies contain different registry or security related settings. Now, whenat workstation registry or security CSE tries to process these settings... It willjuststop processing atfirst error itencountered and never process settings from remaining policies. so if registry CSE found that it has 10 values in registry to set and if it encountered error at5th, it will never go ahead and process 6 to 10. here is my case: I had set deny permission on one registry key in one policy and I was trying to change that setting from another policy. One would guess that, 2nd policy would simply fail and CSE would continue processing other polices which are no way related to this setting. But it doesn't. I have seen this for Registry and Security CSE. Thanks for listening :-)-- Kamlesh~"Be the change you want to see in the World"~
Re: [ActiveDir] repadmin info oddity
(or a scotch if you'd prefer ;o) ... Double shot of Glen Livett, a nice spritz of Sprite, inch and a half of water and a couple of ice cubes, in a highball glass. And the fact that I still remember this begs two questions: [1] What do we order if the bar doesn't have Glen Livett? and [2] What critical piece of information has -not- been encoded into my long-term memory so that I can instead remember how Dean takes his Scotch? :-) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS 6.0 LDAP Auth
What exactly does that mean? Are you looking for info on FTP auth using AD? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 12:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IIS 6.0 LDAP Auth Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows 2000 profile migration
It's called User State Migration Tool (USMT) http://www.microsoft.com/downloads/details.aspx?FamilyID=4af2d2c9-f16c-4c52-a 203-8daf944dd555DisplayLang=en Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Thu 2/23/2006 3:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Windows 2000 profile migration Hi every body I need your help again. We're joining many windows 2000 workstations to our domain. In Windows Xp, we can copy profiles from and user to another (many users log on the same machine). How can we migrate windows 2000 ser profiles, and make them work fine, since we have had many problems just copying. Is there any utility to help us? That is a great problem for us, cause users don't want to lose (of course) their personal settings when creating a new profile Thanks Adrião Ferreira Ramos Superintendência de Tecnologia da Informação Depto. de Operações e Infra-estrutura - CII * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * 11 - 3388-8193 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS 6.0 LDAP Auth
I would like to auth. users access to web site on IIS 6.0 against external LDAP user database -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 5:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth What exactly does that mean? Are you looking for info on FTP auth using AD? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 12:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IIS 6.0 LDAP Auth Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] IIS 6.0 LDAP Auth
Take a look here: http://www.inflectioncorp.com/downloads.html spat - Original Message - From: Lev Zdenek [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Thursday, February 23, 2006 8:10 AM Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth I would like to auth. users access to web site on IIS 6.0 against external LDAP user database -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 5:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth What exactly does that mean? Are you looking for info on FTP auth using AD? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 12:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IIS 6.0 LDAP Auth Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS 6.0 LDAP Auth
Ah! That was over my head, sorry. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 8:10 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth I would like to auth. users access to web site on IIS 6.0 against external LDAP user database -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 5:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth What exactly does that mean? Are you looking for info on FTP auth using AD? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 12:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IIS 6.0 LDAP Auth Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] MAC Address
I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
RE: [ActiveDir] MAC Address
Run command prompt Type ipconfig /all Aaron From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Hofert Sent: Thursday, February 23, 2006 8:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MAC Address I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
Re: [ActiveDir] MAC Address
Getmac On 2/23/06, Todd Hofert [EMAIL PROTECTED] wrote: I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privilegedinformation. If you are not the intended recipient, please notify thesender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person otherthan the intended recipient is unauthorized and may be illegal.
RE: [ActiveDir] IIS 6.0 LDAP Auth
I have used this before with nds as the ldap source http://www.novell.com/coolsolutions/tip/5980.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 11:34 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth Ah! That was over my head, sorry. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 8:10 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth I would like to auth. users access to web site on IIS 6.0 against external LDAP user database -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 5:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth What exactly does that mean? Are you looking for info on FTP auth using AD? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 12:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IIS 6.0 LDAP Auth Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] IIS 6.0 LDAP Auth
of course, the isapi filter solution becomes void when IIS 7 is released... with IIS 7 you'll be able to write your own httphandlers that get loaded with IIS versus having to use an ISAPI.. but this doesn't help you right now.. :) my only concern with the isapi would be the impact it has on performance (if any).. so you'd want to run it through some load-testing before throwing it into a production environment imho. -matt On 2/23/06, steve patrick [EMAIL PROTECTED] wrote: Take a look here: http://www.inflectioncorp.com/downloads.html spat - Original Message - From: Lev Zdenek [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Thursday, February 23, 2006 8:10 AM Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth I would like to auth. users access to web site on IIS 6.0 against external LDAP user database -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 5:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth What exactly does that mean? Are you looking for info on FTP auth using AD? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 12:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IIS 6.0 LDAP Auth Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] MAC Address
Something like this: wmic NICCONFIG get MACAddress Or a vbscript like this: strComputer = . Set objWMIService = GetObject(winmgmts: !\\ strComputer \root\cimv2) If Err.number 0 Then Else Set colAdapters = objWMIService.ExecQuery _ (Select * from Win32_NetworkAdapterConfiguration Where IPEnabled = True) For Each objAdapter in colAdapters Physical_address = objAdapter.MACAddress Wscript.Echo Physical_Address If Not IsNull(objAdapter.IPAddress) Then For i = LBound(objAdapter.IPAddress) To UBound(objAdapter.IPAddress) IP_address = objAdapter.IPAddress(i) Wscript.Echo IP_Address Next End If Next Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Todd Hofert Sent: Thu 2/23/2006 8:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MAC Address I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] MAC Address
Gee, what an idiot. I already did that and completely over looked the MAC. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron VisserSent: Thursday, February 23, 2006 11:42 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MAC Address Run command prompt Type ipconfig /all Aaron From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd HofertSent: Thursday, February 23, 2006 8:40 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] MAC Address I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privilegedinformation. If you are not the intended recipient, please notify thesender immediately by return e-mail, delete this e-mail and destroy anycopies. Any dissemination or use of this information by a person otherthan the intended recipient is unauthorized and may be illegal. This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
Re: [ActiveDir] MAC Address
Look at the wireless card itself. Ping it and ARP it. GetMac, ipconfig/all, etc. etc. -Z.V. Todd Hofert wrote: I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] MAC Address
For remote machines I use Hyena. Right click on the machine, properties, and choose network and there it is. Todd Hofert wrote: I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] IIS 6.0 LDAP Auth
Did you test it on IIS 6.0 ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben D. Kusa Sent: Thursday, February 23, 2006 5:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth I have used this before with nds as the ldap source http://www.novell.com/coolsolutions/tip/5980.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 11:34 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth Ah! That was over my head, sorry. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 8:10 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth I would like to auth. users access to web site on IIS 6.0 against external LDAP user database -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 5:02 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth What exactly does that mean? Are you looking for info on FTP auth using AD? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Lev Zdenek Sent: Thu 2/23/2006 12:52 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] IIS 6.0 LDAP Auth Hello Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP database ? THX Zdenek Lev ANECT a.s. Email: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO Security Filtering to a group not working
I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] MAC Address
You can also go to your DHCP server if you know the Machine name. Steven Comeau Manager, Corporate IT Systems Main Tape 1 Capital Drive, Suite 101 Cranbury, NJ 08512 800-718-8273 x332 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, February 23, 2006 11:58 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] MAC Address Something like this: wmic NICCONFIG get MACAddress Or a vbscript like this: strComputer = . Set objWMIService = GetObject(winmgmts: !\\ strComputer \root\cimv2) If Err.number 0 Then Else Set colAdapters = objWMIService.ExecQuery _ (Select * from Win32_NetworkAdapterConfiguration Where IPEnabled = True) For Each objAdapter in colAdapters Physical_address = objAdapter.MACAddress Wscript.Echo Physical_Address If Not IsNull(objAdapter.IPAddress) Then For i = LBound(objAdapter.IPAddress) To UBound(objAdapter.IPAddress) IP_address = objAdapter.IPAddress(i) Wscript.Echo IP_Address Next End If Next Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Todd Hofert Sent: Thu 2/23/2006 8:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MAC Address I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] GPO Security Filtering to a group not working
Have you removed Authenticated users from the GPO? -Original Message- From: Joe Lagreca [EMAIL PROTECTED] Date: Thu, 23 Feb 2006 10:08:10 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO Security Filtering to a group not working
Joe- Are you removing the Authenticated Users ACE before you add the discretionary group? You don't have any Deny ACEs on that GPO, do you? Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca Sent: Thursday, February 23, 2006 10:08 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] ADAM: Possible to only enforce local account policies when in a domain?
ADAM seems to have an all or nothing approach to account policies if you are in a domain. Either you get the domain policies or you get no policies (by setting ADAMDisablePasswordPolicies=1). If you are in a workgroup, you get the local policies. But is there any way to get only the local policies if you are in a domain? At times, domain password rules are incompatible with applications that need to leverage the ADAM for authentication. Please tell me there is a hidden setting for this...
[ActiveDir] MAC Address ( Spoofing )
Since you brought up the topic on MAC address, take a look at this: http://www.klcconsulting.net/smac/ SMAC is a MAC Address Modifying Utility (for spoofing MAC address) for Windows 2000, XP, and Server 2003 systems, regardless of whether the manufactures allow this option or not. Of course spoofing a MAC address is as simple as just creating a registry key with the Mac address of your choice, its even easier in Linux. BTW: I am only posting this to the list so that new systems administrators to do not have a false sense of security, in not knowing that this is possible and could easily discredit a victim who has had this happened. Peace, Sincerely, Jose Medeiros Intel Corporation MCP+I, MCSE, NT4 MCT 408-765-0437 Direct 408-449-6621 Cell From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Hofert Sent: Thursday, February 23, 2006 9:06 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] MAC Address Gee, what an idiot. I already did that and completely over looked the MAC. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser Sent: Thursday, February 23, 2006 11:42 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] MAC Address Run command prompt Type ipconfig /all Aaron From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Hofert Sent: Thursday, February 23, 2006 8:40 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] MAC Address I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
RE: [ActiveDir] Re Service Pack Level
I like this idea, but how is it run for all DC's in the forest? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Thursday, February 23, 2006 4:03 AM To: ActiveDir.org Subject: [ActiveDir] Re Service Pack Level I would use saved queries in users and computers. This way you can dynamically watch as they drop from one query to another. If you have W2K change the 5.2 to 5.0 DC's With SP1 ((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID= 516) (operatingSystemServicePack=Service Pack 1)) DC's Without SP1 ((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID= 516) (!operatingSystemServicePack=Service Pack 1)) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT: NTFS Permissions
Title: OT: NTFS Permissions I have a dilemma where operators in our shop need to be able to download data files off of a Windows 2000 SP4 file server. The operators need to be able to copy files off of the server and also be able to create a file as well. However we do not want them to delete or have the ability to choose cut and move the files or folders off of the server. I have tried combinations of denying delete access, but yet keeping modify permission. Have not been able to come up with a solution for this and did not know if anyone had any insight on this or not. Thanks in advance for any help and suggestions!! Chris Pohlschneider Network Administrator Cenveo-Sidney 937-497-2136 [EMAIL PROTECTED] Cenveo is your visual communications connection for a broad portfolio of services and products including eServices, envelopes, offset and digital printing, labels and business documents
RE: [ActiveDir] MAC Address
ipconfig /all from the command prompt should show you the MAC address for the wireless nic. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Todd HofertSent: Thursday, February 23, 2006 11:40 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] MAC Address I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method? Thanks Todd This e-mail and any attachments may contain confidential and privilegedinformation. If you are not the intended recipient, please notify thesender immediately by return e-mail, delete this e-mail and destroy anycopies. Any dissemination or use of this information by a person otherthan the intended recipient is unauthorized and may be illegal.
[ActiveDir] Big problem with member of attribute
Hallo, This is strange and difficult to explain. But I will try We have many domains, in these domain, many domain controllers. In on of these domain we have some universal groups to join users from other sub-domains The problem is this I can not see other sub domains universal groups the user belongs to , when I open Act Dur User and Comp, I only see the groups in that sub domain. But that’s not the worst. there are some cases, that if I connect to other domain controllers, it show all the groups. I don’t know if you can understand exactly what’s happening, but that is it. Can you help me? Adrião Ferreira Ramos Superintendência de Tecnologia da Informação Depto. de Operações e Infra-estrutura - CII * [EMAIL PROTECTED] ( 11 - 3388-8193
Re: [ActiveDir] Big problem with member of attribute
Have you looked at this KB article? You cannot view a user's Universal Group membership in Windows Server 2003 Active Directory Users and Computers when Universal Groups do not reside in the local domain http://support.microsoft.com/?kbid=833883 Phil On 2/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hallo, This is strange and difficult to explain. But I will try We have many domains, in these domain, many domain controllers. In on of these domain we have some universal groups to join users from other sub-domains The problem is this I can not see other sub domains universal groups the user belongs to , when I open Act Dur User and Comp, I only see the groups in that sub domain. But that's not the worst. there are some cases, that if I connect to other domain controllers, it show all the groups. I don't know if you can understand exactly what's happening, but that is it. Can you help me? Adrião Ferreira Ramos Superintendência de Tecnologia da Informação Depto. de Operações e Infra-estrutura - CII * [EMAIL PROTECTED] ( 11 - 3388-8193
[ActiveDir] Active Directory Operations
Download details: Active Directory Operations: http://www.microsoft.com/downloads/details.aspx?familyid=6a238df8-115c-4e1a-89f1-ee9bc9486c0fdisplaylang=en The administering portion of this guide provides Active Directory service administrators with rationale and step-by-step instructions for managing all aspects of domain controller configuration and maintenance. The troubleshooting portion of this guide provides problem and solution topics that explain how to address many common error events that occur in production. -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Re Service Pack Level
You can refocus the domain? How many domains do you have? I am sorry but I can't test anything now as I am in training for DEC 2006. Mark -Original Message- From: Harding, Devon [EMAIL PROTECTED] Date: Thu, 23 Feb 2006 14:07:02 To:ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Re Service Pack Level I like this idea, but how is it run for all DC's in the forest? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Thursday, February 23, 2006 4:03 AM To: ActiveDir.org Subject: [ActiveDir] Re Service Pack Level I would use saved queries in users and computers. This way you can dynamically watch as they drop from one query to another. If you have W2K change the 5.2 to 5.0 DC's With SP1 ((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID= 516) (operatingSystemServicePack=Service Pack 1)) DC's Without SP1 ((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID= 516) (!operatingSystemServicePack=Service Pack 1)) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] GPO Security Filtering to a group not working
Yes, I did remove Authenticated users, or else the GPO would apply to everyone in the domain, rather than just the group I am trying to apply it to. On 2/23/06, Mark Parris [EMAIL PROTECTED] wrote: Have you removed Authenticated users from the GPO? -Original Message- From: Joe Lagreca [EMAIL PROTECTED] Date: Thu, 23 Feb 2006 10:08:10 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] GPO Security Filtering to a group not working
Authenticated users was removed from the GPO. I have deny apply group policy only for all the admin groups, so I don't accidentally appy the GPO to any of them. The group I am trying to apply the GPO to, is not part of any other group. Joe On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote: Joe- Are you removing the Authenticated Users ACE before you add the discretionary group? You don't have any Deny ACEs on that GPO, do you? Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca Sent: Thursday, February 23, 2006 10:08 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO Security Filtering to a group not working
Ok. So I am assuming from your description that you are trying to filter user policy by user group. The question here is, are you logging into the workstation with a user account that is a member of the admin groups that have deny access? If so, then the deny will override any grant. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca Sent: Thursday, February 23, 2006 12:55 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO Security Filtering to a group not working Authenticated users was removed from the GPO. I have deny apply group policy only for all the admin groups, so I don't accidentally appy the GPO to any of them. The group I am trying to apply the GPO to, is not part of any other group. Joe On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote: Joe- Are you removing the Authenticated Users ACE before you add the discretionary group? You don't have any Deny ACEs on that GPO, do you? Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca Sent: Thursday, February 23, 2006 10:08 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] GPO Security Filtering to a group not working
Not unless you applied it at the root. Only members of the OU. -Original Message- From: Joe Lagreca [EMAIL PROTECTED] Date: Thu, 23 Feb 2006 12:54:44 To:ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO Security Filtering to a group not working Yes, I did remove Authenticated users, or else the GPO would apply to everyone in the domain, rather than just the group I am trying to apply it to. On 2/23/06, Mark Parris [EMAIL PROTECTED] wrote: Have you removed Authenticated users from the GPO? -Original Message- From: Joe Lagreca [EMAIL PROTECTED] Date: Thu, 23 Feb 2006 10:08:10 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] OT: NTFS Permissions
Title: OT: NTFS Permissions Have you tried using Read and Change permissions ONLY on the share ? - Original Message - From: Pohlschneider, Chris To: ActiveDir@mail.activedir.org Sent: Thursday, February 23, 2006 1:35 PM Subject: [ActiveDir] OT: NTFS Permissions I have a dilemma where operators in our shop need to be able to downloaddata files off of a Windows 2000 SP4 file server. The operators need to beable to copy files off of the server and also be able to create a file aswell. However we do not want them to delete or have the ability to choosecut and move the files or folders off of the server. I have triedcombinations of denying delete access, but yet keeping modify permission.Have not been able to come up with a solution for this and did not know ifanyone had any insight on this or not. Thanks in advance for any help andsuggestions!!Chris PohlschneiderNetwork AdministratorCenveo-Sidney937-497-2136[EMAIL PROTECTED]Cenveo is your visual communications connection for a broad portfolio ofservices and products including eServices, envelopes, offset and digitalprinting, labels and business documents
RE: [ActiveDir] OT: NTFS Permissions
Title: OT: NTFS Permissions I have not tried that because doesn't that just set the permission as far as the user being able to read the permissions on a certain directory or change them if they had the access to? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Kevin GentSent: Thursday, February 23, 2006 4:40 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: NTFS Permissions Have you tried using Read and Change permissions ONLY on the share ? - Original Message - From: Pohlschneider, Chris To: ActiveDir@mail.activedir.org Sent: Thursday, February 23, 2006 1:35 PM Subject: [ActiveDir] OT: NTFS Permissions I have a dilemma where operators in our shop need to be able to downloaddata files off of a Windows 2000 SP4 file server. The operators need to beable to copy files off of the server and also be able to create a file aswell. However we do not want them to delete or have the ability to choosecut and move the files or folders off of the server. I have triedcombinations of denying delete access, but yet keeping modify permission.Have not been able to come up with a solution for this and did not know ifanyone had any insight on this or not. Thanks in advance for any help andsuggestions!!Chris PohlschneiderNetwork AdministratorCenveo-Sidney937-497-2136[EMAIL PROTECTED]Cenveo is your visual communications connection for a broad portfolio ofservices and products including eServices, envelopes, offset and digitalprinting, labels and business documents
Re: [ActiveDir] Stupid Group Policy CSE behavior
My point was just that particular CSE stops processing further GPs related to it, and not entire GP processing.This gives very inconsistent application of policy. One fine day, you find that all policies are working fine, and when next day you introduce new policy, which has settings no way related to earlier policies and it goes on to break unrelated policy. I will give you something to test...parent OU policy contains : DENY 'Authenticated Users' permission on one of the registry key(in my case USBSTOR service) ADM template which tries to change a value inside that registry key (making value start = 4) Child OU policy : is simply any setting from existing administrative templates (in my case WSUS policy)You would expect processing of both polices by Registry CSE, but in this case child policy won't be processed as registry CSE will fail while changing value specified in parent OU policy, due to restrictive permission. In another case it was mis-spelled file name, configured for file system security.-- Kamlesh~Be the change you want to see in the World~ On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote: Well, it won't be the first time I've heard something about GP called stupid :). I suspect it depends upon how you think about this.Certain CSEs are more resilient than others. I honestly haven't come across your scenario but in a lot of cases, if a CSE fails to do something, GPprocessing will simply continue along. I will try to take a deeperlook at this and see if I can understand why that is happening. One thing I usually recommend is to stay away from using registry and/or file security policy to set perms. First of all, I find it kind of a klunky way to manage permissions. Secondly, if you do a lot of it in policy, it canreally slow down processing. I think its just better to manage security permissions on files and registry keys with a different, and more deterministic method. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kamlesh ParmarSent: Wednesday, February 22, 2006 11:48 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Stupid Group Policy CSE behavior I had high hopes for group policy, but now it has started waning... Simply stated, what happens is ... you have different policies applying to machine. And say allpolicies contain different registry or security related settings. Now, whenat workstation registry or security CSE tries to process these settings... It willjuststop processing atfirst error itencountered and never process settings from remaining policies. so if registry CSE found that it has 10 values in registry to set and if it encountered error at5th, it will never go ahead and process 6 to 10. here is my case: I had set deny permission on one registry key in one policy and I was trying to change that setting from another policy. One would guess that, 2nd policy would simply fail and CSE would continue processing other polices which are no way related to this setting. But it doesn't. I have seen this for Registry and Security CSE. Thanks for listening :-)-- Kamlesh~Be the change you want to see in the World~
Re: [ActiveDir] OT: NTFS Permissions
Title: OT: NTFS Permissions I believe that sets the stage for what can, and cannot be inherited, further down the line in directory and file permissions. Someone will correct us soon enough. - Original Message - From: Pohlschneider, Chris To: ActiveDir@mail.activedir.org Sent: Thursday, February 23, 2006 4:50 PM Subject: RE: [ActiveDir] OT: NTFS Permissions I have not tried that because doesn't that just set the permission as far as the user being able to read the permissions on a certain directory or change them if they had the access to? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Kevin GentSent: Thursday, February 23, 2006 4:40 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: NTFS Permissions Have you tried using Read and Change permissions ONLY on the share ? - Original Message - From: Pohlschneider, Chris To: ActiveDir@mail.activedir.org Sent: Thursday, February 23, 2006 1:35 PM Subject: [ActiveDir] OT: NTFS Permissions I have a dilemma where operators in our shop need to be able to downloaddata files off of a Windows 2000 SP4 file server. The operators need to beable to copy files off of the server and also be able to create a file aswell. However we do not want them to delete or have the ability to choosecut and move the files or folders off of the server. I have triedcombinations of denying delete access, but yet keeping modify permission.Have not been able to come up with a solution for this and did not know ifanyone had any insight on this or not. Thanks in advance for any help andsuggestions!!Chris PohlschneiderNetwork AdministratorCenveo-Sidney937-497-2136[EMAIL PROTECTED]Cenveo is your visual communications connection for a broad portfolio ofservices and products including eServices, envelopes, offset and digitalprinting, labels and business documents
RE: [ActiveDir] Stupid Group Policy CSE behavior
Ok. I will test that but it would be good to understand the scenario a little better. You do realize that by setting a Deny ACE for Auth. Users on the device/service, you are effectively preventing any access to that service, which would seem problematic in and of itself. The second point or question is, why would you not use the service security policy rather than registry policy to control this? I'm assuming its because you're trying to control a device rather than a real service? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh ParmarSent: Thursday, February 23, 2006 2:06 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Stupid Group Policy CSE behavior My point was just that particular CSE stops processing further GPs related to it, and not entire GP processing.This gives very inconsistent application of policy. One fine day, you find that all policies are working fine, and when next day you introduce new policy, which has settings no way related to earlier policies and it goes on to break unrelated policy. I will give you something to test...parent OU policy contains : DENY 'Authenticated Users' permission on one of the registry key(in my case USBSTOR service) ADM template which tries to change a value inside that registry key (making value start = 4) Child OU policy : is simply any setting from existing administrative templates (in my case WSUS policy)You would expect processing of both polices by Registry CSE, but in this case child policy won't be processed as registry CSE will fail while changing value specified in parent OU policy, due to restrictive permission. In another case it was mis-spelled file name, configured for file system security.-- Kamlesh~"Be the change you want to see in the World"~ On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote: Well, it won't be the first time I've heard something about GP called "stupid" :). I suspect it depends upon how you think about this.Certain CSEs are more resilient than others. I honestly haven't come across your scenario but in a lot of cases, if a CSE fails to do something, GPprocessing will simply continue along. I will try to take a deeperlook at this and see if I can understand why that is happening. One thing I usually recommend is to stay away from using registry and/or file security policy to set perms. First of all, I find it kind of a klunky way to manage permissions. Secondly, if you do a lot of it in policy, it canreally slow down processing. I think its just better to manage security permissions on files and registry keys with a different, and more deterministic method. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kamlesh ParmarSent: Wednesday, February 22, 2006 11:48 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Stupid Group Policy CSE behavior I had high hopes for group policy, but now it has started waning... Simply stated, what happens is ... you have different policies applying to machine. And say allpolicies contain different registry or security related settings. Now, whenat workstation registry or security CSE tries to process these settings... It willjuststop processing atfirst error itencountered and never process settings from remaining policies. so if registry CSE found that it has 10 values in registry to set and if it encountered error at5th, it will never go ahead and process 6 to 10. here is my case: I had set deny permission on one registry key in one policy and I was trying to change that setting from another policy. One would guess that, 2nd policy would simply fail and CSE would continue processing other polices which are no way related to this setting. But it doesn't. I have seen this for Registry and Security CSE. Thanks for listening :-)-- Kamlesh~"Be the change you want to see in the World"~
RE: [ActiveDir] GPO Security Filtering to a group not working
I would now utilise the gpo modelling aspect of the gpmc to see where my issues lay. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: 23 February 2006 21:34 To: ActiveDir.org Subject: Re: [ActiveDir] GPO Security Filtering to a group not working Not unless you applied it at the root. Only members of the OU. -Original Message- From: Joe Lagreca [EMAIL PROTECTED] Date: Thu, 23 Feb 2006 12:54:44 To:ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO Security Filtering to a group not working Yes, I did remove Authenticated users, or else the GPO would apply to everyone in the domain, rather than just the group I am trying to apply it to. On 2/23/06, Mark Parris [EMAIL PROTECTED] wrote: Have you removed Authenticated users from the GPO? -Original Message- From: Joe Lagreca [EMAIL PROTECTED] Date: Thu, 23 Feb 2006 10:08:10 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] GPO Security Filtering to a group not working
I am working in a test lab. I have 2 users, test1 and test2. I also have group1 and group2. None of the users or group are in any of the admin groups. On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote: Ok. So I am assuming from your description that you are trying to filter user policy by user group. The question here is, are you logging into the workstation with a user account that is a member of the admin groups that have deny access? If so, then the deny will override any grant. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca Sent: Thursday, February 23, 2006 12:55 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO Security Filtering to a group not working Authenticated users was removed from the GPO. I have deny apply group policy only for all the admin groups, so I don't accidentally appy the GPO to any of them. The group I am trying to apply the GPO to, is not part of any other group. Joe On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote: Joe- Are you removing the Authenticated Users ACE before you add the discretionary group? You don't have any Deny ACEs on that GPO, do you? Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca Sent: Thursday, February 23, 2006 10:08 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO Security Filtering to a group not working I am trying to implement GPO Security Filtering to groups without any luck. When I run gpresult on the workstation, I get Filtering: Denied (Security). However I have delegation, I have given the group both read and apply policy permissions. When I try GPO Security Filtering for either a single user, or the built in authenticated users group, it works fine. I just can't seem to get it to work with the group I have created. Has anyone experienced this before or know what I am doing wrong? I have tried it with both domain local and global security groups. Thanks. Joe List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GC Provider
OK, what do I need to do in my code to simply query the global catalog for the entire forest? I have New DirectoryEntry(GC://) That seems not to work. If I inspect it ?searchroot {System.DirectoryServices.DirectoryEntry} AuthenticationType: Secure {1} Children: {System.DirectoryServices.DirectoryEntries} Container: Nothing Guid: {Unknown error (0x80005000)} Name: {Unknown error (0x80005000)} NativeGuid: {Unknown error (0x80005000)} NativeObject: {Unknown error (0x80005000)} ObjectSecurity: {Unknown error (0x80005000)} Options: {Unknown error (0x80005000)} Parent: {Unknown error (0x80005000)} Path: GC:// Properties: {System.DirectoryServices.PropertyCollection} SchemaClassName: {Unknown error (0x80005000)} SchemaEntry: {Unknown error (0x80005000)} Site: Nothing UsePropertyCache: True Username: Nothing We learn that its more or less null, lots of unknown COM Errors. Im running this code as myself I have Domain Admin an Enterprise Admin groups in my token, I had thought there was some reason something like Network Service couldnt do this, but, that has obviously been ruled out. GC://mydomain.com works fine, but then I dont get the stuff in GC://otherdomain.com which is in my forest. This is supposed to work and it doesnt. Ideas? Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132