RE: [ActiveDir] MVP mini summit at DEC 2006

[neil.ruston]

Daft question maybe, but is this open to MVPs only?


neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: 23 February 2006 00:09
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MVP mini summit at DEC 2006

Alym has scheduled a MVP mini summit session at the conclusion of DEC
2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of
the DEC session rooms (tbd). Drugs, booze, and loose women will
follow... or at least that's what I was led to believe. :)

Alym is swamped with another project, but will be providing the official
announcement in a few days. I just wanted to make MVPs aware of it in
case you had scheduled a flight out on Wednesday afternoon.

-gil

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] MVP mini summit at DEC 2006

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

I believe Vegas comes standard with Drugs, booze and loose women.

[EMAIL PROTECTED] wrote:

Daft question maybe, but is this open to MVPs only?


neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: 23 February 2006 00:09
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MVP mini summit at DEC 2006

Alym has scheduled a MVP mini summit session at the conclusion of DEC
2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of
the DEC session rooms (tbd). Drugs, booze, and loose women will
follow... or at least that's what I was led to believe. :)

Alym is swamped with another project, but will be providing the official
announcement in a few days. I just wanted to make MVPs aware of it in
case you had scheduled a flight out on Wednesday afternoon.

-gil

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

  

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] MVP mini summit at DEC 2006

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Forgot the ;-)

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

I believe Vegas comes standard with Drugs, booze and loose women.

[EMAIL PROTECTED] wrote:

Daft question maybe, but is this open to MVPs only?


neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: 23 February 2006 00:09
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MVP mini summit at DEC 2006

Alym has scheduled a MVP mini summit session at the conclusion of DEC
2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of
the DEC session rooms (tbd). Drugs, booze, and loose women will
follow... or at least that's what I was led to believe. :)

Alym is swamped with another project, but will be providing the official
announcement in a few days. I just wanted to make MVPs aware of it in
case you had scheduled a flight out on Wednesday afternoon.

-gil

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and 
delete your

copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of 
communication and
Nomura International plc ('NIplc') will not, to the extent permitted 
by law,
accept responsibility or liability for (a) the accuracy or 
completeness of,

or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of 
this

email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely 
those of
the author and do not necessarily represent those of NIplc; (3) is 
intended
for informational purposes only and is not a recommendation, 
solicitation or

offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  
Authorised and

regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St 
Martin's-le-Grand,

London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/


  

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] IIS 6.0 LDAP Auth

[Lev Zdenek]

Hello
Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
database ?
THX
Zdenek Lev
ANECT a.s.
Email: [EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Re Service Pack Level

[Mark Parris]

I would use saved queries in users and computers. This way you can dynamically 
watch as they drop from one query to another. If you have W2K change the 5.2 to 
5.0

DC's With SP1
((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=516)
(operatingSystemServicePack=Service Pack 1))

DC's Without SP1
((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=516)
(!operatingSystemServicePack=Service Pack 1))
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] OWA with Active Directory

[marwahashem]

Dear All,


1- we have Firewall ( HW ) Cisco-PIX firewall, and it has this Real IP 
Address 213.255.2.62

2- we dicede to host our exchange server On-line and the MX record for our 
mail server will be the external IP-address of Firewall which is 

( 213.255.2.62 ).

3- We will use NAT inside the Firewall, and it will deliver the E-mails to 
Internal IP of Exchange server .

4- We opend all the Ports Internal  external on the Fortigate.

5- we dicide to use OWA .


For example :-

if one of this users has already an Exchange account , in side his Office, 
and this Account Configured to deliver the E-mails to Personal Folder on his 
PC rather than Mailbox on the exchange server,  and this user left for temp 
work in USA.

now this user wants the following ( during his Temp Work in USA )  :-

A- Access the E-mails which came to him directly during his temp work.
B- want in the same time to access his Old inbox,  contact  Calender  His 
Task  sent itmes which he worked on it while in the office .

if he type from the web browser ( http://webmail.mydomain.com ), will he be 
able to see the following :-

A- Access the E-mails which came to him directly during his temp work.
B- want in the same time to access his Old inbox,  contact  Calender  His 
Task  sent itmes which he worked on it while in the office .


=

Please Note, i have only One Domain Controller  One exchange server , and 
all of them is Win 2033 Enterprise Edition, Exchange has SP2 .

i do not have at all, another server for exchange , and i did not implement 
at all Front End / Back End server at all.



please try to guide me , if you do not mind guys .

thanks for you in advanced .


Thanks  Best Regards,
Marwa,
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Windows 2000 profile migration

[adriaoramos]

Hi every body


I need
your help again.

We’re
joining many windows 2000 workstations to our domain. In Windows Xp, we
can copy profiles from and user to another (many users log on the same
machine). 
How can
we migrate windows 2000 ser profiles, and make them work fine, since we
have had many problems just copying. Is there any utility to help us? That
is a great problem for us, cause users don’t want to lose (of course)
their personal settings when creating a new profile

Thanks



Adrião Ferreira Ramos
Superintendência de Tecnologia da Informação
Depto. de Operações e Infra-estrutura - CII
*
[EMAIL PROTECTED]
( 11 - 3388-8193

RE: [ActiveDir] OWA with Active Directory

[Michael B. Smith]

A. No.
B. Yes (unless they are downloaded into the personal store and removed).

While there can certainly be exceptions, generally speaking, the right
place for e-mail is the Exchange store. Having the delivery location as
a personal store removes a large number of benefits - including access
to those items via OWA.

Prior to Exchange Server 2003 and Outlook 2003, a common reason for
using a personal store was speed and easy remote access. With cached
mode, that reason is gone.

In terms of opening all ports, I hope you are actually only referring
to (http, https, smtp, pop3, and imap).

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of marwahashem
Sent: Wednesday, February 22, 2006 5:52 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OWA with Active Directory

Dear All,


1- we have Firewall ( HW ) Cisco-PIX firewall, and it has this Real IP 
Address 213.255.2.62

2- we dicede to host our exchange server On-line and the MX record for
our 
mail server will be the external IP-address of Firewall which is 

( 213.255.2.62 ).

3- We will use NAT inside the Firewall, and it will deliver the E-mails
to 
Internal IP of Exchange server .

4- We opend all the Ports Internal  external on the Fortigate.

5- we dicide to use OWA .


For example :-

if one of this users has already an Exchange account , in side his
Office, 
and this Account Configured to deliver the E-mails to Personal Folder on
his 
PC rather than Mailbox on the exchange server,  and this user left for
temp 
work in USA.

now this user wants the following ( during his Temp Work in USA )  :-

A- Access the E-mails which came to him directly during his temp work.
B- want in the same time to access his Old inbox,  contact  Calender 
His 
Task  sent itmes which he worked on it while in the office .

if he type from the web browser ( http://webmail.mydomain.com ), will he
be 
able to see the following :-

A- Access the E-mails which came to him directly during his temp work.
B- want in the same time to access his Old inbox,  contact  Calender 
His 
Task  sent itmes which he worked on it while in the office .



=

Please Note, i have only One Domain Controller  One exchange server ,
and 
all of them is Win 2033 Enterprise Edition, Exchange has SP2 .

i do not have at all, another server for exchange , and i did not
implement 
at all Front End / Back End server at all.




please try to guide me , if you do not mind guys .

thanks for you in advanced .


Thanks  Best Regards,
Marwa,
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] MVP mini summit at DEC 2006

[Laura E. Hunter]

I think the statement works either with it or without it.  :-)

(And remember, it's in -Henderson-, not Las Vegas!  No gambling, no
showgirls, just a quiet little geek conference in the middle of the
desert.  Nothing to see here, move along.  ;-))

On 2/23/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED] wrote:
 Forgot the ;-)

 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
  I believe Vegas comes standard with Drugs, booze and loose women.
 
  [EMAIL PROTECTED] wrote:
  Daft question maybe, but is this open to MVPs only?
 
 
  neil
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
  Sent: 23 February 2006 00:09
  To: ActiveDir@mail.activedir.org
  Subject: [ActiveDir] MVP mini summit at DEC 2006
 
  Alym has scheduled a MVP mini summit session at the conclusion of DEC
  2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of
  the DEC session rooms (tbd). Drugs, booze, and loose women will
  follow... or at least that's what I was led to believe. :)
 
  Alym is swamped with another project, but will be providing the official
  announcement in a few days. I just wanted to make MVPs aware of it in
  case you had scheduled a flight out on Wednesday afternoon.
 
  -gil
 
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
 
  PLEASE READ: The information contained in this email is confidential and
  intended for the named recipient(s) only. If you are not an intended
  recipient of this email please notify the sender immediately and
  delete your
  copy from your system. You must not copy, distribute or take any further
  action in reliance on it. Email is not a secure method of
  communication and
  Nomura International plc ('NIplc') will not, to the extent permitted
  by law,
  accept responsibility or liability for (a) the accuracy or
  completeness of,
  or (b) the presence of any virus, worm or similar malicious or disabling
  code in, this message or any attachment(s) to it. If verification of
  this
  email is sought then please request a hard copy. Unless otherwise stated
  this email: (1) is not, and should not be treated or relied upon as,
  investment research; (2) contains views or opinions that are solely
  those of
  the author and do not necessarily represent those of NIplc; (3) is
  intended
  for informational purposes only and is not a recommendation,
  solicitation or
  offer to buy or sell securities or related financial instruments.  NIplc
  does not provide investment services to private customers.
  Authorised and
  regulated by the Financial Services Authority.  Registered in England
  no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St
  Martin's-le-Grand,
  London, EC1A 4NP.  A member of the Nomura group of companies.
 
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



--
---
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] MVP mini summit at DEC 2006

[Creamer, Mark]

Cool - that's the little town where a dead body shows up week after week on CSI

mc
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Laura E. Hunter
Sent: Thursday, February 23, 2006 9:10 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] MVP mini summit at DEC 2006

I think the statement works either with it or without it.  :-)

(And remember, it's in -Henderson-, not Las Vegas!  No gambling, no
showgirls, just a quiet little geek conference in the middle of the
desert.  Nothing to see here, move along.  ;-))

On 2/23/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED] wrote:
 Forgot the ;-)

 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
  I believe Vegas comes standard with Drugs, booze and loose women.
 
  [EMAIL PROTECTED] wrote:
  Daft question maybe, but is this open to MVPs only?
 
 
  neil
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
  Sent: 23 February 2006 00:09
  To: ActiveDir@mail.activedir.org
  Subject: [ActiveDir] MVP mini summit at DEC 2006
 
  Alym has scheduled a MVP mini summit session at the conclusion of DEC
  2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of
  the DEC session rooms (tbd). Drugs, booze, and loose women will
  follow... or at least that's what I was led to believe. :)
 
  Alym is swamped with another project, but will be providing the official
  announcement in a few days. I just wanted to make MVPs aware of it in
  case you had scheduled a flight out on Wednesday afternoon.
 
  -gil
 
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
 
  PLEASE READ: The information contained in this email is confidential and
  intended for the named recipient(s) only. If you are not an intended
  recipient of this email please notify the sender immediately and
  delete your
  copy from your system. You must not copy, distribute or take any further
  action in reliance on it. Email is not a secure method of
  communication and
  Nomura International plc ('NIplc') will not, to the extent permitted
  by law,
  accept responsibility or liability for (a) the accuracy or
  completeness of,
  or (b) the presence of any virus, worm or similar malicious or disabling
  code in, this message or any attachment(s) to it. If verification of
  this
  email is sought then please request a hard copy. Unless otherwise stated
  this email: (1) is not, and should not be treated or relied upon as,
  investment research; (2) contains views or opinions that are solely
  those of
  the author and do not necessarily represent those of NIplc; (3) is
  intended
  for informational purposes only and is not a recommendation,
  solicitation or
  offer to buy or sell securities or related financial instruments.  NIplc
  does not provide investment services to private customers.
  Authorised and
  regulated by the Financial Services Authority.  Registered in England
  no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St
  Martin's-le-Grand,
  London, EC1A 4NP.  A member of the Nomura group of companies.
 
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



--
---
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail transmission contains information that is intended to be 
confidential and privileged.  If you receive this e-mail and you are not a 
named addressee you are hereby notified that you are not authorized to read, 
print, retain, copy or disseminate this communication without the consent of 
the sender and that doing so is prohibited and may be unlawful.  Please reply 
to the message immediately by informing the sender that the message was 
misdirected.  After replying, please delete and otherwise erase it and any 
attachments from your computer system.  Your assistance in correcting this 
error is appreciated.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] MVP mini summit at DEC 2006

[Gil Kirkpatrick]

I dunno for sure... I sort of suspect it is, but Alym will clarify it
when he gets his head above water. But I don't see any reason why you
couldn't join in the DBLW/M (tm) after the MVP session.

-g

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 1:39 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] MVP mini summit at DEC 2006

Daft question maybe, but is this open to MVPs only?


neil


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: 23 February 2006 00:09
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MVP mini summit at DEC 2006

Alym has scheduled a MVP mini summit session at the conclusion of DEC
2006 in Las Vegas. We'll meet on Wednesday March 29th at 4pm in one of
the DEC session rooms (tbd). Drugs, booze, and loose women will
follow... or at least that's what I was led to believe. :)

Alym is swamped with another project, but will be providing the official
announcement in a few days. I just wanted to make MVPs aware of it in
case you had scheduled a flight out on Wednesday afternoon.

-gil

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete
your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication
and
Nomura International plc ('NIplc') will not, to the extent permitted by
law,
accept responsibility or liability for (a) the accuracy or completeness
of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of
this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely
those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised
and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Stupid Group Policy CSE behavior

[Darren Mar-Elia]

Well, it won't be the first time I've heard something about 
GP called "stupid" :).

I suspect it depends upon how you think about 
this.Certain CSEs are more resilient than others. I honestly haven't come 
across your scenario but in a lot of cases, if a CSE fails to do something, 
GPprocessing will simply continue along. I will try to take a 
deeperlook at this and see if I can understand why that is happening. 


One thing I usually recommend is to stay away from using 
registry and/or file security policy to set perms. First of all, I find it kind 
of a klunky way to manage permissions. Secondly, if you do a lot of it in 
policy, it canreally slow down processing. I think its just better to 
manage security permissions on files and registry keys with a different, and 
more deterministic method. 







From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh 
ParmarSent: Wednesday, February 22, 2006 11:48 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Stupid Group Policy 
CSE behavior

I had high hopes for group policy, but now it has started waning...

Simply stated, what happens is ... you have different policies applying to 
machine.
And say allpolicies contain different registry or security related 
settings.
Now, whenat workstation registry or security CSE tries to process 
these settings...
It willjuststop processing atfirst error 
itencountered and never process settings from remaining policies.

so if registry CSE found that it has 10 values in registry to set and if it 
encountered error at5th, it will never go ahead and process 6 to 10.

here is my case:

I had set deny permission on one registry key in one policy and I was 
trying to change that setting from another policy.
One would guess that, 2nd policy would simply fail and CSE would continue 
processing other polices which are no way related to this setting. But it 
doesn't.

I have seen this for Registry and Security CSE.

Thanks for listening :-)-- 
Kamlesh~"Be the change you want to 
see in the 
World"~

Re: [ActiveDir] repadmin info oddity

[Laura E. Hunter]

 (or a scotch if you'd prefer ;o) ...

Double shot of Glen Livett, a nice spritz of Sprite, inch and a half
of water and a couple of ice cubes, in a highball glass.

And the fact that I still remember this begs two questions:

[1] What do we order if the bar doesn't have Glen Livett?

and

[2] What critical piece of information has -not- been encoded into my
long-term memory so that I can instead remember how Dean takes his
Scotch?  :-)
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] IIS 6.0 LDAP Auth

[deji]

What exactly does that mean? Are you looking for info on FTP auth using AD?
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 12:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] IIS 6.0 LDAP Auth



Hello
Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
database ?
THX
Zdenek Lev
ANECT a.s.
Email: [EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Windows 2000 profile migration

[deji]

It's called User State Migration Tool (USMT)
http://www.microsoft.com/downloads/details.aspx?FamilyID=4af2d2c9-f16c-4c52-a
203-8daf944dd555DisplayLang=en
 
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of
[EMAIL PROTECTED]
Sent: Thu 2/23/2006 3:55 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Windows 2000 profile migration



Hi every body 


I need your help again. 

We're joining many windows 2000 workstations to our domain. In
Windows Xp, we can copy profiles from and user to another (many users log on
the same machine). 
How can we migrate windows 2000 ser profiles, and make them work
fine, since we have had many problems just copying. Is there any utility to
help us? That is a great problem for us, cause users don't want to lose (of
course) their personal settings when creating a new profile 

Thanks 



Adrião Ferreira Ramos 
Superintendência de Tecnologia da Informação 
Depto. de Operações e Infra-estrutura - CII 
*  [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  
*  11 - 3388-8193 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] IIS 6.0 LDAP Auth

[Lev Zdenek]

I would like to auth. users access to web site on IIS 6.0 against external LDAP 
user database

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 5:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

What exactly does that mean? Are you looking for info on FTP auth using AD?
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 12:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] IIS 6.0 LDAP Auth



Hello
Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
database ?
THX
Zdenek Lev
ANECT a.s.
Email: [EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] IIS 6.0 LDAP Auth

[steve patrick]

Take a look here:

http://www.inflectioncorp.com/downloads.html


spat
- Original Message - 
From: Lev Zdenek [EMAIL PROTECTED]

To: ActiveDir@mail.activedir.org
Sent: Thursday, February 23, 2006 8:10 AM
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth


I would like to auth. users access to web site on IIS 6.0 against external 
LDAP user database


-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]

Sent: Thursday, February 23, 2006 5:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

What exactly does that mean? Are you looking for info on FTP auth using AD?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 12:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] IIS 6.0 LDAP Auth



Hello
Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
database ?
THX
Zdenek Lev
ANECT a.s.
Email: [EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] IIS 6.0 LDAP Auth

[deji]

Ah! That was over my head, sorry.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 8:10 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth



I would like to auth. users access to web site on IIS 6.0 against external
LDAP user database

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 5:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

What exactly does that mean? Are you looking for info on FTP auth using AD?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 12:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] IIS 6.0 LDAP Auth



Hello
Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
database ?
THX
Zdenek Lev
ANECT a.s.
Email: [EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] MAC Address

[Todd Hofert]

I have a client PC 
that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is 
there a way to query that info from the card via command prompt or some other 
method?

Thanks
Todd




This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.

RE: [ActiveDir] MAC Address

[Aaron Visser]

Run command prompt

Type ipconfig /all





Aaron











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Todd Hofert
Sent: Thursday, February 23, 2006
8:40 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MAC Address







I have a client PC that does not list the MAC Address for
it's wireless NIC anywhere in the OS. Is there a way to query that info from
the card via command prompt or some other method?











Thanks





Todd
















This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.

Re: [ActiveDir] MAC Address

[Tom Kern]

Getmac
On 2/23/06, Todd Hofert [EMAIL PROTECTED] wrote:

I have a client PC that does not list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to query that info from the card via command prompt or some other method?


Thanks
Todd

This e-mail and any attachments may contain confidential and privilegedinformation. If you are not the intended recipient, please notify thesender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person otherthan the intended recipient is unauthorized and may be illegal.

RE: [ActiveDir] IIS 6.0 LDAP Auth

[Ben D. Kusa]

I have used this before with nds as the ldap source

http://www.novell.com/coolsolutions/tip/5980.html



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 11:34 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

Ah! That was over my head, sorry.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 8:10 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth



I would like to auth. users access to web site on IIS 6.0 against external
LDAP user database

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 5:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

What exactly does that mean? Are you looking for info on FTP auth using AD?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 12:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] IIS 6.0 LDAP Auth



Hello
Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
database ?
THX
Zdenek Lev
ANECT a.s.
Email: [EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] IIS 6.0 LDAP Auth

[Matt Baldwin]

of course, the isapi filter solution becomes void when IIS 7 is
released... with IIS 7 you'll be able to write your own httphandlers
that get loaded with IIS versus having to use an ISAPI.. but this
doesn't help you right now.. :)  my only concern with the isapi would
be the impact it has on performance (if any).. so you'd want to run it
through some load-testing before throwing it into a production
environment imho.

-matt


On 2/23/06, steve patrick [EMAIL PROTECTED] wrote:
 Take a look here:

 http://www.inflectioncorp.com/downloads.html


 spat
 - Original Message -
 From: Lev Zdenek [EMAIL PROTECTED]
 To: ActiveDir@mail.activedir.org
 Sent: Thursday, February 23, 2006 8:10 AM
 Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth


 I would like to auth. users access to web site on IIS 6.0 against external
 LDAP user database

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
 Sent: Thursday, February 23, 2006 5:02 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

 What exactly does that mean? Are you looking for info on FTP auth using AD?


 Sincerely,

 Dèjì Akómöláfé, MCSE+M MCSA+M MCT
 Microsoft MVP - Directory Services
 www.readymaids.com - we know IT
 www.akomolafe.com
 Do you now realize that Today is the Tomorrow you were worried about
 Yesterday?  -anon

 

 From: [EMAIL PROTECTED] on behalf of Lev Zdenek
 Sent: Thu 2/23/2006 12:52 AM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] IIS 6.0 LDAP Auth



 Hello
 Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
 database ?
 THX
 Zdenek Lev
 ANECT a.s.
 Email: [EMAIL PROTECTED]


 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] MAC Address

[deji]

Something like this:
wmic NICCONFIG get MACAddress
 
Or a vbscript like this:
 
strComputer = .
Set objWMIService = GetObject(winmgmts:  !\\  strComputer 
\root\cimv2)
If Err.number  0 Then
Else
Set colAdapters = objWMIService.ExecQuery _
(Select * from Win32_NetworkAdapterConfiguration Where IPEnabled =
True)
For Each objAdapter in colAdapters
Physical_address = objAdapter.MACAddress
 Wscript.Echo Physical_Address
If Not IsNull(objAdapter.IPAddress) Then
For i = LBound(objAdapter.IPAddress) To UBound(objAdapter.IPAddress)
IP_address = objAdapter.IPAddress(i)
  Wscript.Echo IP_Address
Next
End If
Next
 
 
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Todd Hofert
Sent: Thu 2/23/2006 8:40 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MAC Address


I have a client PC that does not list the MAC Address for it's wireless NIC
anywhere in the OS. Is there a way to query that info from the card via
command prompt or some other method?
 
Thanks
Todd
 

This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] MAC Address

[Todd Hofert]

Gee, what an idiot. I already did that and completely over 
looked the MAC.


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron 
VisserSent: Thursday, February 23, 2006 11:42 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MAC 
Address


Run command 
prompt
Type ipconfig 
/all


Aaron





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Todd 
HofertSent: Thursday, February 
23, 2006 8:40 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] MAC 
Address


I have a client PC that does not 
list the MAC Address for it's wireless NIC anywhere in the OS. Is there a way to 
query that info from the card via command prompt or some other 
method?



Thanks

Todd


This e-mail and any attachments may contain confidential and 
privilegedinformation. If you are not the intended recipient, please notify 
thesender immediately by return e-mail, delete this e-mail and destroy 
anycopies. Any dissemination or use of this information by a person 
otherthan the intended recipient is unauthorized and may be 
illegal.



This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.

Re: [ActiveDir] MAC Address

[Za Vue]

Look at the wireless card itself. Ping it and ARP it. GetMac,
ipconfig/all, etc. etc.

-Z.V.

Todd Hofert wrote:

  
  
  I
have a client PC that does not list the MAC Address for it's wireless
NIC anywhere in the OS. Is there a way to query that info from the card
via command prompt or some other method?
  
  Thanks
  Todd
  
  This e-mail and any attachments may contain confidential and
privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.
  




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] MAC Address

[Za Vue]

For remote machines I use Hyena. Right click on the machine,
properties, and choose network and there it is.

Todd Hofert wrote:

  
  
  I
have a client PC that does not list the MAC Address for it's wireless
NIC anywhere in the OS. Is there a way to query that info from the card
via command prompt or some other method?
  
  Thanks
  Todd
  
  This e-mail and any attachments may contain confidential and
privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.
  




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] IIS 6.0 LDAP Auth

[Lev Zdenek]

Did you test it on IIS 6.0 ?


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben D. Kusa
Sent: Thursday, February 23, 2006 5:59 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

I have used this before with nds as the ldap source

http://www.novell.com/coolsolutions/tip/5980.html



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 11:34 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

Ah! That was over my head, sorry.
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 8:10 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth



I would like to auth. users access to web site on IIS 6.0 against external
LDAP user database

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 5:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] IIS 6.0 LDAP Auth

What exactly does that mean? Are you looking for info on FTP auth using AD?


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Lev Zdenek
Sent: Thu 2/23/2006 12:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] IIS 6.0 LDAP Auth



Hello
Does anybody has experience with IIS 6.0 and auth. by LDAP query to LDAP
database ?
THX
Zdenek Lev
ANECT a.s.
Email: [EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] GPO Security Filtering to a group not working

[Joe Lagreca]

I am trying to implement GPO Security Filtering to groups without any luck.

When I run gpresult on the workstation, I get Filtering: Denied (Security).

However I have delegation, I have given the group both read and apply
policy permissions.

When I try GPO Security Filtering for either a single user, or the
built in authenticated users group, it works fine.  I just can't seem
to get it to work with the group I have created.

Has anyone experienced this before or know what I am doing wrong?  I
have tried it with both domain local and global security groups. 
Thanks.

Joe
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] MAC Address

[Comeau, Steven]

You can also go to your DHCP server if you know the Machine name.

Steven Comeau
Manager, Corporate IT Systems
Main Tape
1 Capital Drive, Suite 101
Cranbury, NJ  08512
800-718-8273  x332
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 23, 2006 11:58 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] MAC Address

Something like this:
wmic NICCONFIG get MACAddress
 
Or a vbscript like this:
 
strComputer = .
Set objWMIService = GetObject(winmgmts:  !\\  strComputer 
\root\cimv2)
If Err.number  0 Then
Else
Set colAdapters = objWMIService.ExecQuery _
(Select * from Win32_NetworkAdapterConfiguration Where IPEnabled =
True)
For Each objAdapter in colAdapters
Physical_address = objAdapter.MACAddress
 Wscript.Echo Physical_Address
If Not IsNull(objAdapter.IPAddress) Then
For i = LBound(objAdapter.IPAddress) To UBound(objAdapter.IPAddress)
IP_address = objAdapter.IPAddress(i)
  Wscript.Echo IP_Address
Next
End If
Next
 
 
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of Todd Hofert
Sent: Thu 2/23/2006 8:40 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MAC Address


I have a client PC that does not list the MAC Address for it's wireless NIC
anywhere in the OS. Is there a way to query that info from the card via
command prompt or some other method?
 
Thanks
Todd
 

This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] GPO Security Filtering to a group not working

[Mark Parris]

Have you removed Authenticated users from the GPO?
-Original Message-
From: Joe Lagreca [EMAIL PROTECTED]
Date: Thu, 23 Feb 2006 10:08:10 
To:ActiveDir@mail.activedir.org
Subject: [ActiveDir] GPO Security Filtering to a group not working

I am trying to implement GPO Security Filtering to groups without any luck.

When I run gpresult on the workstation, I get Filtering: Denied (Security).

However I have delegation, I have given the group both read and apply
policy permissions.

When I try GPO Security Filtering for either a single user, or the
built in authenticated users group, it works fine.  I just can't seem
to get it to work with the group I have created.

Has anyone experienced this before or know what I am doing wrong?  I
have tried it with both domain local and global security groups. 
Thanks.

Joe
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] GPO Security Filtering to a group not working

[Darren Mar-Elia]

Joe-
Are you removing the Authenticated Users ACE before you add the
discretionary group? You don't have any Deny ACEs on that GPO, do you?

Darren 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca
Sent: Thursday, February 23, 2006 10:08 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] GPO Security Filtering to a group not working

I am trying to implement GPO Security Filtering to groups without any
luck.

When I run gpresult on the workstation, I get Filtering: Denied
(Security).

However I have delegation, I have given the group both read and apply
policy permissions.

When I try GPO Security Filtering for either a single user, or the built
in authenticated users group, it works fine.  I just can't seem to get
it to work with the group I have created.

Has anyone experienced this before or know what I am doing wrong?  I
have tried it with both domain local and global security groups. 
Thanks.

Joe
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] ADAM: Possible to only enforce local account policies when in a domain?

[Mr Oteece]

ADAM seems to have an all or nothing approach to account policies if you are in a domain. Either you get the domain policies or you get no policies (by setting ADAMDisablePasswordPolicies=1). If you are in a workgroup, you get the local policies. But is there any way to get only the local policies if you are in a domain? At times, domain password rules are incompatible with applications that need to leverage the ADAM for authentication. Please tell me there is a hidden setting for this...

[ActiveDir] MAC Address ( Spoofing )

[Medeiros, Jose]

Since you brought up the topic on MAC
address, take a look at this:

http://www.klcconsulting.net/smac/
SMAC is a MAC
Address Modifying Utility (for spoofing MAC address) for Windows 2000, XP, and
Server 2003 systems, regardless of whether the manufactures allow this option
or not.



Of course spoofing a MAC address is as simple as just
creating a registry key with the Mac address of your choice, its even
easier in Linux.



BTW: I am only posting this to the list so that new
systems administrators to do not have a false sense of security, in not knowing
that this is possible and could easily discredit a victim who has had this
happened.



Peace, 

Sincerely,

Jose
Medeiros
Intel Corporation
MCP+I, MCSE, NT4 MCT
408-765-0437 Direct
408-449-6621 Cell















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Hofert
Sent: Thursday, February 23, 2006
9:06 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] MAC
Address





Gee, what an idiot. I already did that
and completely over looked the MAC.









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser
Sent: Thursday, February 23, 2006
11:42 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] MAC
Address

Run command prompt

Type ipconfig /all





Aaron











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Hofert
Sent: Thursday, February 23, 2006
8:40 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] MAC Address







I have a client PC that does not list the MAC Address for
it's wireless NIC anywhere in the OS. Is there a way to query that info from the
card via command prompt or some other method?











Thanks





Todd









This
e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.








This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal.

RE: [ActiveDir] Re Service Pack Level

[Harding, Devon]

I like this idea, but how is it run for all DC's in the forest?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Thursday, February 23, 2006 4:03 AM
To: ActiveDir.org
Subject: [ActiveDir] Re Service Pack Level

I would use saved queries in users and computers. This way you can
dynamically watch as they drop from one query to another. If you have
W2K change the 5.2 to 5.0

DC's With SP1
((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=
516)
(operatingSystemServicePack=Service Pack 1))

DC's Without SP1
((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=
516)
(!operatingSystemServicePack=Service Pack 1))
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

-
__
This message and any attachments are solely for the intended
recipient and may contain confidential or privileged information.
If you are not the intended recipient, any disclosure, copying, use
or distribution of the information included in the message and any
attachments is prohibited.  If you have received this communication
in error, please notify us by reply e-mail and immediately and
permanently delete this message and any attachments.  Thank You.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] OT: NTFS Permissions

[Pohlschneider, Chris]

Title: OT: NTFS Permissions






I have a dilemma where operators in our shop need to be able to download
data files off of a Windows 2000 SP4 file server. The operators need to be
able to copy files off of the server and also be able to create a file as
well. However we do not want them to delete or have the ability to choose
cut and move the files or folders off of the server. I have tried
combinations of denying delete access, but yet keeping modify permission.
Have not been able to come up with a solution for this and did not know if
anyone had any insight on this or not. Thanks in advance for any help and
suggestions!!

Chris Pohlschneider
Network Administrator
Cenveo-Sidney
937-497-2136
[EMAIL PROTECTED]

Cenveo is your visual communications connection for a broad portfolio of
services and products including eServices, envelopes, offset and digital
printing, labels and business documents

RE: [ActiveDir] MAC Address

[Pohlschneider, Chris]

ipconfig /all from the command prompt should show you the MAC address for 
the wireless nic.

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Todd 
  HofertSent: Thursday, February 23, 2006 11:40 AMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] MAC 
  Address
  I have a client 
  PC that does not list the MAC Address for it's wireless NIC anywhere in the 
  OS. Is there a way to query that info from the card via command prompt or some 
  other method?
  
  Thanks
  Todd
  
  This e-mail and any attachments may contain confidential and 
  privilegedinformation. If you are not the intended recipient, please 
  notify thesender immediately by return e-mail, delete this e-mail and 
  destroy anycopies. Any dissemination or use of this information by a 
  person otherthan the intended recipient is unauthorized and may be 
  illegal.

[ActiveDir] Big problem with member of attribute

[adriaoramos]

Hallo, 
This
is strange and difficult to explain. But I will try
We
have many domains, in these domain, many domain controllers. 
In
on of these domain we have some universal groups to join users from other
sub-domains
The
problem is this

I
can not see other sub domains universal groups the user belongs to , when
I open Act Dur User and Comp, I only see the groups in that sub domain.
But
that’s not the worst. there are some cases, that if I connect to other
domain controllers, it show all the groups.

I
don’t know if you can understand exactly what’s happening, but that is
it.

Can
you help me?

Adrião Ferreira Ramos
Superintendência de Tecnologia da Informação
Depto. de Operações e Infra-estrutura - CII
*
[EMAIL PROTECTED]
( 11 - 3388-8193

Re: [ActiveDir] Big problem with member of attribute

[Phil Renouf]

Have you looked at this KB article?

You cannot view a user's Universal Group membership in Windows Server 2003 Active Directory Users and Computers when Universal Groups do not reside in the local domain

http://support.microsoft.com/?kbid=833883

Phil
On 2/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED]
 wrote:
Hallo, This is strange and difficult to explain. But I will try
 We have many domains, in these domain, many domain controllers. In on of these domain we have some universal groups to join users from other sub-domains
 The problem is this I can not see other sub domains universal groups the user belongs to , when I open Act Dur User and Comp, I only see the groups in that sub domain.
 But that's not the worst. there are some cases, that if I connect to other domain controllers, it show all the groups. 
I don't know if you can understand exactly what's happening, but that is it. Can you help me? Adrião Ferreira Ramos 
Superintendência de Tecnologia da Informação Depto. de Operações e Infra-estrutura - CII *
 [EMAIL PROTECTED]
 ( 11 - 3388-8193 

[ActiveDir] Active Directory Operations

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Download details: Active Directory Operations:
http://www.microsoft.com/downloads/details.aspx?familyid=6a238df8-115c-4e1a-89f1-ee9bc9486c0fdisplaylang=en



The administering portion of this guide provides Active Directory 
service administrators with rationale and step-by-step instructions for 
managing all aspects of domain controller configuration and maintenance. 
The troubleshooting portion of this guide provides problem and solution 
topics that explain how to address many common error events that occur 
in production.



--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Re Service Pack Level

[Mark Parris]

You can refocus the domain? How many domains do you have? I am sorry but I 
can't test anything now as I am in training for DEC 2006.

Mark
-Original Message-
From: Harding, Devon [EMAIL PROTECTED]
Date: Thu, 23 Feb 2006 14:07:02 
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Re Service Pack Level

I like this idea, but how is it run for all DC's in the forest?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Thursday, February 23, 2006 4:03 AM
To: ActiveDir.org
Subject: [ActiveDir] Re Service Pack Level

I would use saved queries in users and computers. This way you can
dynamically watch as they drop from one query to another. If you have
W2K change the 5.2 to 5.0

DC's With SP1
((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=
516)
(operatingSystemServicePack=Service Pack 1))

DC's Without SP1
((objectCategory=computer)(operatingSystemVersion=5.2*)(primaryGroupID=
516)
(!operatingSystemServicePack=Service Pack 1))
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

-
__
This message and any attachments are solely for the intended
recipient and may contain confidential or privileged information.
If you are not the intended recipient, any disclosure, copying, use
or distribution of the information included in the message and any
attachments is prohibited.  If you have received this communication
in error, please notify us by reply e-mail and immediately and
permanently delete this message and any attachments.  Thank You.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] GPO Security Filtering to a group not working

[Joe Lagreca]

Yes, I did remove Authenticated users, or else the GPO would apply to
everyone in the domain, rather than just the group I am trying to
apply it to.

On 2/23/06, Mark Parris [EMAIL PROTECTED] wrote:
 Have you removed Authenticated users from the GPO?
 -Original Message-
 From: Joe Lagreca [EMAIL PROTECTED]
 Date: Thu, 23 Feb 2006 10:08:10
 To:ActiveDir@mail.activedir.org
 Subject: [ActiveDir] GPO Security Filtering to a group not working

 I am trying to implement GPO Security Filtering to groups without any luck.

 When I run gpresult on the workstation, I get Filtering: Denied (Security).

 However I have delegation, I have given the group both read and apply
 policy permissions.

 When I try GPO Security Filtering for either a single user, or the
 built in authenticated users group, it works fine.  I just can't seem
 to get it to work with the group I have created.

 Has anyone experienced this before or know what I am doing wrong?  I
 have tried it with both domain local and global security groups.
 Thanks.

 Joe
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] GPO Security Filtering to a group not working

[Joe Lagreca]

Authenticated users was removed from the GPO.

I have deny apply group policy only for all the admin groups, so I
don't accidentally appy the GPO to any of them.

The group I am trying to apply the GPO to, is not part of any other group.

Joe

On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote:
 Joe-
 Are you removing the Authenticated Users ACE before you add the
 discretionary group? You don't have any Deny ACEs on that GPO, do you?

 Darren

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca
 Sent: Thursday, February 23, 2006 10:08 AM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] GPO Security Filtering to a group not working

 I am trying to implement GPO Security Filtering to groups without any
 luck.

 When I run gpresult on the workstation, I get Filtering: Denied
 (Security).

 However I have delegation, I have given the group both read and apply
 policy permissions.

 When I try GPO Security Filtering for either a single user, or the built
 in authenticated users group, it works fine.  I just can't seem to get
 it to work with the group I have created.

 Has anyone experienced this before or know what I am doing wrong?  I
 have tried it with both domain local and global security groups.
 Thanks.

 Joe
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] GPO Security Filtering to a group not working

[Darren Mar-Elia]

Ok. So I am assuming from your description that you are trying to filter
user policy by user group. The question here is, are you logging into
the workstation with a user account that is a member of the admin groups
that have deny access? If so, then the deny will override any grant.

Darren 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca
Sent: Thursday, February 23, 2006 12:55 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GPO Security Filtering to a group not working

Authenticated users was removed from the GPO.

I have deny apply group policy only for all the admin groups, so I
don't accidentally appy the GPO to any of them.

The group I am trying to apply the GPO to, is not part of any other
group.

Joe

On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote:
 Joe-
 Are you removing the Authenticated Users ACE before you add the 
 discretionary group? You don't have any Deny ACEs on that GPO, do you?

 Darren

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca
 Sent: Thursday, February 23, 2006 10:08 AM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] GPO Security Filtering to a group not working

 I am trying to implement GPO Security Filtering to groups without any 
 luck.

 When I run gpresult on the workstation, I get Filtering: Denied 
 (Security).

 However I have delegation, I have given the group both read and apply 
 policy permissions.

 When I try GPO Security Filtering for either a single user, or the 
 built in authenticated users group, it works fine.  I just can't seem 
 to get it to work with the group I have created.

 Has anyone experienced this before or know what I am doing wrong?  I 
 have tried it with both domain local and global security groups.
 Thanks.

 Joe
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] GPO Security Filtering to a group not working

[Mark Parris]

Not unless you applied it at the root. Only members of the OU.
-Original Message-
From: Joe Lagreca [EMAIL PROTECTED]
Date: Thu, 23 Feb 2006 12:54:44 
To:ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GPO Security Filtering to a group not working

Yes, I did remove Authenticated users, or else the GPO would apply to
everyone in the domain, rather than just the group I am trying to
apply it to.

On 2/23/06, Mark Parris [EMAIL PROTECTED] wrote:
 Have you removed Authenticated users from the GPO?
 -Original Message-
 From: Joe Lagreca [EMAIL PROTECTED]
 Date: Thu, 23 Feb 2006 10:08:10
 To:ActiveDir@mail.activedir.org
 Subject: [ActiveDir] GPO Security Filtering to a group not working

 I am trying to implement GPO Security Filtering to groups without any luck.

 When I run gpresult on the workstation, I get Filtering: Denied (Security).

 However I have delegation, I have given the group both read and apply
 policy permissions.

 When I try GPO Security Filtering for either a single user, or the
 built in authenticated users group, it works fine.  I just can't seem
 to get it to work with the group I have created.

 Has anyone experienced this before or know what I am doing wrong?  I
 have tried it with both domain local and global security groups.
 Thanks.

 Joe
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] OT: NTFS Permissions

[Kevin Gent]

Title: OT: NTFS Permissions



Have you tried using Read and Change permissions 
ONLY on the share ?

  - Original Message - 
  From: 
  Pohlschneider, Chris 
  To: ActiveDir@mail.activedir.org 
  
  Sent: Thursday, February 23, 2006 1:35 
  PM
  Subject: [ActiveDir] OT: NTFS 
  Permissions
  
  I have a dilemma where operators in our shop need to be able 
  to downloaddata files off of a Windows 2000 SP4 file server. The operators 
  need to beable to copy files off of the server and also be able to create 
  a file aswell. However we do not want them to delete or have the ability 
  to choosecut and move the files or folders off of the server. I have 
  triedcombinations of denying delete access, but yet keeping modify 
  permission.Have not been able to come up with a solution for this and did 
  not know ifanyone had any insight on this or not. Thanks in advance for 
  any help andsuggestions!!Chris PohlschneiderNetwork 
  AdministratorCenveo-Sidney937-497-2136[EMAIL PROTECTED]Cenveo 
  is your visual communications connection for a broad portfolio ofservices 
  and products including eServices, envelopes, offset and digitalprinting, 
  labels and business 
documents

RE: [ActiveDir] OT: NTFS Permissions

[Pohlschneider, Chris]

Title: OT: NTFS Permissions



I have 
not tried that because doesn't that just set the permission as far as the user 
being able to read the permissions on a certain directory or change them if they 
had the access to? 

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Kevin 
  GentSent: Thursday, February 23, 2006 4:40 PMTo: 
  ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: NTFS 
  Permissions
  Have you tried using Read and Change permissions 
  ONLY on the share ?
  
- Original Message - 
From: 
Pohlschneider, Chris 
To: ActiveDir@mail.activedir.org 

Sent: Thursday, February 23, 2006 1:35 
PM
Subject: [ActiveDir] OT: NTFS 
Permissions

I have a dilemma where operators in our shop need to be able 
to downloaddata files off of a Windows 2000 SP4 file server. The 
operators need to beable to copy files off of the server and also be 
able to create a file aswell. However we do not want them to delete or 
have the ability to choosecut and move the files or folders off of the 
server. I have triedcombinations of denying delete access, but yet 
keeping modify permission.Have not been able to come up with a solution 
for this and did not know ifanyone had any insight on this or not. 
Thanks in advance for any help andsuggestions!!Chris 
PohlschneiderNetwork 
AdministratorCenveo-Sidney937-497-2136[EMAIL PROTECTED]Cenveo 
is your visual communications connection for a broad portfolio 
ofservices and products including eServices, envelopes, offset and 
digitalprinting, labels and business 
documents

Re: [ActiveDir] Stupid Group Policy CSE behavior

[Kamlesh Parmar]

My point was just that particular CSE stops processing further GPs related to it, and not entire GP processing.This gives very inconsistent application of policy. One fine day, you find that all policies are working fine, and when next day you introduce new policy, which has settings no way related to earlier policies and it goes on to break unrelated policy.
I will give you something to test...parent OU policy contains : DENY 'Authenticated Users' permission on one of the registry key(in my case USBSTOR service)  ADM template which tries to change a value inside that registry key (making value start = 4)
Child OU policy : is simply any setting from existing administrative templates (in my case WSUS policy)You would expect processing of both polices by Registry CSE, but in this case child policy won't be processed as registry CSE will fail while changing value specified in parent OU policy, due to restrictive permission.
In another case it was mis-spelled file name, configured for file system security.-- Kamlesh~Be the change you want to see in the World~
On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote:





Well, it won't be the first time I've heard something about 
GP called stupid :).

I suspect it depends upon how you think about 
this.Certain CSEs are more resilient than others. I honestly haven't come 
across your scenario but in a lot of cases, if a CSE fails to do something, 
GPprocessing will simply continue along. I will try to take a 
deeperlook at this and see if I can understand why that is happening. 


One thing I usually recommend is to stay away from using 
registry and/or file security policy to set perms. First of all, I find it kind 
of a klunky way to manage permissions. Secondly, if you do a lot of it in 
policy, it canreally slow down processing. I think its just better to 
manage security permissions on files and registry keys with a different, and 
more deterministic method. 







From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of Kamlesh 
ParmarSent: Wednesday, February 22, 2006 11:48 PMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Stupid Group Policy 
CSE behavior

I had high hopes for group policy, but now it has started waning...

Simply stated, what happens is ... you have different policies applying to 
machine.
And say allpolicies contain different registry or security related 
settings.
Now, whenat workstation registry or security CSE tries to process 
these settings...
It willjuststop processing atfirst error 
itencountered and never process settings from remaining policies.

so if registry CSE found that it has 10 values in registry to set and if it 
encountered error at5th, it will never go ahead and process 6 to 10.

here is my case:

I had set deny permission on one registry key in one policy and I was 
trying to change that setting from another policy.
One would guess that, 2nd policy would simply fail and CSE would continue 
processing other polices which are no way related to this setting. But it 
doesn't.

I have seen this for Registry and Security CSE.

Thanks for listening :-)-- 
Kamlesh~Be the change you want to 
see in the 
World~

Re: [ActiveDir] OT: NTFS Permissions

[Kevin Gent]

Title: OT: NTFS Permissions



I believe that sets the stage for what can, and 
cannot be inherited, further down the line in directory and file permissions. 


Someone will correct us soon enough.

  - Original Message - 
  From: 
  Pohlschneider, Chris 
  To: ActiveDir@mail.activedir.org 
  
  Sent: Thursday, February 23, 2006 4:50 
  PM
  Subject: RE: [ActiveDir] OT: NTFS 
  Permissions
  
  I 
  have not tried that because doesn't that just set the permission as far as the 
  user being able to read the permissions on a certain directory or change them 
  if they had the access to? 
  
-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]On Behalf Of Kevin 
GentSent: Thursday, February 23, 2006 4:40 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: NTFS 
Permissions
Have you tried using Read and Change 
permissions ONLY on the share ?

  - Original Message - 
  From: 
  Pohlschneider, Chris 
  
  To: ActiveDir@mail.activedir.org 
  
  Sent: Thursday, February 23, 2006 
  1:35 PM
  Subject: [ActiveDir] OT: NTFS 
  Permissions
  
  I have a dilemma where operators in our shop need to be 
  able to downloaddata files off of a Windows 2000 SP4 file server. The 
  operators need to beable to copy files off of the server and also be 
  able to create a file aswell. However we do not want them to delete or 
  have the ability to choosecut and move the files or folders off of the 
  server. I have triedcombinations of denying delete access, but yet 
  keeping modify permission.Have not been able to come up with a 
  solution for this and did not know ifanyone had any insight on this or 
  not. Thanks in advance for any help andsuggestions!!Chris 
  PohlschneiderNetwork 
  AdministratorCenveo-Sidney937-497-2136[EMAIL PROTECTED]Cenveo 
  is your visual communications connection for a broad portfolio 
  ofservices and products including eServices, envelopes, offset and 
  digitalprinting, labels and business 
  documents

RE: [ActiveDir] Stupid Group Policy CSE behavior

[Darren Mar-Elia]

Ok. I will test that but it would be good to understand the 
scenario a little better. You do realize that by setting a Deny ACE for Auth. 
Users on the device/service, you are effectively preventing any 
access to that service, which would seem problematic in and of itself. The 
second point or question is, why would you not use the service security policy 
rather than registry policy to control this? I'm assuming its because you're 
trying to control a device rather than a real service?




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh 
ParmarSent: Thursday, February 23, 2006 2:06 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Stupid Group 
Policy CSE behavior
My point was just that particular CSE stops processing further GPs 
related to it, and not entire GP processing.This gives very inconsistent 
application of policy. One fine day, you find that all policies are working 
fine, and when next day you introduce new policy, which has settings no way 
related to earlier policies and it goes on to break unrelated policy. I 
will give you something to test...parent OU policy contains : DENY 
'Authenticated Users' permission on one of the registry key(in my case 
USBSTOR service)  ADM template which tries to change a value inside that 
registry key (making value start = 4) Child OU policy : is simply any 
setting from existing administrative templates (in my case WSUS 
policy)You would expect processing of both polices by Registry CSE, but 
in this case child policy won't be processed as registry CSE will fail while 
changing value specified in parent OU policy, due to restrictive permission. 
In another case it was mis-spelled file name, configured for file system 
security.-- Kamlesh~"Be the 
change you want to see in the World"~ 

On 2/23/06, Darren 
Mar-Elia [EMAIL PROTECTED] 
wrote:

  Well, it 
  won't be the first time I've heard something about GP called "stupid" 
  :).
  
  I suspect 
  it depends upon how you think about this.Certain CSEs are more resilient 
  than others. I honestly haven't come across your scenario but in a lot of 
  cases, if a CSE fails to do something, GPprocessing will simply continue 
  along. I will try to take a deeperlook at this and see if I can 
  understand why that is happening. 
  
  One thing 
  I usually recommend is to stay away from using registry and/or file security 
  policy to set perms. First of all, I find it kind of a klunky way to manage 
  permissions. Secondly, if you do a lot of it in policy, it canreally 
  slow down processing. I think its just better to manage security permissions 
  on files and registry keys with a different, and more deterministic method. 
  
  
  
  
  
  
  
  
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of 
  Kamlesh ParmarSent: Wednesday, February 22, 2006 11:48 
  PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 
  Stupid Group Policy CSE behavior
  
  
  I had high hopes for group policy, but now it has started waning...
  
  Simply stated, what happens is ... you have different policies applying 
  to machine.
  And say allpolicies contain different registry or security related 
  settings.
  Now, whenat workstation registry or security CSE tries to process 
  these settings...
  It willjuststop processing atfirst error 
  itencountered and never process settings from remaining policies.
  
  so if registry CSE found that it has 10 values in registry to set and if 
  it encountered error at5th, it will never go ahead and process 6 to 
  10.
  
  here is my case:
  
  I had set deny permission on one registry key in one policy and I was 
  trying to change that setting from another policy.
  One would guess that, 2nd policy would simply fail and CSE would continue 
  processing other polices which are no way related to this setting. But it 
  doesn't.
  
  I have seen this for Registry and Security CSE.
  
  Thanks for listening :-)-- 
  Kamlesh~"Be the change you want 
  to see in the 
  World"~

RE: [ActiveDir] GPO Security Filtering to a group not working

[Mark Parris]

I would now utilise the gpo modelling aspect of the gpmc to see where my
issues lay.

Mark

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: 23 February 2006 21:34
To: ActiveDir.org
Subject: Re: [ActiveDir] GPO Security Filtering to a group not working

Not unless you applied it at the root. Only members of the OU.
-Original Message-
From: Joe Lagreca [EMAIL PROTECTED]
Date: Thu, 23 Feb 2006 12:54:44 
To:ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] GPO Security Filtering to a group not working

Yes, I did remove Authenticated users, or else the GPO would apply to
everyone in the domain, rather than just the group I am trying to
apply it to.

On 2/23/06, Mark Parris [EMAIL PROTECTED] wrote:
 Have you removed Authenticated users from the GPO?
 -Original Message-
 From: Joe Lagreca [EMAIL PROTECTED]
 Date: Thu, 23 Feb 2006 10:08:10
 To:ActiveDir@mail.activedir.org
 Subject: [ActiveDir] GPO Security Filtering to a group not working

 I am trying to implement GPO Security Filtering to groups without any
luck.

 When I run gpresult on the workstation, I get Filtering: Denied
(Security).

 However I have delegation, I have given the group both read and apply
 policy permissions.

 When I try GPO Security Filtering for either a single user, or the
 built in authenticated users group, it works fine.  I just can't seem
 to get it to work with the group I have created.

 Has anyone experienced this before or know what I am doing wrong?  I
 have tried it with both domain local and global security groups.
 Thanks.

 Joe
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] GPO Security Filtering to a group not working

[Joe Lagreca]

I am working in a test lab.  I have 2 users, test1 and test2.  I also
have group1 and group2.  None of the users or group are in any of the
admin groups.


On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote:
 Ok. So I am assuming from your description that you are trying to filter
 user policy by user group. The question here is, are you logging into
 the workstation with a user account that is a member of the admin groups
 that have deny access? If so, then the deny will override any grant.

 Darren

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca
 Sent: Thursday, February 23, 2006 12:55 PM
 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] GPO Security Filtering to a group not working

 Authenticated users was removed from the GPO.

 I have deny apply group policy only for all the admin groups, so I
 don't accidentally appy the GPO to any of them.

 The group I am trying to apply the GPO to, is not part of any other
 group.

 Joe

 On 2/23/06, Darren Mar-Elia [EMAIL PROTECTED] wrote:
  Joe-
  Are you removing the Authenticated Users ACE before you add the
  discretionary group? You don't have any Deny ACEs on that GPO, do you?
 
  Darren
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf Of Joe Lagreca
  Sent: Thursday, February 23, 2006 10:08 AM
  To: ActiveDir@mail.activedir.org
  Subject: [ActiveDir] GPO Security Filtering to a group not working
 
  I am trying to implement GPO Security Filtering to groups without any
  luck.
 
  When I run gpresult on the workstation, I get Filtering: Denied
  (Security).
 
  However I have delegation, I have given the group both read and apply
  policy permissions.
 
  When I try GPO Security Filtering for either a single user, or the
  built in authenticated users group, it works fine.  I just can't seem
  to get it to work with the group I have created.
 
  Has anyone experienced this before or know what I am doing wrong?  I
  have tried it with both domain local and global security groups.
  Thanks.
 
  Joe
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
  List info   : http://www.activedir.org/List.aspx
  List FAQ: http://www.activedir.org/ListFAQ.aspx
  List archive:
  http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] GC Provider

[Brian Desmond]

OK, what do I need to do in my code to simply query the global catalog
for the entire forest?



I have New
DirectoryEntry(GC://)



That seems not
to work. If I inspect it 



?searchroot

{System.DirectoryServices.DirectoryEntry}

 AuthenticationType:
Secure {1}

 Children:
{System.DirectoryServices.DirectoryEntries}

 Container: Nothing

 Guid: {Unknown
error (0x80005000)}

 Name: {Unknown
error (0x80005000)}

 NativeGuid:
{Unknown error (0x80005000)}

 NativeObject:
{Unknown error (0x80005000)}

 ObjectSecurity:
{Unknown error (0x80005000)}

 Options: {Unknown
error (0x80005000)}

 Parent: {Unknown
error (0x80005000)}

 Path: GC://

 Properties:
{System.DirectoryServices.PropertyCollection}

 SchemaClassName:
{Unknown error (0x80005000)}

 SchemaEntry:
{Unknown error (0x80005000)}

 Site: Nothing

 UsePropertyCache: True

 Username: Nothing



We learn that
its more or less null, lots of unknown COM Errors. Im running
this code as myself  I have Domain Admin an Enterprise Admin groups in
my token, I had thought there was some reason something like Network Service
couldnt do this, but, that has obviously been ruled out. GC://mydomain.com
works fine, but then I dont get the stuff in GC://otherdomain.com which
is in my forest. This is supposed to work  and it doesnt. Ideas?



Thanks,
Brian Desmond

[EMAIL PROTECTED]



c -
312.731.3132