RE: [ActiveDir] Cross forest trust: universal groups
Hi Tony: Try to use the NT version of group naming ie. ForestB\Group I have done this with users (also used the UPN for users and it works too) HTH, Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Monday, August 22, 2005 8:38 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Cross forest trust: universal groups Hi all I'm missing something here and I'm hoping you can give mea pointer. Scenario: 2 single domain forests connected by a forest trust. I want to add global groups from ForestB to a universal group in ForestA. I go into ADUC in ForestA and click on the Members tab and select Add. When I go to the Locations tab to select the domain from ForestB I only see ForestA as an available option. Surely I should be able to add resources from ForestB to this universal group? If I try to do the same thing with a domain local group in ForestA, I see the the domain in ForestB as an available option, so it looks like the trust is ok. Any thoughts? Tony
RE: [ActiveDir] OT: new job
Tom: I work for a credit union, so the rules and reg's financial institutions have to follow are similar. I concern myself with Sarbanes-Oxley and Patriot acts. As for the at will employment clause in the handbook; that is standard, kind of a CYA for the company and you for that matter. Anyway, enjoy the financial world :) Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Saturday, July 23, 2005 9:09 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: new job I just got offered a position with a consulting company where I would be consulting full time for a major financial corp in NYC as their AD/Exchange guy. I'm a little nervous and I was wondering if anyone here had experience with big financial corps and IT. Is it very different from doing IT for a normal company. Their situation is that they outsourced all their Exchange/AD infrastructure and now they want to take it back and have someone support it full time. As it stands, their relationship is not so hot with the outsourcing firm which is reluctant to give them too much info. In fact I don't think anyone there has Domain or Enterprise Admin access as it stands. Finally, the other thing that makes me nervous is, I'd be working fulltime for the consulting firm(until after 3 months if the finanical corp would want me to join them fulltime, I'd work for them). In the consulting company handbook which clearly states is not legally binding, the state in bold letters that they reserve the right to let you go for any reason. That kinda scares me. Is that normal? Are they just covering their butt? Thanks. My apologies for the way OT. -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Redirection
Q # is 888254 Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Friday, June 10, 2005 11:50 AM To: ActiveDir.org Subject: Re: [ActiveDir] Redirection If you have folder redirection and ie branding enabled, you'll need a hotfix, to enable both to work. I can't give you the Q number as I an on the I4, coming back from TechED. Mark -Original Message- From: Za Vue [EMAIL PROTECTED] Date: Fri, 10 Jun 2005 12:10:23 To:ActiveDir@mail.activedir.org Subject: [ActiveDir] Redirection I have a redirection issue w/GPO. I can see the user redirected folders: My documents, Desktop, and application data, however, List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS Error?
Hi Everyone: Win 2k3 in 2000 Mixed mode AD. My DNS server is throwing this error: Event Type: Error Event Source: DNS Event Category: None Event ID: 7055 Date: 6/7/2005 Time: 6:23:05 PM User: N/A Computer: JAFFA Description: The DNS server accept() function failed. The event data contains the error. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: : 26 27 00 00 '.. I can not find any information, on MS website or eventid.net and my google phraseology is a bit lacking I guess. If someone could bring light to this or, help me with my googling skills. I would appreciate it. Thanks, Rick
[ActiveDir] IExplore RSOP Error?
Hi Everyone: I have several computers that are having a problem with Internet Explorer not connecting correctly. It sits and hangs and I get the Application Hang Event ID 1002. I have looked to prior errors like the message says and can not find any information on it. I am running a 2k3 network in mixed mode, and the clients are XP sp2 with ISA FWC. Any tips? Here is the Event Log: Event Type: Error Event Source: Userenv Event Category: None Event ID: 1091 Date: 3/21/2005 Time: 12:57:36 PM User: NT AUTHORITY\SYSTEM Computer: Description: The Group Policy client-side extension Internet Explorer Branding failed to log RSOP (Resultant Set of Policy) data. Please look for any errors reported earlier by that extension. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Thanks, Rick
RE: [ActiveDir] DC Unattended Restart
I'm kind of surprised no one mentioned PSTools PSShutdown... http://www.sysinternals.com/ntw2k/freeware/pstools.shtml Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Thursday, February 03, 2005 7:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Unattended Restart Dell DRAC and RAC as well as IBM RSA will do similar funtions - as well as shut it off cold, and start it up - remotely. -rtk From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Monday, January 31, 2005 3:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC Unattended Restart Shutdown -r -t 5 -m \\mydc that will reboot mydc in five seconds using the interactive user's credentials. The utility is inc w/ 2003, in the 2k res kit. It needs to be on teh client machine, not the server. If you want to cold boot it, and you have Compaq hardware, you can do this with the iLo board. Not sure if the Dell DRAC or other vendors have a similiar facility. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101 From: [EMAIL PROTECTED] on behalf of Kevin Gent Sent: Mon 1/31/2005 3:08 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC Unattended Restart Is there any way to schedule an unattended restart, warm or cold boot,of a DC ?
RE: [ActiveDir] GPO for restricting ActiveX controls on XPSP2
Joe, You can download BHODemon and install it, double-click on any entry and you will see the CLSID in that entry. http://www.pcworld.com/downloads/file_description/0,fid,23611,00.asp HTH, Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Monday, January 10, 2005 8:33 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO for restricting ActiveX controls on XPSP2 Thanks! I'd tried clicking, right clicking, and double clicking on the entries to see if I could find the class ID in that window, all to no avail! Never thought the CLSID might be there in a column... Sheesh. Nothing like making it easy on us poor admins... Now if there was some way to copy and paste the entries instead of having to retype them by hand. OR if you could at least resize plug-in management window. Ah well. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: wilson chang [mailto:[EMAIL PROTECTED] Sent: Friday, January 07, 2005 3:14 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] GPO for restricting ActiveX controls on XPSP2 On Thu, 6 Jan 2005 13:50:44 -0500, Joe Pochedley [EMAIL PROTECTED] wrote: So, the question is: Does someone out there have a listing of the class ID strings for common web component ActiveX plugins? OR am I wasting The best way I know how is to load the plugins yourself and then copy down the CLSID's. They're located in Internet Explorer. From the Tools menu, select Manage Add-ons. Then right click in the column headings and select Class ID. You should now see the CLSID's listed. I hope that's what you're looking for. Wilson List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Problem with redirected application Data
Title: Message Jeff, Make sure that the server that is holding the App Data (\\servername.domain.com) is in the Local Intranet Security group in IE, that should solve your problem. HTH, Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Wednesday, January 05, 2005 11:38 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Problem with redirected application Data We are redirecting application data and everything is working well accept for the quick launch. When you click on a short cut there you get a file download window asking if you want to open this file .lnk as it may be unsafe etc.Is there a place in policies or else where that i can put the .lnk extension so it wont come up with that dialog box and it will go ahead process the shortcut and execute the program? Jeff
RE: [ActiveDir] Problem with redirected application Data
Title: Message GP\User Config\User Settings\Internet Explorer Maint\Security\Security Zones... Set IE (on your computer) Security how you want it and click Import Security Zones and Privacy Settings. Click Modify Settings to make sure everything is ok and that should do it. HTH, Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Wednesday, January 05, 2005 12:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Problem with redirected application Data Where is the best place to put that in a policy? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale, Rick Sent: Wednesday, January 05, 2005 1:08 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] Problem with redirected application Data Jeff, Make sure that the server that is holding the App Data (\\servername.domain.com) is in the Local Intranet Security group in IE, that should solve your problem. HTH, Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Wednesday, January 05, 2005 11:38 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Problem with redirected application Data We are redirecting application data and everything is working well accept for the quick launch. When you click on a short cut there you get a file download window asking if you want to open this file .lnk as it may be unsafe etc.Is there a place in policies or else where that i can put the .lnk extension so it wont come up with that dialog box and it will go ahead process the shortcut and execute the program? Jeff
RE: [ActiveDir] Time a password was changed
acctinfo.dll from the Windows 2k3 Resource Kit. Has the Password Last Set field in the Additional Info tab on ADUC User Properties... But that only goes back to the Current PW. HTH, Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EN Sent: Thursday, December 09, 2004 9:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Time a password was changed [ActiveDir] Black Login ScreenHi, I'm trying to figure out whether there is a way to find when an accounts password was changed. Maybe going back 4 password changes. Any ideas, I searched the archives, but didn't find anything related. Thanks ernesto List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: helpdesk software
I have implemented it with AD and it works just fine. If you need help with it check out their forums at: http://www.liberum.org/snitz/default.asp HTH, Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Tuesday, November 16, 2004 2:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: helpdesk software Have you integrated this with AD? Know anyone who can point me in the right direction on how to do so? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Wassell Sent: Tuesday, November 02, 2004 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: helpdesk software Liberum is a nice, free alternative if open-source is an option, although production on the project has slowed quite a bit over these past few months the software is still very functional and does meet all of the requirements that you mentioned. http://www.liberum.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway Sent: Tuesday, November 02, 2004 10:19 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] OT: helpdesk software I'm looking into helpdesk software. I need integration into active directory, a web interface, and the biggest issue. I want to be able to use email to open and track the tickets. I want the user to be able to send an email to an internal email address, the tech replies to the email which gets sent back to the helpdesk app. The tech and the user can continue to use email to correspond back and forth. Each time the emails pass though the helpdesk software and the thread is tracked so it can be viewed in the helpdesk app. Anyone seen/use anything like this? Thanks,jb List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Scripting question - Net Send command
Try this: dim oWSH, msg Set oWSH = CreateObject(WScript.Shell) msg = %comspec% /c net send sendto description oWSH.Run msg Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Wednesday, November 03, 2004 11:42 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Scripting question - Net Send command We're porting our old intranet (NT4/IIS4) to a new server (W2K3/IIS6) and have run into an authentication issue that I need some help with. There's a legacy code chunk that does a net send command to create a popup on a user's PC to tell them a new request has come in that they need to deal with. I'd prefer that they used email for this, but apparently checking email regularly is too much trouble for them. They want a pop-up. :-) The problem is that we can't get Net Send to launch properly. Here's the distilled code: % dim oWSH Set oWSH = CreateObject(WScript.Shell) oWSH.Run NET SEND test4 testing. % That is embedded into an ASP file, which is run by a user connecting to a webpage stored on the new IIS server. The rest of the script includes some authentication procedures that identify the logged on user and allow or deny page access based on AD Group membership. If I run it from my workstation, with my admin credentials, it runs fine. If I run it from a PC logged in as a standard user, we get Microsoft VBScript runtime error '800a0046' Permission denied /CNK/ww2.asp, line 4. Is there a way to: 1. Force the net send command to securely run as a different user without exposing elevated credentials? 2. Use a different method to create the popup window? Thanks for any help... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
FW: [ActiveDir] Scripting question - Net Send command
Oops had one too many after the sendto... sorry about that. note to self read msg before sending... Rick T. Dale, Computer Services General Council Credit Union -Original Message- From: Dale, Rick Sent: Wednesday, November 03, 2004 1:41 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Scripting question - Net Send command Try this: dim oWSH, msg Set oWSH = CreateObject(WScript.Shell) msg = %comspec% /c net send sendto description oWSH.Run msg Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Wednesday, November 03, 2004 11:42 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Scripting question - Net Send command We're porting our old intranet (NT4/IIS4) to a new server (W2K3/IIS6) and have run into an authentication issue that I need some help with. There's a legacy code chunk that does a net send command to create a popup on a user's PC to tell them a new request has come in that they need to deal with. I'd prefer that they used email for this, but apparently checking email regularly is too much trouble for them. They want a pop-up. :-) The problem is that we can't get Net Send to launch properly. Here's the distilled code: % dim oWSH Set oWSH = CreateObject(WScript.Shell) oWSH.Run NET SEND test4 testing. % That is embedded into an ASP file, which is run by a user connecting to a webpage stored on the new IIS server. The rest of the script includes some authentication procedures that identify the logged on user and allow or deny page access based on AD Group membership. If I run it from my workstation, with my admin credentials, it runs fine. If I run it from a PC logged in as a standard user, we get Microsoft VBScript runtime error '800a0046' Permission denied /CNK/ww2.asp, line 4. Is there a way to: 1. Force the net send command to securely run as a different user without exposing elevated credentials? 2. Use a different method to create the popup window? Thanks for any help... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: Disk Quota
Title: RE: [ActiveDir] OT: Disk Quota Dave and Phil: Thanks, I checked the ownership of the files, and they are owned by the Administrator group. Thanks guys :) Rick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dale, Rick Sent: Wednesday, October 27, 2004 11:44 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] OT: Disk Quota Hi List: I have one user who has over 8 Gb's in their profile. Her disk quota is set to 500 MB. And the Disk Quota Usage is only 83% (415.6 MB Used). This isn't a problem so much as it is a conundrum I thought I would throw out for a reason why. Thanks for the ideas / responses, Rick
RE: [ActiveDir] OT:logon script
Tom, I haven't tried this but it should work. Run this script then kill the process that is running then delete the file. ~~SCRIPT START~~ Option Explicit const HKEY_LOCAL_MACHINE = H8002 strComputer = INSERT COMPUTER HERE or . for local computer Set oReg=GetObject(winmgmts:{impersonationLevel=impersonate}!\\ _ strComputer \root\default:StdRegProv) strKeyPath = software\microsoft\windows\currentversion\run\NAME OF REGKEY oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath ~SCRIPT END~~ HTH Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, September 07, 2004 8:53 AM To: ActiveDir (E-mail) Subject: [ActiveDir] OT:logon script Hi, I went on vacation and upon returning my network seems to have been infected with worm_sypbot.dn(Trend Micro's name) . i have about 50 pc's(win2k/xp) infected and even though my symantec corp defs are up to date, it can't clean the worm because its already running in mem. i know it creates a reg entry in hkey_local_machine\software\microsoft\windows\currentversion\run. my question is, rather than go to 50 pc's and reboot in safe mode and do a scan, can someone point me to a good vbscript that i can run as a logon script to delete the reg entries. unless someone out there has a better solution. thanks alot List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Using CMD
If you want to change drive letters AND directories with the CD command you need to use the /d flag.. ie. h: cd /d c:\temp ... then you will be in the c:\temp HTH Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Thursday, September 02, 2004 11:28 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Using CMD Alright I am trying to use CMD on windows XP, my account is setup as a local admin and all the other admin settings I could think of. But in cmd it defaults to my home dir. H:\ so I need to be in C:\ I type cd C:\directory and it does nothing, no error and doesn't swich dir. How do I switch to C:\ in the command prompt. Is this GP setting???\ Thanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Add Printers
Jacob, I make a VBS script and put that in a GPO... ---SCRIPT--- Set oNet = CreateObject (WScript.Network) oNet.AddWindowsPrinterConnection \\server\printer oNet.SetDefaultPrinter \\server\printer ---SCRIPT--- HTH, Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Stabl Sent: Friday, August 27, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Add Printers I have a group of computers I want to add a shared printer to. How can I got about doing this with a GPO or what is the best way? THanks -- Jacob Stabl Network Engineer Plain Local Schools http://plainlocal.org Work: 330.492.3500 x.383 Cell: 330.704.1278 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Windows XP SP2
Hi Justin, Check out: http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a- bdcd-499f73a637d1DisplayLang=en and http://www.microsoft.com/downloads/details.aspx?FamilyID=dacf095f-fdbd-4c50- bdaa-96ff9f00e007displaylang=en Or http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx under the Managing the Environment section HTH Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, August 20, 2004 9:05 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows XP SP2 Everyone, Is there some additional GPO Settings that I can add to a policy to manipulate some of the settings that are on by default in SP2? Like turning off the Firewall and stuff. Please let me know. Justin List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VBS Help
Try putting the email addresses in quotes. ie. "[EMAIL PROTECTED]" Rick From: George Arezina [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 13, 2004 7:53 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] VBS Help Hi guys, I'm trying to create a script that would automatically send me an email message when a service fails on my DC. However, I always get the following error: Script: E:\vbs scripts\mail.vbs Line: 3 Char: 23 Error: Invalid character Code: 800A0408 Source: Microsoft VBScript compilation error The following is the contents of the script: set objArgs = Wscript.Arguments Set objEmail = CreateObject(CDO.Message) objEmail.From = [EMAIL PROTECTED] objEmail.To = [EMAIL PROTECTED] objEmail.Subject = objArgs(0) service is down objEmail.Textbody = The service objArgs(0) has failed. objEmail.Send set objArgs = nothing set objEmail = nothing Any help would be appreciated very much. Cheers, George Informacija sa Opportunity International Serbia putem e-maila je bez garancije. Zakljucivanje pravnih poslova putem ovog medija nije dozvoljeno. Ovaj e-mail moze sadrzati poverljive i/ili povlascene informacije. Ukoliko ste ovaj e-mail primili greskom, ovim putem vas obavestavamo da je svako otkrivanje, kopiranje, distribucija ili preduzimanje bilo kakvih aktivnosti u vezi njegovog sadrzaja strogo zabranjeno i moze biti nezakonito. Ukoliko ste e-mail primili greskom, molimo Vas da nas odmah obavestite tako sto cete odgovoriti na ovaj email, a zatim ga izbrisite iz vaseg sistema. The exchange of messages with Opportunity International Serbia via e-mail is not binding. Declarations regarding legal transactions must not be exchanged via this medium. The information contained in this e-mail message is confidential and intended exclusively for the addressee. Persons receiving this e-mail message who are not the named addressee (or his/her co-workers, or persons authorized to take delivery) must not use, forward or reproduce its contents. If you have received this e-mail message by mistake, please contact us immediately and delete this email message beyond retrieval.
[ActiveDir] GPO - File and Printer Sharing.
Title: GPO - File and Printer Sharing. Hi, I know there is a way to force enable or disable File Printer Sharing but I can not find it. How do you force that via a GPO? Thanks for the input. Rick
RE: [ActiveDir] GPO - File and Printer Sharing.
Thanks guys, I have some users that are obstinate and they go in and turn off file and printer sharing which also takes the IPC$ share pipe off which then does not allow remote admin on their machine. So basically I wanted to be able to force them to have it turn on. I guess if I manually enable it then disable access to the network config that would work. Thanks again for your input. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 1:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO - File and Printer Sharing. Hey Rick... You can turn off the server service, even with a GPO, but then no one gets there, not even admins...as far as i know. It's a bit awkwards...but, in computer configuration/windows settings/security settings/local policies/user rights assignments/deny access to this computer from the network You can specify a global group in there.It's actually the opposite of what you want. I think they can create shares, but group members can't get to them. I really think this was an oversight from MS on the Group PoliciesI've mentioned it to them several times. I seem to remember you could do this with NT, and a system policy. John |-+-- | | Darren Mar-Elia | | | [EMAIL PROTECTED]| | | om| | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 06/22/2004 12:58 PM| | | Please respond to | | | ActiveDir | | | | |-+-- --- -| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: RE: [ActiveDir] GPO - File and Printer Sharing. | --- -| Rick- No way that I know of to do this from GPO. The challenge is that its a bunch of binary reg keys that get messed with when you turn this on or off--per connection. I did a quick look through netsh and didn't see any commands there, but I may have missed it. Alternatively, if you want to shut it down completely, I think you can still turn off the Server service, which was the way to do it in NT 4. Probably need to test that though. Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale, Rick Sent: Tuesday, June 22, 2004 9:22 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPO - File and Printer Sharing. Hi, I know there is a way to force enable or disable File Printer Sharing but I can not find it. How do you force that via a GPO? Thanks for the input. Rick List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] spyware(OT)
I have SpyBot (http://www.safer-networking.org/) installed on all PC's and it runs as part of the local machine's Friday night routine (A/V, SpyBot etc.) using the AT / scheduler some .bat files. If you don't have SpyBot installed already then I would just push out what ever program you choose. Just my 10 BITs. Rick -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 9:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] spyware(OT) My users are inundated with spyware and adware, what are the ways you guys deal with this? do you change the zone settings in I.E via gpo? can you turn spybot/spyblaster into an msi and push it out? Its hard for me to block access to web sites via an application firewall as we're a liquor ditribution company and our sales staff has to go to liqour sites that may have links to gambling or porn. i'd love to hear any ideas. thanks alot List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] spyware(OT)
SpybotSD.exe /AUTOCHECK /AUTOFIX /AUTOCLOSE is the command I run in the scheduler file. It runs off of a local account. I am not sure if it would work running as system or not though. If you use the advanced features of SpybotSD there is a scheduler option under Settings/Scheduler that helps out a bit. Hope that helps ya, good luck. Rick -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 10:48 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] spyware(OT) We use spybot along with the resident program that came out in the 1.3 release. So far it's been pretty good. I was wondering, what did you do to get it to run with the scheduler and bat files? I haven't been able to get it to cooperate yet. -Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale, Rick Sent: Friday, June 11, 2004 7:59 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] spyware(OT) I have SpyBot (http://www.safer-networking.org/) installed on all PC's and it runs as part of the local machine's Friday night routine (A/V, SpyBot etc.) using the AT / scheduler some .bat files. If you don't have SpyBot installed already then I would just push out what ever program you choose. Just my 10 BITs. Rick -Original Message- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 9:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] spyware(OT) My users are inundated with spyware and adware, what are the ways you guys deal with this? do you change the zone settings in I.E via gpo? can you turn spybot/spyblaster into an msi and push it out? Its hard for me to block access to web sites via an application firewall as we're a liquor ditribution company and our sales staff has to go to liqour sites that may have links to gambling or porn. i'd love to hear any ideas. thanks alot List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: explorer.exe hangs on folder access
I have had a similar problem with this. I don't know if it's related or not but when a user put some pictures in their My Pictures folder, every time they opened the directory in explorer it would give a C++ Runtime error (don't remember what one). So I changed the default folder layout from Thumbnails to Details (or whatever) and it opened just fine... Delete the pic's and (even the sample ones) and it works just fine. Rick T. Dale Computer Services General Council Credit Union http://gccu.ag.org/ \|/ (@ @) ---oOO--(_)--OOo--- ``` ''' This e-mail and any files transmitted with it are the property of General Council Credit Union and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient's or otherwise have reason to believe that you have received this message in error, please notify the sender. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 18, 2004 9:27 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: explorer.exe hangs on folder access This is a very strange problem I experienced a few weeks ago and just yesterday I've noticed it happen again. This only happens with a single folder, all others are fine. This particular instance the folder is completely empty except for My Pictures being automatically created within. Expected cause: User Personal (My Documents) folders are redirected to a central location on the file server. User is not granted exclusive rights to their user folders rights are inherited from parent. User folders are automatically created when user first logs into the domain. Symptom: When user attempts to log in the explorer.exe process hangs and the desktop is never created. User can log off by using Task Manager, or forcing a logoff/shutdown using shutdown.exe. Explorer.exe hangs when any PC attempts to access the user folder (including locally on the server). Strangely enough, I am able to copy the contents of the folder elsewhere using the explorer interface and am able to retrieve a directory listing using command prompt. Taking ownership of the folder does not resolve the issue. Desktop.ini shows being accessed by whichever user is attempting to access the folder, visible using computer management mmc snap-in. Forcibely closing all instances does not resolve the issue. Resolution: Restarting the server resolves the issue. Does anyone have ANY clue what this might be? Server is running Windows Server 2003 Std. Ive considering calling M$FT on the issue but I'm sure they'll suggest that I restart the server. TIA for any input. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/