[ActiveDir] Logon scripts

Morning all, Does the logon script run with the user rights of the user logging on?? Ie Can we install an MSI from the logon script with out running installer with elevated privileges if the user has user rights to the local machine?? Cheers Charlie

[ActiveDir]


ImCr :ý-Â
pmamtsi1.mtl.bceemergis.comsmtp1.emergis.com[EMAIL PROTECTED]c=ca;a=immedia;p=mpact;l=MTL-GW-020207180547P1RP9909
L
669-a-logs@e[EMAIL PROTECTED]o.cEwLsReceived: from pmamtsi1.mtl.bceemergis.com (smtp1.emergis.com [192.139.197.95]) by MTL-GW-02.bceemergis.com with SMTP (Microsoft

[ActiveDir] GPO's in W2K AD setup with XP clients

Dear All, I am planning to use GPO's to control a number of XP clients in a W2K AD setup. Currently we have no GPO's, other than the default domain policy. I have imported the .ADM files from XP into a W2K DC and want to use the Computer Configuration\Administrative Templates\System Restore

Re: [ActiveDir] GPO's in W2K AD setup with XP clients

Mark You must have either Administrator or Backup Operator permissions on the computer to perform a restore. I could be wrong, but I believe the GPO setting makes the restore option available, but it does not confer the necessary rights. Tony -- Original Message

Re: [ActiveDir] Logon scripts

Yes, I beleive that you would have to run it with Elevated priveleges. Charlie Hope-Lang [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 07/18/2002 04:16 AM Please respond to ActiveDir To:[EMAIL PROTECTED] cc:(bcc: John Hicks/MIS/HQ/KEMET/US) Subject:[ActiveDir]

RE: [ActiveDir] Autoreply: [ActiveDir Digest]

Can you stop OOOs and autoreplies from hitting the ActiveDir List ? Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 18, 2002 00:19 To: [EMAIL PROTECTED] Subject: [ActiveDir] Autoreply: [ActiveDir Digest]

[ActiveDir] Sites and Services

Are there any issues with renaming the Default-First-Site-Name? Also can I set up a site and not have a DC in it? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest

RE: [ActiveDir] Autoreply: [ActiveDir Digest]

Could you stop posting these to the list as well? Email him offline if they bug you. -Original Message- From: David N. Precht [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 8:39 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Autoreply: [ActiveDir

RE: [ActiveDir] Autoreply: [ActiveDir Digest]

David, my mistake. I thought I replaced the list with person in question. I didn't. It was then too late. My apologies. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andy David Sent: Thursday, July 18, 2002 08:47 To: '[EMAIL PROTECTED]'

RE: [ActiveDir] Educating users on proper AD use ;-)

Title: Message There are a couple options although neither may be ideal. First, you can go to Start - Search - For Files or Folders At the bottom of the left pane is "Search for other items:" and underneath that is a link for "Computers" Second is after you browse to the domain as

RE: [ActiveDir] Group into local admin at domain join

Keep in mind.this does not append.it replaces the current access with whatever you specify in that list. Robert Wicklund, MCP/MCSE Global Crossing Ltd., Manager Network Computing 95 N. Fitzhugh Street Rochester, NY 14614 ph. 585.255.8936cell 716.721.1825 -Original

RE: [ActiveDir] Password Change for 100% Remote User Workstations

Title: Message Gene, Take a look at your VPN connection. Are you logging into the workstation, opening a tunnel, and doing their work. OR Are you logging into the workstation, opening the tunnel, logging out, and logging back into the now connected workstation? If notthe user will

RE: [ActiveDir] Password Change for 100% Remote User Workstations

Title: Message Jef, They are logging into W2K Pro with cached password information. Connection to local Internet POP then launching VPN connection. That is how our typical user works. Gene -Original Message-From: Kazimer Jef [mailto:[EMAIL PROTECTED]] Sent: Thursday, July

[ActiveDir] Sort of OT: other Protocols

I have an Isolated environment that runs SQL 2000 and Windows 2000 Servers. This environment experienced problems the other day because of a lack of name resolution between the Servers. I was asked by management to look at netbeui as a backup incase standard TCPIP name Resolution failed... Here

RE: [ActiveDir] Group into local admin at domain join

Robert, When you say, this does not append, what are you referring to? a) net localgroup method. I disagree, this does an append. b) GPO method. I agree, this does a replace. This was the point I was trying (albeit not very clearly) to make. BTW, as Byron pointed out earlier, if using the

RE: [ActiveDir] Sort of OT: other Protocols

What about using hosts files as a fail over for DNS? Seems like less work to me. John A. Bjelke UNISYS Systems administrator 505.846.5894 [EMAIL PROTECTED] -Original Message- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18,

RE: [ActiveDir] Sort of OT: other Protocols

The quote from our CIO was that if caught any developer using IP addresses in their code he would fire them on the spot. Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -Original Message- From: Andy Grafton

RE: [ActiveDir] Sort of OT: other Protocols

I have since added that Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -Original Message- From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 11:02 AM To: '[EMAIL PROTECTED]'

Re: [ActiveDir] Sort of OT: other Protocols

The quote from our CIO was that if caught any developer using IP addresses in their code he would fire them on the spot. And using NetBEUI as a backup protocol on a production system is better? Andy List info : http://www.activedir.org/mail_list.htm List FAQ:

[ActiveDir] LDAP failover/load balancing

We have some J2EE application servers which we have configured to authenticate via LDAP against our Active Directory. The configuration of the app server allows only one LDAP server to be specified. If that one DC were to fail, the app servers would be unable to find the directory even

[ActiveDir] AD and NDS

We are in the process of migrating our NT 4 domain to AD. We currently use NDS as our primary directory service. We are using Account Manager to migrate our users and computer accounts into the AD domain form the NT 4 domain. We experienced problems getting IDs created in Novell Console 1 and MMC

RE: [ActiveDir] Group into local admin at domain join

Tony, Option b. Of courseas alwaysi didn't read the last line. We are using a VB script so we execute this in Logon script. Thanks Robert Wicklund, MCP/MCSE Global Crossing Ltd., Manager Network Computing 95 N. Fitzhugh Street Rochester, NY 14614 ph. 585.255.8936cell

RE: [ActiveDir] AD and NDS

Title: Message Can you describe the problems? -gil -Original Message-From: John Hicks/MIS/HQ/KEMET/US [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 10:25 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] AD and NDSWe are in the process of migrating our NT 4

RE: [ActiveDir] New AD announced for web apps.

Stuart Kwan had mentioned this was coming at the Directory Experts Conference in May. Ultimately I think it could be a good thing if Microsoft starts to treat AD as a separate product instead of just an add-on to Windows 2000/.NET. I don't see the benefit to what they are saying about needing

RE: [ActiveDir] New AD announced for web apps.

The big issue using AD as a standalone LDAP server (as Stuart explained at the DEC) has to do with AD's ties to the Win32 security system... authentication through Kerberos, generation of Win32 security tokens, SIDs appearing in ACLs, etc. ADAM removes these ties as I understand it. -gil

RE: [ActiveDir] New AD announced for web apps.

So this would allow you to use a different security solution like say Netegrity or Oblix for SSO type applications. In addition with MMS X you could create public views of your PKI enabled users and make them LDAP accessible without exposing a DC or GC. For us, the more operations we can

[ActiveDir] how to determine a user rights

Is there any attribute in active directory that would enable me to determine if a particular user has domain admin rights? __ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com List info :

RE: [ActiveDir] New AD announced for web apps.

Why is that an issue for running just a generic LDAP directory? You can still do standard LDAP binds against it and each directory has its own way for securing resources. Robbie Allen -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002

RE: [ActiveDir] New AD announced for web apps.

iNetOrgPerson is supported fully in .NET ;-) Have you seen studies where AD is much slower than iPlanet/ONE, eDirectory or OpenLDAP in terms of bind time? I've heard varying reports. In my experience, I believe the bigger issues are when you try to consolidate your NOS and enterprise app

RE: [ActiveDir] New AD announced for web apps.

I'm just recalling what Stuart described as the drivers for ADAM at the DEC. IIRC, Novell's comparison between AD indicated that eDir was much faster at binds than AD, but I wouldn't want to put a lot of credence in that evaluation :) I also think that you will be able to partition ADAM