Title: Message
I'd
suggest a sendmail forum rather than AD.
AD
will provide a mostly standard LDAP setup, so this is really just an issue for
configuring sendmail properly. I'd start at http://www.sendmail.org,
specifically
http://www.sendmail.org/~ca/email/doc8.12/cf/m4/ldap_routing.html
Am I the only one that fails to see the IE Maintenance policy when
opening a GPO from XP ??
Thanks,
--Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Lithgow
Sent: Monday, February 24, 2003 12:40 PM
To: [EMAIL PROTECTED]
Subject:
Yep. Its just you. Everyone else sees it just fine. Maybe you need glasses.
:)
-gil
-Original Message-
From: Steve Lithgow [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 8:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] IE Maintenance Policy not available on XP ??
Hello,
Maybe the collective minds here can come up with something.
I have given a group (Join Computers to the Domain group) the rights to join
computers to the domain through the Default Domain policy. Only this group
has rights to join computers to the domain.
I have created a web page
Any chance you would be willing to share your webpage to create the computer
account?
Thanks,jb
-Original Message-
From: Greg Felzer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 11:28 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Remove the ability to create computer
You may want to look into changing the default msDS-MachineAccountQuota.
This setting allows any user to create 10 computer accounts by default.
You can change this via a script, LDP or ADSI edit. If you change the
default value to 0 then your delegation model will probably work but the
default
I have been looking on Microsofts site but not finding this answer
Why is it that only the Administrator account and those account in the
Enterprise Admins group can see connection agreements in the ADC and use the
Exchange Tasks thru the ADUC on a workstation but not users created and
made into
Huh. Strange. Seems that someone has made modifications to your
permissions, as by default - Domain Administrators (and all members
therein) SHOULD be able to do what you describe. Now, making mods to
CA, installing ADC, or configuring ADC is a different story.
Oh, BTW -
Your need for High Importance = very Subjective.
IOW, doesn't mean it's important or urgent to anyone else.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
Have reviewed these templates
seem to have addressed the issue of services that have been introduced by
SP3 such as BITS ..
my only point would be the relation of these templates to those issued as
part of the security operations guidelines from Microsoft
ie.
1. version control of these
Wouldn't this prevent all users from creating computer accounts? I do not
want to prevent them from creating them, just prevent them from creating
them in the computers container.
Greg Felzer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sullivan,
Greg,
If you restrict it so that no one except the user your web script
runs as can create accts and are specifying the container in your script,
then they will still be able to create accts, they will just be forced to
use your web script to do so. This would achive your stated goal,
Seeing as that's the default container for creating computer accounts, and
the only place those accounts will go when created by a machine joining the
domain, I don't see that you're going to achieve what you want.
Any reason you can't just script something to move all undesirable accounts
out of
We have a single domain, single zone that was upgraded from NT4. I would
like to make the DNS AD-integrated, it now loads from the registry. Is it as
simple as changing the Load zone data on startup to From Active Directory
and registry in the DNS server properties? It is currently From registry.
Yes, its that simple.
--
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Jim Busick [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 4:37 PM
To: '[EMAIL PROTECTED]'
Title: Message
It might have always
been this way, but I don't recall.
Recently, we had a
user escalate an issue requiring us to investigate date and time information on
the user's account. To our surprise, we noticed the time was "11:7:2" and
"17:1:40" which aren't human readable time
Title: Message
Yep -
have it that way as well. Been that way as long as I
remember
As to
being human readable, maybe if you are absolutely set on having two-digits for
each field. From my perspective, I'm not set in my ways, and have no
issues with making the transition. But, that's
17 matches
Mail list logo