Check out gettype from the reskit. It will return a string and an
errorlevel based on the OS.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner
Sent: Thursday, August 14, 2003 7:09 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] os
Password policies can only be set at the domain level.
Dennis Depp
_
From: Erick Christian [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 13, 2003 1:17 PM
To: [EMAIL PROTECTED]
We are rolling our W2k network out, and have successfully migrated from
NT4.0. Previously we had sat
Title: Message
We got
smoked yesterday around 1:00. It was difficult to troubleshoot what was
going on because I couldn't figure out how it was replicating through the
network. Some machines had symptoms and others didn't (some machines had
patches applied).Our symptoms included problems
Agung,
this was covered recently, mainly centered around
the LastLogin attributes in AD.
Tio find out who actually has a connection to the
server, you can use the built in admin tools to see who has a connection to a
share (useful for looking at home drive servers prior to restarts), or
Title: LDAP & LastLogin for Computers
I'm getting the computer "lastlogin" attribute, which as I
understand it is the most recent time that the workstation authenticated to a
domain controller. I believe the oldest this timestamp would be is the last time
the machine started up. Also,
I'm seeing a discrepancy between setting ACEs through the GUI (Security tab
on an object) and setting them through a script. If I go into the Security
Tab on an OU and set a Deny ACE for some global group on Change Password
and Reset Password for User objects, I end up with a single Deny ACE for
Title: Message
Answer
to question #1.) type "set" at the command prompt, look for LOGONSERVER=server
name.
Answer
to question #2.) \\HKEY_CURRENT_USER\Volatile
Environment\LOGONSERVER
I'm
not sure about changing the reg key or if it defaults back as the environment
variable is loaded.
I'm using a Windows 2000 Server computer as a File Server but sometimes
people have trouble connecting to it and they are on the local network.
This network is very very small (about 10 users) and yet sometimes some
people cannot connect to the file server so I'm wondering if there is a
Title: Message
Hi all,
Were running two domain controllers
on the same domain.
My questions are
i.
what
command can you run to see which one your client pc is using
ii.
how can
you change which DC your pc client
is using
Reason being, I think one of them is slow,
and
You can use PORTQRY to tickle the RPC port 135 and see what is listening. I
would also try 137 and 138 UDP respectively. Then check the router
configuration to see what it's settings are.
Toddler
-Original Message-
From: Ian Moran [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14,
I would go into the Network Connections and select the network adapter on
the server. On the Microsoft File and Print item, select properties. And
make sure the settings are optimizes for file and print sharing. Next you
could pull up perfmon and see what the network usage is for the box, and
Check the Maximum users at the share level perhaps. That is the only place
I can think of to limit it. The other option is to look in perfmon and see
if it is an actual I/O issue. Also, make sure the NIC(s) are set to
100/Full duplex.
Hope this helps,
Dave
-Original Message-
From:
Maybe a DNS in resolving the ip address to the computer name? Can you
ping the server from their desks? How are their drives mapped?
-Original Message-
From: Chianese, David P. [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 1:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE:
Title: Message
Okay
This is what I have found in the userenv.log so far:
ProcessGPOs: Processing extension Internet Explorer Branding
ProcessGPOs: Extension Internet Explorer Branding skipped with flags
0x7 (Which should be fine since I dont use the GP to brand IE)
ProcessGPOs:
Hi,
I am trying to identify exactly what got changed in a user's account (W2K domain).
I know that a change will create a Security log record, EventID 642, category
Account Management, type Success. It will identify the account that got changed
(Target Account ID) and who made the change
In a secure environment like Todd lives in, it would make the cross-firewall
replication a fairly simple matter - one well known port and proper DNS is
all that it would take to pass the required replication traffic around.
--
Roger D.
SMS with the SUS Feature Pack.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mitch Reid
Sent: Friday, August 08, 2003 3:26 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT: Patch Management
Hi, we finally 'found' some money to purchase software that
In case you been sleeping on the RPC DCOM hole (MS03-26), the time to
patch was a couple of weeks ago, but if you still didn't... Duck... No
actually patch! Now is not the time for your company to discover that a
firewall doesn't protect all entrances to your network.
Well, let's think for just a minute about this. If we're talking about a
WAN-based network, couldn't the end-point devices (routers, firewall,
bastion, etc.) be the terminus for the IPSec tunnel? And, if so, who cares
what the clients speak? Seems to me that this would resolve many of the
Try MOM.
http://www.microsoft.com/mom
When the email server is down, you can use scripts to send email via SMTP.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Tuesday, August 05, 2003 4:35 PM
To: ActiveDir (E-mail)
Subject:
Title: Message
Well,
"pwdLastChanged" or "LastLogin" or other variations are all for User objects. Oh
well, thanks for all your advice, all!
Chris
-Original Message-From: England,
Christopher M Sent: Wednesday, August 06, 2003 9:22
AMTo: [EMAIL PROTECTED]Subject:
:o)
My security logs are 180MB.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rittenhouse, Cindy
Sent: Wednesday,
Lol... :-)
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 5:41 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] [OT] RPC DCOM WORM (MSBLASTER)
In case you been sleeping on the RPC DCOM hole (MS03-26), the time to
patch was a couple of weeks ago, but
From the online help about NameTranslate, VBScript Example (havent tried it,
but looks like it should work)
Dim nto
const ADS_NAME_INITTYPE_SERVER = 2
const ADS_NAME_TYPE_1779 = 1
const ADS_NAME_TYPE_NT4 = 3
server = aDsServer
user = jeffsmith
dom= Fabrikam
passwd = top
HI all,
I am moving home folders to a new server. Since I have thousands of
users I need to script this.
The script works fine, however the new home folders don't map until I go
into aduc, make a change to the home folders (add a space to the end of
the path then delete it) ) and hit apply. I am
Glenn is that what they make documentation and comments for?
Toddler
-Original Message-
From: Glenn Corbett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 9:38 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Connection String
HAHAHAPerl
I like to be able to read my
Title: Message
Well, that wouldn't be the first time
:-)
At some point I suspect I'll *need* to query for a
non-replicated attribute, so it's not a totally wasted effort. Your suggestion
is a better fit in this case, though.Back to visual
notepad
Cheers,
Hunter
From: Roger Seielstad
Justin,
Being a part of your HIPAA requirement solution, it would be somewhat
imperative to get it righ the first time and know that you're in compliance,
right?
Given that, and the specifics of compliance under HIPAA (generally
impossible, so why try) I'd suggest a mechanism that is going
Title: Message
Ryan,
If you're asking this because you're doing a
security/password strength analysis sweep, you can use a couple of different
tools to do this (all of which will rely on administrative privileges to
AD). Tools like PWDUMP2 have been updated to pull password hashes from the
Title: Message
I'd
suggest doing whatever makes sense to you, really. We have4
basic OU's - Employees, Workstations, Servers and Groups.
Part
of my rationale for having a separate OU for Groups is that I also maintain a
separate recipients container in Exchange 5.5 for Distribution Lists
NTDSUTIL.EXE, follow the prompts to seize the roll. NOTE: Once you seize
this roll make sure the dead RID is offline and fdisk'd as you never want
that server to come back and start servicing DC's with its old RID pool.
The new RID master will artificially inflate the RID pool to a higher number
I went there and the radio button is set to Maximize data throughput
for file sharing. This problem starter happening before the blaster
worm went out.
Where would I check is the settings are set to auto negotiate and the
set port thing?
Thanks
- Richard S.
On Thursday, August 14, 2003, at
Title: Message
One
way to go about it would be to turn up the auditing andquery the event log
on the machine for login success/failure events.
John A. Bjelke
Unisys 505.853.6774
[EMAIL PROTECTED]
"Many of life's failures are people who did not
realize how close they were to success
Title: Message
You
can't do this natively but you can write a password filter DLL to hook into the
LSASS to do it. It isn't a trivial experiment as bad code will do bad things
since it is running as LSASS and when LSASS gets cranky, blue tends to be your
predominant screen theme color.
Hi, we finally 'found' some money to purchase software that will help
with patch management. I was wondering if anybody has suggestions what
I should look at (and what not to look at). We have about 300 local
servers and a handful more across the WAN. They're NT, 2000 and 2003 in
an NT/AD
One thing to do is use NTDSUTIL to sieze the RID master role. Remove all
references to the failed DC in AD (ADSI edit, Sites and Services, DNS,)
Let replication update all DC's.
You should then be able to bring the server back using it's original name.
HTH
-Original Message-
From:
Strange one this. Two DC's, same site, different subnets separated by a
router. Clients on subnet A can net view \\serverB, clients on subnet B
can net view \\serverA - but serverA serverB cannot net view each
other - iyswim. Almost like a broken netbios channel between just these
two servers
Charles,
Our remote satellite sites were hit and infected 3/7 (broadband satellite),
Internally no problems. Info @: Trend describes best way to do a manual
removal.
Easy Way:
If you were infected and PC keeps restarting goto Services-Remote Procedure
Call (RPC). Right Mouse Click goto
Title: Message
Does anyone know how to disable account
lockout restrictions on a account Like a service account, but leave the rest of
the accounts with the ability to be locked out?
Thanks,
Toddler
Jerry - Thanks ! Works like a charm.
Dave
-Original Message-
From: Jerry Welch [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 1:55 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP search filter for enabled accounts ?
Dave,
As I understand it, the following identifies a
From the command prompt on the client machine you can type
set
This will give you the local variables including the login domain
controller.
Hope this helps.
James R. Day
(202) 354-1464
[EMAIL PROTECTED]
|-+--
| | Kevin Felker
Hi Agung,
I think the command is used on the local computer only. But I think you could
download the freeware from Sysinternals (www.sysinternals.com) named psexec and then
use the following syntax:
psexec \\ComputerName net session
Mike Thommes
-Original Message-
On a last note, the Windows Scripting Guide is online at MS
wrap warning
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcen
ter/scrguide/sas_roa_overview.asp
In case you forget the book at home or are broke. :)
-sp
-Original Message-
From: [EMAIL PROTECTED]
Title: LDAP LastLogin for Computers
Greetings all,
I am trying to pull LDAP queries on computer accounts and I want to find out the last time someone logged into the machine. WhenModified is just the computer account object and LastLogin is just for user accounts. Am I out of luck?
What
Agung
This was covered fairly comprehensively in a thread a few days ago. Look in the
archives for the subject Users Logged In on 29.07.03.
The lastLogoff attribute is not used. There is very little MS documentation on this.
Tony
-- Original Message
Justin,
servers alive does report status to a web page, so that may be the easiest
way to see if your exchange servers are alive.
I understand the problem, you want to receive Email to your mailbox if a
server is down, BUT if its the exchange server you cant get any mail.
The problem is that if
Can vouch for the Kiwi server. Works great, and even better its free.
G.
- Original Message -
From: Free, Bob [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 6:49 AM
Subject: RE: [ActiveDir] Anonymous Logon
Since I'll need a syslog server, I'd like one that will
I believe that the last time I tried using a ZAP file, it didn't take
UNCs, only drive letters (e.g. z:\myapp\setup.exe). Probably worth
testing yourself though, since its been a while. As Rod's webpage notes,
ZAP files don't provide privilege escalation like MSIs do. So, the user
will need to
Is there a program that I can use that will generate the zap file for me?
-Original Message-
From: Sullivan, Kevin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 3:18 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] OT: Packaging Software for Deployment
Look
Title: Message
That's a good question - does administrator not get locked out because of
something within its user object, or is that hard coded into the LSASS portions
of things?
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr.
I would like a copy of that as well. [EMAIL PROTECTED]
Ryan McDonald
Systems Administrator
The Bankers Bank
Ellis, Debbie [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
08/06/2003 07:23 AM
Please respond to ActiveDir
To:[EMAIL PROTECTED]
cc:
Subject:RE:
Unfortunately you can't. You have all of the info you are going to get
at the present time.
Joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Tuesday, August 12, 2003 9:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Unfortunately eventid 1168 is a catchall event for many AD internal
blowups where most often I have seen them when the DIT can't be read or
has found an inconsistency.
Najem: Those two events seem to be separated by quite a bit of time in
the time stamp, do you think they are related?
joe
Title: Message
What are the reasons for delegating the AD
Root Identifier? Why delegate read?
From: Myrick, Todd
(NIH/CIT) [mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2003 6:25 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Groups
and OU's
Per delegation I do
I you have one person that will administer the groups, create one OU for the
groups and delegate it to that user sounds like a good idea.
Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB
CEO Principal Advisor
Microsoft MVP - Active
Title: Message
Sod
off Dean... :oP
cheers!
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Dean WellsSent: Thursday, August 07, 2003 5:55
PMTo: AD mailing list (send)Subject: RE: [ActiveDir]
Seeking some feedback ... use of 2003
Rick,
The security logs in question are on my Windows 2000 domain controllers,
PSDC1 and PSDC2. When I Audit Logon Events, the log fills with Event 538 NT
Authority\Anonymous Logon
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID:
Heh Telemarketing company that I worked for in the early 80's did their
coding in MUMPS. Interesting use for a language that was developed to
target the medical industry, as I recall - Massachusetts General Hospital
Utility Multi Programming System.
Rick Kingslan MCSE, MCSA, MCT
Microsoft
Use -
for /f tokens=3 delims=.] %%v in ('ver') do set OSbuild=%%v
Place the syntax above within a shell script to set the OSbuild variable to,
well, the OS build :)
HTH
Dean
--
Dean Wells
MSEtechnology
* Tel: +1 (954) 501-4307
* Email: [EMAIL PROTECTED]
http://msetechnology.com
Title: Message
Well
it doesn't give a lot of info but the RegOpenKey failing on GetHKeyCU (Get a
handle to the user's profile in HKEY_CURRENT_USER) looks like a problem. The
policy extension can't access the user's profile. The strange thing is that it
returns a 0x0, which usually means
I believe those would show a logon by the IUSR (or other specified
account) account because it isn't truly anonymous, you are simply
proxied into the IUSR or some other specified anonymous access account.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Hi All
The virus is w32.blaster.worm - the details were released by Symantec about
12 hours ago. The hole it is using was patched by Microsoft a couple of
weeks ago.
Here is the link to the Symantec write up
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
It
Erick,
Joe makes a good point -- password expiration policy is global.
However, you can avoid the rush of everyone's passwords expiring at once
with the following process:
1) enable global password expiration, but set the interval really long.
2) run a batch file nightly to expire a small
That was my major concern too Hunter. Although we have not seen this in the
lab, I am wondering in a more complex environment (like production) if the
beast will rear it's ugly head then. That would be bad, very bad.
Btw, thanks to all of you for the comments and scenario recommendations.
Thanks!
I finally got everything working...at least so far, we'll see how it fares
tomorrow and such.
Did get some really weird errors, but they were fixable, according to MS.
Ernesto
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003
Interestingly enough, I have that policy enabled (IE Maintenance policy
processing).
However, I do notice that when I go to the registry key mentioned in that
article, the value is still set to 1, instead of 0.
I changed it manually, and will reboot to see what happens.
Does anyone know what
A ver command?
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Thu 8/14/2003 6:08 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [ActiveDir] os version
i know this one has probably been done
Yeah
Thanks again guys for your responses.
I was not sure what the virus was called
however the symptoms, that you guys gave to me is exactly what some of our
clients were experiencing.
"The continuous reboot problem"
The servers however are not having any
problems as we patched
Is there anything I can use in a LDAP search filter to include only accounts that are
enabled ? For example, a filter like
((objectclass=user)(objectcategory=person)(physicalDeliveryOfficeName=MSPJ)) will
find all user objects whose office is in building MSPJ - I'd like to add an argument
Title: Message
Update:
I have now noticed (beating my head on desk for not seeing it sooner)
that the server also sees the reset of the site changes
Meaning:
1)
I log onto the server, change the site listings as
needed under IE Maintenance/Security
2)
Run Secedit, check to make
Title: Message
You lost me on one part
What are you referring to when you say Preference mode settings?
As for local GPO IE settings, there are none set.
I will enable the verbose logging and see what happens
Thanks
Charles
-Original Message-
From:
[EMAIL PROTECTED]
We had a discussion involving this very issue on this list last week - MS has a KB
article that describes this:
http://support.microsoft.com/?scid=812499
There is a hotfix (referenced in this article), and the fix is included in Win2K SP4.
Hope this helps...we're updating all our DCs to SP4 now,
I've been trying to track them with MOM and have concluded that 642's are a
can of worms. What tends to happen is that a single change will generate
one 642 with a description of the change (Account Unlocked, etc.), followed
by one or more additional 642's with no description whatsoever.
I've
Title: Message
Thank
you Joe ... high praise indeed and rigt back at ya ... though in my case, I'm
not certain it's deserved but I'll take what I can get :-)))
PS -
Being English, I do read tea leaves and as such am perfectly capable of
predicting the future, in fact, I predict that this
Title: Message
Well, I did a reset with no problems
I tried setting to preference mode, but seem unable to input any
changes.
I tried adding the *.adm files for IE (inetcorp.adm and inetset.adm),
however, when I go to access the settings, I see the following:
The inetset.adm file is
Graham,
From the Script Center in Technet:
strComputer = .
Set objWMIService = GetObject(winmgmts: _
{impersonationLevel=impersonate}!\\ strComputer \root\cimv2)
Set colOperatingSystems = objWMIService.ExecQuery _
(Select * from Win32_OperatingSystem)
For Each objOperatingSystem in
This still requires a list of semi trusted networks. I am curious would you
use the IPSEC to limit the port range to the DC's for replication, or both
the client level traffic and the DCs traffic?
On problem with client traffic being encrypted is that we support multiple
hosts connecting to
More importantly - I like to be able to read someone ELSE's code and
understand it.
My last perl hacking was updating a firewall parsing routine. The reg ex
that was used was thoroughly inconceivable for the first 20 minutes.
--
Roger
was wondering if any one could give us info ADMT error 7557
this is being logged by the ADMT user migration wizard when selecting the
option to migrate passwords using password export server.
this has been working a treat to date but from the one article on this found
to date looks to name
So you have a Gig of ram on a DC, what do you all set the pagefile size to?
Memory +11 MB?
Like to hear your feedback.
Toddler
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
Or maybe DirectoryInsight :-)
-Original Message-
From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 2:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Home Labs Interconnected
This sounds like a job for Directory Lockdown!
Toddler
Title: Message
The
schema revision update is kind of scary to me Dean. What else looks for that
that we aren't aware of that would blow horribly when it didn't really get what
it needed because it thought it would be there because of that revision
level?
joe
-Original
We were playing with KIWI and an addin called backlogNT that a lot of
others were using and recommending. Looks like it's morphed into SNARE.
http://www.intersectalliance.com/projects/SnareWindows/index.html
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent:
Don-
We're in the same spot, with production DCs running on Dell and DR hardware
often being Compaq. We've found that KB810161
(http://support.microsoft.com/default.aspx?scid=kb;en-us;810161) has been
important to successfully accomplishing the restores. Recently, we've also
found that building
Take a look at HostMonitor at www.ks-soft.com
Very functional product for a very low price. The developer is very
responsive for functionality changes and bug fixes as well.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent:
Jan,
Do you know if they have published a paper or some detail on this process?
Naturally, I'm interested in what they are proposing.
Currently, their full-fledged technical document is slated for March 2004,
which, IMHO, is way too late.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active
Title: Message
http://isc.sans.org/diary.html?date=2003-08-11
It goes
by different names, depending on the antivirus vendor. The patch has been out
for this for a while now. Our servers our patched, and we've seen no issues as
of yet.
-Original Message-From: Carlos
Title: Message
Hi
Robbie,
I'm not aware that Windows 2000 password complexity
switch prevents the use of dictionary words. That certainly has not been
the case here. Please let me know if there is some "special" switch to
prevent dictionary words and what dictionary it uses.
Thanks!
Mike
Title: Message
Excellent response Todd.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Myrick, Todd (NIH/CIT)Sent: Friday, August 08,
2003 3:14 PMTo: '[EMAIL PROTECTED]'Subject:
RE: [ActiveDir] Seeking some feedback ... use of 2003
Title: Message
This
is a great tool to scan your network if anyone is still having
problems.
http://www.iss.net/support/product_utilities/ms03-026rpc.php
-Original Message-From: Mayet, Yusuf Y
[mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 9:58
AMTo: '[EMAIL
Title: Message
Try
turning that off (make it synchronous).
-Original Message-From: Charles Campbell
[mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 12:46
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Group Policy and IE Zone Security
These are all 2000
Marc,
Forewarned is ... Well, you get the drift. It would be irresonsible of me
to suggest adding your own entries to an .ADM without first mentioning the
issue. So with that disclaimer out of the way
I'd suggest that your solution would likely be the best. Take a snapshot of
what it
HAHAHAPerl
I like to be able to read my code and understand it again in 6 months :)
Glenn
- Original Message -
From: Robbie Allen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 11:14 PM
Subject: RE: [ActiveDir] Connection String
Come over to the 'Dark
Does anyone have a Group Policy Spreadsheet ?
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Title: Message
Yusuf,
Check
out some of the security vulnerability lists like full-disclosure, vulnwatch,
vulndiscuss, etc.People are saying that since yesterday sometime, possibly
the night before they have been seeing infections and have noticed a
considerable increase in hits on their
Shaking head still hawking this old tired solution, eh? ;o)
You've been busy tonight - you're weighing in on everything in one night. I
just want to see the time when Joe answers questions 12 hours in advance.
Now THAT would be a time saver
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP -
When I spoke at the 2002 AFITC, a general from ACC (I've forgotten his
name) told me that someone in his office had received one and the noise was
driving him crazy. Scratch the chicken off the list of how to win friends
and influence people.
LOL! That's great Gil! Thanks!
John A.
Heh thanks Rick.
I am going to push that solution all the time, I worked too hard to get
MS to make that change and stop giving the old tired answer of change
the password on the DC the user will authenticate on. :P
I had some time so I went through most of the posts. Been really busy
lately
Title: Message
You
can alter the SRV priority and weight settings for the DC so that clients will
select one DC over another. See the Windows .NET mag article I wrote in the
March issue, or DL it from http://www.netpro.com/forum/files/authentication_topology.pdf.
-gil
Gil KirkpatrickCTO,
Dave,
As I understand it, the following identifies a user account that is
disabled:
(userAccountControl:1.2.840.113556.1.4.803:=2) That is, the account is
disabled when this value is set to 2.
To exclude disabled accounts you would use the following string, plus any
other filters you want to
1 - 100 of 172 matches
Mail list logo
