Title: Message
I'm
running SUS 1.1 quite successfully for about 700 client machines (and servers).
SUS 2, which is due in beta within the next 30 days or so, is going to add
Office and a few other products for patching, which really is all that SUS is
missing.
I
prefer the SUS methodology
I'm one of those words :oP Most days I feel if you chop down the
second phrase that would be the word.
You know what is really funny though is one of our Exchange admins said your
second sentence to me the other day almost word for word
-
http://www.joeware.net
Sorry I was hopped up on headache medicine last night for the weather front
moving through hear. Maybe I am incoherent.
Lockout polices, password policies, the restricted groups, that is all info
that is stored in and replicated through AD and GPO's both...
Consider these attributes that
I need to change
both file ACLs and Exchange permissions within vbscript (for Windows 2000 and
2003, and Exchange 2000 and 2003).
I know how to do
everything I want manually, but the GUI is too slow and error prone for the
volume I've got going on...
I've been unable to
find a website
Have you seen these?
http://msdn.microsoft.com/library/default.asp?url="">
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
Regards,
/Jimmy
- Jimmy
Andersson, Q Advice
AB
Principal AdvisorMicrosoft MVP - Directory
Services--
Title: Message
Where can I find out more information on
SUS version 2
Lynden
From: Roger Seielstad
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 8:02
AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Microsoft
Patch
I'm running SUS 1.1 quite
First off let me start with a quick
link...
http://msdn.microsoft.com/library/default.asp?url="">
This describes the main interface you will
use...
Now that being said... You have to be careful with what you
are saying when you say Exchange permissions. Do you mean overall mailbox
Thanks for the response.
Well, since they can't be on a PC for more than 40 minutes (classes),
and I have the windows logoff screensaver set to15 minutes of inactivity, I
doubt they would be able to keep the files open, but one never knows.
Thanks again,
Ernesto
- Original Message -
Well, SUS is also missing reporting and auditing, if I remember
correctly... I can't wait to see the new version though (anyone know
the beta guest id?)
Several departments here use a product called Bigfix (www.bigfix.com)
and it seems to work very well. Its scalable and even integrates with
Oh yes, I know the script center well.
I don't see anything on there about ACE's or
ACL's.
Thanks,
Michael
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy
AnderssonSent: Tuesday, March 16, 2004 9:13 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Changing ACLs
via
Thanks for the link...
In regards to Exchange, I specifically want to be able
to:
a) change the permissions on the "All Address Lists"
object,
b) create a new address list,
c) change the default permissions on the new address
list,
d) change the permissions on the "All Global Address
Title: Time synchronization
We have 4 DC's in our root domain...All 2K3.
With the PDC emulator set for external time synchronization and all others set for nt5ds.
What is your opinion on setting all 4 DCs to NTP and getting time from the same external source.
We are looking at.
http://www.rallenhome.com/books/ad2e/code.html
Check the Chapter 23 scripts. They'll be a bit obtuse
without the benefit of the explanations in the book, but that's a good reason to
buy the book :-)
Hunter
From: Michael B. Smith
[mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004
Ok, those are AD permission changes, in the config
container. You will be manipulating the actual AD sd, not any special exchange
sd's, at least I am pretty sure, never dorked with them personally but play a
guy on TV who does
I will scrub the script for full mailbox access and
post
Title: Time synchronization
I generally recommend that any machine that can be the PDC
for the forest root domain should be synced externally with all of them syncing
to the same source.
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear
Title: Message
Its
not really widely available to the best of my knowledge. As I said - its
scheduled to go beta soon, and I'd expect a mid summer general availability
release. I'd watch this forum, and the SUS websites:
http://www.microsoft.com/windowsserversystem/sus/default.mspx
Actually - there is some ability to do reporting, although we use a software
inventory and audit tool so reporting is less necessary for us - but its
fairly inadequate, unless you really like digging through IIS logs for info.
Then again - you can do some pretty goood reporting using the free log
You know, I think Robbie might have posted that perl script
mentioned below on his site as well under the Cookbook scripts
link.
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Title: Message
On another note what is a MS-MVP
Lynden
From: Rod Trent
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 9:39
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Microsoft
Patch
More public info will be forthcoming
after this week's Microsoft
Title: Time synchronization
My suggestion is set your main DC to and
external NTP source and the other DC's to your main DC
Lynden
From: Gayoso, Ray
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 9:54
AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Time
you can always gain admin control over a client and then run a job or
service that keeps files open if you really want to ;-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of EN
Sent: Dienstag, 16. März 2004 15:40
To: [EMAIL PROTECTED]
Subject: Re:
Title: Message
Microsoft Most Valuable Professional. It is an award MS
presents to folks for contributions to the community at large. Itused to
be primarily for newsgroup participation but has been branching out
tolistservs, web sites, and other significant
contributions,etc.
Basically MS
Has anyone had success putting together something home-grown
to centralize security event logs into a sql database? If so, I wanted to get
some tips on how the tables should be set up can all events that are
captured in the security log be placed in the same table, or do different
events
MACS (MS Audit Collector System) will do all of that for
you and likely much more efficient than what you'd do yourself (and more secure
as well) - should be released soon (I think with 2003 SP1)
/Guido
From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Dienstag, 16. März 2004 19:18To:
AhhhI forgot about that coming.
Thanks Guido!
mc
-Original Message-
From: GRILLENMEIER,GUIDO
(HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 1:40
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security
event log audits
MACS (MS Audit
Will this work for Win2k servers also?
Mike
From: GRILLENMEIER,GUIDO (HP-Germany,ex1)
[mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 1:40
PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir]
security event log audits
MACS (MS Audit Collector System) will do all of that for
you and
Short answer: Yes
More detailed info:
http://www.windowsboston.com/downloads/doc/MACS_beta_Overview.doc
Hope that helps :)
r/
Lou
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Celone, Mike
Sent: Tuesday, March 16, 2004 1:49 PM
To: '[EMAIL
That is weird. Might be time to do a sniffer trace. Also, check the
system event log on each of the machines that is having a problem and
make sure you're not getting any machine trust issues with the domain.
Also, double-check that DNS client config on the two problem machines is
correct. Could
I wrote it four year ago.
A Windows NT Service on every machine send the information (every eventlog
section ) to a database ODBC connected
(Oracle, MSSQlserver, DB2, MySql etc.)
I wrote also the client administrative to setup, install, modify
configuration and interrogate the datbase, produce
I absolutely cant live without
changing the visuals of the command processor. Since you shared here is one of
my favorite command line tips for w2k. Back into NT when typing out long
command lines you could use the * for the auto-complete character so from a
command prompt cd c:\doc* enter
Title: Message
Firstly, it won't be called SUS 2.0. It will
apparently be called the very unfortunate name of WUS - Windows Update
Services. Yes, jokes have started, and WUS is getting tripped and
beat up by all the other software bullies.
However, there is destined to be, as I understand
Title: Message
*cough*
*splutter*
HAHAHAHAHA.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Rick
KingslanSent: Tuesday, March 16, 2004 9:06 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Microsoft
Patch
Firstly, it won't be called
Does that mean it's going to be hot stuff?
;-)
Sorry... been a long day...
**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
However, there is destined to be, as I understand it, an Application
Programming Interface
Title: Message
Man I ignored that on the other list so you brought it here
too
ARRG.
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
Here is something really Q-N-D for you Alan. Any chance to
help out you intel guys I'm all there, I have intel all over my house.
:o)
Basically you take adfind and you do a schema dump from
both dc's you are concerned about...
adfind -h server1name -schema -f
Well, that remains to be seen. I haven't had time to play with it yet, but
I'll comment here and there as I get a feel for what it does / can do / flat
doesn't deliver.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Title: Message
Ahhh geez. Deal with it, Smart Ass. They like
me here (I think). I'm not so sure on the other list. But then,
I don't really care much. ;o)
I'm just irritated over the near-sighted and obviously lame
thought process of the new Microsoft 'Marketing' genius. Rather than the
Darren, now I am puzzled...
I would have sworn that what I have described once worked with W2K (if I
am not mistaken, it was SP1), but
So I checked...
2 DCs in the test domain (W2K native):
1 W2K3 (holds all FSMOs)
1 W2K SP4 (GC)
Test 1:
On W2K3:
1) Defined Default Domain Policy with 6 chars
38 matches
Mail list logo
