Is there a tool or script that I can use to display the top
running processes on a server? Command line or VBS.
Devon Harding
Windows Systems Engineer
Southern Wine Spirits
- BSG
954-602-2469
__This
My personal and professional opinion?
tick
tick
tick
tick
tick
tick
tick
click
bm
You have a time bomb. Could be fine for a long time, could
blow up entirely in your face tomorrow leaving only scattered parts of hands and
feet or
Joe! Great story! Consider a book!
PS I really like the spleen thing cause your
right you never really can tell.
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday,
September 07, 2005 8:24 AM
To:
Hehewhere else can you get some
much information *and*
entertainment in one place!
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, September 07,
2005 9:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OU
permissions for user
Charlie,
I'm wondering whether you tried to specify this setting through the Internet Explorer Maintenance\Security\Security Zones and content Ratings\. There you can actually edit the setting you're looking for.
Oliver Ryf
Quest
Cologne
List info : http://www.activedir.org/List.aspxList FAQ :
Just for perspective, I can add another similar experience to Joe's. The
difference was that the environment had 400 admins many of whom were unknown
to those that should have known; add to that that DA was a fluid concept there.
I had one admin (who wasn't supposed to be) brag about how he
If one of your major motivations to consolidate ina single forest is getting the Exchange GAL, think about using Microsofts MIIS FeaturePack for AD or Quest Collaboration Services to get around this issue and keep your current structure.
Oliver
On 9/5/05, Tony Murray [EMAIL PROTECTED] wrote:
I
In the W2k resource kit there's a cool cmd tool called CUSRMGR.EXE which allows to script these things.
Oliver
On 9/5/05, ASB [EMAIL PROTECTED] wrote:
http://www.ultratech-llc.com/KB/?File=Passwords.TXT
And I really hope that those passwords and account names were merely examples...-ASBFAST,
What version of Exchange are you working with? I think you mentioned that you have NetBIOS disabled, is that correct?
I can confirm that in fact Exchange 2000 requires connectivity to the Schema Master FSMO role holder to install via /disasterrecovery. I've been told that this is not the case in
Good Morning. I'm brand new to the list and am seeking assistance out
of desperation/frustration. I think that I should preface my story with
the statement that I am not an experienced Microsoft admin, but am
partially filling a void in our organization. Most of my experience is
Unix/Linux, but
Thanx that article helped a lot, something I was looking for optimizing the AD infrastructure overall.
It has fleeting remarks that, DFSobey site boundaries, so thathelps a bit.
I am still novice in DFS,
now I need to know, is \\example.com\netlogon is part of domain DFS?
is domain DFS enabled
PSLIST
TASKLIST
http://www.ultratech-llc.com/KB/?File=Processes.TXT
-ASB
FAST, CHEAP, SECURE: Pick Any TWO
http://www.ultratech-llc.com/KB/
On 9/7/05, Harding, Devon [EMAIL PROTECTED] wrote:
Is there a tool or script that I can use to display the top running
processes on a server?
Brian, are you familiar with the netdiag and dcdiag utilities?
You can find them on the domain controller (cmd line utilities). It helps if
you use the /v switch and pipe it to a text file for later review.
Something like netdiag /v c:\netdiage.txt would do it.
Can you have a look at
Are you running AD on Windows 2000 or 2003? Windows DNS or BIND?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Brian Atkins
Sent: Wednesday, September 07, 2005 10:57 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Where to begin...
Good
If the target is XP+ something like:
wmic /output:data.htm path
Win32_PerfFormattedData_PerfProc_Process GET PercentProcessorTime,NAME
/FORMAT:htable.xsl start data.htm
Might work for you - you can even target machines
remotely with the /NODE switch.
Leave off the /format param if you
Brian
I think that the problems you have may be DNS related and you need to
check both the DNS servers themselves and the client configurations.
You mentioned that you had corrected issues with the pointer records.
This should not be necessary as the clients should register these
dynamically. You
Why did you decide to put it in the DMZ?
-ASB
On 9/7/05, Jason B [EMAIL PROTECTED] wrote:
We are putting a MS sharepoint server in the DMZ and need to have it on the
domain and communicating with a SQL server on the domain. Because of these
needs, we only want to open the minimum number of
Because this will be a sharepoint server for clients. Regardless, that
decision has already been made and I don't have any input into it.
Any info on the ports I'd need open?
- Original Message -
From: ASB [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Wednesday, September
This is good, but how do I a. get like the
top 5 running processes and b. maybe a console output.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of steve patrick
Sent: Wednesday, September 07,
2005 11:25 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir]
I would look at putting the Sharepoint server on the internal network and deploy an ISA server in the DMZ and use Web Publishing or Server Publishing to get your external clients access to the site. If you want to open access from the DMZ to your AD Forest your firewall will be swiss cheese from
I think it important to understand what type of domain is running here. Is it an NT4 domain, or is it Windows 2000/2003? I am assuming it is an Active Directory domain, but with the use of the PDC/BDC terminology I want to make sure.
If it is Active Directory then in addition to the other good
Disclaimer what you're doing is a horribly bad idea from a security
perspective /Disclaimer
You might have better luck setting up an IPSec tunnel from the DMZ host to the
internal domain controllers, DNS servers (if different) and the SQL machine.
You'd be even better off if you made it
Hello
I am facing the same problem but with Windows XP SP2, when I go to Add/Remove Windows Components, and choose teh IIS, inside I can't see the NNTP, I can see the common files, SMTP, WWW, all others but not NNTP, I tried to remove all the IIS and re-install with no use, re-installed SP2 then
I appreciate the replies... IPSec might be the way to go.
The problem with self-containing all the services is that the SQL server
that sharepoint needs to use is a DB that is also used internally - we need
to share this DB and some of the files with clients. I think a better
approach might
Sorry this doesn't answer the NNTP question, but are you sure
thatit is required for the Exchange 2003 management tools?? I've
only found that SMTP is required for those...not sure why NNTP
would be!
-DaveC
ReutersIST Service
Delivery
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
http://blogs.technet.com/exchange/archive/2004/06/07/150295.aspx
It would be required in order to get the
NNTP snap-in. Its part of the adminpack.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe
Sent: Wednesday, September 07,
2005 1:06 PM
To:
Agreed.
In any case, you'll want to add to that list of ports 3268 for Global
Catalog, your DCOM range, and if you have a CA deployed, 636 and 3269 for
SSL LDAP and GC.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
snip
I would rather work 80 hours a week because I choose it than give out
permissions that cause me to work 80 hours a week because I have to
hold the environment together.
/ snip
As joe-isms go, I think that one just became my favourite, and one to live by.
Laura
List info :
Title: AD Sites and Services Question regarding share point servers
This question is regarding objects in AD sites and services. I see 2 objects in a site that are not domain controllers. The objects are share point servers and each has an object in the built in computers container. The only
I corrected the minor WINS issues, but I still have these outstanding:
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
Title: AD Sites and Services Question regarding share point servers
MSMQ is an AD integrated service. Remember AD Sites and Services has the and
services part. Things will show up in there exposing services which are
AD integrated (e.g. MSMQ, Exchange, etc).
Thanks,
Brian
Desmond
One other variation to consider, would be to replicate data from internal to
external. Depending on how much interaction you intend to have, you may also
want a two way model for data, but..
Last thought: you may want to give Microsoft a call about that. They have the
same software available
Here I thought maybe it was just too many acronyms :) Good to
know. Thanks Michael!
-DaveC
ReutersIST Service
Delivery
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
SmithSent: Wednesday, September 07, 2005 1:15 PMTo:
ActiveDir@mail.activedir.orgSubject: RE:
Pull up ADSIEdit (startrunadsiedit.msc after you install the stuff in the
support folder of the CD). Right click on the nc head for the partitions
listed below and pull up the security tab there.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From:
Title: Message
Typically I have always seen MSMQServices under the
services tab (View / Show services node) and it does reside there, as well as
Microsoft Exchange. I do not recall ever seeing the server object under
the Site / Servers / servername though. Although I do not view this as a
Title: Message
I just
found an article:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2744bec1-cb37-4d89-b90e-8140f0f7d7de.mspx
snip
To set permissions for MSMQ Settings objects
1.
Open Active Directory Sites and Services.
The error you're showing is often associated with a mismatch in dcdiag versions
being used.
If you did not run this directly on the server console, this might be easily
corrected.
As for DNS, I'm guessing that you have the unicity zone delegated then?
How many servers is this in the AD
~
Regardless, that decision has already been made and I don't have any
input into it.
~
I think you should make an attempt to point out the precarious
location of this server, since security appears to be a concern.
You'll have more
If
you absolutely HAVE to then I would prefer to look at using IPSec for
communication between the Sharepoint box and your
DC's
IPSec would be good, but it isn't supported between member
servers and DCs.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254949
Tony
From: [EMAIL
OK; I finally figured this one out; I had to set a couple of other
settings for this to work.
Computer config\admin templates\Internet explorer\internet control
panel\security page.
Intranet sites: Include all local (intranet) sites not listed in
other zones
Intranet sites:
Did I miss something in that article? I don't see where it says client DC via IPSec is not supported; just that you can't encrypt Kerberos traffic.
Phil
On 9/7/05, Tony Murray [EMAIL PROTECTED] wrote:
If you absolutely HAVE to then I would prefer to look at using IPSec for communication
I agree with Phil I think using an
ISA (or other reverse proxy solution) is the best way to go given your
constraints.
Using a reverse proxy solution allows you
the following:
Keep
you Sharepoint server behind the firewall, yet make it accessible to external
clients as if
Looks like we have plenty of ideas and opinions ;)
ISA is a great way to deal with this, but I believe the decision was made to
put the SP machine in the DMZ regardless of the technical merit or viability.
And whether or not it is a good idea. That said, ISA doesn't offer much if you
put it
Hi Phil
Here's the text I was referring to:
Currently, we do not support using IPSec to encrypt network traffic from
a domain member server to a domain controller when you apply the IPSec policies
by using Group Policy or when you use the Kerberos authentication method.
The goal with
I should make sure I was clear in no
way did I encourage the placement of ISA AND the SharePoint server onto the
semi-trusted (DMZ) network. Again to clarify, the ISA server often (but not
always) resides in the semi-trusted network while the SharePoint server should
always reside on a
My company is tied in to a specific archive solution. they want to outsource the whole archive thing.
this solution uses mapi and needs a dedicated journal mailbox server.
however due to my AD issues, i can't install a new exchange server.(no root domain. no SA or EA access. writtien about ad
if a zone is just a standard primary, is there any security or acl's you can set in windows or any auditing?
thanks
Not that Im aware ofIts just a text file on disk at
this point. I guess you could audit the dns zone files.
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tom Kern
Sent: Wednesday, September
ok. i understand this right when used with a resource forest but i have no idea why you need to give this right to Self on top of Full Control to allow access to a mbox of a disabled user?
shouldn't FC be enough?
Also, are these the only 2 cases where this right is everneeded?
thanks!!
you mean set up auditing on the ntfs file the zone is saved to?
also, under dynamic updates, it says secure and non-secure.
how is it secure on a standard zone?
thanks a lot!
On 9/7/05, Brian Desmond [EMAIL PROTECTED] wrote:
Not that I'm aware of…It's just a text file on disk at this point. I
The archive sink plus a bit of FSO and CDOcoding
could give you that.
joe has probably already written a utility so that you
wouldn't have to doany coding. :-) j/k
The
Archive Sink provides the capability of storing all messages to a flat file. It
is an event sink that archives each
Those fields are not available in the default ADUC GUI. It needs to be
extended for that.
You could however for attributes that are not available through the GUI
use the method as explained in:
http://www.awprofessional.com/articles/article.asp?p=169630seqNum=1
Hi Tom,
When using the Associated External Account (AEA) in an account forest and
resource forest scenario the account in the resource forest that is mailbox
enabled is AD disabled and the account in the account forest is assigned the
AEA right on the mailbox. This automagically puts the SID
Dynamic Updates and a standard zone what is it youre trying to do?
Yes I mean an audit entry in the SACL on the DNS zone file.
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent:
That was the way that I understood that paragraph as well.
And to give a little more information about Aric's point on not being able to monitor the traffic between the DMZ host and the DC's; that is why it is important to have an Intrusion Detection/Intrusion Prevention system in place. Even in
Using certificates to allow IPSec
betweenclients/member servers and DCs sounds good. Has anyone
actually done this? I'd be interested, as I'm surprised the KB article
didn't mention this as an alternative. I've also heard (more than once)
some statements from MS people to the effect that
Yes, in fact I have implemented this
(under Windows 2000).
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Wednesday, September 07,
2005 7:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Which
ports to open in the DMZ to
57 matches
Mail list logo
