Win2k appears[1] to try everything via DNS/Hosts resolution first. Which makes sense.
Traces I have done support that theory for name resolution in general, except for the
DC discovery process by netlogon which appears to work just as documented -
1. On the client (the computer that is locating
A fair portion of the Software Update Services Deployment White Paper is devoted to
troubleshooting-
http://www.microsoft.com/windows2000/windowsupdate/sus/susdeployment.asp
-Original Message-
From: John B [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 03, 2003 10:43 AM
To: [EMAIL
Yes there are numerous instances where that can be problematic, much depends on the
source of the HF's or QFE's involved. A couple of examples-
http://support.microsoft.com/default.aspx?scid=kb;en-us;281767
http://www.win2000mag.net/Articles/Index.cfm?ArticleID=26166
59 Post-SP3 Hotfixes
Compaq services also has a nice one...
ftp://ftp.compaq.com/pub/supportinformation/papers/ps-99-23.pdf
-Original Message-
From: Tim Hines [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 09, 2003 3:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD Disaster Recovery Book
See the
Also AT jobs with old credentials
-Original Message-
From: Bjelke John A Contr AFRL/VSIO [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 7:08 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] User's Account Locked out Every morning
Manual drive mappings with old
You should be able to transfer the settings (albeit manually
They can be migrated with Gpolmig.exe
HOW TO: Migrate System Policy Settings to Group Policy Objects [Q317367]
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 17, 2003 4:07 PM
To:
As others have mentioned you can control this on an individual connection basis with
the permissions of the RDP connection.
It may be much less administrative overhead to control this using local or group
policies to regulate the logon locally user right [SeInteractiveLogonRight] which is
Funny, I was just looking at those :-]
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/issues/W2kCCSCG/W2kSCGcf.asp
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 3:22 PM
To: [EMAIL PROTECTED]
Subject: RE:
Are you talking SUS-SA?
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 20, 2003 4:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS?
John,
I can't tell you anything more other than the next version should
greatly please and satisfy.
- Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Free, Bob
Sent: Thursday, February 20, 2003 7:01 PM
To: [EMAIL PROTECTED]
Are you talking SUS-SA
deja vu...just going through this conundrum myself in the last few days...sigh
The advanced network features for Visio 2002 were discontinued recently:
http://www.microsoft.com/office/visio/evaluation/indepth/network.asp
Visio Enterprise Network Tools and Visio Network Center
Posted: July
Title: Message
Taking
that one step further, disabling things can get you in trouble further down the
GPO hierarchy due to the inheritance of the disabled settings. I'm with the
leave it "Not configured" camp unless you have explicit reasons and know all the
ramifications...
-Original
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Tuesday, February 18, 2003 5:26 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir
Title: Message
Domain
user rights and domain group memberships apply to Domains, and all DC's in said
domains,not OU's, you can't grant or revoke them on individual machines. I
don't really get what it would buy you anyway...
-Original Message-From: Ninet Segar
[mailto:[EMAIL
It's fairly well documented in MSDN. Here's something I sent to one of our Product
Managers last week when he was asking us OPS folks about a product that he was
considering that wanted to add SCPs-
SCP is a built-in AD schema Structure class, here are some considerations to help
decide-
12, 2003 3:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Odd looking object in AD
Good info Bob, but to further answer the question, this SCP would have been
added by Veritas Backup Exec.
Linton
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March
Service Explorer is the one I liked best when I looked at the commercial tools for
large environments- http://www.smallwonders.com/svctaskmgmt.htm
Another possibility is Service Account Manager- http://lanicu.com/
-Original Message-
From: Mulder, Joeri (NL - Amsterdam) [mailto:[EMAIL
Select the security tab on the properties sheet
-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED]
Sent: Friday, March 14, 2003 2:51 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Group Policies Help (Win2k Server)
Where is that exactly at? I don't see it in the
Title: Anybody see Gil's article?
Funny
you mention that, I had let my subscription lapse and that article was enough to
get me off my duff last week to pay up so I could view the article online.
:-]
Nice
job Gil...
-Original
Message-From: Bjelke John A Contr AFRL/VSIO
We always used 90 days for NT, haven't gotten around to changing it for W2K [which btw
defaults to 30 day password age]
-Original Message-
From: John F. Hann [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 11:54 AM
To: ActiveDir List
Subject: [ActiveDir] Old Computer Accts
Be good to hear from others, if this also works well on their machines.
ID'd my W2Kpro ThinkPad a22m as Notebook Type 10
Thanks
-Original Message-
From: GRILLENMEIER,GUIDO (HP-Germany,ex1)
[mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2003 4:10 AM
To: '[EMAIL PROTECTED]'
Subject:
Better yet get eventcombMT and search all the DC's at once with the canned account
lockout routine.
-Original Message-
From: Schick, Mary L - CNF [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 10:30 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Account Lockout after
Anyone tried this and gotten it to work?
Yes, it will work, but not 100% consistantly in my experience.
I have gotten inexplicable domain\computer (10.1x.1x.1x) User is not an administrator
on the scanned machine errors using runas where the hostname resolved to a bogus IP
address.
I think u can do it Domain Security Policy \Security Settings \ System service
Doesn't meet his requirement, Default Domain Policy is common to all DC's in the DC OU.
specific office based administrators to restart/start services on specific domain
controllers.
Conceivably it could be done on
It's a SAM read-only object AFAIK, you can't modify it.
-Original Message-
From: John F. Hann [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 27, 2003 2:02 PM
To: ActiveDir List
Subject: [ActiveDir] Reset BadPwdCount property for users
Is the BadPwdCount property read only? I have
] Reset BadPwdCount property for users
Thing is...You can go into ADSIEdit and modify it
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Thursday, March 27, 2003 5:09 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Reset BadPwdCount
TS in remote administration mode is limited to 2 remote sessions, add the local
console and you have 3 total.
You could set it up in application mode but I would question having that many people
administering remote servers concurrentlyThen you also go down the licensing path.
Or, as suggested here in the past, do you get kickbacks from Sunbelt??
Heheh, where have I heard that before?
One nice thing about dealing with smallwonders is the personalized attention you get
from the president, Brian Small. Nice firm to deal with IME.
-Original Message-
From: Rick
304718-Administering Windows Server-Based Computers Using Windows XP
Professional-Based Clients
(To get the 2003 RTM adminpak installed)
http://support.microsoft.com/?kbid=304718
Note from above article-
The Dial-in tab that configures Routing and Remote Access dial-in or VPN access and
Im going to ask a
really dumb question regarding the ACCTINFO.INI file Where do I put
it?
Assuming you meant the acctinfo.DLL file... :-)
Acctinfo.dll adds a custom property page to the user
account object Properties dialog box in Active Directory Users and
Computers. For more
Anyone know where to obtain WinPE? It is hard for me to find
It used to have it's own page [1] but it seems to have disappeared.
If you have a volume licensing, for example a select agreement, it
should me on the last set of CD's.
OEMs have another program but that info was on the page
Because BJ Whalen (Group Policy Program Manager) told me not to at TechEd last week.
:-)
He told me the same thing at DEC last month so it must be true :-]
(It was also prominently featured on one of his slides)
As far as your longer answer, that is also clearly noted in the GP white paper.
SWAG but sometimes overlooked, is the server's time within 5 minutes of
the domain?
-Original Message-
From: Ian Moran [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 10, 2003 11:24 AM
To: [EMAIL PROTECTED]
I think I tried that already, I'll have another go.
I should say though that
304718-Administering Windows Server-Based Computers Using Windows XP
Professional-Based Clients (To get the 2003 RTM adminpak installed)
http://support.microsoft.com/?kbid=304718
If you need to manage Exchange-
XADM: You Cannot Install Exchange System Manager on a Windows XP-Based Computer
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Active Directory Tools on XP Clients
Thanks.
What if you have Exchange 5.5 and AD and you want to modify exchange
settings using ADUC from a windows XP machine, is the Exchange tabs there
on the Windows 2003 tools?
-Original Message-
From: Free
Title: Message
NetIQ is more expensive than MOM
According to when you bought it...
We had
AppManager way before MOM was even a gleam in Dad's eye :-)
When
NetIQ was a new and hungry company the pricing didn't seem that
bad.
-Original Message-From: Roger
Seielstad [mailto:[EMAIL
Title: Message
glad
you are here, joeware rocks!
Don't
think I have ever taken the time to thank you for the tools you make available,
not because I'm not appreciative, just fundamentally lazy.
So,
thanks for all past joeware and looking forward to more :-]
From: Joe [mailto:[EMAIL
, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Thursday, June 19, 2003 5:02 PM
To: [EMAIL PROTECTED]
Some of the better
So I'm reading Part 2 of Best Practice Guide for Securing Active Directory
Installations and Day-to-Day Operations, and I see:
Part 1 of this guide recommends that the SYSVOL folder be excluded from virus
scanning. However, excluding SYSVOL increases the risk of a virus attack on a domain
Is there a specific discussion group he might ask his question
Try asking in microsoft.public.win2000.dns if it's not already answered in-
327194 - List of Bugs That Are Fixed in Windows 2000 Service Pack 4
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;327194
-Original
If there is another way to automatically make it go in the desired OU I would love to
hear how
NETDOM ADD with the /OU argument if they aren't CLI-challenged :-]
-Original Message-
From: Rakes, Brandon A. NMIMC Contractor [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 16, 2003 7:58
Have you recently installed a new driver? While there were other causes in NT it is
most often attributed to a bad driver in W2K.
-Original Message-
From: BOBO [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 17, 2003 2:41 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] all printer stop
Restricted to various admin groups, permissions are delegated to OU/container for
specific groups
-Original Message-
From: David Adner [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2003 4:04 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Do you allow users to add computers to AD
Where can I find this info about users can create Computers in AD?
Lot's of articles, a couple are-
http://support.microsoft.com/default.aspx?scid=kb;en-us;228146
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/526.
asp
http://support.microsoft.com/?kbid=251335
The main
In NT I used to delegate that by permissions on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to
give Server Operators access to the TCP/IP related applets and allow
changes.
Never tried it in later OS's but's it's worth a try. The key structure
and perms look very
Not to sound like an absolute n00b or anything,
Too late :-]
start|run|svrmgr
-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 10:49 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Users Logged In
Not to sound like an absolute n00b or
Logged In
When I go to start, run, svrmgr it says that the program does not
exist. How do I install it?
On Tuesday, July 29, 2003, at 11:06 AM, Free, Bob wrote:
Not to sound like an absolute n00b or anything,
Too late :-]
start|run|svrmgr
-Original Message-
From: Richard
The user should only be able to install files on the workstation they
are logged in to
Put them in the Power users group **on the workstation they
are logged in to**
-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 10:52 AM
To:
PROTECTED]
Sent: Wednesday, July 30, 2003 3:50 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Installing Files
Shouldn't they be able to install files using their AD account rather
than having 2 accounts?
On Wednesday, July 30, 2003, at 01:52 PM, Free, Bob wrote:
The user should only be able
Just make sure you have good return transportation after all the fun ...
Ask Gil where he rode on the way home the last night in Scottsdale after
dinner, drinks and shuffleboard :-]
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 03, 2003 9:26 PM
We were playing with KIWI and an addin called backlogNT that a lot of
others were using and recommending. Looks like it's morphed into SNARE.
http://www.intersectalliance.com/projects/SnareWindows/index.html
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent:
Title: Message
Machine account change frequency (default) NT is 7 days W2K is 30.
That's
how we have always managed machine accounts. Just had to tweak the interval in
the PERL script when W2K showed up :-]
Over
the threshold, whack the account
-Original Message-From: Steve
Same here, more times than I care to remember :-[
Since RAM has gotten cheap it has gotten very t e d i o u s to FTP those huge buggers
up, but they do get to the bottom of the problem, usually like you said a 3rd party
filter driver.
lol
-Original Message-
From: Rick Kingslan
Thanks Todd-
That's much better than the previous recommendations I was able to find in the MSKB.
I had started a similar thread here back in July as well and we have been bugging our
AV vendor for their best practices..The last I heard from our internal AV Product
Manager was
I talked to
Should I rerun this?
The SUS install automagically runs IIS lockdown with the settings deemed applicable to
SUS.
-Original Message-
From: Jennifer Fountain [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 2:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SUS - ot? not
The different tools usually use a combination of determinate factors like Darren said,
I usually look at the xml files to see what they use for hfnetchek or
\wwwroot\dictionaries\autoupdate\win2k\items.txt file from a SUS server to see what
the flavor of the day is for the expression used for
308111 - A Missing Service Principal Name May Prevent Domain Controllers from
Replicating
http://support.microsoft.com/default.aspx?scid=kb;[LN];308111
-Original Message-
From: Don Murawski (Lenox) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 12:21 PM
To: '[EMAIL
I believe MOM grew out of the monitoring product that NetIQ acquired
from Mission Critical Software called OnePoint.
It's early roots were in Mission Critical's SeNTry (before they called
it OnePoint) which was a pretty cool idea in it's day. SeNTry had
add-ins for products like Exchange, IIS,
can someone explain to me what devolution is?
Very basically, if DNS resolution to my.foo.bar.com failed the DNS
client devolves the primary DNS suffix (drops the left label), and
submits a query to foo.bar.com and attempt resolution
From: [EMAIL PROTECTED]
-
From: Free, Bob
Sent: Thursday, September 25, 2003 10:22 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Bind or Microsoft DNS
can someone explain to me what devolution is?
Very basically, if DNS resolution to my.foo.bar.com failed the DNS
client devolves the primary DNS suffix (drops
I believe that is contingent on which GPO you use, please correct me if
you have found otherwise-
My testing has shown that if I use the the Remove links and access to
Windows Update Group Policy setting[1] (located in User
Configuration\Administrative Templates\Start Menu and Taskbar) that any
The best treatment of the Delegation Wizard I have seen so far is in a book by Sakari
Kouti and Mika Seitsonen Inside Active Directory http://www.kouti.com/ Must have
book IMHO.
You can download some tables from their website that would probably help you with the
attribute mapping-
Read up on the IEAK, you can tweak to your heart's content
http://www.microsoft.com/windows/ieak/default.asp
-Original Message-
From: Rick Reynolds [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 12:10 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] OT - IE6 Unattended
Checked for an AT job running under the old creds? Seen that often.
-Original Message-
From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 12:30 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] account lockout troubleshooting
Yep, one is the PDCE. That
???
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 3:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] account lockout troubleshooting
Checked for an AT job running under the old creds? Seen that often.
-Original Message-
From: Creamer, Mark
Can anyone tell me where i might find a good maillist for SUS problems
Not a mail list but microsoft.public.softwareupdatesvcs has lots of
expertise and MS-SUS folks actively participating
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October
We have been looking into client solutions and that will probably take a
while, since we already use Websense we got the Premium Group III to
block MMC at the edge.
http://www.websense.com/products/premiumgroups/#pgiii
-Original Message-
From: Christopher Hummert [mailto:[EMAIL
Sounds familiar to aida32 which will extract a wealth of information
over the network ..
http://www.aida32.hu/aida-features.php?bit=32
-Original Message-
From: Lou Vega [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 22, 2003 11:04 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir]
Microsoft Audit Collection System, formerly known by the codename DAD,
is a system for consolidating and analyzing security event logs.
It is a client/server application consisting of an agent, which is
implemented as a service running on the monitored machine, and a
collector, which runs as a
is it?
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 2:08 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Microsoft Audit Collection
beta? (Which I'm running.) Sure sounds
like it...
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 2:08 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir]
Microsoft Audit Collection System, formerly known by the codename DAD,
is a system
Sounds like adminSDholder at work
-Original Message-
From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 10:30 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] LDAP wright to certains accounts not happening.
What is interesting is these accounts are a
making me rediscover this tool it is fantastic, as are so many from
sysinternals.
blantant plug
I have always been a fan of the tools and all Mark's books. I have used
most all the freeware ones over the years and purchased TCPviewPro and
ERD commander in the past.
Recently we upgraded to the
I'd start looking around for the AD Delegation WhitePaper, as that was
one of the tools that came with that bad boy.
It's either out, or very close
I've held my breath in anticipation of this paper as long as I can, I
think 'soon' is overdue, even in MS time :-[
Does one of you insider's have
/userva switch?
316739 - How to Use the /USERVA Switch in the Boot.ini File to Tune /3GB
Configurations: http://support.microsoft.com/default.aspx?kbid=316739
-Original Message-
From: Chianese, David P. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 6:41 AM
To: [EMAIL
Try it with an account that is a member of the machine's local
administrators group.
-Original Message-
From: Rosenfeld, Gary [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 2:21 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] [OT] Access Denied with Netsh/DHCP
Hi All:
I'm
Search the KB for dumpchk there are some good articles on how to extract
the basic info you need from the dmp file (without needing access to
the symbol files to do really indepth debugging)
There was a really good webcast on it a couple years ago by one of the
Premier guys, called Basic STOP
We had almost the same issue with our Citrix implementation where our
proxy only understood the source IP of the Terminal Server and we also
lost authentication and logging. The solution offered by the proxy
vendor was to insert an ISA server in between and have it act as an
intermediate proxy on
Actually I just used the ADmap 1.6.2 utility last night.
Came across that also a couple of months ago too, the one I have is
versioned 1.7.5. It's an interesting solution.
http://www.windows-servers.info/Tools/AdMap.msi
He also hosts a similar Exchange/Visio mapping solution
See the last item (#26) in http://www.activedir.org/gp_faq.htm
Bruce Clingaman mailto:[EMAIL PROTECTED] mused on Friday, December
05, 2003 6:18 AM:
| I have a policy in place to redirect users My Docs to a
| network share, simple. But it works only on occasion. My test
| user logs in one day,
Title: Message
Thanks Todd. I loved the first version and look forward to
this one.
Kind of ironic that the KB that the 2.0 D/L page leads you
to has a link to D/L 1.0 :-(
From: Myrick, Todd (NIH/CIT)
[mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 8:34
AMTo: '[EMAIL
Salandra, Justin A. mailto:[EMAIL PROTECTED] wrote:
Everyone,
I have my PDC Emulator on a server that is set to a SNTP server on
the web, however all my others servers when I type in net time /set
point to a different server that holds no roles what so ever for AD,
it is just a DC. What am
Does anyone have any articles comparing the differences and
similarities between these two services?
The definitive article from the horse's mouth-
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintim
eserv.asp
Very nice paper from a 3rd party perspective-
is there a beta/preview of it for lab testing?
Yes there is a Preview Release Beta Program, I got in on it in June 02.
My TAM had me fill out a nomination form. I don't know if they are still
accepting new participants or not.
From: Rich Milburn [mailto:[EMAIL
Robbie Allen did a great presentation and RoundTable at DEC on that
subject. Maybe he will chime in with something more current.
http://www.rallenhome.com/conferences/RAllen_Extending_the_Schema_Roundt
able.ppt
http://www.rallenhome.com/conferences/RAllen_Best_Practices_For_Extendin
handle usually always comes through for me-
http://www.sysinternals.com/ntw2k/freeware/handle.shtml
or the GUI relative-
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
-Original Message-
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]
Sent: Monday, January 19, 2004 1:33 PM
To:
?
-Original Message-
From: Free, Bob [mailto:[EMAIL PROTECTED]
Sent: Montag, 19. Januar 2004 23:00
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Help, file locked
handle usually always comes through for me-
http://www.sysinternals.com/ntw2k/freeware/handle.shtml
or the GUI relative-
http
Jennifer Fountain mailto:[EMAIL PROTECTED] wrote:
Yes, this is different. This is when a password is about to change.
Like Stuart suggested, acctinfo will add a tab to the account properties
that displays this as password last set date/timestamp, password expires
date/timestamp, even does the
George Arezina mailto:[EMAIL PROTECTED] wrote:
Dear all,
We had a W2K AD setup. Last month we upgraded all our servers to
Windows 2003. Since the upgrade we have not been able to properly
perform a Windows update task. We hook up to the Windows update site,
it starts to scan our db, and
joe mailto:[EMAIL PROTECTED] wrote:
No one seems to be jumping on this with any authoritative answers, I
was hoping Guido or Dean would nail it as I was looking to learn
something. :o)
I'm hardly authoritative but what I've picked up on the subject :-)
Blatantly plagiarized from Gil's
http://www.microsoft.com/downloads/details.aspx?FamilyId=7821C32F-DA15-438D-8E48-45915CD2BC14displaylang=en
From: Celone, Mike
[mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004
10:31 AMTo: '[EMAIL PROTECTED]'Subject:
[ActiveDir] GPO explanations
I seem to remember
someone on the
Rimmerman, Russ mailto:[EMAIL PROTECTED] wrote:
What's everyone syncing all their clocks up with?
We have our own enterprise NTP servers, the forest root DCs synch to
them. Everything else in AD is in NT5DS mode and time flows down the
domain hierarchy. The [gag] remaining NT boxes, have
Graham Turner mailto:[EMAIL PROTECTED] wrote:
have picked up that w32tm is many times more functional on XP as
compared to 2000.
seems unless i am mistaken that w32tm on 2k does not support the
config domhier to reconfigure the system to use the domain
hierarchy.
was wondering if
Title: SNTP/NTP Settings
CompatabilityFlags
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Data type
Range
Default value
REG_DWORD
0x1 | 0x2 | 0x4000 | 0x8000
0x8000
Description
Controls flags for behaviors that are
Yes, they are supposed to automagically change to NT5DS
upon joining a domain from all the MS
documentation.
Is it happening to all of them? Are they Dell
PC's by chance? They actually have a patch because, allegedly,some PCs
were imaged with different processor stepping levels than ended
Some of the MVP folks in the XP NG's alluded to other
manufacturers as well but since Dell substantiated it by providing a patch, I
figured that must be the real deal :-)
From: DeGrands, Charles
[mailto:[EMAIL PROTECTED] Sent: Thursday, February 19, 2004
12:58 PMTo: [EMAIL
Not sure where the 6/19/2003 version comes from
Checked a W2KSP4 box and that's the stamp it has FWIW
Someone editing your GPO's from a 2K box???
If you haven't seen it, the Administrative Templates Background section in the GPMC
whitepaper was very enlightening to me.
Administrative
Title: Message
Maybe try the enumeration scripts from the
RK?
enumclasses.vbs
Enumerates Windows
Management Instrumentation (WMI) classes within a namespace on a
server.
enuminstances.vbs
Enumerates instances of
a Windows Management
i must have missed the post, is that free version still available
somewhere?
OLDCMP web site (www.joeware.net).
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Eric Fleischman mailto:[EMAIL PROTECTED] wrote:
Willem do you happen to have the article that talks about it handy? I
couldn't track it down.
This one?
810076 - Updates to Restricted Groups (Member of) Behavior of
User-Defined Local Groups:
1 - 100 of 268 matches
Mail list logo