RE: [ActiveDir] how to list permissions applied to a directory tree
Hi Sakari, Happy New Year and thanks for your reply. I'm hoping to find a tool which I can point at my File Directory Tree and create a report of all objects and all AD groups which have permission to each object. If I understand it correctly, the ACLreport.vbs is a tool which is pointed at the Active Directory Tree to create an HTML file containing ACL's of a given AD tree (but not the File Directory Tree). Might you know of any tools which point at the File Directory Tree? Thanks, -Tequa Sakari Kouti <[EMAIL PROTECTED]> wrote: Hi, If you want to get the list of permissions into an html file, you can use ACLReport.vbs at http://www.kouti.com/ (select the Scripts menu, and click Bonus Material). Yours, Sakari - From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tech QnA Sent: 2. tammikuuta 2007 23:19 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] how to list permissions applied to a directory tree Happy New Year! How do I create a list of all permissions that are currently applied to a directory tree? I have to move a directory tree and change permissions to it and I want to ensure that I document all active permissions within this tree before I move it. Thanks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[ActiveDir] how to list permissions applied to a directory tree
Happy New Year! How do I create a list of all permissions that are currently applied to a directory tree? I have to move a directory tree and change permissions to it and I want to ensure that I document all active permissions within this tree before I move it. Thanks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[ActiveDir] Moving an AD 2003 Domain Controller to a new server
Are there any potential issues when moving a backup Domain Controller off of one server and onto a new server (both Windows 2003 at the same location)? I was going to build and promote the new server, transfer the FSMO roles from the old to the new DC and then demote the old server both in the same day. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [ActiveDir] problem with group and permission
It is a global security group. thanks in advance. roseta Quoting Ara Avvali <[EMAIL PROTECTED]>: > I am not quite sure but I guess your group has to be a security group. > > Ara Avvali > Boss Audio Systems > Phone: (805)988-0192 Ext 276 > Email: [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Sunday, November 13, 2005 8:36 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] problem with group and permission > > Hello, > > I have a problem with sharing. > I have a domain with AD and 2000 server and XP Clients. > I created a global group and put user a and b a member of this group. > I have created a share directory on a XP client and gave the read > permission to > this group. but the a and b user can not open this directory and get > the > access denied error. > If I give the permission seperately with a and b user. They can open the > directory without any problem. > Is there any reason why the group permission does not work but user > permission > works perfectly? > > > Thanks in advance > Roseta > > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] problem with group and permission
Hello, I have a problem with sharing. I have a domain with AD and 2000 server and XP Clients. I created a global group and put user a and b a member of this group. I have created a share directory on a XP client and gave the read permission to this group. but the a and b user can not open this directory and get the access denied error. If I give the permission seperately with a and b user. They can open the directory without any problem. Is there any reason why the group permission does not work but user permission works perfectly? Thanks in advance Roseta List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] audit problem
Hello If I set the audit for a drive. where should I see the logs? if any one access this drive on network with share permission does it have a record or not? what about terminal service? if one access a drive with terminal service will it have a record or not? thanks in advance. roseta List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] security problem
how can I take the ownership while I do not have the security tab any more because I have taken the control of C drive for every one. so There is no security tab is gone for every drive because the windows was installed on C drive. thanks in advance roseta Quoting Paul Williams <[EMAIL PROTECTED]>: > Logon as an administrator and take ownership of the drive. Then grant > adequate permissions again. > > Reinstalling Windows will obviously fix it, but is a drastic measure. > > > - Original Message - > From: <[EMAIL PROTECTED]> > To: > Sent: Sunday, October 16, 2005 5:43 PM > Subject: [ActiveDir] security problem > > > > Hello, > > > > I have done a mistake now need an advice. on my computer which i have > > windows > > 2000 server. I have unchecked the security of my C drive . the security > > for > > everybody was full control and I unchecked it so when it was applied I did > > > not > > have access to C drive. and then I shot down the computer then I could not > > restart it. now does installation of windows 2000 server again solves the > > problem or not? > > > > any advice or recommedation is appriciated. > > Thanks in advance > > roseta > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ: http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] security problem
Hello, I have done a mistake now need an advice. on my computer which i have windows 2000 server. I have unchecked the security of my C drive . the security for everybody was full control and I unchecked it so when it was applied I did not have access to C drive. and then I shot down the computer then I could not restart it. now does installation of windows 2000 server again solves the problem or not? any advice or recommedation is appriciated. Thanks in advance roseta List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] group policy adm files
I replaced the files I have downloaded from microsoft but no use. Do you know why? Is there any thing else I should do? Thanks roseta -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop Sent: Wednesday, June 01, 2005 10:24 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] group policy adm files Roseta .adm files are found in %systemroot%\inf Regards Peter List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] group policy adm files
Hello, I wanted to know where the template files (.adm) files of default domain group policy is in windows 2000 advance server. Can any one help? Yours truly, Roseta Radfar
RE: [ActiveDir] windows XP firewall problem
Hello Peter, Thanks for your help. The templates helped me to solve the issue , the installer problem is also solved now. Thanks for your help again. Roseta. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop Sent: Sunday, May 29, 2005 6:15 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] windows XP firewall problem Roseta The reason that you do not have some of the policies is probably because you do not have installed the lastest templates. You can download them from http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c- ad4a-bbf3802a5c9b&displaylang=en You should install the 'admFiles_WindowsXPSP2.msi' from this URL. I'm not sure the cause of the problem with Windows installer but you should be able to 'debug' the problem with the Group Policy Management Console (Group policy results). Download http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35- 9272-DD3CBFC81887&displaylang=en Hope this is helpful Regards Peter List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] windows XP firewall problem
Hello, I have searched Microsoft and found an article with Deploying windows firewall setting with group policy. But the problem is that I do not have some policies that are mentioned in the article. Like protect all network connections. So this policy is not there to disable it. so the user that logs in do not see dial up connections and can not make one. This is the first problem. I changed other options and the firewall is now off in domain mode. But there is still another problem. I have problem with windows installer. It is access denied and the user who logs into domain even administrator can not install a software!! Can you help me to fix the issue. Thanks in advance. Roseta. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dibs Sent: Thursday, May 26, 2005 11:40 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] windows XP firewall problem Your Firewall is getting activated thru some default GPO settings of domain. Turn it off from GPO. Hope you have an AD established in ur setup. Dibendoo Das --- tech <[EMAIL PROTECTED]> wrote: > Hello, > > > > I have got SP 2(2055) for my windows XP. It seems > that it has the new > firewall. at first the firewall options were > disabled and it was on and I > could not chang it. > > > > If I am disconnected from network I can change the > firewall setting. I did > turn it off then. > > but when I connect to my LAN again the firewall > would be disabled and also > would become on . > > > > Does any one know how can I make it off and use it > in LAN network? > > > > It is strange I can disconnect network. turn off the > firewall. then connect > to network and join my domain. and then it works > fine. but after 2 or 3 > hours , the firewall will turn on and would be > disable for > changing? > > > > > > Thanks in advance. > > Roseta > > > > > > > > > > > > > > > > __ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] windows XP firewall problem
Hello james, Thanks for your mail. Do you mean I should create a example.bat file and execute that file on the client for once? Is there any special reason why this happens? Well I am just curious to know it!? Thanks in advance roseta From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Thursday, May 26, 2005 10:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] windows XP firewall problem Roseta, The below batch file will turn the firewall off when connected to a domain or on in any other state: netsh firewall set opmode mode = disable profile = ""> netsh firewall set opmode mode = enable profile = ""> James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of tech Sent: Thursday, 26 May 2005 5:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] windows XP firewall problem Hello, I have got SP 2(2055) for my windows XP. It seems that it has the new firewall. at first the firewall options were disabled and it was on and I could not chang it. If I am disconnected from network I can change the firewall setting. I did turn it off then. but when I connect to my LAN again the firewall would be disabled and also would become on . Does any one know how can I make it off and use it in LAN network? It is strange I can disconnect network. turn off the firewall. then connect to network and join my domain. and then it works fine. but after 2 or 3 hours , the firewall will turn on and would be disable for changing? Thanks in advance. Roseta
RE: [ActiveDir] windows XP firewall problem
Hello james, Thanks for your mail. Do you mean I should create a example.bat file and execute that file on the client for once? Is there any special reason why this happens? Well I am just curious to know it!? Thanks in advance roseta From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Thursday, May 26, 2005 10:14 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] windows XP firewall problem Roseta, The below batch file will turn the firewall off when connected to a domain or on in any other state: netsh firewall set opmode mode = disable profile = ""> netsh firewall set opmode mode = enable profile = ""> James From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of tech Sent: Thursday, 26 May 2005 5:33 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] windows XP firewall problem Hello, I have got SP 2(2055) for my windows XP. It seems that it has the new firewall. at first the firewall options were disabled and it was on and I could not chang it. If I am disconnected from network I can change the firewall setting. I did turn it off then. but when I connect to my LAN again the firewall would be disabled and also would become on . Does any one know how can I make it off and use it in LAN network? It is strange I can disconnect network. turn off the firewall. then connect to network and join my domain. and then it works fine. but after 2 or 3 hours , the firewall will turn on and would be disable for changing? Thanks in advance. Roseta
[ActiveDir] windows XP firewall problem
Hello, I have got SP 2(2055) for my windows XP. It seems that it has the new firewall. at first the firewall options were disabled and it was on and I could not chang it. If I am disconnected from network I can change the firewall setting. I did turn it off then. but when I connect to my LAN again the firewall would be disabled and also would become on . Does any one know how can I make it off and use it in LAN network? It is strange I can disconnect network. turn off the firewall. then connect to network and join my domain. and then it works fine. but after 2 or 3 hours , the firewall will turn on and would be disable for changing? Thanks in advance. Roseta
[ActiveDir] OT ( is this a virus problem or hardware problem)
Hello, In our LAN network, in a one week, one graphic card was completely out of order. The other one property changes completely .The resolution goes to the lowest and the color goes to a 4 bit (which is new in the list). I removed the driver and installed it again. It was working then properly. Now other computer has problem with graphic card and suddenly it hangs and screen goes blush and the boards start beeping. If I restart the computer it will be ok. Is there any virus that works around graphic card, maybe causing this? Or there is no related thing. But why is changing configuration suddenly when working? Thanks in advance. Roseta
RE: [ActiveDir] Domain Controller Removed - but it's still there...
You can use ntdsutil command from command prompt to clean it. I have worked with it several time and there would be no problem. This article about working with ntdsutil for this subject can help you. http://support.microsoft.com/default.aspx?scid=kb;en-us;216498 hope this helps roseta. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Friday, December 17, 2004 10:29 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Domain Controller Removed - but it's still there... I meant ADSI.MMC. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Friday, December 17, 2004 1:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Domain Controller Removed - but it's still there... Residue of old server still exist in AD. Use ADSI.MSC to clean it up. Z.V. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John R. Tomawski Sent: Friday, December 17, 2004 1:46 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Domain Controller Removed - but it's still there... Here’s what hopefully is a simple question. I am receiving errors in the system log reporting replication failures from a domain controller. I realize this is probably a question for the AD lists, but I’ll try anyways. “The File Replication Service is having trouble enabling replication from Backup-DC to Primary-DC for c:\winnt\sysvol\domain using the DNS name Backup-DC.DOMAIN.com. FRS will keep retrying.” Note, the names have been substituted. My problem is, this Backup-DC was removed before I started working at that job site (It’s not physically there anymore), so there’s no way to “join” it and “unjoin” it. Is there another way to remove it? Thanks, John R. Tomawski Network Administrator
Re: [ActiveDir] OT (is this a virus or a hardware problem maybe?)
Quoting Lucia Washaya <[EMAIL PROTECTED]>: Dear Lucia first of all I had installed their patch before. secondly this is 2000 server and these viruses do not reboot on 2000 server. I can not even start in safe mode, thanks roseta > Roseta > > Sasser and Blaster cause the system to reboot. Download the fix for these > two and the patch for them. If you do not apply the patch the machine will > become reinfected. > > I hope this helps > > > Regards, > Lucia Washaya > Tel: 5497 > > > > = > > The cobra will bite whether you call it Cobra or Mr. Cobra. > > = > > > > "tech" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 12/09/2004 01:42 PM > Please respond to > [EMAIL PROTECTED] > > > To > <[EMAIL PROTECTED]> > cc > <[EMAIL PROTECTED]> > Subject > [ActiveDir] OT (is this a virus or a hardware problem maybe?) > > > > > > > Dear Friends, > > I have a computer which has windows 2000 server installed. But it restarts > after startup process. Is this like a virus or hardware problem? > I could not login even in safe mode and it restarts? Do you know any virus > that does this? > > Thanks in advance. > roseta > This message was sent using IMP, the Internet Messaging Program. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] OT (is this a virus or a hardware problem maybe?)
Dear Friends, I have a computer which has windows 2000 server installed. But it restarts after startup process. Is this like a virus or hardware problem? I could not login even in safe mode and it restarts? Do you know any virus that does this? Thanks in advance. roseta
[ActiveDir] Exchange 2K3 Private Information Store Disappeared
Okay, here's the scenario: Exchange Server 2003 (upgraded in June from 2K w/current SPs) has, over the past two weeks, begun allowing users to open other users mailboxes. Up until now, it was "secure" in that people had to assign delegates, but now it's pretty much wide open. Additionally, the Private Information Store shows *none* of the user logons or mailboxes. Two user mailboxes won't open ("Cannot be found / Does not exist" errors opening with Outlook). But .. all other users can open their mailboxes, send & receive mail, use the global address book, and do pretty much anything they normally do with e-mail. From Active Directory Users & Computers, we cannot add email accounts, nor can we make changes to existing users' Mailbox Rights from the Exchange Advanced tab within User Properties. Clicking the Mailbox Right button returns "There is no such object on the server. Facility: Win32 ID no: c0072030 Microsoft Active Directory - Exchange Extension. As it stands, we're thinking there's little time left before this self-destructs. Things came to a halt yesterday afternoon, and after several hours of getting no answers from Microsoft, our Network Admin found that the Exchange Connector in AD Sites & Services wasn't working, deleted & re-created it, then restarted the three Global Catalog Servers, which got mail back up and limping along. Any ideas? Monte Barnett Network Specialist Burlington-Edison School District 491 N. Burlington Blvd Burlington, WA 98233 (360) 757-3344 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disable IE via GPO
Rick, Please send one my way. Thanks, Monte -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 16, 2002 10:17 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disable IE via GPO John, Interesting that you even mention this. I have a reg file that sets the zones on IE via directly modding the registry in just this manner. We've got about 25k seats of Inbound/Outbound 'Out-sourced marketers' (yeah, I can even put lipstick on a pig like Telemarketing!) and we have to lock them down to ONLY what we want them to do. If anyone wants a copy o it, let me know. I'll shoot it off to you... List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Moving/Copying Users To A New Domain
Greetings! OK, here's the story: Like a few other folks, we've just discovered that our backups (using BackupExec) did NOT have the Active Directory info backed up properly. The previous DC is toast, and restoring to either the old hardware config or a new hardware config has been nothing short of a lesson in futility. The other server in the domain, even after seizing control, will not behave as the new "PDC". After numerous errors trying to reestablish a necessary trust with "Domain A", we successfully removed the trust from "Domain A", but any attempts to remove it from the problem domain ("Domain B") returns an Active Directory dialog box with the error "The specified user does not exist". We've been fighting to reconstruct things for three days now and we've pretty well decided to just move on. We have the users' data directories & files, and have a new "Domain C" already set up and trusted with "Domain A". So, here's what we'd *like* to do: Since we can still see all of the old users in "Domain B", we need to know if there is a way to copy the user accounts to "Domain C". If there *is* some way to do that, it'd certainly be easier than spending the next several days running batch files & scripts to create the old users in the new domain, then setting up sharing & permissions on 1200+ directories on the data drive. Is this even possible, or are we simply going to have to roll up our sleeves and do it "long hand"? Thanks, Monte Barnett Network Tech Burlington-Edison School District Burlington, WA 98233 (360) 757-3344 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Default Replication Time
Is there a way to change the default replication time in active directory from the set four hours to less. thanks Asher Cohen Technology Manager Burlington-Edison SD