Hi,
What is the meaning of this event, Does it means that MSGINA was trying
to login into that machine where the event was found?
I was connected to an XP pro using remote desktop and all the sudden it
kicked me out saying someone else connected to it, how do I find out
who was it?
Thanks
A
PROTECTED] On Behalf Of Ramon Linan
Sent: Friday, December 01, 2006 12:31 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] security
Hi,
What is the meaning of this event, Does it means that MSGINA was trying
to login into that machine where the event was found?
I was connected to an XP pro
Even with smaller organizations, are the IT people the ones who should
be saying who needs to have access to the CFOs information or should it
be the CFO? Just to be honest, there are a lot of areas within a
company that the IT people aren't qualified enough to even hazard a
guess as to who should
I don't usually think of these as security-enabled distribution lists, but as mail-enabled security groups that users can manage in the same manner as they do distribution lists. When you think of them that way, it's not quite so painfully stupid.
Don't get me wrong, turning all your DLs into
You do make a strong argument, but I'm not sold. The part I can't get past is that the users have the control over adding a sec-prin to be able to pull the data. Vs. pushing the protected data via email. The subtlety is important in my opinion.
The only issue I have with the convenience of adding
I can understand your arguments, but the larger the organization, the more likelihood that the groups are controlled by users (in one way or another) anyway. When you've got 100k groups, you have someone listed as a group owner or someone authorized to approve new members of the group and the only
Thanks for the doc, Jorge; I'd missed that in my searches. And my initial reaction was not only no, but hell no! to the request. But when I examine it logically it's harder to reject out of hand. A little while ago, we did change the default for new DL group requests to be security enabled.
And
Assume. Hmm.. That's been over done so I'll pass this time :)Harvey, I just replied to a similar thread on this with my thoughts. I won't bore you with repetition. But I'm curious what makes you want to assume anything when it comes to security issues like this? I think it's way to
From: [EMAIL PROTECTED] on behalf of Harvey Kamangwitz
Sent: Sat 2006-10-21 01:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security-enable all your distribution lists?
Hi all,
I'm interested in your opinion here, and perhaps a heads-up on requirements
My first reaction is, NOOO don't do that. That's silly. I absolutely abhor the concept of convenience to this level when it comes to access to secured resources. Saying that, DG's are often created by default as a security group. I'd actually be surprised, and I would applaud the person
Hi all,
I'm interested in your opinion here, and perhaps a heads-up on requirements that may be coming your way.
We have a request from the sharepoint team to security-enable all of our 18,000 distribution lists. Our concern, naturally, is token size. What will this do to Joe User's access
] On Behalf Of Steve Linehan
Sent: Tuesday, October 18, 2005 8:59 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Security Log file size not reaching the maximum
log file size
And just so you do not think I am making this up here is the public
reference that documents it:
http
We recently increased our auditing and
set the security log file size to 1G, but the security log over-writes
at about 409MBs; thus never reaching the 1G security log file size.
Windows 2003 Domain Controllers
Anyone with any ideas ?
Is the local setting perhaps being overwritten by a Group
Policy setting? Just a thought.
Tony
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, 19 October 2005 2:54
p.m.To: ActiveDir@mail.activedir.orgSubject: [ActiveDir]
Security Log file
log so that it can be automatically archived.
Thanks,
-Steve
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, October 18, 2005
8:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Log
file size not reaching the maximum
Have you cleared (archived) the logs since
the new settings???
Dan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, October 18, 2005
6:54 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Log
file size
:[EMAIL PROTECTED] On Behalf Of Steve
Linehan
Sent: Tuesday, October 18, 2005
10:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Security
Log file size not reaching the maximum log file size
This problem is described in http://support.microsoft.com/default.aspx?scid=kb;en-us;312571
PM
Subject: [ActiveDir] security problem
Hello,
I have done a mistake now need an advice. on my computer which i have
windows
2000 server. I have unchecked the security of my C drive . the security
for
everybody was full control and I unchecked it so when it was applied I did
not
have access
, 2005 5:43 PM
Subject: [ActiveDir] security problem
Hello,
I have done a mistake now need an advice. on my computer which i have
windows
2000 server. I have unchecked the security of my C drive . the security
for
everybody was full control and I unchecked it so when it was applied
Hi all
I'm having an issue with ONE of my DC's (Win2003) not applying a group
policy object.
in the event viewer of the DC's i'm getting this errors after every 5 min
Event id: 1202
Security policies were propagated with warning.
0x4b8 : An extended error has occurred.
When I
you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Sudhir Kaushal
Sent: Tue 9/13/2005 5:10 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Group Policy Not Applying
Hi all
I'm having an issue with ONE of my DC's
.
deji
@readymaids.com
Sent by: ActiveDir-owner
09/13/2005 06:00 PM
Please respond to ActiveDir
To:
ActiveDir@mail.activedir.org
cc:
Subject:
RE: [ActiveDir] Security Group Policy
Not Applying
http://www.eventid.net
ail.activedir.org
Subject
RE: [ActiveDir] Security Group
09/13/2005 07:39 Policy Not Applying
: RE: [ActiveDir] Security Group Policy Not Applying
It sounds like a restricted groups policy being attempted wrong.But, from
what I've seen, it won't even let you try that.
John
Sudhir Kaushal
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir Kaushal
Sent: Tuesday, September 13, 2005
8:10 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security
Group Policy Not Applying
Hi all
I'm having an issue with ONE of my DC's (Win2003) not applying a group
cc:
Subject:
RE: [ActiveDir] Security Group Policy
Not Applying
Unless you are entering the group as free text (i.e.
just typing it in). Couple of points here. Using restricted group policy
on DCs to control domain group membership is bad news. I would simply avoid
@CSC
Sent by: ActiveDir-owner
09/14/2005 10:36 AM
Please respond to ActiveDir
To:
ActiveDir@mail.activedir.org
cc:
Subject:
RE: [ActiveDir] Security Group Policy
Not Applying
Hi All,
Thanks to everyone for guiding me to the solution. It was because
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christine Allen
Sent: Friday, July 29, 2005 10:24 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Groups vs. Distribution Groups
We are running 2000 AD. I have two groups named the same. One group
We are running 2000 AD. I have two groups named the same. One group is a
security group and one is a distribution. They are in different OU's. Can
having a Management security group cause some type of issue with a Management
Distribution group in ad? The Management distirbution group
@mail.activedir.org
Subject: [ActiveDir] Security Groups vs. Distribution Groups
We are running 2000 AD. I have two groups named the same. One group is a
security group and one is a distribution. They are in different OU's. Can
having a Management security group cause some type of issue
it will become active
Cheers
#JORGE#
From: [EMAIL PROTECTED] on behalf of Christine Allen
Sent: Fri 7/29/2005 4:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Security Groups vs. Distribution Groups
We are running 2000 AD. I have two groups named
, June 09, 2005 10:26 AM
To: 'Rimmerman, Russ '; Jorge de Almeida Pinto; 'Robert Williams (RRE) ';
'ActiveDir@mail.activedir.org '
Subject: RE: [ActiveDir] Security permissions on user object
I think the krbtgt account will also be listed.
To get all objects (users and groups) with admincount =1
designate which default MS admin groups are protected groups and thus
managed by the adminsdholder object
Cheers
#JORGE#
-Original Message-
From: [EMAIL PROTECTED]
To: Rimmerman, Russ; ActiveDir@mail.activedir.org
Sent: 6/9/2005 5:52 AM
Subject: RE: [ActiveDir] Security permissions
?
From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED]
Sent: Thu 6/9/2005 2:41 AM
To: 'Robert Williams (RRE) '; '[EMAIL PROTECTED] '; Rimmerman, Russ;
'ActiveDir@mail.activedir.org '
Subject: RE: [ActiveDir] Security permissions on user object
If you look at MS-KBQ817433
@mail.activedir.org
Subject: RE: [ActiveDir] Security permissions on user object
In fact, yes it will, Russ.
Looking back at the thread, I don't see any discussion about HOW these users
came to have the admincount attribute set to 1. Do you have a root cause?
The reason that I ask is because
Subject: RE: [ActiveDir] Security permissions on user object
In fact, yes it will, Russ.
Looking back at the thread, I don't see any discussion about HOW these
users came to have the admincount attribute set to 1. Do you have a
root cause?
The reason that I ask is because I've dealt
FSMO resets all accounts that you
did not want to change
#JORGE#
-Original Message-
From: Rimmerman, Russ
To: Jorge de Almeida Pinto; Robert Williams (RRE) ;
ActiveDir@mail.activedir.org
Sent: 6/9/2005 12:53 PM
Subject: RE: [ActiveDir] Security permissions on user object
But is it safe
Subject: RE: [ActiveDir] Security permissions on user object
OK this is odd, I changed admincount to 0 and an hour later it was
changed back to 1. How frustrating. What gives?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday
We
migrated all our users from an NT4 domain to our AD domain. Anyone who was
in "Domain Admins" on our NT4 domain got migrated into "Domain Admins" on our AD
domain. We took them out of Domain Admins on our AD domain, but their
accounts are inheriting the permissions like a normal user
=kb;en-us;318180
http://support.microsoft.com/default.aspx?scid=kb;en-us;817433
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
RussSent: Wednesday, June 08, 2005 12:26 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Security permissions
on user object
We
Response Engineer
Northeast Region
MicrosoftCorporation
Global Solutions Support Center
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob
Sent: Wednesday, June 08, 2005
4:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Security
permissions on user
@mail.activedir.org
Subject: RE: [ActiveDir] Security permissions on user object
It ssounds like it's the adminSDHolder behavior that's getting you. Are the
users members of any of the other protected groups? It varies across versions,
IIRC 2003 added more groups. The articles below should help
Northeast Region
MicrosoftCorporation
Global Solutions Support Center
From: Rimmerman, Russ
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 08, 2005
8:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Security
permissions on user object
OK looks like ya'll
] On Behalf Of Rimmerman, Russ
Sent: Wednesday, June 08, 2005 9:52 PM
To: Robert Williams (RRE); ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Security permissions on user object
Can I just use ADSIEDIT and go to individual users and set the admincount to
0? Will that stick? If that works, I
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 08, 2005 10:52 PM
To: Robert Williams (RRE); ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Security permissions on user object
Can I just use ADSIEDIT and go to individual users and set the
admincount to 0? Will that stick? If that works, I
ail.activedir.org
Subject
RE: [ActiveDir] Security settings
05/27/2005 04:12 not Inheriting
All,
I am attempting to delegate full control of one OU to a particular
group of Admins. I have run the Delegation Wizard, selected the group,
customized a task to delegate permissions to the folder, all existing
objects in the folder and the creation of new objects and then selected
PROTECTED]
Sent: Saturday, 28 May 2005 7:52 a.m.
To: activedir@mail.activedir.org
Subject: [ActiveDir] Security settings not Inheriting
All,
I am attempting to delegate full control of one OU to a particular
group of Admins. I have run the Delegation Wizard, selected the group,
customized
Sent: 10 June 2004 18:51
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Security
I need to know when the Domain Admin Group has a user added to it or at
least have that operation audited, is there anyway to perform this with
GPO
or something built into win2k server.
Thanks,
Aaron Visser
List info
:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Security
How does this one relate specifically to restricted groups? This applies to
a whole slew of items.. the worst offender IMO being a hub and spoke topo
with file system permissions being pushed down to sysvol or dfs link\root
which
: Friday, June 11, 2004 5:12 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security
sure:
1. replication of changes and applying the GPO will cause undesireable
results at times.
2. the AdminSDholder process of the domain controlls the sensitive groups
in AD (e.g. Domain Enterprise Schema Admin
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 21, 2004 2:55 PM
Subject: RE: [ActiveDir] Security
Guido's #1 can be a nightmare. Say you have a single DC that isn't playing
well with the FRS replication topology and you go to change the restricted
group you will get this great
/advanced_group_search) you'll find
some sample vbscript to grab the USN.
Hunter
-Original Message-
From: Aaron Visser [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 10:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Security
More Details
Win2k Servers 1 Root Server with another one
: [ActiveDir] Security
Sounds like the rebuild is a good thing, given the little angels' propensity
to do things they shouldn't.
The approach I'd take is to monitor the update sequence number on the Domain
Admins, Schema Admins, and Enterprise Admins groups. If the USN changes on
any of the groups, then you
]
Sent: Thursday, June 10, 2004 9:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Security
More Details
Win2k Servers 1 Root Server with another one for redundancy, 1 ISA Server, 1
Server for Teacher Data, 1 Server for Student Data
Win2003 Servers 1 for Office Staff
And the fun begins,
Well
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Friday, June 11, 2004 2:12 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security
sure:
1. replication of changes and applying the GPO will cause undesireable
results at times.
2. the AdminSDholder process of the domain
I need to know when the Domain Admin Group has a user added to it or at
least have that operation audited, is there anyway to perform this with GPO
or something built into win2k server.
Thanks,
Aaron Visser
List info : http://www.activedir.org/mail_list.htm
List FAQ:
, 2004 9:51 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Security
I need to know when the Domain Admin Group has a user added to it or at
least have that operation audited, is there anyway to perform this with
GPO
or something built into win2k server.
Thanks,
Aaron Visser
List info : http
: [ActiveDir] Security
I need to know when the Domain Admin Group has a user added to it or at
least have that operation audited, is there anyway to perform this with
GPO
or something built into win2k server.
Thanks,
Aaron Visser
List info : http://www.activedir.org/mail_list.htm
List FAQ: http
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Passo, Larry
Sent: Donnerstag, 10. Juni 2004 19:38
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security
If you want to make sure that no one is added to the group you could
make the group a Restricted Group via a GPO.
If you want to know
I'm curious, do you have any more details?
-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 2:47 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security
don't use the Restricted Groups feature on domain groups, especially
domain
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security
I'm curious, do you have any more details?
-Original Message-
From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 2:47 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security
don't use
Hi,
I want to run AD behind a firewall.Can someone please suggest what
ports should I leave open so that all the clients to my AD can access it
successfully?
Any help would be greatly appreciated.
Thanks and regards,
Gagnesh
List info : http://www.activedir.org/mail_list.htm
List FAQ
2:24 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Security and AD
Hi,
I want to run AD behind a firewall.Can someone please suggest what
ports should I leave open so that all the clients to my AD can access it
successfully?
Any help would be greatly appreciated.
Thanks and regards
I also wrote a lot of things many years ago ;-) I'd still have a closer
look at MACS today...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of stefano tufillaro
Sent: Dienstag, 16. März 2004 20:37
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO
(HP-Germany,ex1)
Sent: Wednesday, March 17, 2004 2:06 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security event log audits
I also wrote a lot of things many years ago ;-) I'd still have a closer
look at MACS today
Has anyone had success putting together something home-grown
to centralize security event logs into a sql database? If so, I wanted to get
some tips on how the tables should be set up can all events that are
captured in the security log be placed in the same table, or do different
events
:
[EMAIL PROTECTED]Subject: [ActiveDir] security event log
audits
Has anyone had success putting
together something home-grown to centralize security event logs into a sql
database? If so, I wanted to get some tips on how the tables should be set up -
can all events that are captured
AhhhI forgot about that coming.
Thanks Guido!
mc
-Original Message-
From: GRILLENMEIER,GUIDO
(HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 1:40
PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security
event log audits
MACS (MS Audit
Will this work for Win2k servers also?
Mike
From: GRILLENMEIER,GUIDO (HP-Germany,ex1)
[mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 1:40
PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir]
security event log audits
MACS (MS Audit Collector System) will do all of that for
you
PROTECTED]'
Subject: RE: [ActiveDir] security event log audits
Will this work for Win2k servers also?
Mike
From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 1:40 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security event log audits
MACS (MS Audit
reports (Crystal, Html,
PDF etc.) and also send script as soon as a program to modify the system
from remote location.
From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security event log audits
Date: Tue, 16
Hi,
Are there any security concerns or issues with creating a secondary DNS zone and doing
Zone transfer? If you have a root Windows 2000 domain in a different country and
want to create a secondary zone for the root domain in the US, what are the security
issues associated with the
]
Sent by: cc:
[EMAIL PROTECTED]Subject: [ActiveDir] Security Concerns
With Creating a Secondary DNS Zone
tivedir.org
/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 11:49 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Security Concerns With Creating a
Secondary DNS Zone
I would ask them there reasons
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 24 September 2003 16:15
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Security Logs
This is my first posting so please be gentle.
We have an empty root then a single domain under the empty root. We
have separate
.
Cheers!
John Reijnders
MCSE Windows Server 2003
-Original Message-
From: Joe
To: [EMAIL PROTECTED]
Sent: 25-9-2003 3:36
Subject: RE: [ActiveDir] Security Logs
The only way to give out the ability to non-admins to read the security
log
in Windows NT or Windows 2000 is to grant
This is my first posting so please be gentle.
We have an empty root then a single domain under the empty root. We have
separate companies that have their own ou within this domain. One of the
companies is requesting access to the Security log on the domain
controllers so that they can see why
using
dumpel.exe and maybe some regex scripting to do what you need.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2003 8:15 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Security Logs
This is my
The only way to give out the ability to non-admins to read the security log
in Windows NT or Windows 2000 is to grant the Manage auditing and security
logs security user right. You DO NOT want to do this as it gives the user
the ability to both clear the security log as well as write security
Message -
From: Free, Bob [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 6:00 PM
Subject: RE: [ActiveDir] security templates
very keen to leverage the templates for baselining DC
security and configuration distributed with the MS security
operations guide
/default.asp?url=/technet/security/prodtech/windows/secwin2k/default.asp
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 3:53 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security templates
Thanks, Bob! ;-)
Rick Kingslan MCSE, MCSA, MCT
/treeview/default.asp?url=/technet/security/
prodtech/windows/secwin2k/default.asp
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 3:53 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security templates
Thanks, Bob! ;-)
Rick Kingslan
: Rick Kingslan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 11:52 PM
Subject: RE: [ActiveDir] security templates
Thanks, Bob! ;-)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
??
Thanks for you help
GT
- Original Message -
From: Rick Kingslan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 18, 2003 11:52 PM
Subject: RE: [ActiveDir] security templates
Thanks, Bob! ;-)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
- Original Message -
From: Rick Kingslan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 23, 2003 4:11 PM
Subject: RE: [ActiveDir] security templates
Graham,
If there are versions of the templates that have been made available
since those initial ones, I'm unaware of them
/23/2003 10:11 AM
Subject: RE: [ActiveDir] security templates
Graham,
If there are versions of the templates that have been made available
since those initial ones, I'm unaware of them.
As to the SIDs, as I recall, you're correct - they are well-known
principals, users and groups both. I've seen
yeh, a blatant bit of oneupmanship to us mere mortals
- Original Message -
From: Thommes, Michael M. [EMAIL PROTECTED]
To: 'Rick Kingslan ' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, February 23, 2003 5:42 PM
Subject: RE: [ActiveDir] security templates
Hi Rick
]] On Behalf Of Graham Turner
Sent: Tuesday, February 18, 2003 3:08 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] security templates
very keen to leverage the templates for baselining DC
security and configuration distributed with the MS security
operations guide,
it would seem
: [ActiveDir] security templates
Graham,
Though I don't have a link to them in front of me at the moment, as you
might recall, Microsoft submitted for and passed the Common Criteria.
Microsoft (via SAIC) published a configuration and an administration
guide that is a bit more current with templates
:26 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security templates
Funny, I was just looking at those :-]
http://www.microsoft.com/technet/treeview/default.asp?url=/tec
hnet/security/issues/W2kCCSCG/W2kSCGcf.asp
-Original Message-
From: Rick Kingslan [mailto:[EMAIL
: [ActiveDir] Security
Priv over Services on a DC
What/Where would I
adjust the security to allow a group to start/stop services on a
DC?
Obviously, I would
only do this for certain services, since this group will not have DA level
access.
John Hann
BancorpSouth
Title: Message
What/Where would I
adjust the security to allow a group to start/stop services on a
DC?
Obviously, I would
only do this for certain services, since this group will not have DA level
access.
John Hann
BancorpSouth
662.678.7179
: [ActiveDir] Security Tab on
User Object - Allow inheritable Permissions
On the Security
Tab at the bottom is a check box: All inheritable Permissions from parent to
propagate to this object.
Is this an ACL or
property? I have some user objects that do not have this checked and I
In building our new Active Directory structure Im
planning on deploying our forest with two domains, the root domain being a security
domain, with no users (except a couple MIS people for administration), but with
a number of our servers, and a second domain on the tree for users and
-To: [EMAIL PROTECTED]
Date: Tue, 24 Sep 2002 17:17:25 -0400
You have been trying to set file system permissions via a template?
-Original Message-
From: marija efnuseva [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 3:42 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security
)
Administrators - FC
System - FC
%username% - FC (or Change, if you don't want them to delete their profile
directory)
-Original Message-
From: marija efnuseva [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 7:02 AM
To: ActiveDirLista
Subject: [ActiveDir] Security Templates
You have been trying to set file system permissions via a template?
-Original Message-
From: marija efnuseva [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 3:42 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Security Templates
Thanks, I'll try that. Actually I have
Does anyone know of some good security books that
really going to practical stuff on security templates, auditing and other
security stuff?? Thx, Joe
99 matches
Mail list logo