|
Let’s just say I don’t kiss butt…..
;o) -rtk From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe LOL. I loved that commercial. So Rick which monkey were you? The old
grey hair enjoying the gluteal attention or the younger one giving the
attention? :o) Sorry for the relative silence. Been
pretty buried helping a customer try to work out various issues with weird
attributes in AD in relation to Exchange. Trying to chase down where they are
coming from and what is setting them. I am slowly starting to learn about EDM
now and attributes it is setting and how it is setting them. Oh yeah, also putting finishing touches on
ADFIND V01.26.00... I had to fix it for something in K3 SP1 and I wanted a few
features for something else so I added them in. One that people may like allows
them to get the owner of objects easily. It will output as a regular attribute
or I worked out a way to output a DN;owner format. F:\DEV\cpp\AdFind>adfind
-default -s one -ownercsv AdFind
V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) February 2005
Another fun thing is finding all unique
security principals that "own" an AD object. F:\Dev\CPP\AdFind>adfind
-h 2k3dc01 -gc -b -f * -owneronly -nodn -nolabel -q |unique joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Yeah – I agree with Darren on this
one. Picture the Yeknom Inc. (CareerBuilder.Com) commercials that aired
during the Super Bowl. Picture a gray-haired Monkey standing in his
chair, and a younger chimp kissing his butt. Yep – American Capitalism at its
finest. -rtk From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia I agree with Joe here (it happens
sometimes). Leave the DDP alone for this kind of stuff, esp. if it is also
the GPO you use to manage domain account policy. I don't have any problem with
you linking the GPO at the domain if it truly applies to almost all users in
the domain, esp. if the alternative is having to link the same GPO all over the
place to get full coverage anyway. Just put it in a different GPO than the DDP
and use a Deny Apply Group Policy ACE for your CEO (or better yet a
group containing your CEO). And, as to why the CEO shouldn't be
subject to the same policy as everyone else, its called American Capitalism
:-). Since when was a CEO subject to the same anything as the rest of the
employees? From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe If you have any intention of excluding
your CEO or anyone else from any other policies you should probably better
scope your GPOs. Don't make the changes in the domain policy, in fact I rarely
recommend anyone change things in that policy except for the things that they absolutely
have to. Put the policies down on the OU(s) where the users/computers are. Then
place the users and computers in the OU specific to the policy they should
have. BTW, why shouldn't the CEO have a machine
configured like everyone else? joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason B In this example, I want to exclude our CEO from having a
forced IE start page through GPO, while the remainder of our domain keeps a
forced homepage. Is the best way to go about this, to write a WMI filter
to exclude that specific user, or is there some better way to do it, as we have
this set in our Default Domain Policy? If so, can anyone point me to a good tutorial for writing
such a WMI script? Thanks. |
