Re: [ActiveDir] ADAM on XP Pro

[[EMAIL PROTECTED]]

Hi Tony,

I would think the only security risk with doing this is that if a laptop
is stolen, the entire contents of the directory, rather than just this
user's credentials, could be compromised.

In today's regulatory environment, where full disclosure of compromises,
including theft of data-laden hardware or media, is often legally
mandated, this could be disastrous.  Obviously, I could be over-reaching
here - I don't know anything about the organization and therefore about
relevant legislation, but you should think about that possibility,
if for no other reason than to assure yourself that it does not apply.

The operational impact of replicating ADAM all over the place is
that you're dropping a large-ish piece of software on many workstations,
and they don't really need it.  There may also be more replication
traffic and load on the central server than you might want.

A simpler solution, I would think, would be for this app to cache
on disk an encrypted copy of the current user's LDAP object whenever
the user successfully authenticates to the central ADAM.  If the user
wants to use the app offline, the app would detect the fact that the
hardware it's on happens to be offline at startup (that's easy to do),
and authenticate the user against the disk image of the last user object.

In case your vendor doesn't know how to tell whether a machine is online
-- give them this C++ code snippet to get them started:

  // get the list of interfaces
  rcode = WSAIoctl( s, SIO_GET_INTERFACE_LIST,
NULL, 0,
(LPVOID) iInfo, sizeof(INTERFACE_INFO) * MAX_INTERFACES,
&numBytes, NULL, NULL );

This approach is roughly how cached credentials in Windows allow users
to sign onto their laptops with domain credentials while disconnected.

Bottom line: this method is pretty simple, doesn't require any special
software running on the PC, and limits the impact of a theft or compromise
of the user's workstation.

Good luck,

--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com


Please visit M-Tech at the Gartner Symposium ITxpo:
  At the WDW Dolphin Hotel near Orlando, FL, October 8-13, Booth #1428
http://www.gartner.com/it/sym/2006_/sym16/sym16_home.jsp



 The information in this email is confidential and may be legally
 privileged.  It is intended solely for the addressee.  Access to this
 email by anyone else is unauthorized.  If you are not the intended
 recipient, any disclosure, copying, distribution or any action taken or
 omitted to be taken in reliance on it, is prohibited and may be unlawful.


On Wed, 4 Oct 2006, Tony Murray wrote:


I've been talking to a vendor about an application they are developing.
It involves running ADAM instances on XP Pro machines (laptops) that
replicate with a centralised ADAM instance running on W2K3.  I don't have
further details at this stage, but I believe the they are planning to use
the local ADAM instance to authenticate laptop users to an application
when they are off-line.

In addition to security concerns with this approach, I'm
not really comfortable with the idea of ADAM instances on
laptops being part of a configuration set.  I had always
understool ADAM on XP to be used for a personal data store
(http://technet2.microsoft.com/WindowsServer/en/library/29fb059e-544c-4577-bf7c-ba4b08df48431033.mspx?mfr=true).

Any thoughts on this?

Tony





Sent via the WebMail system at mail.activedir.org




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] ADAM on XP Pro

[Tony Murray]

Thanks Dmitri

Yes, my security concern was with regard to laptop theft.  As you say, these 
are ADAM and not AD accounts, so the risk of compromise is localised to the 
application.  Good tip about EFS (even if I'm not a big fan of it generally).  
There may be other options (e.g. hardware encryption).

I will give some further thought to the potential replication issues you 
mention when I know more about the application - I haven't managed to get my 
hands on it yet :-)

Tony
-- Original Message --
From: Dmitri Gavrilov <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
Date:  Wed, 4 Oct 2006 20:18:28 -0700

ADAM on XP is no different from ADAM on w2k3 security-wise. The big
differences are that it is throttled somewhat perf-wise, and also
there's no auditing.

I do not see any serious security problems with this approach. Unless
you are thinking that somebody steals the laptop, cracks the DIT open
and brute-forces the pwd hashes? Store the DIT on an EFS volume then. In
any case, these are ADAM users, not windows...

The only problem will be replication -- instances will complain that
they are unable to replicate when in offline mode. Perhaps this can be
resolved by creating a separate site for every instance and setting up
manual links to the hub instance. Hmm. Not sure. I guess it depends on
how long they'll stay offline. KCC is not really optimized to work well
in such scenarios.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Wednesday, October 04, 2006 7:34 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADAM on XP Pro

I've been talking to a vendor about an application they are developing.
It involves running ADAM instances on XP Pro machines (laptops) that
replicate with a centralised ADAM instance running on W2K3.  I don't
have further details at this stage, but I believe the they are planning
to use the local ADAM instance to authenticate laptop users to an
application when they are off-line.

In addition to security concerns with this approach, I'm not really
comfortable with the idea of ADAM instances on laptops being part of a
configuration set.  I had always understool ADAM on XP to be used for a
personal data store
(http://technet2.microsoft.com/WindowsServer/en/library/29fb059e-544c-45
77-bf7c-ba4b08df48431033.mspx?mfr=true).

Any thoughts on this?

Tony 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] ADAM on XP Pro

[Dmitri Gavrilov]

ADAM on XP is no different from ADAM on w2k3 security-wise. The big
differences are that it is throttled somewhat perf-wise, and also
there's no auditing.

I do not see any serious security problems with this approach. Unless
you are thinking that somebody steals the laptop, cracks the DIT open
and brute-forces the pwd hashes? Store the DIT on an EFS volume then. In
any case, these are ADAM users, not windows...

The only problem will be replication -- instances will complain that
they are unable to replicate when in offline mode. Perhaps this can be
resolved by creating a separate site for every instance and setting up
manual links to the hub instance. Hmm. Not sure. I guess it depends on
how long they'll stay offline. KCC is not really optimized to work well
in such scenarios.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Wednesday, October 04, 2006 7:34 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] ADAM on XP Pro

I've been talking to a vendor about an application they are developing.
It involves running ADAM instances on XP Pro machines (laptops) that
replicate with a centralised ADAM instance running on W2K3.  I don't
have further details at this stage, but I believe the they are planning
to use the local ADAM instance to authenticate laptop users to an
application when they are off-line.

In addition to security concerns with this approach, I'm not really
comfortable with the idea of ADAM instances on laptops being part of a
configuration set.  I had always understool ADAM on XP to be used for a
personal data store
(http://technet2.microsoft.com/WindowsServer/en/library/29fb059e-544c-45
77-bf7c-ba4b08df48431033.mspx?mfr=true).

Any thoughts on this?

Tony 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: [ActiveDir] ADAM on XP Pro

[Jeremy Saunders]

Hi Tony,

I agree with your concern. I don't want to go off topic, or push someone
elses product, but Citrix Password Manager will do this, and provide
complete security. It can run in disconnected mode and does not need a
Citrix server in-place for it to work. I'm sure there are other solutions
out there too, but if it's just authentication they need, then this is the
one I would recommend if you wanted a software based solution. A product
like Citrix Password Manager can add a lot more value too. Whereas this
ADAM application they are developing sounds like a considerable amount of
development for just one purpose. That usually means big bucks.

Cheers.

 Kind regards,

 Jeremy Saunders
 Senior Technical Specialist

 Infrastructure Technology Services
 (ITS) & Cerulean
 Global Technology Services (GTS)
 IBM Australia
 Level 2, 1060 Hay Street
 West Perth  WA  6005

 Visit us at
 http://www.ibm.com/services/au/its

 P:  +61 8 9261 8412F:  +61 8 9261 8486
 M:  TBAE-mail:
[EMAIL PROTECTED]










   
 "Tony Murray" 
 <[EMAIL PROTECTED] 
 rg>To
 Sent by:  <[EMAIL PROTECTED]>   
 [EMAIL PROTECTED]  cc
 ail.activedir.org 
   Subject
   [ActiveDir] ADAM on XP Pro  
 05/10/2006 10:33  
 AM
   
   
 Please respond to 
 [EMAIL PROTECTED] 
tivedir.org
   
   




I've been talking to a vendor about an application they are developing.  It
involves running ADAM instances on XP Pro machines (laptops) that replicate
with a centralised ADAM instance running on W2K3.  I don't have further
details at this stage, but I believe the they are planning to use the local
ADAM instance to authenticate laptop users to an application when they are
off-line.

In addition to security concerns with this approach, I'm not really
comfortable with the idea of ADAM instances on laptops being part of a
configuration set.  I had always understool ADAM on XP to be used for a
personal data store (
http://technet2.microsoft.com/WindowsServer/en/library/29fb059e-544c-4577-bf7c-ba4b08df48431033.mspx?mfr=true
).

Any thoughts on this?

Tony





Sent via the WebMail system at mail.activedir.org




List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] ADAM on XP Pro

[Tony Murray]

I've been talking to a vendor about an application they are developing.  It 
involves running ADAM instances on XP Pro machines (laptops) that replicate 
with a centralised ADAM instance running on W2K3.  I don't have further details 
at this stage, but I believe the they are planning to use the local ADAM 
instance to authenticate laptop users to an application when they are off-line.

In addition to security concerns with this approach, I'm not really comfortable 
with the idea of ADAM instances on laptops being part of a configuration set.  
I had always understool ADAM on XP to be used for a personal data store 
(http://technet2.microsoft.com/WindowsServer/en/library/29fb059e-544c-4577-bf7c-ba4b08df48431033.mspx?mfr=true).

Any thoughts on this?

Tony 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] Folder Redirection Problem

[Dan DeStefano]

I am sorry if this is a repost, but I inadvertently deleted
any responses:

 

I am having a weird problem with folder redirection. I have
set the My Documents redirection to the subfolder of the root drive option and
set the path to the homefolders directory (\\servername\homefolders$). This is
supposed to redirect users my documents to
\\servername\homefolders$\%username%\my documents and it does. The users log
onto their PCs and open their My Documents folder fine – and looking at
the properties of their my documents folder confirms that the redirection is
working properly. The problem is that in certain applications, namely Outlook
2003 (all latest patches and SPs applied). When a user goes to save an
attachment, for example, and clicks on my documents in the save dialog, they
receive the error “cannot access \\servername\homefolders$, which makes
sense since the users do not have access to the homefolders$ share, just to
their subfolder. So Outlook, for some reason, is not drilling down into the users
my documents in the home folder, but instead is trying to access the root of
the homefolders$ share. In other Office apps, the my documents works fine.
There are also no event log entries that reference this issue.

 

I am stuck here as I am unable to find any KB articles that
discuss this. Does anyone have any suggestions? I have not yet reinstalled
Outlook because all other Office apps work fine. Office was deployed to the
workstations via group policy using an AIP and MST transform.

 

 

Any help would be greatly appreciated.

 

 






Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888
If you have received this message in error please notify the sender, disregard any content  and remove it from your possession.
 

[ActiveDir] OT: ExMerge works for some, not others

[Noah Eiger]

Hello:

 

Sorry for the OT. ExMerge is giving me heartburn.

 

I have a small Exchange install where all the tools (and
everything else) is on the DC. (Yes, if they had thought about it earlier, it
would be SBS -- but it is not.) 

 

I am trying to run ExMerge to pull out PST files. The user
running ExMerge is Domain Admin, Enterprise Admin, and Domian User. I believe
all of those groups are denied SEnd As and Receive As. At least, Receive As is
required to run ExMerge. Yet, despite that, I am able to run ExMerge against
about half of the users. The other half cough up permission errors in the log. 

 

One additional factor: all of the problem users were
disabled within AD. I re-enabled the accounts for this purpose.

 

Any thoughts about what is going on here? Why some work and
some don't?

 

Thanks.

 

- nme

 








--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.12.10/459 - Release Date: 9/29/2006
 

Re: [ActiveDir] OT: Volume licensing activation

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Microsoft’s Software Protection Platform: Protecting Software and 
Customers from Counterfeiters: The company announces innovative 
technology in Windows Vista and Windows Server “Longhorn” to reduce the 
risk of piracy and software tampering while improving software licensing.:

http://www.microsoft.com/presspass/features/2006/oct06/10-04SoftwareProtection.mspx

Windows Genuine Advantage : New technology to protect Windows Vista and 
other products:

http://blogs.msdn.com/wga/archive/2006/10/04/New-technology-to-protect-Windows-Vista-and-other-products.aspx

Whitepaper
http://download.microsoft.com/download/c/2/9/c2935f83-1a10-4e4a-a137-c1db829637f5/10-03-06SoftwareProtectionWP.doc


As long as it works and works well, and when it's updated it gets 
disclosed so that tinfoil folks won't be shutting off auto updates 
because that's what's happening now.



Brian Desmond wrote:


*I read through the docs on this vl activation and it’s not as bad as 
it sounds. They’re really just trying to protect the keys.*


* *

*Thanks,*

*Brian Desmond*

[EMAIL PROTECTED]

* *

*c - 312.731.3132*

* *

*From:* [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Matt Hargraves

*Sent:* Tuesday, October 03, 2006 1:34 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] OT: Volume licensing activation

Yeah... MS is going to get really high levels of adoption on this 
product...


Gotta wonder what in the heck they're thinking sometimes.

On 10/2/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]* 
<[EMAIL PROTECTED] > wrote:


http://blogs.zdnet.com/microsoft/?p=26

Mary Jo Foley reports that the next version of Vista will have Volume
licensing activation.

List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx 





--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] Single forest with two domain trees to splut up.

[knighTslayer]

Hello,

This is my first post, so please forgive me if this question has already
been asked...

I have a mixed AD forest with two domain trees.  Each domain tree is located
at a different geographical site, and sites and services is configured to
reflect this.  DomainA has the namespace of 'logistics.ads' and DomainB has
a namespace of 'finance.dom' The very first domain tree (DomainA) is a
Windows 2000 domain and the second domain tree (DomainB) is a Windows 2003
domain.

Finance.dom has been bought by a third party and I must split the forest in
two and resolve any issues that arises from doing this.  As logistics.ads
was the first domain in the forest, it holds the Schema Master role and
Domain naming master role.

Exchange 2000 is installed at DomainA and Exchange 2003 is installed in
DomainB.  Administrative groups are used to reflect the geographical
topology of my set-up.  Each domain has its own SMTP namespace and SMTP
routing will not be a problem as I can comfortably overcome this.  The GAL
being split and replaced with contacts is acceptable and I have no issues at
this level.

The WAN connection between the domains will be removed and the only means of
communication between the two organisations will be through SMTP routing
through the internet and nothing else.  No other application between the
domains are in use, besides Exchange.

My current plan is to simply cut the link between the sites and seize the
roles that are missing from the newly split domains - so in effect bringing
up two forests.  Issues with Exchange, ghosted servers in AD, and so on will
be removed using ADSI edit and NTDSutil. 

My main question is this: is there better technique I should follow for
splitting up a forest or am I on the right track?

Thanks in advance
René

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Re: RE : Re: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Mark Parris]

Sorry for the sarcasm, but every time I have looked at spotlight I have seen no 
benefit over say mom, which gives you other products too for the same price, I 
think you have to take maintenance on SOAD too, and if you want to have a 
centralised mangement console then you would need foglight.

What are your real requirements? Why would you need to troubleshoot - when you 
can manage with MOM?

Spotlight's GUI just reminds me of a BOSS KEY application that games like 
Leisure Suit Larry used to provide.




Mark Parris

Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596


-Original Message-
From: Yann <[EMAIL PROTECTED]>
Date: Wed, 4 Oct 2006 19:20:31 
To:ActiveDir@mail.activedir.org
Subject: RE : Re: [ActiveDir] choose between SOAD and Netpro directory 
Troubleshooter.

Thanks Marc. 
  
With your experirnce, what could you advice me about the 2 products ? Is soad 
much better that netprodt regarding tshooting, new features  ? 
  
Yann

Mark Parris <[EMAIL PROTECTED]> a écrit : SOAD has a lovely GUI and lots of 
flashing lights


Mark Parris

Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596


-Original Message-
From: Yann 
Date: Tue, 3 Oct 2006 20:11:12 
To:ActiveDir@mail.activedir.org
Subject: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

Hello all, 
  
I don't know if it is the right place 
I'm about to test 2 AD Troubleshooters products and I have to choose one them 
to monitor,tshoot our AD infrastructure: 
Spoltligh on Active Directory (SOAD) and Netpro Active Directory 
Troubleshooter. 
Does someone have any experiences with the 2 products and could tell me what 
are the pros and cons of each of them ? 
  
Thank you, 
  
Yann 
  
  
 


Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet 
! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et 
vos expériences. Cliquez ici: . [EMAIL PROTECTED])



 Découvrez un nouveau moyen de poser toutes vos questions quel que soit le 
sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions 
et vos expériences. Cliquez ici: 
 . [EMAIL 
PROTECTED])

RE : Re: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Yann]

Just found this interesting article  http://www.parsintl.com/pdf/10129-R-Quest.pdf     with a smalll chapter comparing netprodt with soad.   It seems that netproddt has more features and fonctionnality than soad in the way that netprodt "has more tasks to diagnose and repair AD pb..." , "... is known for it's extensive inhouse knowledge base of AD tshoot...".     A good start to help me in my final decsion.     Yann             
		 
Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet ! 
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. 

RE : Re: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Yann]

Thanks Marc.     With your experirnce, what could you advice me about the 2 products ? Is soad much better that netprodt regarding tshooting, new features  ?     YannMark Parris <[EMAIL PROTECTED]> a écrit :  SOAD has a lovely GUI and lots of flashing lightsMark ParrisBase IT LtdActive Directory ConsultancyTel +44(0)7801 690596-Original Message-From: Yann <[EMAIL PROTECTED]>Date: Tue, 3 Oct 2006 20:11:12 To:ActiveDir@mail.activedir.orgSubject: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.Hello all,   I don't know if it is the right place I'm about to test 2 AD Troubleshooters products and I have to choose one them to monitor,tshoot our AD
 infrastructure: Spoltligh on Active Directory (SOAD) and Netpro Active Directory Troubleshooter. Does someone have any experiences with the 2 products and could tell me what are the pros and cons of each of them ?   Thank you,   Yann      Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici: . [EMAIL PROTECTED]­æ±«) 
		 
Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet ! 
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. 

RE : Re: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Yann]

Hi Paul,     In fact, i talked about Netpro Directory Troubleshooter. Do you mean that Netpro DT have more features than soad ?  The difficulty i have to face is: which one could give me the best and accurate information to tshoot a pb ?  I know that soad has a good looking interface with some lights shinning ;)     YannPaul Williams <[EMAIL PROTECTED]> a écrit :  I assume you mean NetPro Directory Analyser?  I've not done much with any, but we've got NetPro Directory Troubleshooter here and from what I've seen of it, it doesn't compare with Quest's SOAD as it does more proactive, task oriented stuff. 
    I've not seen NetPro's analyser.  Quest's SOAD is OK, but as with all real time monitoring solutions, your limited by the human on the end.  I'd prefer something like HP Open View Operations for Windows or BMC Patrol or even MOM, which can react accordingly to issues in a number of ways.        --Paul- Original Message -   From: Yann   To: ActiveDir@mail.activedir.org   Sent: Tuesday, October 03, 2006 7:11 PM  Subject: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.Hello all,     I don't know if it is the right place  I'm about to test 2 AD Troubleshooters products and I have to choose one them to monitor,tshoot our AD infrastructure:  Spoltligh on Active Directory (SOAD) and Netpro Active Directory Troubleshooter.  Does someone have any experiences with the 2 products and could tell me what are the pros and cons of each of them ?     Thank you,     Yann           Découvrez un nouveau
 moyen de poser toutes vos questions quel que soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici.  
		 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.

RE: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[neil.ruston]

I've not looked at either for some time but do know that a 
new version of Spotlight is due soon [Q4] with some nice, new features. 

 
Ensure you ask your Quest rep about the new version 
(v6.6).
 
neil


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
YannSent: 03 October 2006 19:11To: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] choose between SOAD 
and Netpro directory Troubleshooter.

Hello all,
 
I don't know if it is the right place
I'm about to test 2 AD Troubleshooters products and I have to 
choose one them to monitor,tshoot our AD infrastructure:
Spoltligh on Active Directory (SOAD) and Netpro Active Directory 
Troubleshooter.
Does someone have any experiences with the 2 products and could tell 
me what are the pros and cons of each of them ?
 
Thank you,
 
Yann
 
 
 


Découvrez un nouveau moyen de poser toutes vos questions quel que soit le sujet 
! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos 
expériences. Cliquez 
ici. PLEASE READ: The information contained in this email is confidential and

intended for the named recipient(s) only. If you are not an intended

recipient of this email please notify the sender immediately and delete your

copy from your system. You must not copy, distribute or take any further

action in reliance on it. Email is not a secure method of communication and

Nomura International plc ('NIplc') will not, to the extent permitted by law,

accept responsibility or liability for (a) the accuracy or completeness of,

or (b) the presence of any virus, worm or similar malicious or disabling

code in, this message or any attachment(s) to it. If verification of this

email is sought then please request a hard copy. Unless otherwise stated

this email: (1) is not, and should not be treated or relied upon as,

investment research; (2) contains views or opinions that are solely those of

the author and do not necessarily represent those of NIplc; (3) is intended

for informational purposes only and is not a recommendation, solicitation or

offer to buy or sell securities or related financial instruments.  NIplc

does not provide investment services to private customers.  Authorised and

regulated by the Financial Services Authority.  Registered in England

no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,

London, EC1A 4NP.  A member of the Nomura group of companies.

RE: [ActiveDir] Folder Redirection Issue

[Kennedy, Jim]

“Office
was deployed to the workstations via group policy using an AIP and MST
transform.”

 

Bet
you will find something in that MST that is pointing to the wrong location.
Blow out an Outlook profile on one as a test.

 

 





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Wednesday, October 04, 2006 11:02 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Folder Redirection Issue





 

I
am having a weird problem with folder redirection. I have set the My Documents
redirection to the subfolder of the root drive option and set the path to the
homefolders directory (\\servername\homefolders$). This is supposed to redirect
users my documents to \\servername\homefolders$\%username%\my documents and it
does. The users log onto their PCs and open their My Documents folder fine
– and looking at the properties of their my documents folder confirms
that the redirection is working properly. The problem is that in certain
applications, namely Outlook 2003 (all latest patches and SPs applied). When a
user goes to save an attachment, for example, and clicks on my documents in the
save dialog, they receive the error “cannot access
\\servername\homefolders$, which makes sense since the users do not have access
to the homefolders$ share, just to their subfolder. So Outlook, for some
reason, is not drilling down into the users my documents in the home folder,
but instead is trying to access the root of the homefolders$ share. In other
Office apps, the my documents works fine. There are also no event log entries
that reference this issue.

 

I
am stuck here as I am unable to find any KB articles that discuss this. Does
anyone have any suggestions? I have not yet reinstalled Outlook because all
other Office apps work fine. Office was deployed to the workstations via group
policy using an AIP and MST transform.

 

 

Any
help would be greatly appreciated.

 

Dan
DeStefano
Info-lution Corporation
[EMAIL PROTECTED]
http://www.info-lution.com
Office: 727 546-9143
FAX: 727 541-5888

If
you have received this message in error please notify the sender, disregard any
content  and remove it from your possession.

 

RE: [ActiveDir] Folder Redirection Issue

[Darren Mar-Elia]

Dan-
Have you 
tried running FileMon on a problem workstation, filtered on Outlook.exe? That 
might show you what is going on. Its possible that Outlook needs some 
permissions on the root (e.g. List Folder Contents) when it does its attachment 
saving? FileMon should show you where you're getting the Access 
Denied.
 
Darren
 
Darren Mar-Elia
For comprehensive 
Windows Group Policy Information, check out www.gpoguy.com-- the best source for GPO FAQs, 
video training, tools and whitepapers. Also check out the Windows 
Group Policy Guide, the definitive resource for Group Policy 
information.
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Dan 
DeStefanoSent: Wednesday, October 04, 2006 8:02 AMTo: 
ActiveDir@mail.activedir.orgSubject: [ActiveDir] Folder Redirection 
Issue


I am having a weird problem with 
folder redirection. I have set the My Documents redirection to the subfolder of 
the root drive option and set the path to the homefolders directory 
(\\servername\homefolders$). This is supposed to redirect users my documents to 
\\servername\homefolders$\%username%\my documents and it does. The users log 
onto their PCs and open their My Documents folder fine – and looking at the 
properties of their my documents folder confirms that the redirection is working 
properly. The problem is that in certain applications, namely Outlook 2003 (all 
latest patches and SPs applied). When a user goes to save an attachment, for 
example, and clicks on my documents in the save dialog, they receive the error 
“cannot access \\servername\homefolders$, which makes sense since the users do 
not have access to the homefolders$ share, just to their subfolder. So Outlook, 
for some reason, is not drilling down into the users my documents in the home 
folder, but instead is trying to access the root of the homefolders$ share. In 
other Office apps, the my documents works fine. There are also no event log 
entries that reference this issue.
 
I am stuck here as I am unable to 
find any KB articles that discuss this. Does anyone have any suggestions? I have 
not yet reinstalled Outlook because all other Office apps work fine. Office was 
deployed to the workstations via group policy using an AIP and MST 
transform.
 
 
Any help would be greatly 
appreciated.
 
Dan 
DeStefanoInfo-lution 
Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 
727 
541-5888
If you have 
received this message in error please notify the sender, disregard any 
content  and remove it from your possession.
 

[ActiveDir] Folder Redirection Issue

[Dan DeStefano]

I am having a weird problem with folder redirection. I have
set the My Documents redirection to the subfolder of the root drive option and
set the path to the homefolders directory (\\servername\homefolders$). This is
supposed to redirect users my documents to \\servername\homefolders$\%username%\my
documents and it does. The users log onto their PCs and open their My Documents
folder fine – and looking at the properties of their my documents folder
confirms that the redirection is working properly. The problem is that in
certain applications, namely Outlook 2003 (all latest patches and SPs applied).
When a user goes to save an attachment, for example, and clicks on my documents
in the save dialog, they receive the error “cannot access \\servername\homefolders$,
which makes sense since the users do not have access to the homefolders$ share,
just to their subfolder. So Outlook, for some reason, is not drilling down into
the users my documents in the home folder, but instead is trying to access the
root of the homefolders$ share. In other Office apps, the my documents works
fine. There are also no event log entries that reference this issue.

 

I am stuck here as I am unable to find any KB articles that
discuss this. Does anyone have any suggestions? I have not yet reinstalled
Outlook because all other Office apps work fine. Office was deployed to the
workstations via group policy using an AIP and MST transform.

 

 

Any help would be greatly appreciated.

 






Dan DeStefanoInfo-lution Corporation[EMAIL PROTECTED]http://www.info-lution.comOffice: 727 546-9143FAX: 727 541-5888
If you have received this message in error please notify the sender, disregard any content  and remove it from your possession.
 

RE: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Tim Onsomu]

Hello group,

Before you go testing or creating a proof of concept,  may I
suggest you document you requirements so that you have a basis for testing the
products. Otherwise you are at the mercy of the product vendors.

 

Have a pleasant day.

 

 

 



From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 5:24 AM
To: ActiveDir@mail.activedir.org
Cc: ActiveDir.org; [EMAIL PROTECTED]
Subject: Re: [ActiveDir] choose between SOAD and Netpro directory
Troubleshooter.



 


I did an eval
of NetPro ADT. The main issue I found was an incredibly short trial license
period, which pretty much caused us to cease our proof of concept in our lab
environment. Otherwise, I liked what I saw. Maybe your sales rep can get you an
extended trial license. 


Justin Leney
Discovery Communications
Intel Server Operations
240 338 5409





 
  
  "Mark
  Parris" <[EMAIL PROTECTED]> 
  Sent by: [EMAIL PROTECTED]
  
  10/04/2006
  03:24 AM 
  
   

Please respond to
ActiveDir@mail.activedir.org

   
  
  
  
  
   

To


"ActiveDir.org"



   
   

cc


   
   

Subject


Re:
[ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

   
  
   
  
   


   
  
  
 





SOAD has a lovely GUI and lots of flashing
lights


Mark Parris

Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596


-Original Message-
From: Yann <[EMAIL PROTECTED]>
Date: Tue, 3 Oct 2006 20:11:12 
To:ActiveDir@mail.activedir.org
Subject: [ActiveDir] choose between SOAD and Netpro directory
Troubleshooter.

Hello all, 
  
I don't know if it is the right place 
I'm about to test 2 AD Troubleshooters products and I have to
choose one them to monitor,tshoot our AD infrastructure: 
Spoltligh on Active Directory (SOAD) and Netpro Active Directory
Troubleshooter. 
Does someone have any experiences with the 2 products and could tell
me what are the pros and cons of each of them ? 
  
Thank you, 
  
Yann 
  
  
 
                   
              

Découvrez un nouveau moyen de poser toutes vos questions quel que soit le
sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions
et vos expériences. Cliquez ici: 
. 


NEW! COSMEO, THE
ONLINE HOMEWORK HELP TOOL BROUGHT TO YOU BY DISCOVERY CHANNEL. FREE TRIAL AT HTTP://WWW.COSMEO.COM

This e-mail, and any
attachment, is intended only for the person or entity to which it is addressed
and may contain confidential and/or privileged material. Any review,
re-transmission, copying, dissemination or other use of this information by
persons or entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the material from
any computer. The contents of this message may contain personal views which are
not the views of Discovery Communications, Inc. (DCI).

RE: [ActiveDir] 200 users network. Adding 2 classes to the GC

[Ramon Linan]

pretty cool Joe!, thanks for the 
info


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
joeSent: Tuesday, October 03, 2006 4:01 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users 
network. Adding 2 classes to the GC

Yes. You have to mark each attribute you want in the GC to 
be part of the PAS. Basically set the attribute isMemberOfPartialAttributeSet to 
TRUE. 
 
Ex:
 
G:\>admod -schema -rb cn=uid 
isMemberOfPartialAttributeSet::TRUE
 
AdMod V01.07.00cpp Joe Richards ([EMAIL PROTECTED]) 
October 2006
 
DN Count: 1Using server: 
r2dc2.test.loc:389Directory: Windows Server 2003Base DN: 
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc
 
Modifying specified objects...   DN: 
cn=uid,CN=Schema,CN=Configuration,DC=test,DC=loc...
 
The command completed successfully
 
To find out which attributes are involved, run 
this
 
adfind -sc s:*posix* -af objectcategory=classschema 
maycontain
 
the output should be something like
 
 
G:\>adfind -sc s:*posix* -af objectcategory=classschema 
maycontain
 
AdFind V01.32.00cpp Joe Richards ([EMAIL PROTECTED]) 
October 2006
 
Using server: r2dc2.test.loc:389Directory: Windows 
Server 2003Base DN: 
CN=Schema,CN=Configuration,DC=test,DC=loc
 
dn:CN=PosixAccount,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain: 
description>mayContain: gecos>mayContain: 
loginShell>mayContain: unixUserPassword>mayContain: 
userPassword>mayContain: homeDirectory>mayContain: 
unixHomeDirectory>mayContain: gidNumber>mayContain: 
uidNumber>mayContain: cn>mayContain: uid
 
dn:CN=PosixGroup,CN=Schema,CN=Configuration,DC=test,DC=loc>mayContain: 
memberUid>mayContain: gidNumber>mayContain: 
description>mayContain: unixUserPassword>mayContain: 
userPassword>mayContain: cn
 
2 Objects returned
 
 
 

--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Ramon 
LinanSent: Tuesday, October 03, 2006 2:16 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users 
network. Adding 2 classes to the GC

I don't think I am making myself clear.
 
I already have those classes in the schema, I just want to 
add the properties that those classes have to the global catalog so they 
replicate throughout the forest, I don't need to install those classes in the 
AD, I already did that. 
 
Do I have to add attribute by attribute to the 
GC?
 
Thanks


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael 
M.Sent: Tuesday, October 03, 2006 1:18 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users 
network. Adding 2 classes to the GC


Hi 
Rezuma,
    
I suspect you might run into the same issue I had when I did the R2 forestprep 
with SFU 3.5 (although you have the earlier SFU 3.0).  If so, see the fixup 
from Steve Linehan posted to this newsgroup on 8/7/06 (and my comment from 
8/12/06).
 
Mike 
Thommes
 




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. 
Adding 2 classes to the GC
 
You get the R2 CD and 
do the forestprep, it will install the entire R2 schema which includes all of 
those Unix interop classes and attributes. You do not really want to do this 
manually or it could be troublesome later.
 
  
joe

 
--
O'Reilly Active 
Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

 
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Ramon 
LinanSent: Tuesday, October 
03, 2006 11:53 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. 
Adding 2 classes to the GC
We are using windows 
2003 servers. But what I need is, to add those 2 classes that already exist in 
the AD schema to the global catalog so they replicate through the GCs in 
the forest. How do I add 2 whole classes with their attributes? changing 
the "replicate this attribute in the global catalog" option attribute by 
attribute?
 
Thanks
 
Rezuma
 



From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of joeSent: Tuesday, October 03, 2006 11:25 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 200 users network. 
Adding 2 classes to the GC
Modifying the schema 
except for indexing or adding PAS attributes in a forest with Windows 2000 
domain controllers is really a non-event when done properly with proper OIDs and 
names. Indexing can work your DCs a little as the new indexes have to be created 
but it depends on the attribs being indexed and what type of index is being 
created on how much that will hit your DC. Usually I would say it is minimal 
impact. WIth Windows 2000 GCs, you get to enjoy a full PAS refresh which 
generates a considerable amount of replication. Simply, if you are running 
Windows 2000 DCs, why in the world are you doing so, upgrade already, 2003 has 
been around for 3 years already and has a ton of AD enhancements. In a sm

Re: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Justin_Leney]

I did an eval of NetPro ADT. The main
issue I found was an incredibly short trial license period, which pretty
much caused us to cease our proof of concept in our lab environment. Otherwise,
I liked what I saw. Maybe your sales rep can get you an extended trial
license. 


Justin Leney
Discovery Communications
Intel Server Operations
240 338 5409






"Mark Parris"
<[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
10/04/2006 03:24 AM



Please respond to
ActiveDir@mail.activedir.org





To
"ActiveDir.org"



cc



Subject
Re: [ActiveDir] choose between
SOAD and Netpro directory Troubleshooter.








SOAD has a lovely GUI and lots of flashing lights


Mark Parris

Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596


-Original Message-
From: Yann <[EMAIL PROTECTED]>
Date: Tue, 3 Oct 2006 20:11:12 
To:ActiveDir@mail.activedir.org
Subject: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

Hello all, 
  
I don't know if it is the right place 
I'm about to test 2 AD Troubleshooters products and I have to
choose one them to monitor,tshoot our AD infrastructure: 
Spoltligh on Active Directory (SOAD) and Netpro Active Directory Troubleshooter.

Does someone have any experiences with the 2 products and could tell
me what are the pros and cons of each of them ? 
  
Thank you, 
  
Yann 
  
  
 
                  
               


 Découvrez un nouveau moyen de poser toutes vos questions quel que soit
le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos
opinions et vos expériences. Cliquez ici: 
. 
NEW! COSMEO, THE ONLINE HOMEWORK HELP TOOL BROUGHT TO YOU BY DISCOVERY CHANNEL.  FREE TRIAL AT HTTP://WWW.COSMEO.COMThis e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI).

Re: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Paul Williams]

I assume you mean NetPro Directory 
Analyser?  I've not done much with any, but we've got NetPro Directory 
Troubleshooter here and from what I've seen of it, it doesn't compare with 
Quest's SOAD as it does more proactive, task oriented stuff.
 
I've not seen NetPro's analyser.  
Quest's SOAD is OK, but as with all real time monitoring solutions, your limited 
by the human on the end.  I'd prefer something like HP Open View Operations 
for Windows or BMC Patrol or even MOM, which can react accordingly to issues in 
a number of ways.
 
 
--Paul

  - Original Message - 
  From: 
  Yann 
  To: ActiveDir@mail.activedir.org 
  
  Sent: Tuesday, October 03, 2006 7:11 
  PM
  Subject: [ActiveDir] choose between SOAD 
  and Netpro directory Troubleshooter.
  
  Hello all,
   
  I don't know if it is the right place
  I'm about to test 2 AD Troubleshooters products and I have to 
  choose one them to monitor,tshoot our AD infrastructure:
  Spoltligh on Active Directory (SOAD) and Netpro Active Directory 
  Troubleshooter.
  Does someone have any experiences with the 2 products and could tell 
  me what are the pros and cons of each of them ?
   
  Thank you,
   
  Yann
   
   
   
  
  
  Découvrez un nouveau moyen de poser toutes vos questions quel que soit le 
  sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos 
  opinions et vos expériences. Cliquez 
  ici. 

Re: [ActiveDir] OT: Volume licensing activation

[Peter Jessop]

Personally I find the licensing policies of Microsoft much harder to
understand than the technical issues. With the plethora of good and
often free alternatives I am amazed at the insensitivity shown by
Microsoft to its customers who are made to jump through hoops like
performing dogs.

I could give it examples but I guess you've all seen them.

Peter Jessop
MSCE

On 10/4/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote:



Oh, one other thing- it most certainly *is* companies with 1000+
workstations who are exceeding their license purchases. They're typically
not doing it intentionally, but they're most certainly doing it. (Of course,
not *all* companies of any particular size do it, but there are far more
that do than one might expect.) That's why there's a whole process called a
"true-up", which is where companies license purchases are compared against
their actual usage and they pay for the difference between what they paid
for and what they have actually been using. You'd be surprised how many
installations in extremely large environments are *not* legally licensed.
That's the whole reason that things such as this approach have become
necessary. We're talking about millions, even billions of dollars in
unlicensed software use here, not a few hundred or even a few thousand
dollars. Every little bit counts for Microsoft, too. :-)

Again, however, the volume licensing activation process is nothing like what
you're thinking it is. It's silent, automatic, and a lot simpler than people
are assuming it to be.

Laura


 
 From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matt Hargraves
Sent: Tuesday, October 03, 2006 8:30 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: Volume licensing activation


When you've got 100k workstations in your environment and it takes 2-3
minutes to run through the activation and then however much time to manage
the server...

100k*2.5 ends up equalling about 2 year's worth of wages for a single
employee (call it $120k total).  I don't mind them trying to protect keys,
but it's not the companies with 1k+ workstations, it's the companies with
<50 workstations and 'computer geniuses' (don't you dread it when you hear
that phrase - you know something's *really* screwed up) who are using
invalid or stolen keys.

I know that 120k might be 'beans' to a large company, but reality is that
you just increased the deployment cost for a new tool.  If I can run XP for
an extra 2 years and use the version after Vista, then I just saved my
company $120k.. I just paid my salary for the next year probably.  This
is how management personnel think - that's why we call them 'bean counters'
because that 120k means something to them.  They know that not using legit
versions is not a valid solution, but they also know that saving $120k means
something after you do it 10 times (and just saved the company 0.1% off
their costs - every little bit counts for accountants).



On 10/3/06, Brian Desmond <[EMAIL PROTECTED] > wrote:
>
>
>
>
> I read through the docs on this vl activation and it's not as bad as it
sounds. They're really just trying to protect the keys.
>
>
>
> Thanks,
>
> Brian Desmond
>
> [EMAIL PROTECTED]
>
>
>
> c - 312.731.3132
>
>
>
>
>
>
> From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] On Behalf Of Matt
Hargraves
> Sent: Tuesday, October 03, 2006 1:34 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] OT: Volume licensing activation
>
>
>
>
> Yeah... MS is going to get really high levels of adoption on this
product...
>
> Gotta wonder what in the heck they're thinking sometimes.
>
>
>
>
> On 10/2/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<[EMAIL PROTECTED]> wrote:
>
> http://blogs.zdnet.com/microsoft/?p=26
>
> Mary Jo Foley reports that the next version of Vista will have Volume
> licensing activation.
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
>
>



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] OT: Volume licensing activation

[Laura A. Robinson]

Oh, 
one other thing- it most certainly *is* companies with 1000+ workstations who 
are exceeding their license purchases. They're typically not doing it 
intentionally, but they're most certainly doing it. (Of course, not *all* 
companies of any particular size do it, but there are far more that do than one 
might expect.) That's why there's a whole process called a "true-up", which is 
where companies license purchases are compared against their actual usage and 
they pay for the difference between what they paid for and what they have 
actually been using. You'd be surprised how many installations in extremely 
large environments are *not* legally licensed. That's the whole reason that 
things such as this approach have become necessary. We're talking about 
millions, even billions of dollars in unlicensed software use here, not a few 
hundred or even a few thousand dollars. Every little bit counts for Microsoft, 
too. :-) 
 
Again, 
however, the volume licensing activation process is nothing like what you're 
thinking it is. It's silent, automatic, and a lot simpler than people are 
assuming it to be.
 
Laura

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Matt 
  HargravesSent: Tuesday, October 03, 2006 8:30 PMTo: 
  ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OT: Volume 
  licensing activation
  When you've got 100k workstations in your environment and it takes 
  2-3 minutes to run through the activation and then however much time to manage 
  the server...100k*2.5 ends up equalling about 2 year's worth of wages 
  for a single employee (call it $120k total).  I don't mind them trying to 
  protect keys, but it's not the companies with 1k+ workstations, it's the 
  companies with <50 workstations and 'computer geniuses' (don't you dread it 
  when you hear that phrase - you know something's *really* screwed up) who are 
  using invalid or stolen keys. I know that 120k might be 'beans' to a 
  large company, but reality is that you just increased the deployment cost for 
  a new tool.  If I can run XP for an extra 2 years and use the version 
  after Vista, then I just saved my company $120k.. I just paid my salary 
  for the next year probably.  This is how management personnel think - 
  that's why we call them 'bean counters' because that 120k means something to 
  them.  They know that not using legit versions is not a valid solution, 
  but they also know that saving $120k means something after you do it 10 times 
  (and just saved the company 0.1% off their costs - every little bit counts for 
  accountants).
  On 10/3/06, Brian 
  Desmond <[EMAIL PROTECTED] 
  > wrote:
  


I read through the 
docs on this vl activation and it's not as bad as it sounds. They're really 
just trying to protect the keys.
 
Thanks,
Brian 
Desmond
[EMAIL PROTECTED]
 
c - 
312.731.3132
 



From: [EMAIL PROTECTED] [mailto: 
[EMAIL PROTECTED]] On Behalf Of Matt 
HargravesSent: Tuesday, October 03, 2006 1:34 PMTo: ActiveDir@mail.activedir.orgSubject: Re: 
[ActiveDir] OT: Volume licensing activation

 
Yeah... MS is going to get really high levels 
of adoption on this product...Gotta wonder what in the heck they're 
thinking sometimes.

On 10/2/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 
<[EMAIL PROTECTED]> wrote:
http://blogs.zdnet.com/microsoft/?p=26Mary Jo 
Foley reports that the next version of Vista will have Volumelicensing 
activation.List info   : http://www.activedir.org/List.aspxList 
FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx 
 

Re: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

[Mark Parris]

SOAD has a lovely GUI and lots of flashing lights


Mark Parris

Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596


-Original Message-
From: Yann <[EMAIL PROTECTED]>
Date: Tue, 3 Oct 2006 20:11:12 
To:ActiveDir@mail.activedir.org
Subject: [ActiveDir] choose between SOAD and Netpro directory Troubleshooter.

Hello all, 
  
I don't know if it is the right place 
I'm about to test 2 AD Troubleshooters products and I have to choose one them 
to monitor,tshoot our AD infrastructure: 
Spoltligh on Active Directory (SOAD) and Netpro Active Directory 
Troubleshooter. 
Does someone have any experiences with the 2 products and could tell me what 
are the pros and cons of each of them ? 
  
Thank you, 
  
Yann 
  
  
 


 Découvrez un nouveau moyen de poser toutes vos questions quel que soit le 
sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions 
et vos expériences. Cliquez ici: 
 .