Title: Message
I'm not sure that I would say that security is limited -
authentication TO ADAM is a limited feature - supports password
authentication to the user objects. You can bind as a Windows Principal or
as an ADAM principal. Password and lockout policy will apply from the
machine o
Title: Message
Dave,
Thanks for the catch - I completely forgot the Advanced
Features. It's become ubiquitous on my systems
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTE
Title: Message
ADAM does not include a kerberos or NTLM subsystem, so security is limited. --Sent from my BlackBerry Wireless Handheld - Original Message - From: ActiveDir-owner Sent: 07/09/2003 08:03 PM To: <[EMAIL PROTECTED]> Subject: RE: [ActiveDir] Ident
Title: Message
We’re going
to make the MV writeable…
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Myrick, Todd (NIH/CIT)
Sent: Tuesday, July 08, 2003 7:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Identity
Management using AD
We are in the pro
Graham,
System Policy on NT 4.0 is truly tatooed to the system. If you turn it off
and back on, it's still there - unless manually removed or the policy is
backed out via the de-application of said policy.
And, sadly - I can't tell you right now what needs to run (yes the Agent,
damn it - but wh
Title: Message
Todd,
And sorry for you, I am. I've had to look through
much of this in my time, and - with all due respect - it is truly a wonder that
this beautiful country of ours gets anything accomplished at all. Yes,
Freedom does have its price - and its paid for in miles of red
tap
Title: Message
Mark,
If you go to the properties of the object and then use the
'Object' tab, it will display the path to the object.
Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active
DirectoryAssociate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTEC
Title: Message
You're right - I can't keep up with the
TLA's
As to ADAM - it will run on XP/2003, but does not require
that the domain be in native mode or forest functional as we're only hosting an
AD environment for specific purposes - not a full functioning DS with every bell
and wh
ADMT needs \\\admin$
Good test to see if security is a problem, is to simply try
mapping a drive from the computer running ADMT to the admin$ share. (e.g.
net use * \\\admin$.
Make sure that you are logged in on the ADMT computer with the credentials that
the ADMT is running under.
Stu
definitely the case of migration account
have checked the driveletter$ shares - can;t from memory
remember the other shares - which one in particular does admt need - admin$,
ipc$ ??
- Original Message -
From:
John Witasick
To: [EMAIL PROTECTED]
Sent: Wednesday
Title: Message
We used the printer migration tool from http://www.foxwaredesign.com/ and
created a customization script that wraps around it to handle the client side
changes transparently to the user.
We then use this in our logon script to
handle the deployment of the utility to the
but then thinking about it no - when i failed on the first nt4 host thought
it was down to that computer so tried another one straight away - same
access denied result
have spoken with the developers of the nt4 build - there is a system policy
with an allowedrunlist policy - that was that even wh
Graham,
Some things to check:
Do the Administrative Shares exist on the NT workstations?
Is the administrator account that you are using to migrate the
workstations a member of the workstations' local admin group?
John WitasickProject Manager - Windows Networking Services Group
-
If you use ISA server the magic word is WPAD
With it (a particular option NOT standard, you must add it!) into DHCP for
dhcp client workstation and DNS for machine with IP fixed (a particular
record not a simple alias) you comunicate to all machine the ISA servers'
if they have the option auto
thanks for the posted replies
am pretty sure this is the case - was a prerequisite of pwd migration which
is going fine and dandy.
existing computer a/c sounds a possibility - will give that a whirl
nice and friendly error messages heh !!!
GT
- Original Message -
From: "Duncan, Larry"
Title: Message
Mark,
After
locating the object using "Find" you should be able to double-click on the
object to view its properties. Select the Object Tab under the object's
properties and look at the "Fully qualified domain name of the object"
field. That will show you the path to the o
Title: Message
On toe View menu, choose Advanced Features. Now when
you open an object in AD there should be a tab called 'Object'...that will give
you its current location (cn).
Benton
Chase Wink---Benton Chase Wink, CCNA
MCSEThe University of Texa
Title: Message
For doing that, just find the user name
using search, right click on the user and select Move. That will allow you to
move the user back to the proper OU.
Brad Martin
Go Daddy Software, Inc.
480.505.8800 ext. 250
-Original Message-
From:
[EMAIL PROTECTED]
Title: Message
In
ADU&C, go to the View menu and make sure "Advanced Features" is
checked. Then find the object and look at its Properties dialog - there's
a tab called "Object" - the object's full name is listed there in the
form domain/container/container.../object (example:
ad.company.c
Title: Message
http://irm.cit.nih.gov/policy/legislation.html
Here
is what we have to follow.
Todd
-Original Message-From: Rick Kingslan
[mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 10:12
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Identity Management us
Title: Message
Please
can someone tell me how I find which OU an object is in please. I can "find" the
object using the find option on the AD UandC snap in but then there is no info
which OU the little rascal is in.
I have
a group which someone moved accidently and I need to move it back b
Title: Message
WRT =
"with regards to" What's the matter? Can't keep up with all the
TLA's?[1]
I
haven't played with ADAM, but have done a bit of reading. I was assuming,
probably incorrectly, that it would only function in the full native mode/2003
Forest mode. It doesn't seem to make se
In English:
Roger is saying that since ADAM will obviously be in a Windows 2003 Forest, then your
points at item "H" are moot. WRT = With Regards To
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried ab
Title: Message
Roger,
I'm not sure that I follow.. Firstly, the acronym
might have thrown me off - I haven't seen this one. 'WRT H'
means?
And, to speculate, (seeing as I might be missing
information with the WRT H thing and all ;-) ) you've messaed around
with ADAM, r
Where do you go to configure the autoproxy?
-Original Message-
From: SEYBOLDT,VOLKER (HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 09, 2003 2:51 AM
To: '[EMAIL PROTECTED]'
Subject:RE: [ActiveDir] Proxy Server
HI,
well most of the topics about Proxy Se
Are your workstations in the line of inheritance? Try creating a
Workstation OU and moving the computer accounts there and creating a GPO on
that OU.
-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 4:18 PM
To: [EMAIL PROTECTED]
Su
I think Larry's first response could be it Graham.
We saw exactly this in our testing with the Quest Migrator product. You
must make sure there is no computer account with the same name already in
the AD - hiding in an OU you least expect it! (ours got there during
testing by manually moving tes
What settings are currently there? I always use the name "proxy" for the
proxy server but this an alias in DNS. If ever I need a new proxy server
I give it whatever server name is appropriate and then just update the
alias in the DNS. Nothing needs changing on the client so it works for
any browser
Title: Message
WRT
H, isn't ADAM an Win2k3 'forest'? If so, this isn't an issue,
right?
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message-From: Rick Kingslan
[mailt
Well, maybe.
IIRC, the MS DHCP client, and most others for that matter, ignore all but a
few DHCP options.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
> -Original Message-
> From: Richard Sumi
Title: Message
Funny you should mention Higher Education. We are
the Govt Dept that looks after the Federal Govt (Australian, not US) Policy on
them :)
Well, as a result of all of this process (had the
discussion today), we are going down a similar path to what I original discussed
(AD for
Authenticated Users covers machine accounts too, so you should be ok on the
permissions front. If none of your workstations are getting any of the settings you
might try running gpresult on one of them, or if its XP, run the RSOP.MSC tool to
figure out what the workstation thinks it should be ge
32 matches
Mail list logo
