Title: Message
Steve-
In
order to delegate creation of GPOs, you need to grant access to the
System\Policies container within the Domain, and within the Policies folder
under SYSVOL rather than granting a right at the domain level. The easiest
way to do this, without getting in and modifying
Hi All, I have
recently created a "staging" child domain that duplicates our real domain with
the goal of using it to create and test group policy objects.
My Domain Admin
users did not have any rights in the Child domain (only Ent
Admins)
I have tried to
delegate authority at the domai
Total and complete speculation as I can't imagine in my wildest dreams as to
why NetMon isn't picking up all of these 1000's of packets that Justin is
seeing. The shim isn't able to read?
Yeah, I've seen some pretty messed up stuff in NetMon as well. In fact, the
reverse is true - I've seen st
Yes. :o)
I have not heard of ethereal being able to pick up packets that netmon
can't. Have you positive experience of this or is it theory? I have seen
some pretty hokey packets in netmon.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kin
Joe,
If the NIC can't get into promiscuous mode, won't it ignore packets that are
*not* addressed to it? IOW, a packet comes in for another machine. It
notes that the packet came in (via the stats at the In - Out [which, I
question to some degree anyway]) but it's not for me. Because I'm not in
The account it is talking about is probably the machine account
Todd's post has a lot of good info. Some other things that could cause this is the
possibility of lots of network dropout losing Kerberos UDP packets or something like a
Cisco CSM discarding kerberos fragmented packets.
jo
Shouldn't need to NETMON will see everything Ethereal will. If the traffic
is hitting that NIC, it should be visible in NETMON unless the NIC can't go
into promiscious mode. Even still, anything addressed to that machine should
be visible.
joe
-Original Message-
From: [EMAIL PROTECTED
You don't want to go this way, they can sidestep your delegation by
rewriting permissions on the objects, that is part of the FC part of it...
Additionally if someone has FC for OU's/Containers they can set up new
OU/Containers and make any perms they want under those.
You should figure out exact
Salandra, Justin A. wrote:
I am watching my interface in netmon and there is nothing coming up. I see
other traffic on the network.
You could install Ethereal (http://www.ethereal.com) which will capture and
analyze individual packets.
That would answer the question once and for all, since you'd b
I can't tell, they don't show up on netmon.
-Original Message-
From: Garello, Kenneth [mailto:[EMAIL PROTECTED]
Sent: Monday, October 06, 2003 3:36 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] OT Received Packets
Are they arps? Blaster or Nachi?
-Original Message-
From
I am watching my interface in netmon and there is nothing coming up. I see
other traffic on the network.
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Monday, October 06, 2003 10:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] OT Received Packets
I would guess that i
Hey all.
This is my first post to this list - just found it today.
I'm having a problem with a W2K3 domain (WinXP Pro WSs) and I believe
I've done something to some setting in Active Directory to cause it,
but I can't figure out what.
Basically, None of the machines in the domain will run Windows
Hi All:
At least around here, Robbie's "Tuna book" has yet to hit the shelves. And
Microsoft's whitepaper on delegation is still a month away. Other references on
delegation appear scant at best. So here's the problem that I have been tearing my
hair out on (and I didn't have much to sta
Just wanted to say thanks to all for the comments / scenarios. much
appreciated.
-Dave
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Monday, October 06, 2003 9:23 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Exchange 2k ?
Same forest different domain should work fin
Well Event ID had this to say.
Toddler
Event ID: 40960
Source LsaSrv
Type Error
Description The Security System detected an attempted downgrade attack for
server . The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service th
We have been experiencing some issues with several client computers. Most of the time
the issues revolve around users not being able to log in, with the message coming back
as "Account has been disabled." This seems to happen more on Windows XP Pro than
Windows 2000.
Our environment:
Nativ
Okay folks, with reckless abandonment I have tested and then implemented
this solution, so far so good. I appreciate everyone's help on this
matter. I wish all lists were near as good as this one.
Thanks again,
Travis
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Friday
17 matches
Mail list logo