My first guess at this, Rocky, is that it's nothing to do with the FSMO role
of the machine at all. Without having more detail (read: LOTS) of how your
environment is configured, I'd have to say that it's likely a Network Browse
issue.
Try having a couple users run an 'NBTSTAT -RR' from their
Really, it uses neither. The NetBT is involved, but because we are on (at
present) untrusted domains and forests, WINS isn't going to work.
Typically, this is done with an LMHosts file in the \Drivers\ETC directory.
The records are going to be very specific, as they will define the domain of
the
This,
too, has been my experience with Windows Server 2003 in a SAN (EMC)
environment.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Jessop
Sent: Tuesday, August 09, 2005
9:19 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: quick
for this to
work?
or if NetBT is involved, can you just configure your wins servers to
replicate? I thought wins replication had nothing to do with NT
security. you just enter the ip of the partner servers...
Thanks
On 8/9/05, Rick Kingslan [EMAIL PROTECTED] wrote:
Really, it uses neither. The NetBT
Certainly it is possible. And, it's not overly difficult to DO, but the
upfront planning that SHOULD be done can be tedious.
Remember - this is the schema.
My opinion - and it seems to be free today (as if I've ever been afraid to
give it...) - This is a job that just screams SQL server.
I
Justin,
I know we go off-topic at times, but I suspect that VB assistance, not
related to ADSI programming, might be stretching it a bit.
That's just my take.
There are forums and newsgroups (the VB NG hosted by MSFT for one) that are
going to be much more responsive to your need in this case.
Correct. Effective permissions for anyone who is a member of Domains Users
is READ on the files in the folder.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Tuesday, August 09, 2005 1:00 PM
To:
@mail.activedir.org
Subject: RE: [ActiveDir] OT: VB Programming in Access
Where can I find that forum
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 09, 2005 1:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT
As well as the folders in the in the folders right?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 09, 2005 2:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] NT 4 Permissions
Correct. Effective
Bob,
Make no mistake - I'm really not a fan of allowing Act as part of the
operating system or the Impersonation privilege.
That being said - from the work that I have done with other web developers
needing access to SQL or application servers, constrained delegation is the
best method that I
]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 09, 2005 9:35 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD migration
Tom,
The solution that I gave you is the only one that I know of. If you are
able to get DNS to work (doubtful) or are able to get
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 09, 2005 12:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD migration
Really, it uses neither. The NetBT is involved, but because we are on (at
present) untrusted domains
it. I just wanted to make sure there was no
cross up.
Thanks!
Joe K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 09, 2005 4:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Kerberos Delegation
Bob
. There aren't any ACLs, firewalls that are in the
way of these servers.
Thank you for your time!
Jennifer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, August 07, 2005 12:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 09, 2005 2:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD migration
U Well, one - I like simplicity. Two, I'm not a big fan of
WINS.
If all we're trying to do
joe,
You hit the nail on the head with what my problem is with this whole thread
- we're dumping crap into AD that really doesn't belong there.
Seriously, the data needs to be available to a SharePoint server and some
other apps, unless I read something wrong (wouldn't be the first time
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 09, 2005 2:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD migration
U Well, one - I like simplicity. Two, I'm not a big fan of
WINS.
If all we're trying to do
ir old resources? (like mail, files ,etc) If no access is allowed how
are you going to do that? Exmerge all mailboxes into PSTs en burn files on DVD
or something like that?
Cheers
#JORGE#
From:
[EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Sat 8/6/2005 7
Ethereal
no question. Get it at:
www.ethereal.com
Rick
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mayuresh Kshirsagar
Sent: Monday, August 08, 2005 9:45
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Problem
adding an Exchange User - An
Or, Rick
007 Pathetic
;op
-r
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Monday, August 08, 2005 9:11 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Biggest AD Gripes
Not at all my young Jedi, my MCNI # is 7
PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, August 07, 2005 4:46 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Branch Office Question
Noah,
Just my curiosity - what is the reason for disabling (or, wanting to
disable) the KCC? It's not a recommended practice unless you have
Title: DC replicating with deleted DSA object
Nah
no need to. They will go away by themselves as a normal part of the
tombstoning process. They are marked as deleted, which is just what the DS
needs to let it know its no longer functioning and should be deleted
from any references.
Given your retro appearance, maybe - but not likely. ;o)
So, just hold old do you put me at Dean? Would you believe me if I told you
I was born shortly after Kennedy's Inauguration (mere days)?
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, August 08, 2005 11:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:Gone Badly soBiggest AD Gripes
Given your retro appearance, maybe - but not likely. ;o)
So
Help me understand where I'm missing this (I've been in a con-call for 3.5
hours this AM...).
Isn't the registry backed up as part of the System State? And, doesn't the
registry pretty much make something 'hardware dependent' to some great
degree, just by its very nature?
I'm sure that there's
Not that
its necessarily BAD, but the one problem is that if the system that the ISTG
is on fails, then the ISTG is down for that site until the role
is moved to another suitable machine.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, August 08, 2005 1:55 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Biggest AD Gripes
Help me understand where I'm missing this (I've been in a con-call for 3.5
hours this AM...).
Isn't the registry backed up as part of the System
I'm thinking that he's saying that this isn't an option that is available to
him. I've run into exactly the same thing, as the Administrator of a given
system CAN be removed from the ACL of a given object.
Granted, going to the parent and FORCING the permission for the admin does
work, but it
: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Mon 8/8/2005 9:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Preferred Bridgeheads
Not that it's necessarily BAD, but the one problem is that if the system
that the ISTG is on fails, then the ISTG is down for that site until
Jennifer,
I haven't paid close attention to the thread or the issues that you've been
having - other than you had a problem getting it promoted.
I suspect that the cause is likely related. First, Network Browse uses a
completely different set of communication methods and the fact that you can
Noah,
Just my curiosity - what is the reason for disabling (or, wanting to
disable) the KCC? It's not a recommended practice unless you have a very
large number of links / sites / replication objects (and the number changes
to a significantly larger number in Win2k3 Functional), or the topology
http://web.mit.edu/redelson/www/media/banad.pdf
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, August 05, 2005 4:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT - The downfall of Novell and NetWare
Interesting issue. SIDHistory is not much of an issue, obviously.
Apparently, the users won't have access to the old forest, so it's of little
value.
I would suspect, as a 'from the hip' approach - given you limits you really
only have a .ldf or a .csv dump of the accounts that are to become a
Heh From a pure technical view, quite right.
However - that's where I started - NetWare 2.0 (I mean the FIRST NetWare
2.0). I still remember the proprietary servers that they used to
manufacture.
However, what really killed Novell was not the brilliant technical ideas of
Drew Majors (who,
on this?
Cheers,
#JORGE#
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Wed 8/3/2005 11:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] R2 Functionality - (Was Biggest AD Gripes)
Guido (and all, really)-
You bring up a good point. There seems
Title: Turtle Stationery
Specifically,
what the repair task does on Network Connections is synonymous typing IPCONFIG
/RELEASE, then IPCONFIG /REGISTERDNS
It really
is nothing more than checking the stack, ensuring that its
communicating, and in the event that you get your address from
:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday, August 03, 2005
11:35 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Net work
repair in XP SP2
Specifically,
what the repair task does on Network Connections is synonymous typing IPCONFIG
Guido (and all, really)-
You bring up a good point. There seems to be some misconception and
misinformation (BTW, no one here is doing the misinformation - just to be
clear) around R2.
When R2 is installed (or whatever this is going to be called when released -
it may be just Windows Server
:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, August 02, 2005 7:59 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Biggest AD Gripes
Scott,
Just to be clear (re: OU Password policy, etc), this only applies when a
user logs onto a local user account on that machine
Take a look at the ADPLus toolkit - it's used by PSS to assist in tracking
down weird Hang and Crash issues. It's very effective, and became a part of
my toolkit about a year ago.
http://support.microsoft.com/default.aspx?scid=kb;en-us;286350
Rick
-Original Message-
From: [EMAIL
Blank for
me too..
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, August 02, 2005
9:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: new
job
Is something wrong with the list or is it
just me? This is the second
You're apparently getting the text for the posts that come to me blank.
That at least would account for the lost text, as energy must go
somewhere
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joseph B. Luptak
Sent: Tuesday, August 02, 2005
Right off the top of my head - Startup and logon scripts work beautifully
for this purpose.
However, that's a 10 second comment - there might be more ways. If I think
of it, I'll let you know. However, I can't recall (again, OTOH) where the
environment variables are stored - which might
Title: Account lockout
You might
also check servers that you have RDP or TSed into and disconnected
instead of logging off. Those, particularly, confound me on occasion.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jake Stabl
Sent: Tuesday, August 02,
Scott,
Just to be clear (re: OU Password policy, etc), this only applies when a
user logs onto a local user account on that machine - and not when a user
logs into the domain from that machine. Yes?
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Joe said:
WHY??? What do you feel
the benefit is?
In my experience, its been not what *I* think the benefit is its
more about what management WANTED for reason A, or reason B, or whatever
whacked business justification that they had.
Im not much into creating trees for the heck
Steve - David is not talking about a Cisco (or network layer) related
network trick. This is at the site, or more appropriately, subnet object
level. And, this should not prevent you from doing this on the public
scope.
Consider that one of your public IP's is 12.30.10.0/24, for example. If
* solution vs. some
hack.
Steve Schofield
- Original Message -
From: Rick Kingslan [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Sunday, July 31, 2005 11:47 AM
Subject: RE: [ActiveDir] turn off replication to a DC in same site
Steve - David is not talking about a Cisco
U
not in my experience.. shrug
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Saturday, July 30, 2005 2:12
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] GPO to
enable a service at restart
Does fast user switching
work on
Devan,
I'm still poking around for a more authoritative answer, but I don't believe
that there is a 'server side' setting for changing that behavior.
To really understand why, think about who needs to authenticate with who.
It's not the server starting the conversation ;o)
Rick
One thing, and one thing only that I can say to this:
You cannot be responsible or be expected to run or manage this environment
until you take control of the DCs and REMOVE any other principal from ALL DC
and Exchange related groups - and add yourself to these groups (at least
initially - we can
Security Config Agent Not sure on that. Do you mean the Security
Config Wizard? If so - nope - none at all.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown
Sent: Wednesday, July 27, 2005 10:42 AM
To: ActiveDir@mail.activedir.org
emulator to the DC that has the IP helper pointed to it
and that became the browser master.
I think that will fix the problem.
Thanks,jb
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, July 26, 2005 5:07 PM
To: ActiveDir
Emphatically - PLEASE do not do this. One - it's not the cause of the
problem. Two - you may as well not have the firewall active at this point.
Those ports are the most common attack vectors.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Jason,
Is the machine listed as the M-B a workstation or a server? Are there any
servers on this subnet?
What I'm getting at is workstations get shut off - servers typically don't.
In the past I've disabled workstations from becoming master browsers to
avoid just the problem you're seeing.
that just force an election?
jb
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, July 26, 2005 2:16 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood
Jason,
Is the machine listed
The pecking order is based on the newest version of OS, and SP1 trumps
(wins) over the Gold RTM of the OS. So, in this example, Win98 wins over
Win95, Windows XP wins over Win98, and Windows XP SP2 wins over all of the
workstation OS's. BTW, SAMBA plays in this arena as well, but I don't
recall
MOM can
do this as the events that you decide to capture are written to the
database. And, with some SQL scripting or custom tools, Im fairly
certain that the info can be ripped out of the MOM DB. However, it really wasnt
designed to handle masses of raw audit logs.
However
(previously
Tom,
Again, I completely grok your concerns with the kids and the family. I have
the same concerns, but - much like Robert noted, it's a motivator to excel.
Now, as to your concerns of losing skill. One, that's up to you. Two, my
experience with bigger companies is that you're not going to
] de la part de Rick Kingslan
Date: jeu. 21/07/2005 22:20
À: ActiveDir@mail.activedir.org
Objet : RE: [ActiveDir] Delegation of privilege
You honestly have two real answers in my book joe currently has one
book (in process) - and chapters in others. :o)
When he uses the phrase above, he
Tom,
I'll address the satement in the handbook. I'd be concerned if it was
stated that matter-of-factly. My experience is that most companies approach
your status with them as at-will work ethic.
At-Will simply means that there is no implied guarantee that the company has
to maintain you (IOW
Tom,
Make no mistake - you are experiencing many of the same 'fears' that I am.
I have a BIG responsibility as I take on assignments here for Microsoft.
The first question that I asked myself is Am I REALLY good enough?
The first thing that I was told by my boss was You have some couple hundred
How about
VMWares site? They have hosted a number of NGs for some
time now.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, July 22, 2005 1:08
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Virtual
Server
More
info:
The VMware nntp news server is at news://news.vmware.com. You
will need to configure your news reader to access the VMware server at
news.vmware.com.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, July 22, 2005
Title: Site link costs
Cathy,
My
approach to sites, site link objects, and topology overall has been to look at
the physical/logical layout of the network as it pertains to the Layer 2/Layer
3 communication.
Remember
what were telling AD with Sites, Subnet objects, site links, etc
Title: Site link costs
Charles,
Just so
that were clear did you kill off the KCC to prevent it from
creating any replication links (connection objects)?
Rick
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Carerros, Charles
Sent: Thursday, July 21, 2005 1:36
infrastructure. It's a slow painful process :-).
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Thursday, July 21, 2005
11:27 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Site link
costs
Cathy,
My
approach to sites, site link objects, and topology
joe will undoubtedly reply, but here's a couple of things to consider.
You've looked at the AD SID for a computer object. Did you look at one for
a user or a group? What you SHOULD find is that the SID is going to share
some specific similarities. For instance:
You honestly have two real answers in my book joe currently has one
book (in process) - and chapters in others. :o)
When he uses the phrase above, he is saying - To my way of thinking, best
practices say you have two things you can do
English is a very strange language, and then us
best to improve my english :o)
Now it is time for me to go to the nextchapter of my
english training:Chap 3 Understanding metaphors :-)
Cheers,
Yann
De:
[EMAIL PROTECTED] de la part de Rick Kingslan
Date: jeu. 21/07/2005 22:20
À: ActiveDir
Title: Site link costs
AD just uses the DefaultSiteLink to
create connection objects if we don't explicitly create site links, right?
Correct.
we don't HAVE to create any site
links. While I think our experience is showing that we probably should, they're
correct that we don't
I agree with Dan that the obvious problem is that each time the startup
occurs, the REG ADD will run - causing added latency.
But, programmatically you can reduce the time by checking to see if the
desired value exists - and run the REG ADD only IF the desired values don't
exist.
Rick
Is it the same user that is logging in - i.e user logs in with a roaming
profile and gets the 'classic' look. Same user logs in with local, and gets
Luna.
Would that be a correct summary, or is it different users with different
results?
Rick
-Original Message-
From: [EMAIL PROTECTED]
Jose, I respectfully disagree. RAID 0+1 is a mirrored array with segments
that are RAID 0 arrays. RAID 0+1 has the same level of fault tolerance as
RAID 5. If a single drive fails, the array becomes effectively a RAID 0
array.
RAID 10, on the other hand, is an available standard on many
the heck does
THAT really mean?
Look, if you will, at the name. RAID 0 - a stripe, then +1, a mirror. RAID
1, the mirror pair, then +0, a stripe.
Simple, huh? ;-)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday, July
at IBM
supporting the engineers that invented the stuff.
MCP+I, MCSE, NT4 MCT
www.ntea.net
www.tvnug.org
www.sfntug.org
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan
Sent
support raid 10(1 +0)?
Thanks
btw, i'm nobody but i always was told there is a difference between raid 10
and 0+1
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 7:12 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WAY OT
Sometimes, we just refer to it as 'joe's list'
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, July 20, 2005 7:08 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT:
Man with all the OT's today I am wondering if
Echoing Eric to some degree, but adding my .02 worth - Auditing is a very
valuable, albeit time consuming, process. In my experience, the suggestions
for WHAT to audit have been spot on.
The problem ALWAYS comes in when one realizes the volume of data. It's been
said many times in Security
Nah - I just forgot to toss in the ':o)'. It was a total playful shot, as
some days I come home in the afternoon from a long day at work (wow - that
seems SOOO long ago) and there are - no kidding - 20 - 50 in a row,
posts from 'joe'. Each long enough to be a chapter in your new book.
BTW,
Sorry, Tom... THAT should have had a :o) in it too.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday, July 20, 2005 7:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WAY OT: Conflicting RAID terminiology
Sad day, all. James 'Jimmy' Doohan passed away. I'm sure most of you knew
this - I heard it first thing this AM.
The Engineer's Engineer. As a Kid, I didn't want to be Kirk (Yes - I
watched the show... I AM that old), though some days Spock was cool too.
But it was always the attraction of
Al,
One of the problems with the .ZAP format - it only executes the underlying
program for install - but cannot be executed with elevated privliges as it
is run under the user's context.
.MSI is much better, but is not easy to create them correctly and
effectively without some experience and
One caveat to this - if you are going to be accessing a network resource,
the default behavior is NOT to wait for the network stack to be initialized
before completing computer startup. The obvious problem of not being able
to AuthN the user or the computer against AD is handled via cached
Small correction - Alain, not Adam. Unless, however, there is another WMI
Guru out there with the surname Lissoir that I'm not aware of. Anything is
possible, I suspect.
;o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph
Sent:
Title: [ActiveDir] DFS Client for Mac and UNIX
At the
level in which you WANT to CHANGE the permissions, is the check box to inherit
checked or not? If it is uncheck it, copy or remove then add
or modify ACL / ACE as needed.
However,
Dan brings up a good point are you trying to do
With Remote Desktop, you are going to take over the machine (in the case of
XP) kicking off any logged on person in the act of taking over the machine.
Your access is the same as the credentials in which you login as.
With Remote Access, you need to receive an invitation and the user is not
still wonder how as an admin you can be denied RA access to a box or need
permission. is it a local system thing?
thanks for all your help and sorry to bore you with my issues.
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 14, 2005 1:51 PM
To: ActiveDir
. is it a local system thing?
thanks for all your help and sorry to bore you with my issues.
-Original Message-
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 14, 2005 1:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Remote Desktop vs. Remote assistance
Dean,
My process
(and I highly suspect that Brains will be the same) is that I have a
base MEMBER SERVER image of Standard and Enterprise
under our VLK (well, this would all be past tense now, I guess). I
deploy the base image of the selected version out to a system, then add feature
Of Rick Kingslan
Sent: Saturday, July 09, 2005
11:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Sysprep
Win2k3 Servers...maybe a DC?
Dean,
My
process (and I highly suspect that Brains will be the same) is that I
have a base MEMBER SERVER image of Standard and Enterprise under our
Antonio,
At the time that you decide to introduce Windows Server 2003 DCs into an
existing Windows 2000 domain /forest, there is the initial requirement to
upgrade the schema.
You must run adprep /forestprep and domainprep to be able to support the
inclusion of a 2003 DC.
However, running
I would strongly advise against doing this. If there is nothing available
that can proxy the incoming requests, then the solution needs to be
re-engineered with Security in mind.
Given your industry, HIPPA is very, very clear on matters of accidental
disclosure when reasonable measures could
The ADSizer is still the 'first shot, best guess' tool for the newer
technologist working with AD. Given 3 - 6 mos. of experience with AD, one
should be able to determine for themselves what 'Best Practices' for their
given environment should be.
The basic problem with the ADSizer, as I see it,
How about: (and maybe not in this order)
1) Install a test environment - test patches before implementation
2) Patch half after compatibility and performance, then patch the others
within 48 hrs. (less, if you're feeling comfortable or the patch is of a
very critical and high risk category)
3)
promoted
to server administrator of about 30 servers. What would be the easiest
way to make sure a patch doesn't interfere with Exchange, SQL, IIS, etc?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, July 05, 2005 12:52 PM
No, not really. Up to the close date for inclusion INTO a SP (and there are
LOTS of factors that affect what does and doesn't make the SP) will be in
the SP.
If we assume that the close date for a given SP is D\M\, and the SP is
SPx, then any patch released after the date is either post SPx,
:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Windows 2003 Shadow Copy
We are using an AX100 EMC external device.
Thanks
Jenn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, July 04, 2005 4:12 PM
Jenn,
New to me, I have to admit. I haven't seen that behavior - nor have I
specifically tested for it, either. I might be able to look into it a bit
further, if I can find a suitable external.
Now, when you say EMC, are you saying like a SAN or a NAS head? Or,
something not mentioned?
Rick
Steve,
As someone who knows quite a bit about AD and LDAP, but am just now getting
my arms around the Exchange juggernaut (there is s much more to know
than I even imagined I am awed by Exchange Guru's much like I'm
sure that they are awed by us) I'd wonder if this could be written
101 - 200 of 1005 matches
Mail list logo
