Mark,
This may be a bit bizarre, but are you certain that when you restored the
DCs that the passwords of the accounts went with them? I'm not certain why
this might have occurred, but remember that there is an account restriction
that would apply that REQUIRES a password for all principals.
(Caveat - I didn't go read the article fairly certain what this is
about)
I've implemented something quite similar to this in my environment - except
I did it quite a bit differently - and, I think that it's a very viable DR
and near-line recovery solution.
What we did in our Enterprise was
Desmond here on the list. He's
sys admin / designer / all around 'good guy' with a school district in
(Chicago???). He's been there, done that with what you are doing.
Good luck!
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights
Title: Re: [ActiveDir] delegation not working on Win2k AD
I agree with many of the other posts here
a domain level is likely the correct area to do this, simply because the usual
location for a joined computer is the Computers Container not an OU.
If they dont have access to the
If youre concerned that there might
be a problem I dont see any real value in taking a chance.
I tend to treat DCs much like tin soldiers. Their purpose
in life is primarily object repository and authN. If the object
repository cant be trusted (possibly out of date) then the authN
Nope - it's still in beta. Final stages, but still not released.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, May 13, 2005 10:29 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Audit Collection Services
I thought it was dropped - maybe not, however. I seem to remember seeing in
- I think - one of Paul T.'s write-ups that the ACS piece in R2 had been
dropped.
For now - at least.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet
Sadly, the beta for ACS has been closed for a VERY long time. This close to
what might be a release, I suspect that there will not be any opportunity to
get in on the beta.
However, check with your local MS folks and see if they can get you the
bits.
-rtk
-Original Message-
From:
Right. And joe thinks I asked this question because I didn't know. ;o)
There are interesting idiosyncrasies with the built-in and default groups
that are not well understood.
This was the real reason that I was bringing up the discussion - to
hopefully ferret out some of the interesting and
Details, details.
However, I think that it was actually fixed is SP3, no?
;o)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Santhosh Sivarajan
Sent: Wednesday, May 11, 2005 10:30 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir]
AND - in addition to what Jorge and Deji said:
Target Domain technically needs to be in Native mode to support sIDHistory.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: Thursday, May 12, 2005 12:39 AM
To: '[EMAIL
Honestly, I found it a bit of a surprise as well. However, there must be
something in his background or his talents that lend him to that end.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Monday, May 09, 2005 3:01 PM
To:
[1] In shorts.
Bugger off, joe.
;op
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, May 09, 2005 3:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] All - OT (and drifting further away)
LOL. Rick are you still
And, from personal experience in our Enterprise, I can absolutely guarantee that
what Darren says is true. I, too, had a problem where policy parts and
pieces were getting applied. Looking into it, if I ran GPResult/RSoP, I
could see that more and more was being applied on each reboot
on the MVP private server specifically where we can submit for
changes in KBs, they are very responsive. Take a peek, if you can't find it,
let me know and I will dig out the actual name.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
~Eric,
If
you have a policy out there resetting the local admin password, how are you
storing the new password in the script?
Fully admitting I havent delved
deeply into this. As a parameter to the script passed from the GPO
settings on a Startup Script object?
-rtk
From:
Completely in my opinion
Completely MY opinion.
Dude - you need a blog worse than most anyone I know.
joe, you have these wonderful, concise, often controversial dissertations on
subjects of importance. And, often times they are hard to find and
sometimes unavailable to non-members of this
I can ABSOLUTELY guarantee that it's the _kerberos records that are
responsible for the AuthN locator.
Consider a keen little problem I ran into this week. I've got a site that
has member servers and user machines authenticating anywhere they want to -
across our 50-some odd sites.
After
Of course LDAP is going to be used, as there needs to be a protocol that
knows how to find the authenticating DC.
However, not to confuse any issues here - LDAP is not and authenticating
protocol in any way, shape or form.
Jorge, just want to be sure that you know that I know you weren't
The last I heard, newsid wasn't something MS supported the use of.
But, it works and it seems to be very good at following the rules.
Of course, I haven't seen a statement of support out of Redmond on adfind,
either :o)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
:o)
Good to hear from you, Missy. Even if it was meant to be a private message
to Deji.
Keep in touch, would you?
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert
... I don't think this
stuff is locked down to just AD ORG members.
Regardless First public posting of this URL... http://blog.joeware.net/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, May 08, 2005 1:01 PM
Al,
Can and Will are two different things. Knowing Brett and his, shall we
say, feisty nature - anything is possible. :o)
Brett - what's the Xbox game of the week, BTW?
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday,
Sent: Saturday, April 30, 2005 4:13 AM
To: 'Rick Kingslan '; '[EMAIL PROTECTED] ';
'ActiveDir@mail.activedir.org '
Subject: RE: [ActiveDir] primary and secondary dns question
In addition to what Rick told you...
Win2K DCs in a forest root domain (the first domain created in an AD forest)
should
/default.aspx?scid=kb%3Ben-us%3B291382
WINS - Honestly I'm not so sure. I suspect that I would do the same, more
because I have a lack of real evidence one way or another.
I know of potential issues with DNS settings, WINS - not so much.
Good luck!
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP
Functional level.
This will kick in the much more optimized AD Replication.
HTH!
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
The debate on this topic seems to rage on. Russ, the issue is one of risk.
How much control or access are you willing to give folks on your DCs?
This is the same discussion that joe and I have had on more than a couple of
occasions. Me, I'm a bit more willing to delegate out authority to do
Joe
Run into this issue all of the time.
Usually, it has to do with an application or some other application / process
that either uses or caches the users credentials. If the password
is changed, the application or process needs to be changed as well.
My recommendation: The Account
Title: Message
So, joe and Joe is this
indisputable truth that weve been looking for that NTLM is a required
part of the Kerberos authentication process?
:-D
(Joe, just ask joe.. trust me..)
-rtk
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent:
. Their technical knowledge is limited to
understanding how to use the the available security tools, not necessarily the
concepts and the guts behind them.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, March 08, 2005
11:10 PM
To: ActiveDir
more and more like I am going to have to actually earn my first
million.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory
to really know anything about AD other
than this person can do A job with these rights in AD.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, March 08, 2005 4:21
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Problem:
Limit Domain Admins and Administrators
Yeah, thats been discussed a few
times here. One of the issues that you run
joe
Great answer in a perfect world.
Great answer in the joe-run world. Id like to do the same, but its
kind of funny that the guys I cant really trust, the company still
employs because I cant get evidence that is going to get them fired to the
degree in which HR is not going to spend
The Cat Book rocks. Actually I should get royalties for that one too, I
have made a bunch of people buy it
Here we go again
-rtk
P.S :p
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, March 07, 2005 11:11 AM
To:
It's the best Nuts and bolts book on programming to AD that I've got on the
shelf.
Active Directory Programming by Gil Kirkpatrick
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, March 07, 2005 11:19 AM
To:
Oh, and mine's signed! Thanks again, Gil!
:)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 9:16 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP
It's the best Nuts
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, March 07, 2005 10:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory and LDAP
The Cat Book rocks. Actually I should get royalties for that one too, I
have
will probably weigh in this as well.
Joe K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, March 05, 2005 10:57 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] ADAM - Clarification
All -
We have a Web Portal solution
for authorization purposes.
My $0.04 anyway,
al
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, March 05, 2005 11:57 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] ADAM - Clarification
All -
We have a Web Portal
] On Behalf Of Rick Kingslan
Sent: Sunday, March 06, 2005 11:38 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] ADAM - Clarification
Joe,
Thanks for the feedback. This is pretty much what I had concluded,
after
doing some testing last night after this bugged me to the point that I
WTF?!?!? Has this list sunk this far?
However, I should know better. It's joe, Al, and Deji.
Never mind all. False alarm. Nothing odd going on at all.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, March 06, 2005 12:29 PM
To:
for
SASL bind. Is this an option?
The bottom line is that I want to use ADAM, but have run into this brick
wall. What options do I have, as I've exhausted the resources that I have
at my disposal, at this point in time at least :)
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server
If you have only one Enterprise admin account,
and only one person who knows the credentials for that account, then there are
some large organizational risks if something happens to that one person.
True one is really asking for a
disaster at this point.
My environment two EA
Noah,
Your options are pretty limited if you don't have access to WU, WUS or SUS.
The options really do come down to applying each patch, potentially
rebooting between each of the patches. If you don't reboot, you run into a
potential issue in which the bits from patch A are over-written by
Hmmm. OK, I'm inclined to agree, but aren't DA's and EA's governed by the
same set of ACLs and ACEs applied at specific levels of AD as any other
user?
IOW, can't I remove the Allow from DA to Create / Delete User Object?
Right. AdminSDHolder is going to change it back on its rounds.
And
are as the delegation person, it all comes
down to how good the DA is.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, February 22, 2005 8:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Is it possible ? deny
if the code is not
kernel deep and not critical to the running of the OS.
Others will obviously weigh in here. Hopefully, one of those folks will be
~Eric, with his clearly 'insider' info on what the overall direction in this
area is.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows
that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Sun 2/13/2005 6:59 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [Dreadfully OT]: Interesting little tidbit
Hallucination
Title: Message
You havent met Dean face to face,
have you? VBG
Just kidding, Dean
-rtk
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Monday, February 14, 2005
8:27 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Two
Yep - you can be sure that I'll be taking on a role of 'enforcer' ;o)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, February 13, 2005 11:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] VERY VERY OT: DEC and
Justin -
I'm going to try again because, IMHO, you're working WAY too hard at this
one problem.
My current preference -
http://www.kewlit.com/whoami/index2b.html
Great for the Data Center boxes connected via KVM.
If you haven't looked at this tool - you have NO IDEA what you're missing.
.
http://www.colinux.org
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
List info
Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Sun 2/13/2005 1:08 PM
To: ActiveDir@mail.activedir.org; 'MVP
of
program to program corruption.
If you want more info see here. http://www.webdevelopersjournal.com/archive/win95.html
I remember Greg from the Chicago (code name for Win95) beta days, and
thought he wrote an article or two.
Hope this helps.
Rick Kingslan MCSE, MCSA,
MCT, CISSP
CHILD1\Domain Admins
JOE\$jricha34
JOE\2K3DC01$
JOE\2K3EXC01$
JOE\2K3EXC02$
JOE\2K3UTL01$
JOE\Domain Admins
JOE\Enterprise Admins
JOE\FASTMOFO$
JOE\Schema Admins
NT AUTHORITY\SYSTEM
joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday
Nope Rick's going to DEC Thought joe wouldn't miss it. Apparently,
I'm quite mistaken.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, February 10, 2005 10:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Sadly, no - from what I've seen so far. But, the value of the tool still
far exceeds the cost, even with the inconvenience that you correctly state.
However, I don't know if a new version is being prepped for the SP1
timeframe, either.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Tue 2/8/2005 9:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
Where the hell have _YOU_ been, you little over-cooked Swede?
:OD Great to hear from you!
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy
Sent: Wednesday, February 09, 2005 6:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Tom,
If I do an nslookup against sales.charmer.com, I get the SOA with no
problem. There are no other records in that zone, but it responds.
Are you running AD integrated? If so, can you temporarily change it back to
Primary and cut and paste the .dns file for sales.charmer.com out to us to
-in
Defragger and Clustering
That did sound like a silly superstition
to me. Anyway, do you use the built-in defragger to defragment your shared
cluster drives?
Dan
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday, February 09, 2005
12
Login script won't work. It would have to be a Startup script. Startup
script runs under LocalSystem, while the context of the login script runs
under that of the user who has just logged on - typically with noting more
than Domain User rights. Of course, Domain User won't be enough (I hope!)
Security filtering to groups of users is the best way to accomplish this.
Put all of the administrative context users that you DO NOT want this to
apply to into a specific group. Ensure that the READ and APPPLY Group
Policy are not enforced.
However, in most Citrix applications that I've worked
Dan,
Been working with Clusters for a number of
years, and I have never heard of this. I can ping a couple folks, but I
cant surmise what the problem would be. If data is re-ordered, the
disk is going to work fine one way or another.
-rtk
From:
[EMAIL PROTECTED]
Yeah I agree with Darren on this
one. Picture the Yeknom Inc. (CareerBuilder.Com) commercials that aired
during the Super Bowl. Picture a gray-haired Monkey standing in his
chair, and a younger chimp kissing his butt.
Yep American Capitalism at its
finest.
-rtk
From:
Nathan,
I'm quite certain that if you contact the local Microsoft sales office in
your area, they will most likely fall all over themselves in getting a
presentation to assist you on this.
I know for a fact that they have more than a couple on just this topic.
-rtk
-Original Message-
Id load NetMon or Ethereal on both
machines and capture the traffic. Filter on the names / IPs of the two
machines involved, just to reduce the noise to just the important bits.
I suspect this will most likely uncover
the problem much quicker than anything else you could likely do.
Brian,
I think the most important issue to take into account with this is one of
perceived or real confidentiality. The technology of SMTP is not, nor was
it really ever, designed with confidentiality in mind.
S/MIME - different story. This is a solution to the SMTP issue.
So, if one wants
Title: Message
Doing
this for multiple groups is trickier. No doubt it can be done with batch
commands but I'm not the one that could do it.
Pose that one to Dean. Ive
never seen keener DOS or CMD batch scripts in my life (sorry joe
including you) ;o)
-rtk
From:
You CAN, but 'FIND' has nowhere near the 'fun' that grep does. Have you
ever seen an entire BOOK written on 'FIND'?
;p
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, February 07, 2005 12:37 PM
To: ActiveDir@mail.activedir.org
Sakari,
To echo the one phrase from Microsoft that, I personally have flat gotten
sick of, we can likely expect to see your next edition In the LONGHORN
TIMEFRAME
;o)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sakari Kouti
Sent: Monday,
Jason,
I'm sure that there's a good reason for not wanting to use the enable screen
saver option, but I'm curious as to why you want to do that actual
LockWorkStation function. Is it an academic exercise, or is there something
more to it?
Just simply curious...
-rtk
-Original
manager
I doubt that the task scheduler can run a shortcut... Shortcuts are a
shell function. Can you run the .exe directly from the scheduler instead
of running the shortcut?
-gil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent
:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, February 07, 2005 2:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Using GPO's to force a Lock Workstation in
conjunction with task manager
Jason,
I'm sure that there's a good reason for not wanting to use the enable
screen
that was worded.
~Eric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, February 05, 2005 10:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Extranet for WSS?
Me, I'd go the AD/AM route. AD/AM supports both
what MS does for their partner extranet that uses WSS.
Joe K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, February 05, 2005 10:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Extranet for WSS?
Me, I'd go
exactly what MS does for their partner extranet that uses WSS.
Joe K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, February 05, 2005 10:31 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Extranet for WSS
Me, I'd go the AD/AM route. AD/AM supports both a mode for saving the
password hash info for user objects, or - and my preferred method for authN
from an external repository to AD - DS-Proxy-Bind mode in which the user
object in AD/AM has one key attribute - SID of the object to auth against in
Dell DRAC and RAC as well as IBM RSA will do similar
funtions - as well as shut it off cold, and start it up -
remotely.
-rtk
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
DesmondSent: Monday, January 31, 2005 3:55 PMTo:
ActiveDir@mail.activedir.orgSubject: RE:
] On Behalf Of Rick Kingslan
Sent: Thursday, February 03, 2005 2:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada
However, there is one small problem - no one else wants to to see you
_WITH SHORTS ON_!
:p
-rtk
-Original Message-
From
and Vancouver/Canada
come on Rick - I'd really enjoy watching Joe race down the Whistler mountain
on a snowboard _with shorts on_ ;-))
/Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Thursday, February 03, 2005 2:01 AM
To: ActiveDir
However, there is one small problem - no one else wants to to see you
_WITH SHORTS ON_!
:p
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, January 31, 2005 11:06 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
In our dealings with this inmy environment - which
has just learned that sticks and stones do, in fact, exist - legal standings in
relation to Federal law is pretty much untested. In fact, any disclaimers
tied to specific sections of the Electronic Communications Acts, are most likely
great
Title: time server
Mark,
I've got a number of Avayas (S8700's) at work. I can
check with our on-staff Avaya folks, as I know that they are synching time
internally. However, I think that it's going back against our AIX
systems.
But, as to it being Linux - it's how you order the
modules. I
Ummm, yeah - I do.
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Friday, January 07, 2005 5:22 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Forest trusts vs trusts within forests
Does nobody but me like or even prefer
Dean, joe - you were right. Brett did, and does - have an opinion. His
opinion, as it seems from this is, that you should bloody well go stuff
yourself elsewhere, and do the job yourself.
However, I *might* have read it out of context...
Regardless, Brett - it's always great to hear from
is saying is to capture the traffic BEFORE it gets to the
switches. All of your traffic is going to have to go through some Layer 3
device. Once it gets to the switches, your opportunity to capture it has
just diminished to pure chance.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows
Dan,
Are you looking to get the names of all of the DC's in a given domain or
forest? And, as to Primary/Secondary, as of Windows 2000, that really is
not a concern any longer. Each DC is a peer, read/write, but one does still
hold a Primary Domain Controller Emulation role (PDCe, for short).
Travis,
Currently, the only solution that is available from Microsoft is a nascent
and very hard to implement technology that is focused on Remote Access and
VPN for your users and clients from home and in the field. ISA Server 2004
bolsters that further, but is still not the complete package
, Rick Kingslan [EMAIL PROTECTED] wrote:
If we're speaking of a hub rather than a switch, you can plug in to
any port and sniff the traffic. A hub runs at the physical layer,
while a switch operates more at the MAC portion of the Data Link of the
good old OSI stack.
A switch is designed
on a different DC for GP editing, well, then they won't see any Admin.
Template policy options when they open a GPO.
Hope that helps
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, November 26, 2004 8:43 PM
To: [EMAIL
!
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
List info : http://www.activedir.org/mail_list.htm
List FAQ
You know, I think you *could* get that job with Microsoft. Until I saw this
response, I doubted it - but you've proven me wrong once again, joe.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, November 16, 2004 11:12 AM
To: [EMAIL
Yeah, it seems that the current cycle that they're on is either 15 minutes
or 6 months. In fact, I'm surprised that you've even heard of Longhorn,
Roger
-rtk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad
Sent: Tuesday, November 16,
INTO that restricted set through the
Security GP setting, the user will be re-applied.
I'm somewhat surprised by your experience with Restricted Groups, as I'm
using it very effectively in our 25k seat environment.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Mon 9/27/2004 5:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Bizzare problem
Huh. I hate to say, nope - that's not the way it works, but I guess what
else should one say? It apparently is working that way in your environment
, or the
config of how you have this set up to be able to help.
Rick Kingslan MCSE, MCSA, MCT, CISSPMicrosoft
MVP:Windows Server / Directory ServicesWindows Server / Rights
ManagementWindows Security (Affiliate)Associate ExpertExpert Zone -
www.microsoft.com/windowsxp/expertzoneWebLog -
www.msmvps.com
And - it's scriptable, too. Assuming that you're not
interested in doing any WMI scripting
-rtk
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben
FreemanSent: Friday, September 03, 2004 9:28 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Local Area
Connection
For cripes sake, joe - can't you just give a simple one or two line answer?
Somebody asks you what time it is, you're still engaged two hours later
detailing the equipment needed to create the gears of the watch..
;op
(luv ya, bud!)
-rtk
-Original Message-
From: [EMAIL PROTECTED]
301 - 400 of 1005 matches
Mail list logo
