Have you configured your AD Sites properly in AD Sites and Services MMC?
Cheers
Ken
From: [EMAIL PROTECTED] on behalf of senthil Kumar
Sent: Sun 28/01/2007 9:32 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Changing Logon server authentication !!
Sorry - that should be AD Sites and Subnets...
Cheers
Ken
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: Sunday, 28 January 2007 10:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Changing Logon server authentication !!
Have you
DNS only maps names to IP addresses. It doesn't do anything with respect to
paths.
You could point the hostname webi to the same IP address as the host
nzine33svr and configure your web server software to accept requests for
either HTTP host header.
Then, to redirect the user to the correct
Yes - I have a Dell Precision that has 4GB RAM, and which has had both Vista
x86 and x64 on it and it doesn't BSOD.
The issue in the KB seems to be with devices that use DMA and you have more
than 4GB of RAM. That used to cause issues on XP as well (which is why I
believe SP2 for XP limited the
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT: Vista BSOD with more than 2GB of RAM
I didnt configure the memory dumps for this machine. I assume a kernel
dump is preferred over minidump? Either way I will check and let you
know. Thanks for the reply.
On 1/11/07, Ken Schaefer
talking about transitioning the protocol as well? e.g.
Client -- HTTP -- Your Website/PC -- RPC -- Domain Controller
Cheers
Ken
From: Michael B Allen [mailto:[EMAIL PROTECTED]
Sent: Tue 9/01/2007 5:24 PM
To: ActiveDir@mail.activedir.org
Cc: Ken Schaefer
Subject
I'm not sure what NTLM SSO Pass-Through is, but NTLM is not natively
delegatable, so you can't (in the normal course of events) use this to create
an account anywhere except on the local machine. There may be easier ways to
create accounts on local machines.
Cheers
Ken
token for UserA
:
: In this scenario - constrained delegation will work ok.
:
: Perhaps Joe was thinking of the docs which state you have to have the
: IIS
: Server and the AppServer in the same forest and domain?
:
: steve
:
:
:
: - Original Message -
: From: Ken Schaefer
://www.adopenstatic.com/cs/blogs/ken
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 20 December 2006 12:37 AM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Cc: Ken Schaefer
Subject: Re: [ActiveDir] Cross-Forest Kerberos Delegation
If I understand your
the
: plaintext credentials around between the tiers using basic auth/SSL and
: such.
:
: Joe
:
: - Original Message -
: From: Ken Schaefer
: To: ActiveDir@mail.activedir.org
: Sent: Tuesday, December 19, 2006 5:29 PM
: Subject: RE: [ActiveDir] Cross-Forest Kerberos Delegation
:
:
: Hi
Hi all,
I am looking at a slightly tricky situation, at least for me - I'm sure you
guys would find this a walk in the park :-)
I have a situation where there are two forests (2003 Forest Functional
Level). Each contains a single domain. One domain is a resource domain
(DomainB), and the other
Interesting that the client would be failing on that port.
In a normal RA session, where the novice asks an expert to provide assistance
(e.g. via Messenger or file etc), the novice's computer attempts to open a
connection to the expert's computer on a high-order port. If the expert's
computer
Comic Book Man
Best KB Article Ever
/Comic Book Man
--
My Blog: www.adOpenStatic.com/cs/blogs/ken
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Dmitri Gavrilov
Sent: Wednesday, 11 October 2006 7:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE:
Why do you need one sysprep image of all you DCs? Can't you just make one
sysprep image in total (and just add all the necessary drivers for each
model?). Alternatively there is an ADS image mounting tool you can use if you
need to make slight modifications to a captured image to cater for
Seems to indicate that the FE Exchange server is returning HTTP 400 (Bad
Request) in response to whatever is being sent from the client PC. The
httperr.log file on the Exchange FE server may have some further details on
why the HTTP request is invalid.
What you can do is enable logging on both
--- Original Message ---
: From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
: Sent: Tuesday, 12 September 2006 12:47 AM
: To: ActiveDir@mail.activedir.org
: Subject: Re: [ActiveDir] OT: admin account in Vista
:
: Yes Ken, I believe it is a departure to write down the
Is it a departure really?
I’m always pretty sure that the advice has been to avoid writing
down your username/password and storing it in an *insecure* location
(i.e. taped to your monitor at work)
On the other hand, if you write down the details and store it in
a
In line with Brians question
how is the OP reading the secret, and what are the differences between the two
servers (and DCs if there are different DCs involved)?
If you hook the functions that generate
the passwords and convey them to the DC, it would be possible to get this value
(in
Hi Al,
I’m going to have to disagree here. I’d wager that the average
programmer has a better understanding of writing code that has:
a)
proper specifications and design
b)
robust error handling
c)
strong typing
d)
etc
Of course, there are always
Hi,
Try these (if you dont get any better answers from the
gurus):
For just groups and their membership (batch file)
dsquery group all-groups.txt
for /f tokens=1* delims=} %a in (all-groups.txt) do @(echo GROUP:%a
dsget group %a -members) group-members.txt
For groups, type
I suppose there are several roles
that senior people could hold: some are managerial, some are architectural, and
some are deeply technical (i.e. high level support). Architects, in that taxonomy,
would do design work. Whereas a PSS engineer would probably spend more time
with a debugger
Can't your spyware just change/delete the host entries again? Or use an IP
address (or do you configure static routes for the subnets that the IP
addresses reside in that those host entries point to?)
Has this tactic ever helped anyone in a spyware-on-the-server situation?
(except possibly in a
TRUNCATE TABLE table
will be faster, especially for big tables. But this is going OT :-)
Cheers
Ken
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Thursday, 29 June 2006 3:05 PM
To: ActiveDir@mail.activedir.org
: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Ravi Dogra
: Subject: [ActiveDir] Event ID 20 :: KDC Certificate Error ::
:
: I am getting Event ID 20 :: KDC Error :: The currently selected KDC
: certificate was once valid, but now is
: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of James Eaton-Lee
: Subject: RE: [ActiveDir] IIS 6
:
: On Tue, 2006-05-23 at 10:59 +1000, Ken Schaefer wrote:
: : -Original Message-
: : From: [EMAIL PROTECTED
.
: The main site is registered with the external DNS(BIND), but the other
: sites are registered with internal DNS(AD) server. No forwarding.
: When
: in production all sites will use port 80 on the same server and
: register
: with ext. DNS server.
:
: -Z.V.
:
:
: Ken Schaefer wrote
: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Za Vue
: Sent: Tuesday, 23 May 2006 10:54 AM
: To: ActiveDir@mail.activedir.org
: Subject: [ActiveDir] IIS 6
:
: I have a web server running IIS6 hosting 3 websites-using host
and was walking behind me turning off
: that specific computer for delegation. Grr.
:
: -Brandon
:
: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Thursday, May 18, 2006 10:41 PM
: To: ActiveDir@mail.activedir.org
problem.
Cheers
Ken
:
: -Brandon
:
:
:
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Wednesday, May 17, 2006 7:45 PM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] [OT] IIS6 - Kerb/NTLM
!
:
: -Brandon
:
:
:
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Wednesday, May 17, 2006 7:45 PM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] [OT] IIS6 - Kerb/NTLM
:
:
:
: There's lots
Tom,
I dont want to seem rude, but this is something that
would take you 5 minutes to test yourself (e.g. in a VM). You could even
report your results back to the list.
Cheers
Ken
--
My
IIS Blog: www.adOpenStatic.com/cs/blogs/ken
Tech.Ed
Boston 2006 See you there: Everything
I've seen this happen occasionally on other lists, but I don't know if it's
the same underlying cause.
The original post is encoded in some way, and then the addition of the list
footer means that the post isn't properly encoded anymore. Some email clients
then display this as a blank post. If
,
:
: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Wednesday, March 15, 2006 9:55 AM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] internet explorer is frozen
:
: --- Original Message ---
: From: [EMAIL PROTECTED]
: [mailto
Hi,
For My Documents redirection, if you look at the second tab, there is an
option to not redirect the My Pictures folder
I know that doesn't help with My Music
Cheers
Ken
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Arnold Arce
Sent:
--- Original Message ---
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Subject: [ActiveDir] internet explorer is frozen
Internal explorer is frozen, I' m trying to access
an internal site but it shows connecting to site
and frozen.
DNS is working fine, what
Title: [ActiveDir] OT: Netlogon Service
For allwe know, someone
did exactly what you did (connect remotely using administrative credentials) and
disabled the services.
Do you have logon auditing enabled? If so,
have you checked to see who's logged onto the machine?
Cheers
Ken
From:
If this was working at some stage, then it's unlikely to be a certificate
issue.
I'm not familiar with this particular device, but since it's a Pocket PC
Phone device, there should be an option to turn on verbose ActiveSync logging
(via the ActiveSync applet). Turn that on, and look in
Title: Re: [ActiveDir] Getting better control over DHCP
I was under the impression it
was 802.1x. Your certificate is stored on the smartcard.
Cheers
Ken
From: [EMAIL PROTECTED] on
behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]Sent: Sat
2/4/2006 2:25 PMTo:
You have entered the command incorrectly. From the screenshot you have
entered ISSuba (there is a missing I).
The actual command you need to run is:
rundll %windir%\system32\iissuba.dll, RegisterIISSUBA
Cheers
Ken
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Microsoft's stated that out-of-band releases will occur if a patch is ready
enough, and there's reason to release the patch (e.g. an exploit circulating
in the wild). From what I heard today, regression testing is still being
performed on the patch they are intending to release.
Cheers
Ken
--- Original Message ---
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Subject: [ActiveDir] Enable Windows Integrated Authentication through GPO
: How does someone enable Windows Integrated Authentication
: through a Group Policy. You will find this on the
wonder why that is?
On 12/7/05, Ken Schaefer [EMAIL PROTECTED] wrote:
At the moment you have this line which does the copy:
if lcase(fso.getextensionname) = eml then file.move target
So, instead of doing the copy, check to see if the file exists at the target,
and if not do the copy
Call
Randomize() to initialize the random number generation algorithm somewhere in
your script, prior to the first call to Rnd()
Could
I suggest you get the Windows Script Host 5.6 documentation:
--- Original Message ---
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Thursday, 8 December 2005 7:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Help with VB script to map printers
: my WSH doesn't seem to like the double quotes I see some
At the moment you have this line which does the copy:
if lcase(fso.getextensionname) = eml then file.move target
So, instead of doing the copy, check to see if the file exists at the target,
and if not do the copy. If it does exist, rename the file at the source, then
do the copy.
If
10.13 has an expression builder for building your filters.
And ip.src==10.10.10.1 isn't that complex a syntax :-)
Cheers
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Wednesday, 7 December 2005 3:45 PM
To:
Hi,
Do not change any more values without an understanding of the root cause of
the issue. Do not uncheck that checkbox, and do not change the security zone
that the site is in.
a) What do your IIS logfiles say for the requests in question?
b) What do your event logs say as far as failed logon
) thanks for the auditing information - I turned it instantly on.
Thanks for the help.
Cheers,
Kat
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: Tuesday, 29 November 2005 10:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir
Did you say that you can ping the internal NIC by IP address or name from a
workstation?
If so, it would appear that you have TCP/IP running just fine, and you have
some other issue.
What you mean by Internally, using normal network protocols, I see nothing
of the server, AD, or anything. I'm
I'm confused here.
First you say that allowing .. and % is a risk. But you also say to tell the
client to remove URLScan.
Which do you recommend?
Personally the actual code in URLScan that protects you against
canonicalization attacks is built into IIS6 now - it's pretty much the same
code
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Subject: RE: [ActiveDir] Microsofts Exchange Server 12 64 bit announcement
One thing I find interesting is, who are these MANY of
companies that are currently running 64 bit and getting
great
There are any number of additional tweaks that may be implemented depending
on the environment.
This may involve revoking rights from specific groups or users. Setting
startup parameters for services etc. Sometimes one of the pre-existing MS
templates fits the bill. Other times you need a custom
Not a web resources, but I've found this MS Press book to be a reasonably
good primer. It covers hardware (to some extent), multiple levels of
hierarchy, developing your certificate policies etc.
http://www.amazon.com/exec/obidos/tg/detail/-/0735620210/
Microsoft Windows Server(TM) 2003 PKI and
Frankly my expectation from a file system that's marked as being robust and
enterprise ready is that you should lose nothing if the drive is almost
full, and the file system should shut down gracefully if the drive is full,
especially in normal situations.
Sysadmins should not have to worry that
Um, doesnt work that way (or Im
not understanding what you are saying to do).
DNS does name - ip address resolution
only. Nothing about ports. If you want wsus.domain.com to just work (no ports
included in the URL) then in IIS you need to configure a website to listen on
port 80 and
I think what Susan's trying to say is that:
The POP3 connector is just a transition tool that allows your SBS box to
collect mail for your employees up until you start hosting your own SMTP
server and receive mail directly (rather than collecting it via the POP3
connector from your ISP's
Susan - this looks like the NTP server (the DC) is rejecting the time request
from a client. I don't think anything needs to be configured on the server
Ravi - the IP address in your original message (that you blanked out). Does
it belong to a Windows 2000/XP client in your domain? Or something
If the machine detects domain controllers on the network, it'll use the
domain profile. Otherwise it uses the standard profile. You could have a more
relaxed policy when the machine is on the local LAN, and a tighter policy
when the machine (presumably a laptop) is roaming on non-managed networks.
Itll be just like any other group
policy setting. If they conflict, group policy settings over-ride local
settings. But you can either allow something to be not configured,
or you can enable those settings like allow local exceptions,
which allows users on the machine to make further
You have multiple DCs for redundancy. If one goes down, the others are still
available. And your domain (usually) keeps functioning without you having to
do a restore.
I'm not sure having FE/BE Exchange servers accomplishes the same goal. Most
FE Exchange servers do not have a copy the store in
:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: 21 September 2005 03:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Kerberos
Delegation
Odd.
If you use WFetch (its in the IIS6
Res Kit) or just plain telnet, and request a page, what WWW-Authenticate
headers are coming back
it within the context
of the NetworkService account, which means its going to present the server's
domain credentials.
Roger Seielstad
E-mail Geek
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken
Schaefer
Sent: Wednesday, September 21,
2005 11:45 PM
Odd.
If you use WFetch (its in the IIS6
Res Kit) or just plain telnet, and request a page, what WWW-Authenticate
headers are coming back? You should see:
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
(basically the webserver sends back a list
of the auth mechanisms it
I would also add that _vbscript_ itself is
(a) quite simple and (b) quite limited. Theres not much to learn, and
what there is to learn is quite simple. The power comes from being able to use
COM objects. But using COM objects (their methods and properties) is exactly
the same from within
anymore...
thanks. thats my story and i'm sticking to it :)
On 9/2/05, Ken
Schaefer [EMAIL PROTECTED]
wrote:
I would also add that _vbscript_ itself is (a) quite simple and
(b) quite limited. There's not much to learn, and what there is to learn is
quite simple. The power
into dsmod or
admod.
Thanks,
Brian
Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: Wednesday, September 21,
2005 9:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] disabling
users
One addition: IE will not attempt to
negotiate Kerberos Auth if is the site is in the Internet Security Zone (which
sites accessed by FQDN are by default). Add the site to the local Intranet
zone.
Some other thoughts: If NTLM is not
desired (i.e. Kerberos only), then you can set the
Hi,
Are you using the IIS6 Manager from the Win2003 AdminPak MSI? If so, then try
downloading and using this instead:
http://www.microsoft.com/downloads/details.aspx?familyid=f9c1fb79-c903-4842-9
f6c-9db93643fdb7displaylang=en
Cheers
Ken
: -Original Message-
: From: [EMAIL PROTECTED]
The original Password Change functionality used HTRs, and there was a buffer
overflow vulnerability in the ISAPI Extension that handled HTRs (ism.dll).
There's a download on the MS Downloads page that substitutes ASP pages:
http://support.microsoft.com/?id=331834
Change password functionality
Additionally, document the business costs/issues that arise later down the
track (if any). This will allow you to be prepared in case:
a) you need to push back against a similar suggestion down the track
b) this decision ever comes up for discussion again
Cheers
Ken
: -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MeWe
Subject: [ActiveDir] Integrating IIS and AD
: I have 4 servers..
: And 2 of them are running the domain. and the last 2
: is ment for IIS So here is my question, how do i
: integrade the
You may want to have Kerberos authentication all the way through, rather than
using Protocol Transition. At least in the IIS world, protocol transition
involves running your worker processes as LocalSystem rather than any other
account, which is yet another security issue you need to manage.
SCW does more than just configure the Windows firewall. It can change service
startup settings, configure registry keys around what auth types are used,
configure your local security policy settings (SMB signing, auditing etc),
and do an IIS lockdown. And it supports roll-back, so it's worth
Anything being logged in the SUALB-EXCH2 event logs?
Cheers
Ken
www.adOpenStatic.com/cs/blogs/ken/
: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Kern, Tom
: Sent: Tuesday, 12 July 2005 12:09 PM
: To: ActiveDir (E-mail)
: Subject:
You may wish to read this KB article:
http://support.microsoft.com/kb/331834/
Change password functionality replaced with Active Server Pages
which provides a set of ASP pages (even though they still have the .htr
extension) that implement the change password functionality, rather than
relying
What do you mean by a consolidated report? Just a listing of users and last
logon times?
This is untested (written straight into Outlook) so probably has a few bugs.
You could use something like this to get the DNs of all users in the
directory, and then (within a loop) use the code on the MSDN
Hi guys,
When, in AD Sites and Services MMC Snapin, one unchecks the bridge all site
links checkbox, what gets updated in the directory?
From what I can tell, this is stored in the Options attribute of:
cn=NTDS Settings,cn=site name,cn=sites,cn=configuration,dc=domain name
and we do an: existing
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Steven L Dunn
: Subject: [ActiveDir] Question on IIS management via AD...
:
: I want to allow one of our users to manage our
: website services (IIS, Indexing Service) without
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of joe
: Subject: RE: [ActiveDir] All - OT (and drifting further away)
:
: I think as MS gets more and more complicated products
: deeper in the field (SMS, MIIS, MOM, Active
: [ActiveDir] All - OT (and drifting further away)
:
: Oh wow, I never heard of them and they are the leading global
: technology integrator...
:
:
:
: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Monday, May 09, 2005 8:54 PM
~~
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Dave A. Marquis
: Subject: RE: [ActiveDir] 2003 SP1 RTM
:
: Also the Network Access Quarantine Control components
: are new... Sounds like a mess if for some reason it
Whats the definition of a 32 bit
OS? I only ask because Mark Russinovichs book says that Win95 contained
oodles of 16 bit code. So the absence of 16bit code isnt a requirement
for having a 32bit OS.
Cheers
Ken
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Are the users local admins? That is the most common cause of these types of
questions. The SUS deployment whitepaper should have answers to your
questions.
http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx
SUS Deployment Whitepaper
Other info:
Can't the user connect using NTLM authentication (unless that's been turned
off)?
Cheers
Ken
: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto
: Sent: Wednesday, 1 December 2004 8:31 PM
: To: [EMAIL PROTECTED]
:
The same thing is in the Windows 2003 Deployment Kit:
http://tinyurl.com/6qlkh
Establishing Group Policy Operational Guidelines
quote
Do not modify the default domain policy or default domain controller policy
unless necessary. Instead, create a new GPO at the domain level and set it to
override
: [ActiveDir] IIS 6.0 AGAIN...
: NO I forgot to mention in my previous posts that I am only running FTP,
port
: 21 and the main web site on port 80.
:
: Thanks,
: -Z.V
:
:
: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Wednesday
a) Are you running multiple applications listening on port 80 (eg if you
have multiple IP addresses, and are running multiple webservers)
b) Check your web site identities - you could have a conflicting set of web
site identities (each active website must have it's own, unique, web site
Can I get a quick clarification here:
a) Provisioning application runs on ServerA (which is part of a domain)
b) Webserver (serverB) is standalone (not in the domain)
c) Provisioning app (on ServerA) needs to create folders and/or files on ServerB
Question: Is the Provisioning App itself running
Hi,
IIRC the ISAPI extension that was used to provide this functionality originally had
various buffer overflow issues.
I would check this out:
http://support.microsoft.com/?id=331834
Change password functionality replaced with Active Server Pages
Also this:
Hmmm, my MCSE study guide says to login using Safe Mode to get around GPOs
that stop interactive logons (I only remember this because it's not
something I've heard/seen mentioned before). I assume that's not a goer
then?
Cheers
Ken
- Original Message -
From: Aaron Visser [EMAIL
Also continuing the OT note, it seems that the long-awaited server-side spam
filtering system (IMF) is available too:
http://www.microsoft.com/exchange/downloads/2003/imf/default.asp
Apologies if this has already been posted.
Cheers
Ken
~~
From:
It is a closed beta at this stage. I spoke to some of the WUS people, and
they said that until they had finalised and filed some patent applications,
there were legal reasons they couldn't take on more than x people.
Cheers
Ken
~~
From: Robbie
A agree with Joe.
Bill - you've posted no data that you managed to collect from attempting to
troubleshoot this problem, so on what basis can you conclude (or expect us
to believe) that it's definitely a bug in WinXP?
We've got plenty of WinXP machines that we've either Ghosted, or Syspreped,
According to Books Online - you need two certs - one for the app server, and
one for the SQL Server.
People from the MS SQL Server security team (Richard Waymire etc) are on:
news://microsoft.public.sqlserver.security
Cheers
Ken
~~
From: Mark Nold
I think Carlos is talking about the SUS Server's settings, not the client
settings. However, I don't know where they're stored either.
Cheers
Ken
- Original Message -
From: Michael B. Smith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 05, 2003 12:23 AM
Subject: RE:
~~
From: Jan Wilson [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Domain Rename
: Our MS rep says it is supported in W3K - however as
: you note BEFORE a E2K deployment.
~~
Windows3000 is out
96 matches
Mail list logo