F Sullivan <
charles.sulliva...@bc.edu> wrote:
> I notice that BTIDisabledBySystemPolicy on all of these equals True. This
> is also False on all of the unaffected ones, so this makes it a little more
> clear. AFAIK, this supposedly means the required Registry settings (in the
>
, please
inform me. The KB article seems to suggest this but is a bit vague.
Those Registry keys are present and the systems have since been rebooted,
but possibly another reboot would resolve it.
On Wed, Feb 7, 2018 at 1:43 PM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:
> We've pa
We've patched our VMware hosts (ESXi 6.0) using the "HyperVisor Specific"
patch (ESXi600-201711101-SG). The Windows guests have the appropriate
January CU installed along with the prerequisite Reg keys.
On about 10 of 150 VMs, *KVAShadowWindowsSupportEnabled* equals False.
Everything else on all
Same as Jim. Really confusing. Had to set up a "new" account. It asked me
for a PW and confirmation of PW. After it finished the "set up", I then had
to enter MS account creds as usual and expected. I have no idea what this
means. Does it require effectively 2 accounts now? Who knows?
On Wed, Feb
? LOL
>
>
>
> On Tue, Jan 30, 2018 at 8:23 AM, Michael Leone <oozerd...@gmail.com>
> wrote:
>
>> On Mon, Jan 29, 2018 at 5:07 PM, Charles F Sullivan <
>> charles.sulliva...@bc.edu> wrote:
>>
>>> By default it only copies changed files, no /a s
By default it only copies changed files, no /a switch needed.
On Mon, Jan 29, 2018 at 3:15 PM, Michael Leone <oozerd...@gmail.com> wrote:
> On Mon, Jan 29, 2018 at 2:57 PM, Charles F Sullivan <
> charles.sulliva...@bc.edu> wrote:
>
>> I always use the /mir option
I always use the /mir option when doing a migration like that. The reason
is I have to do a "big" initial copy and then at least one delta copy. (I
usually do the final copy after removing access by changing share perms or
removing the share entirely so no further changes are made.) If I don't use
listsadmin@lists.
> myitforum.com] *On Behalf Of *Charles F Sullivan
> *Sent:* Thursday, January 11, 2018 4:24 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Proof of ESXi Patch Compatibility
>
>
>
> I have a bit of a silly dilemma. We have a bunch of ESXi 6.x h
I have a bit of a silly dilemma. We have a bunch of ESXi 6.x hosts and the
VMware patch ESXi600-201711101-SG is being applied to them as a temporary
measure until the hardware vendors have a firmware update. Our director is
insisting that I get confirmation from Microsoft that Windows 2008 – 2016
the BIOS upgrade and I'm pretty sure that's the
reason the patch is failing to install. The Event ID 7 "bad block" errors
really pile up every time I try to install the patch.
On Mon, Jan 8, 2018 at 10:26 AM, Michael Leone <oozerd...@gmail.com> wrote:
> On Mon, Jan 8, 2018 at
The firmware update is there for your model:
http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=GYM2C
Lucky you. I have a couple of older Optiplex models and they aren't on the
list, which I assume means that won't bother fixing those. Here's the
entire list:
I'm not sure why you're using security filtering. Is your objective to only
have *some* DCs get this policy? If so, as Joe said those servers need to
get the group membership into their access tokens. Ha! I saved a post which
says how to do that without rebooting and it turns out it was from you!
In this scenario, since you have an external drive to back up to, I would
simply use the built-in Backup and Restore to do a full system image
backup. That way you have the data backed up and if there's a hard drive or
other failure, you won't have to spend time reinstalling apps, redoing
Somebody just came in and showed us a package that was delivered today by
DHL….
Windows 2003 CDs sent to him by MS in 2006.
Charlie Sullivan
Sr. Windows Systems Administrator
the same?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Charles F Sullivan
> *Sent:* Monday, November 27, 2017 4:06 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] "Good" Thumbdrive not Rec
This may be way OT, but I'm mystified and I'm more likely to get a good
answer here than anywhere else
I have three identical thumb drives (PNY UltraFit). All three have Windows
10 To Go installed on them and I've used them for months on my laptop,
until lately.
Suddenly only 2 of the 3
Correction on that first paragraph: Meant to say "not applying that setting
to Windows 8.1/2012R2 and later."
(There'll be a lot more where that came from. It's an age thing)
On Tue, Oct 24, 2017 at 2:39 PM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:
> I'm no
I'm not sure why MS seems to make kind of a big deal about not applying
that setting to down level OSes. It's the exact setting that Window
2012R2/8.1 and later has by default even with SMB1 enabled, so it won't add
or change anything. I just don't see how it would cause a problem.
On a side
“Also, removed old server that had owned that CNAME prior from the domain.”
Bingo! That will cause a failure every single time. That are Kerberos
problems when using an alias, but it should not have caused the problem you
experienced. It was only because of the old computer object.
On Tue, Oct
I would look at the AD related Event Logs on each DC at this point. The
thought of manually creating replication connections makes me shudder,
though others may feel differently.
Also check the DNS servers assigned to each DC to see that they're up to
date. Actually, check this first.
What
You might try the Convenience Rollup that came out last year:
http://www.catalog.update.microsoft.com/Search.aspx?q=3125574
Also, try to find media that has SP1 included, or at least get the SP1
media and install it right after the OS is installed. Before installing the
Convenience Rollup read
These are the only differences from my Windows 10 1607 (mine are all from
Local Policy):
Switch to the secure desktop when prompting for elevation: Enabled
Behavior of the elevation prompt for admins in Admin Approval Mode --
Prompt for consent Mine is "Prompt for consent on the secure
done that.
Tangent warning: I've always been annoyed that using GP to try and control
UAC doesn't stop someone from using the UAC Slider to change things. They
apparently are completely independent of each other.
On Thu, Sep 21, 2017 at 3:02 PM, Charles F Sullivan <
charles.sulliva...@bc.
I have the same on my Windows 10 1607 machine and it works as expected. I
use a non-Administrator account and have a few shortcuts set with "Run as
Administrator". I think that's the same as your scenario. It prompts me for
alternate creds, I enter the ones for my separate Admin account and it
40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
> On Wed, Sep 13, 2017 at 11:05 AM, Charles F Sullivan <
> charles.sulliva...@bc.edu> wrote:
>
>> Thanks for the replies to that message and sorry for hijacking the
>> thread, but it looks like you guys saw tha
yitforum.com] *On Behalf Of *Charles F Sullivan
> *Sent:* Wednesday, September 13, 2017 10:03 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Building a test domain
>
>
>
> I got a bounce message when I replied to this. I seem to have this problem
> on here
I got a bounce message when I replied to this. I seem to have this problem
on here and the Patch Mgmt list the last few months. I'm trying a different
mail client now. Can someone let me know if this goes through?
I get "Sorry, you do not have permission to post to the
One of our Security people asked this question. It would be for shared data
which mostly lives on NetApp NAS nodes, but also some Windows file servers.
“Is there a way to mark a document or a folder such that if it is
classified, then a pop up message displays its classification?” I can’t
think of
You should looking into this Group Policy setting under Computer
Configuration:
Administrative Templates > Network > Offline Files > Allow or disallow use
of the Offline Files feature
There are other settings in there which might also help pass a PCI audit,
such as Encrypt the Offline Files
Thanks. That's my answer to a rebooting alternative. I'll have to file this
away for reference.
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Michael Leone
Sent: Tuesday, June 20, 2017 12:28 PM
To: ntsysadm@lists.myitforum.com
I don't think I've ever had a server successfully get group membership in
its access token without a reboot. We all know that a user has to log out
and back on. A machine has to reboot.
Not sure if there's an alternative to rebooting, like restarting the
netlogon service, and I'm not sure why
Yes, that should work. I see you do have a non-security-filtered GPO after
all and you correctly have it at the bottom.
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Michael Leone
Sent: Monday, June 19, 2017 11:19 AM
To:
ot;WSUS
Members" and the new AD group?
If I had the order the other way (9AM first, then the non-rebooting),
wouldn't the non-rebooting GPO override the settings from the GPO above it?
On Mon, Jun 19, 2017 at 10:08 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:
I believe you jus
, 2017 10:24 AM
*To:* ntsysadm@lists.myitforum.com
*Subject:* Re: [NTSysADM] Q about GPO Security Filtering precendence
On Mon, Jun 19, 2017 at 10:08 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:
I believe you just need to put the 9 AM GPO at the top. Once you get down
to the OU
I believe you just need to put the 9 AM GPO at the top. Once you get down
to the OU level, the settings from the GPO listed at the top will prevail.
Once you add that third GPO, just make sure the non-security-enabled GPO is
at the bottom. Any settings from the non-security-enabled one will
Server 2016 ADMX files are the same as Windows 10 1607, since those OSes
are the same code. Windows 10 1703 has a bunch of new ones.
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Heaton, Joseph@Wildlife
*Sent:* Thursday, June 15, 2017 4:13 PM
/NanoServer over Linux?
You can run linux without a gui.
Op 1 jun. 2017 11:54 p.m. schreef "Charles F Sullivan" <
charles.sulliva...@bc.edu>:
Or maybe you could say “Why use Linux when you can use Windows without the
overhead and security vulnerabilities that go with a GUI?”
Or maybe you could say “Why use Linux when you can use Windows without the
overhead and security vulnerabilities that go with a GUI?”
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Katherine M. Moss
*Sent:* Thursday, June 1, 2017 4:34 PM
*To:*
I think you have the right idea. We have a small, dedicated VM running
AGPM. If I were starting now, I would definitely put it on Windows 2016 and
make sure the AGPM Client is installed on Windows 10 1607 or later machines
to do all the GPO editing. The migration is pretty easy, just find the MS
Sounds like you are referring to the issue where RSS Scaling is enabled,
which by default is disabled on individual Windows NICs. I believe all the
problem does is make the performance the same as if didn't have RSS
Scaling enabled. In any case, VMware just came out with a new version of
the Tools
I held on to this post from Kurt in order to remind me to check once in a
while for a version of the WMware Tools that resolves the RSS issue. I see
that they did come out on May 18th. http://bit.ly/2r0h52D
You'll need a VMware account.
Gonna start enabling RSS on those VMXNet3 adapters.
Once that issue is straightened out, you may want to make Enterprise
Admins, Schema Admins and Domain Admins restricted groups using Group
Policy. Our Enterprise and Schema Admin groups are empty and kept that way
by the GPO setting. The setting for Domain Admins is set to allow only the
few
We used to use it and I wish we still did. I liked it better than our
current solution. It has a really clear, intuitive interface for one thing.
I can only speak to monitoring servers and NAS. I don’t think it was used
here to monitor network hardware.
*From:* listsad...@lists.myitforum.com
*From:* listsad...@lists.myitforum.com [
mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* 22 May 2017 20:10
*To:* ntsysadm@lists.myitforum.com
*Subject:* RE: [NTSysADM] Long time for reboot after May patching
*EXTERNAL *
So after 7 plus hour
have a good backup? If I answered yes I
would hit a hard reset and see what happens.
On 5/22/2017 9:45 AM, Charles F Sullivan wrote:
I have a Windows 2012 R2 server that rebooted over 4 hours ago to complete
patching and it’s still showing the spinning wheel and the Windows logo. I
had 3 othe
after May patching
Your adjustment to the maintenance window made me smile.
Yeah it got stuck in shut down/start up.
On 5/22/2017 12:10 PM, Charles F Sullivan wrote:
So after 7 plus hours the spinning beads began to make me dizzy. I powered
off the VM, powered it on and checked. All
happens.
On 5/22/2017 9:45 AM, Charles F Sullivan wrote:
I have a Windows 2012 R2 server that rebooted over 4 hours ago to complete
patching and it’s still showing the spinning wheel and the Windows logo. I
had 3 others made from the same image that had no issues at all. These are
all WMware VMs
I have a Windows 2012 R2 server that rebooted over 4 hours ago to complete
patching and it’s still showing the spinning wheel and the Windows logo. I
had 3 others made from the same image that had no issues at all. These are
all WMware VMs. I’m not sure if this is the shutdown or startup phase,
figured you meant MB, otherwise your
argument totally would have been weird. J
*From:* listsad...@lists.myitforum.com [
mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* Wednesday, May 03, 2017 6:55 AM
*To:* ntsysadm@lists.myitfor
:* RE: [NTSysADM] Strange memory issue on a DC
150 GB, now that's a huge one.
Op 2 mei 2017 20:46 schreef "Charles F Sullivan" <charles.sulliva...@bc.edu
>:
That is a huge log file, at least compared to what I’m used to and the
default size. Might that be the problem? Our Secu
Are other Event Logs affected? What is the max size of those set to? Melvin
did mention running out of space as a possibility, but I was thinking
performance of such a large log, not running out of space because of it.
*From:* listsad...@lists.myitforum.com [mailto:
That is a huge log file, at least compared to what I’m used to and the
default size. Might that be the problem? Our Security Log maximum is 150 GB
on DCs and I think even that is way above the default.
I totally understand your motivation for setting a large size because ours
gets overwritten
Did someone change the default setting on the log, which should be to
“overwrite events as needed”? See if it was changed to “Do not overwrite
events”.
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Heaton, Joseph@Wildlife
*Sent:* Friday, April
Are you in a position to migrate to a different host? That would be quick
and easy. In any case, check other Windows VMs on the same host and see if
they are having similar problems.
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Heaton,
The problem I find with that scenario is that no matter what you use to
correct it, some files get skipped for whatever reason. You can compare two
files with the same perms and owner, where one will succeed and the other
won’t.
I did try this PS module with some success:
That's okay, got it anyway. Both points are very relevant to me and I've
passed on the information about the packet loss to the rest of my group, as
I didn't know about this until you posted here.
If I check a Windows 2012 VM that is current with its Tools on a 5.5 host,
it's at the latest
It was installed on my machine 2 months ago. I’m not noticing any change on
the Start Menu.
To run a program as Administrator you need to right click the app, choose
More, then Run as Administrator. I think that change may have come along
with 1607 or even 1511.
All of the Start button right
On the affected machines, do they get an IP address assigned other than
maybe a self-assigned address (169.254.x.x)?
I’m just thinking about the possibility that someone has put another DHCP
“server” on the network. For example, a consumer grade router.
*From:* listsad...@lists.myitforum.com
Any of your organizations being affected by this? The few services we have
moved there so far are down.
http://bgr.com/2017/02/28/internet-outage-amazon-web-services/
Charlie Sullivan
Sr. Windows Systems Administrator
Boston College
197 Foster St. Room 367
Brighton, MA 02135
Have you looked into Tivoli Directory Integrator?
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Jon Harris
*Sent:* Wednesday, February 15, 2017 1:57 PM
*To:* 'ntsysadm@lists.myitforum.com'
*Subject:* [NTSysADM]
your response.
>>
>> 10.0.0.0/8 overlaps with (actually includes) 10.0.0.0/16
>>
>> That's why some clients will go to your second site (AWS) at random.
>>
>> You probably need to list out your subnets more carefully for your main
>> site.
>>
>>
by sender.]
On Wed, Feb 8, 2017 10:35 AM, Charles F Sullivan charles.sulliva...@bc.edu
wrote:
Yes, that's the way I understand it. However, I have wondered if maybe this
doesn't always work as it should. On the other hand, if others are doing
this and not seeing clients crossing sites when the
b 8, 2017 10:35 AM, Charles F Sullivan charles.sulliva...@bc.edu
wrote:
Yes, that's the way I understand it. However, I have wondered if maybe this
doesn't always work as it should. On the other hand, if others are doing
this and not seeing clients crossing sites when they shouldn't, that's g
.
You probably need to list out your subnets more carefully for your main
site.
Kurt
On Tue, Feb 7, 2017 at 11:33 AM, Charles F Sullivan
<charles.sulliva...@bc.edu> wrote:
> I’ve only been able to do very limited testing.
>
>
>
> - I had about 8 member servers in a s
to a
computer that was moved between AD sites. Those are 3 search terms that
will give you great information.
*From:* listsad...@lists.myitforum.com [
mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* Tuesday, February 7, 201
[
mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* Tuesday, February 7, 2017 11:46 AM
*To:* ntsysadm@lists.myitforum.com
*Subject:* [NTSysADM] Blocking AD Client Traffic to a Certain Site
I’d like to get some ideas and opinions reg
I’d like to get some ideas and opinions regarding this, especially if
anyone has had a similar need…..
Our AD topology to this point has been as simple as can be. Since just
about everything on our extended network is connected at high speeds, we
have never had to have more than one AD site. We
In older MS articles they said to use 0x to completely disable
IPv6, but in the article that Joseph references they say not to use that
setting because it delays startup (by a whopping 5 seconds). (The article
actually shows “f” seven times instead of eight, but I assume it’s a typo.)
That
Good point. To that end, what happens if you try “w32tm /stripchart
/computer:pool.ntp.org” from the PDC?
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Michael B. Smith
*Sent:* Friday, February 3, 2017 11:23 AM
*To:* ntsysadm@lists.myitforum.com
Is the PDC a VM by any chance? If so, then of course check the VM settings
to make sure it doesn’t sync with the host.
You could try “w32tm /resync /rediscover”. It would seem that the reboot
would be enough, but try that and give it some time.
One thing odd about the /manualpeerlist switch
.
Still, even if I just deploy the ISO, and point it at my own WSUS server,
that will help a whole lot.
On Wed, Feb 1, 2017 at 12:03 PM, Charles F Sullivan
<charles.sulliva...@bc.edu> wrote:
> Get the newer ISO for sure just so you know it's the right type of
> media and especi
Scratch that. Disabling the link makes the GPO show as Denied in the
report. (I forgot to do “gpupdate” first.)
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Charles F Sullivan
*Sent:* Wednesday, January 25, 2017 3:05 PM
*To:* ntsysadm
/replsummary, and neither of those had any errors.
*From:* listsad...@lists.myitforum.com [
mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* Wednesday, January 25, 2017 9:47 AM
*To:* ntsysadm@lists.myitforum.com
*Subject:* RE: [NTSysADM]
,
but in the past couple of days, I’ve heard of a couple of users that it is
no longer working for.
*From:* listsad...@lists.myitforum.com [
mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* Wednesday, January 25, 2017 7:17 AM
*To:* nt
istsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* Tuesday, January 24, 2017 1:31 PM
*To:* ntsysadm@lists.myitforum.com
*Subject:* RE: [NTSysADM] Group Policy question
It worked correctly for me when I tried to reproduce the problem. Try the
Group Policy Results Wizard in the GPMC for
It worked correctly for me when I tried to reproduce the problem. Try the
Group Policy Results Wizard in the GPMC for the same user to see if you get
different results. The HTML output is better there anyway.
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On
services didn’t seem to be enough to stop its processes
from loading so the uninstall was necessary.
Thanks very much for the help.
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Charles F Sullivan
*Sent:* Friday, December 16, 2016 9:39 AM
] *On
Behalf Of *Charles F Sullivan
*Sent:* Thursday, December 15, 2016 3:45 PM
*To:* ntsysadm@lists.myitforum.com
*Subject:* [NTSysADM] Analyzing Minidumps
This is something I find myself needing to do only occasionally. I usually
use BlueScreenView to read minidumps after a crash because it’s quicke
/hardware/ff557386(v=vs.85).aspx
*From:* listsad...@lists.myitforum.com [
mailto:listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>] *On
Behalf Of *Charles F Sullivan
*Sent:* Thursday, December 15, 2016 3:45 PM
*To:* ntsysadm@lists.myitforum.com
*Subject:* [NTSysADM] Ana
This is something I find myself needing to do only occasionally. I usually
use BlueScreenView to read minidumps after a crash because it’s quicker and
easier than windbg. Regardless of the tool, when multiple crashes are
caused by the same device driver, it’s pretty straightforward as to the
If it helps, I just checked a few random Windows 2012 R2 boxes and that DLL
is at version 6.3.9600.18454 after the servers were fully patched. Two of
the servers were patched by our automated solution, BMC BladeLogic, the
other one was done manually by WU.
*From:* listsad...@lists.myitforum.com
It’s a different department that handles desktops here, but we’ve been
using HP Connected Backup for a while now. We’ve also evaluated CrashPlan
by Code42. I’ve successfully done restores using both and performance seems
good with both. To me they seem like a tossup, so if I were making the
There’s a mistake in one of the ADMX file names, but just Google the exact
error you get when you open GPMC and you’ll find the fix, which involves
renaming the ADMX.
I can’t remember what older settings will be missing, but I think I’ve
heard a complaint or two on the Patch Management list.
I’ve had to do this a few times over the last couple of years when I have
recovered our DCs for DR testing. It seems to be needed every time and I
agree that the part of the article you mention is confusing. Despite that,
I’ve followed the article the best I could and I’ve got the problem
resolved
Is this server a VM? If so it could be syncing with a host whose clock is
off.
Also, when you run “w32tm /query /peers” it should show a DC as the peer.
And if you run “w32tm /query /status” it should tell you what it synced
from, whether it was successful and what time it last did the sync.
longer if you have the space. We keep
96 hourly, 60 daily, and 26 weekly. Our snapshot footprint is about 14% of
volume, but dedupe and compression savings is 36%.
On Tue, Oct 18, 2016 at 10:47 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:
I have two different questions rev
There are a few steps involved:
https://blogs.blackmarble.co.uk/blogs/adawson/post/2016/03/10/Steps-Required-to-Configure-WSUS-to-Distribute-Windows-10-Version-1511-Upgrade
That article seems to work well.
-Original Message-
From: listsad...@lists.myitforum.com
First log on to the Core server, type “sconfig” and choose the option to
allow Remote Management. If the Windows FW is running, you most likely need
to do this.
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Christopher Bodnar
*Sent:* Friday,
We’ve been using Advanced Group Policy Management here for a couple of
years now. I don’t find it to be helpful most of the time, but in a case
like this, as long as the GPO in question is a “controlled” one, you would
know who did it (if anyone). Better, someone like you probably would have
had
The incident you describe sounds all too familiar.
Here, things were changed a few years ago to where the Computer Operators
group was given the task of acting on cert expiration notices from the CA.
After renewing the cert, they send a link to the application owner/Web
site owner for downloading
Even if that is not what is causing the problem, the way I understand it
it's bad security to not designate an account here as you point out when
running DHCP on a DC.
-Original Message-
From: listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sean Martin
On the clients from server2, when you run ipconfig /all, does it show a
Primary DNS Suffix that is correct? (That as opposed to
Connection-Specific.)
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Richard Stovall
*Sent:* Thursday, June 30, 2016
That’s more generous than what we do.
The Enterprise and Schema Admins groups are empty, enforced by a Restricted
Groups GPO setting. There is another one of these that limits membership in
Domain Admins to just the 5 of us who are supposed to be. In the rare case
where something needs
….“at least one other DC”
If it is actually only one other DC, is that the PDC Emulator?
In any case, I don’t see any way that demoting the DC is going to cause any
failures. You’ve already confirmed that none of the copiers are pointing
directly to it.
We have several apps that users or
:01 PM, Charles F Sullivan
<charles.sulliva...@bc.edu> wrote:
> I needed to download a couple of the most recent clients about 6 weeks
> ago, but I didn't need to authenticate so it wasn't a big deal to me.
>
> -Original Message-
> From: listsad...@lists.myit
I needed to download a couple of the most recent clients about 6 weeks ago,
but I didn't need to authenticate so it wasn't a big deal to me.
-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Klaus Hartnegg
Sent: Thursday, June 9,
I’ve always hated in-place upgrades as well, but I went to 10 from a
Windows 7 Pro Dell Optiplex 980 and I have had no problems. All of my apps
continued to work, though I think I remember upgrading some drivers from
the Dell site after the fact (which would be needed even with a wipe ‘n’
load).
If it does succeed, isn’t it going to reset the perms all the way down the
tree so that only you have access?
*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Kelsey, John
*Sent:* Wednesday, May 25, 2016 2:13 PM
*To:* 'ntsysadm@lists.myitforum.com'
See if you can find and download *lockoutstatus.exe*, which is an old
Resource Kit utility. It runs even on Windows 10. You may be able get
answers for your test scenarios easily from this because it brings the bad
PW count, etc. from all DCs to one interface.
*From:*
of Information Technology – Quote Wizard <https://quotewizard.com/>
nshe...@qw-corp.com / 206-753-2626
Malo Periculosam Libertatem Quam Quietum Servitium
On Mon, May 16, 2016 at 7:01 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:
In troubleshooting a CIFS/SMB issue,
1 - 100 of 180 matches
Mail list logo