Rick, thanks your time on this issue. my view is that we failing at the installation of the agent - as i read it this takes place using the credentials of the logged in user at the ADMT console ??
GT ----- Original Message ----- From: "Rick Kingslan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 11, 2003 2:05 PM Subject: RE: [ActiveDir] admt 2.0 - nt4 computer migration > Graham - > > I have no documentation of an 'allowedrunlist' policy or setting in NT 4.0 > (not saying that it doesn't exist - just in the limited time I have this AM > I can't find anything). But, given that it does exist, yes - that's what > I'm saying. If the policy does truly enforce WHO can run WHAT - then this > could be an issue. > > With that being said - this agent (ADMT), in my experience, runs at the > LocalSystem context, and therefore should not be subject to the rules of a > ruleset applied by system policy, AFAIK. > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > Sent: Friday, July 11, 2003 5:20 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] admt 2.0 - nt4 computer migration > > Rick, thanks for post reply. > > is your inference then that it is conceivable that a restrictive > allowedrunlist "tattooed" into the registry is able to prevent whatever > application it is to run on the NT4 workstation. ??? > > GT > > > ----- Original Message ----- > From: "Rick Kingslan" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, July 10, 2003 1:13 AM > Subject: RE: [ActiveDir] admt 2.0 - nt4 computer migration > > > > Graham, > > > > System Policy on NT 4.0 is truly tatooed to the system. If you turn > > it > off > > and back on, it's still there - unless manually removed or the policy > > is backed out via the de-application of said policy. > > > > And, sadly - I can't tell you right now what needs to run (yes the > > Agent, damn it - but what IS the Agent?).... > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner > > Sent: Wednesday, July 09, 2003 4:25 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [ActiveDir] admt 2.0 - nt4 computer migration > > > > but then thinking about it no - when i failed on the first nt4 host > thought > > it was down to that computer so tried another one straight away - same > > access denied result > > > > have spoken with the developers of the nt4 build - there is a system > policy > > with an allowedrunlist policy - that was that even while logged off > > this registry value is tattooed into the computer registry ???? > > > > if this is possible which i must confess to not being sure on then > > need to work out what actually needs to be allowed to run for the admt > > dispatch agent to execute > > > > clutching at straws a bit !!! > > > > GT > > > > > > ----- Original Message ----- > > From: "Wilkinson, Stephen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, July 09, 2003 2:01 PM > > Subject: RE: [ActiveDir] admt 2.0 - nt4 computer migration > > > > > > > I think Larry's first response could be it Graham. > > > > > > We saw exactly this in our testing with the Quest Migrator product. > > > You must make sure there is no computer account with the same name > > > already in the AD - hiding in an OU you least expect it! (ours got > > > there during testing by manually moving test boxes in and out of the > > > ad domain and forgetting to remove the computer accounts. > > > > > > > > > Stephen Wilkinson > > > > > > Tel +44(0)207 4759276 > > > Mobile +44(0)7973 143970 > > > E-Mail: [EMAIL PROTECTED] > > > > > > > > > -----Original Message----- > > > From: Duncan, Larry [mailto:[EMAIL PROTECTED] > > > Sent: 08 July 2003 21:45 > > > To: '[EMAIL PROTECTED]' > > > > > > Has the "Everyone" group been added to the "Pre-Windows 2000 > > > Compatible Access" group in the new domain? > > > > > > > > > -----Original Message----- > > > From: Graham Turner [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, July 08, 2003 3:24 PM > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] admt 2.0 - nt4 computer migration > > > > > > Am attempting the migration of computer from NT4 source domain to > > > Windows 2000 target domain. > > > > > > the migration environment is working fine with windows 2000 > > > professional clients > > > > > > have got issues with the migration of an NT4 workstation > > > > > > the extract from dispatch.log on the admt server is attached from > > > which i > > am > > > hoping to get a few clues as to the "access denied" > > > > > > have checked the "obvious" issues such as sourcedom\domain admins > > > being a member of the local administrators group and the computer > > > migration being run while logged an as a member of that > > > sourcedom\domain admins group > > > > > > Thanks > > > > > > GT > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > -------------------------------------------------------------------- > > > -- If you have received this e-mail in error or wish to read our > > > e-mail disclaimer statement and monitoring policy, please refer to > > > http://www.drkw.com/disc/email/ or contact the sender. > > > -------------------------------------------------------------------- > > > -- > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
