OK, new machine (AMD64... oh yeah!) is up and running. I'm not going to go
back and catch up on everything, but this one caught my eye.
We used NIC teaming for years. We had multitudes of problems, more
associated with either our setup team not setting the NICs to 100/Full
consistently, or the N
Are you wondering if restarting the server
is mandatory? I suspect that it is, unless you really don’t want to
be protected. Often times, the components being replaced are only read on
system startup.
Given that the bulletin specifically says:
Restart Requirement
You
must restart
Are you wondering if restarting the server
is mandatory? I suspect that it is, unless you really don’t want to
be protected. Often times, the components being replaced are only read on
system startup.
Given that the bulletin specifically says:
Restart Requirement
You
must restart
Juan –
Apparently you didn’t read MY
message – YES it’s mandatory to apply the patch…..
If you DO NOT REBOOT you’re going to
get slapped by the worm.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ibarra, Juan
Sent: Wednesday, August 17, 2005
6:
Tom -
Regardless of the scenario and how it's done - you never, never, never,
clone DCs. This will lead to very bad things - possibly including the
appearance of the Anti-Christ, opening of Black Holes, ABBA coming back to
prominence.
Do NOT do this. Do NOT allow IBM to do it. Period.
Rick
Jennifer,
Thanks for the update and the resolution.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jennifer Fountain
Sent: Thursday, August 18, 2005 1:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Problem at remote site
Hi all:
If the AdminPak has never been installed
on a given system, the snap-ins that are the Administrative Tools – say,
ADUC, should not be available.
Are you saying that you have the snap-ins
on a Win2k3 system with SP1 that you are certain the AdminPak was not installed
on? I’m unclear as
Having read through most of the replies on this, it's interesting that there
was an internal (to Microsoft - just to clarify) discussion on this same
topic yesterday.
Seems that a customer was having problems with a function calling APIs for
SID creation when the SID exceeded 68 bytes.
I'll let y
ins
I have checked at work today, systems that have never seen the admin pak,
have the mmc snapins installed. Vanilla 2003 this is the case too. They are
Just not visable under admin tools, but are available as mmc snapins, even
without the adminpak installed.
Mark
-Original Message-
riginal Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, August 19, 2005 12:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] User SIDs...
Having read through most of the replies on this, it's interesting that
there
was an in
ber of RIDs, so that is
basically 15 (since 0 RIDs doesn't do much for you).
Where do these giant SIDs come from? Most AD SIDs I've seen are 24 or
28 bytes (4 or 5 RIDs respectively).
Joe K.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
Hide it from them viewing it... from where? And with what tool? I suppose
that you would most likely go into AD and change the permissions on the
attribute in question. Remove Read, I suppose.
However, remember that Administrator and Domain Admins are all Auth Users,
too.
Rick
-Original M
Tom Kern said:
" Say i use one of the custom attribute fields that Exchange creates and put
a value in there and hide it from Domain users.
what would break?
how would i go about hiding that?
just as an example"
[RTK]
Hey, joe Just a suggestion. If someone asks you what time it is - don
David,
If you really, really want to use the
absolute minimum ports through a firewall, use IPSec tunnel mode.
However, your Network Engineers (or whoever manages your Firewalls) may not
like it. Reason? Likely the same reason that I got when I suggested
this at a previous employer:
You’ve likely seen this, but it does
describe ports needed for REPLICATION…… However, Steve does
talk about the benefits of using IPSec through a firewall……
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
10:3
beros is used. Not sure
how they feel about certs. Shared keys just wouldn't be an option.
Specifically, though, they have their
backs up with 135. Do you know what's using it during a logon/GPO
process/??
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick
It's not likely due to GPO processing. GPOs themselves are typically very
quick to process, unless there is either Software Install that is taking
place through the GPO or complex WMI filtering that would slow it down.
Otherwise, GPO is very fast.
I've done testing with 1 GPO and with 50 GPOs...
And, given that Science has proven cockroaches will survive a nuclear war,
it's even a worse choice than originally thought
:o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, August 25, 2005 9:34 AM
To: ActiveD
Inline…….
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe
Sent: Thursday, August 25, 2005
11:34 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Questions
about hotfix 903235 (MS05-037)
Hi -
I've posted this elsewhe
Yep - I've been through this just of late. If the Change at next logon is
set, IIS doesn't have that level of function to allow this to take palce
through the current functions.
Rick
--
Posting is provided "AS IS", and confers no rights or warranties ...
-Original Message-
From: [EMAIL
Heavy German accent? I suspect that it was Andreas Luther (and looks
nothing like Guido)
And - it might have been DEC as Andreas was there for the Identity
Management (read:MIIS) portion of the conference.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
Are you talking about external trusts? If so, then yes. You would follow
the same procedures as you would for a win2x to Nt 4.0. You'll need to
specify the #DOM, #PRE to get the 1B, 1C records loaded.
As we discussed a few weeks ago, this is the rather archaic method to do it,
but if you don't
veDir@mail.activedir.org
Subject: RE: [ActiveDir] Infrastucture Master and adprep /domainprep
Yep, that was him. Drat, dunno why I had Luther in my head as being his
first name.
- L
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
, Laura
> E.
> Sent: Montag, 29. August 2005 12:36
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Infrastucture Master and adprep /domainprep
>
> Yep, that was him. Drat, dunno why I had Luther in my head as being
> his first name.
>
>
> - L
>
&
blanks and dupes here
-r
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Thursday, September 01, 2005 10:35 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Active Directory
Permissions
Michael Smith's last post with this title showed up as
blank f
However, as we have discussed her MANY, MANY times - it might not be
SUPPORTED. That simply means that PSS is only going to give best effort.
They are NOT going to tell you:
"Sorry - not supported."
If they do - let me know. I'll love taking that one to the brass.
As we know - DCs work quite
Interesting question - and as to the 'implode point' for ESE/Jet Blue,
Brettsh can answer that one. I'm pretty sure that we have a good idea on
where the point of diminishing returns is, but it likely FAR exceeds what
anyone might practically do today - even with added classes and attributes.
As
EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, October 08, 2005 10:19 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding custom fields to AD
Interesting question - and as to the 'implode point' for ESE/Jet Blue,
Brettsh can answer that one. I'm pretty su
[ActiveDir] Adding custom fields to AD
Yeah, GPOs aren't AD. GPOs are an application that use AD. I hate GPOs. DNS
too.
:o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, October 08, 2005 11:19 AM
To: ActiveDir@mai
x27;ll bite.
GPO's, i understand but whats there to hate about DNS?
its better than WINS.
I've never had a corrputed dns database.
thanks
On 10/8/05, joe
<[EMAIL PROTECTED]>
wrote:
Yeah,
GPOs aren't AD. GPOs are an application that use AD. I hate GPOs.
>> Tony Murray Said:
>> Joe, I've had no complaints about you to date.
Good. I'll start. Here's your first.
He's an over-bearing know-it-all looking for his first and second million.
Plus, he uses more bandwidth than everyone combined.
If someone asks, he - "Could I stand a second domain
"Does placing the DC inside a virtual machine add any
security? Would it be harder for someone with physical access to compromise the
DC?"
Hmmm
interesting. Yes, and no. Physical access is always an issue, but
the NTDS.DIT is not out there in the open on a disk as it might be in a
joe said: "Again, the reviewers did a fantastic job."
Of which, you will all notice when the book comes out, I am _NOT_ one of
those reviewers.
joe said: "They kept me honest"
Which is one of the reason _WHY_ I was not one of those reviewers
Rick
P.S. Hey, joe :op
-Origi
wanting to spell words wrong.
Eventually I just took out all references to the words color, humor, and
other or words.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, October 14, 2005 7:31 PM
To: ActiveDir@mail.activedir.org
S
You have more than just Steve on the list from Microsoft.
If you want ADMap - send me an e-mail via little 'r' (meaning - reply to me
directly [EMAIL PROTECTED]) and I'll respond with a mass e-mail of the latest
version of ADMap in two batches - on on Tuesday before I head out of town
again, and a
Title: Domain Controller Consolidation utilizing Dual Core CPUs
joe,
Steve may have completely different information that I, but
at present I'm not seeing empirical or preferred practice recommendations around
64-bit GCs in relation to Exchange. So, the recommendation is not changing
- aga
Huh. That doesn't appear to be _US_ I wonder if the Engineering
Services group knows that a third party (Partner at that) is advertising
these services.
Honestly, I didn't think that we farmed those services out
Checking.
Rick [msft]
--
Posting is provided "AS IS", and confers no r
Simple and most forward answer is to create two site - one for each
location, with associated subnets assigned to each site.
The longer answer is related to how many users in each site, how fast (in
AVAILABLE THROUGHPUT) is the connection between, and are you intending to
put at least one DC in ea
Yes, they (we) do. I'll check into them and give you an overview of what
they do If I can, to be more correct.
Rick [msft]
--
Posting is provided "AS IS", and confers no rights or warranties ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ton
edge I had to be on for that He kept wanting to spell words wrong.
Eventually I just took out all references to the words color, humor, and
other or words.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, October 14, 2005
hate phones and how much
Dean and I can cover in 10 minutes and we had to chop it off at 90 minutes
because we both had to be somewhere else. Obviously, I had to change it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, Octobe
-Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
> Sent: Sunday, October 16, 2005 7:05 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] AD/DNS BPA?
>
> Huh. That doesn't appear to be _US_ I wonde
And, as you know that does work well in SBSland. However, when the scale
grows, so do the requirements. IN the Medium to Enterprise space, the idea
is more along the lines of a system or series of systems pumping this type
of information into paging and making intelligent decisions based on the
a
Oooof. ROTFLMAO!
Funny - very funny!
Rick [msft]
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil
RenoufSent: Friday, October 14, 2005 11:20 PMTo:
ActiveDir@mail.activedir.orgSubject: Re:
heck is the server trying to
tell me?
I'm still a fan of www.eventid.net over microsoft.com's click here.
Rick Kingslan wrote:
>And, as you know that does work well in SBSland. However, when the
>scale grows, so do the requirements. IN the Medium to Enterprise
>space, the
SBS Rocks [MVP] wrote:
> Yup information overload 'is' a problem.
>
> And then after the scale its... okay what the heck is the server
> trying to tell me?
>
> I'm still a fan of www.eventid.net over microsoft.com's click here.
>
> Rick Kingslan wrote:
&
Peter,
Though it may appear that I have a vested interest in keeping you on our OS,
those that know me know that if a reasonable argument is presented - I will
assist in the migration for our customers. It's simply good practice and
good relations.
Typically, when I hear that a customer wants to
There are a number of ports with TCP and UDP/TCP required
that must be available for full communication from DC to DC to succeed.
Likely one or more of these are blocked and a ping is great for basic
connectivity.
From both sides of the VPN, run DCDIAG /v > dcdiag.log
and a netdiag /v >ne
If your DNS is not answering for the domain that AD lives
in, the yes - your replication will not work.
1. If you go to the DNS applet, do you have a DNS
Forward zone created for your domain?
2. If the domain is there, what is in the DNS
zone? Are there other 'folder's' inside, or just D
OK. It makes more sense.
1. Are you moving away from Active Directory to NIS? If not, keeping
DNS on Windows is a zero cost / zero impact issue. If it's AD integrated,
then the cost is nil. It's a no cost part of the DC package.
2. DNS on a Windows server as the primary system does invo
All -
I want to apologize to all those that have been patiently waiting for the
ADMap that I promised. It is going to be sent out today.
Let's just say that closing out my current project became more hectic than
it first appeared. However, I have a slew of names that wanted the tool,
and I'm
Hmmm. I guess I see this in a different light. In my "new, improved" view
of the way that Microsoft communicates things, no - it doesn't seem to be
very dumb at all. The statement and the KB, that is.
At this moment, I'm watching George Carlin's new HBO special. He relates
that he's always int
head.
At the end of the day... it's my responsibility for my network. I won't be
complaining to Microsoft that they didn't warn me that bad things might
happen if I don't keep nice breathing room on my drives.
Rick Kingslan wrote:
>Hmmm. I guess I see this in a differ
Ken, I agree completely.
What I find very interesting in reading this KB is that it appears that the
problem did NOT exist pre-Windows Server 2003 SP1, and that a series of very
specific conditions need to be met. The third seems to be the element that
makes this more unlikely to occur - "The sc
Dan - there will likely be as many opinions on this topic
on this list as there are knots on joe's head.
Basic rules for a DC are this (IMHO):
Mirrored (or RAID1) for OS
Mirrored (or RAID1) for DIT and Logs
You can certainly host a third mirrored pair for the logs,
but that will mostly d
dge of the full circumstances surrounding the issue.
Rick [msft]
--
Posting is provided "AS IS", and confers no rights or warranties ...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, November 06, 2005 9
How long have you known joe? Short version PLEASE!
Rick
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Sunday, November 06, 2005 12:17 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT (somewhat): Exchange Server 2003 S
ley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, November 06, 2005 7:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveD
elance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, November 07, 2005 12:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FYI: MS-KBQ909360 - Pot
ce to discuss
Active Directory. Nice to meet you. Who are you?
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!T
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday,
07, 2005 9:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Unreadable Netlogon.dns file
> ~Eric
Who ARE you, anyway?(t)
(t) - Trademark, Rick Kingslan.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Monday, Novem
Jonathan -
275 replication links seems, at least to my tired eyes this
AM, to be a lot. Are you running a branch office environment, or is this a
number of remote sites that link back to a single hub?
I'm interested as to why there are so many repl links to
your DCs, only if it's one DC.
Add to that - SATA is not for the desktop only. Check out some of the SAN
coming out from most vendors, EMC included. Those drives and connections
look a lot like SATA to me.
Rick [msft]
--
Posting is provided "AS IS", and confers no rights or warranties ...
-Original Message-
From:
True. But, to monitor services does someone have to
log on to the server? Would a good and SAFE work around - if the said user
doesn't need to log on, to create a service account to do the work, but remove
the interactive rights?
Seems to me that proxying the access would be the close to
Excel?
Otherwise, I'm not completely clear as to what you're
trying to accomplish.
Rick
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
AbagnaleSent: Friday, November 25, 2005 10:02 AMTo:
Ac
Harald -
You have two NICs installed in this box, which is a DC. (Not a suggested /
recommended configuration, but beside the point)
Do you also have ICS installed, or Routing and Remote Access with natting
installed? (Educated guess, given the 192.168.0.1 address)
Be extremely verbose on
peared
Well it depends on who you are :-) We actually highly recommend two nics in
our SBS DCs :-)
It was binding order. External nic was first.
ICS ...ick... what are we workgroup? I'm an RRAS fan :-) [okay the SBSer
will go shut up now :-)
Rick Kingslan wrote:
>Harald -
>
&g
Both of the errors deal with journal wrap in the FRS logs A number of
issues as to WHY this happens.
However, I'd upgrade to UltraSound - the successor to Sonar. It has much
better JIT information associated with the errors - and how to fix them.
Rick
--
Posting is provided "AS IS", and con
Sometimes, I realize that I commented on something, go back
and read the thread and come upon a novella.
Occasionally, all I want is a paragraph. Hopefully,
all of this information wasn't meant for me, because all I do day in, day out
these days is drink from a fire hose - hence why I'm
You will need to have two things - One: A separate
partition in which to install XP into. Two: a DOS-bootable network enabled
floppy to map to a share (in which an administrative 'dump' of XP has been
done) or shared CD drive on another machine.
After mapping to one of these two, you coul
Replication is at an attribute level and the corruption is
usually a bit flip - which isn't replicated. The data itself (a table
or an index) is checked and if found to be invalid, I *believe* (joe, ~Eric,
brettsh) is marked as such and is no longer replicated.
-r
--Posting is provided "A
I've been informed that I'm wrong on this. Please
ignore, and listen to joe/~Eric/Dean/Brett/Anyone else.
Cheers!
-r
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
KingslanSent: Wednesda
Correct. Devon, as much pain as there is in the
process, AS I UNDERSTAND IT (I do not speak for PSS) the Domain Rename process
is the only supported method of doing what you want to do.
Jorge's lab experiment does indicate that you might be able
to do it along his described way, but you ne
Title: DMZ domains and IPSec - looking for explanation re resource access and authentication
>> I haven't perused the OS source
code
Right. Rub it in,
bud.
;o)
Rick
--Posting is provided "AS IS", and confers no rights or
warranties ...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PR
The real benefit to the GPO method is that
you can target scripts to the same _groups_
in which the GPO would affect – and you can target Computer groups, which
you can’t do (for obvious reasons) with logon scripts. This lends itself
to some very elegant solutions that I’m sure one could d
Hehe…. Let me know how that
full-out testing of Vista and Aero Glass is
going for you in a VPC or a VMWare virtual machine.
I agree, dual-booting is not the optimal
method to running different OS’s, but if you want the OS to have the full
machine, rather than the limited virtualized
joe stood up and attempted to smack Mark
Parris with a large trout, saying:
“I would rather not set domain
policy with GPOs. While I am at it, I think we are far beyond the point that we
should have the ability to programmatically handle settings in policies.”
Huh? Can you explain
Re: My message to joe. Maybe 50% of the time - I'd agree. However, if you
want to test that snazzy new Fibre HBA or would like to see what the impact
for the user is going to be with CAD with the newest High End InterGraph
workstation video card - VMs aren't going to work.
The hardware selection
No.
-r
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of tareq ttt
Sent: Saturday, December 31, 2005
1:35 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Urgently Yes
or No
Dear All,
i am asking if i can install two windows 2003
server
“Note Exchange doesn't take kindly
to ICMP echo being disabled either. If Exchange can't ping a DC, DSACCESS does
not see that DC unless you have specially configured it.”
Which, I always thought was a pretty funny
way of doing things anyway. As you are well aware, Ping
doesn’t mean al
ues based on the specific OU
name that the policy is applied to (say it has finance in the name of the OU)
how will you do that programmatically without directly hacking the policy files
which last I heard wasn't supported?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECT
aspect of
the OS is being tested, but in that case, using a totally separate
hard drive or some other separation technology will still likely prove
to be more viable than dual-booting.
-ASB
FAST, CHEAP, SECURE: Pick Any TWO
http://www.ultratech-llc.com/KB/
On 1/1/06, Rick Kingslan <[EMAIL P
at as well...
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, January 01, 2006
1:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WinXP and
Win2003
Hehe…. Let me know how that
full-out testing of Vista and Aero Glass is
going for you in
orkstation does that as well...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rick Kingslan
Sent: Sunday, January 01, 2006
1:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WinXP and
Win2003
Hehe…. Let me know how that
full-out testing of Vista and Aer
Tomasz, I think that Mark is looking to populate his metabase with data
other than User 1, User 2, User 3, etc. with simple or blank attributes.
So, he's looking for stuff like Homer Simpson, with all of the user data,
then Marge, etc.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mail
e VM comments you made and I'm hoping to
learn something here.
Cheers,
Al
On 1/2/06, Rick
Kingslan <[EMAIL PROTECTED]>
wrote:
One question – is all of your validation testing done on VM's
or is the final sign off done on 'produ
64-bit guests….
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, January 02, 2006
9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] WinXP and
Win2003
“If you want to test 64 bit you are
kind of screwed too, oh wait vmware
Be afraid Be very afraid! :-)
Rick
_
Be seen and heard with Windows Live Messenger and Microsoft LifeCams
http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href=http://www.microsoft.com/hardware/digitalcommunicat
Halloween yet?
Sincerely,
_
(, / | /) /) /)
/---| (/_ __ ___// _ // _
) /|_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
____
From: Rick Kingslan
Sent: Thu 9/21/2006 11:00 AM
To: A
Joe, Tomasz -
Yep, you're right that it may tend to show a bad precedent for people to
follow. I haven't taken a look at these particular labs (and having just
come back from a long hiatus, I didn't see the referenced lab) but is the
guidance there as to what Best or Preferred Practices SHOUL
way to easy for
someone to make mistakes that I ultimately will be responsible for, and it's
also too easy to make sure that those that need to do a particular job have
the permissions to do so. Two examples to cite - the script above and the
AD Delegation White Paper.
Rick K
So, is that what you've been doing in this last 'Joe has gone missing'
period? Putting the final touches on CPAU?
Good to hear from you and your butt generated sarcasm.
;P
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - ww
see what policies are applied and
verify each of them. This may also occur due to a lack of time
synchronization - see also Q285923"
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/wil
right
now either, seems that your audit settings are the same as what I'm using at
present.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
-Original Message-
called Snare Agent for
Windows, put out under GNU license, and is free for the using. Can report
to as I'm doing - a syslog server.
http://www.intersectalliance.com/projects/BackLogNT/
Enjoy!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www
result, and will often cause unpredicatble results.
I might not be reading the options correctly, but I see option one and three
as the same.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com
near a machine right now that I can take a sniff off of - but I think (now that
I'm intrigued) I will take an Ethereal trace of our DC to DC traffic and see if
that's what it is. Nothing like the sense of discovery (and Pissing
off folks at eEye Digital..;o)
Rick Kingslan MCS
il you can design and implement your own group strategy.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PRO
ating many of us [self
included] on SDholder :o)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROT
hope this helps, Bruce. It's fairly easy, but can be a bit tense as you
literally eviscerate your current domain.
Good luck! Let us know how this works out!
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/exper
101 - 200 of 1153 matches
Mail list logo
