[ActiveDir] Happy Birthday [list owner]
The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] store password using reversible encryption ?
There is a little more information here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/505.asp The bottom line is that some apps require it. It would scare me to implement it too, the implication being that the encryption is...well...reversible. If you really have to do it for CHAPS or IIS then it would seem sensible to try to limit the scope as much as possible. Tony -Original Message- Wrom: LKBRNVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZC Sent: Montag, 12. Januar 2004 20:48 To: [EMAIL PROTECTED] Subject: [ActiveDir] store password using reversible encryption ? Can anyone enlighten me about the account option store passord using reversible encryption ? As I understand it, some kinds of clients and some kinds of remote access solutions that use CHAP require that this option be enabled. Just the sound of it makes me uncomfortable. What are the security implications of setting this option on a user account ? Dave List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Happy Birthday [list owner]
Many Happy Returns. I agree. I find this the most useful forum I have ever subscribed to. I only wish I was as helpful as some of your regulars. Many thanks to all that give so much to this group. Jacqui from:Tony Murray [EMAIL PROTECTED] date:Tue, 13 Jan 2004 07:32:24 to: [EMAIL PROTECTED] subject: Re: [ActiveDir] Happy Birthday [list owner] The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Happy Birthday [list owner]
Tony, Congratulations ! Jerry Jerry Welch CPS Systems US/Canada: 888-666-0277 International: +1 703 827 0919 (-5 GMT) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tony Murray Sent: Tuesday, January 13, 2004 2:32 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Happy Birthday [list owner] The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Happy Birthday [list owner]
Congrats my friend. Please, no birthday suits. -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:32 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Happy Birthday [list owner] The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Lab Refresh Process
The last time I recreated our test bed environment, I used VMWare and it worked great, just as expected. It was relatively quick and painless. We have a multiple domain forest but really only cared about recreating our empty root and our largest production domains. We had earlier implemented what I call our OnlineRecovery site that contains a domain controller but replication is only enabled for one hour in the middle of the night. What that gives us is the ability to recover a deleted object during the day without negatively affecting any users. As long as we catch the deletion (or any change) during the day that it occurred, we simply reboot this domain controller in Restore mode, mark that object as being authorative and reboot back into normal mode. We then force replication out from that DC and the object will reappear on the other DCs. All this without affecting any other user as that DC is not doing anything else. I used this DC to create my test bed by loading VMWare, setting up a DC in each domain in VMWare, shutting them down, making copies, moving them to the test bed and then going thru the normal clean up (ie role seizures, deleting 'dead DCs etc - not trivial but straight forward). Back on the production side, I started the VMWare sessions back up and DCPromoed them back down and stopped them altogether. I have recently started this process again using Microsoft's Virtual PC but have run into some issues. I highly recommend this OnlineRecovery site (personally save my butt more than once and another's in my department as well) and the use of a virtual machine software to make copies for a test bed environment. Currently I would lean towards the VMWare product. This process does require additional hardware and software licenses but in our environment has paid for itself already. mark hocraffer [EMAIL PROTECTED] Principle Software Systems Engineer Rockwell Collins joe [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/12/2004 11:38 PM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject RE: [ActiveDir] Lab Refresh Process We are just starting to look at this and haven't implemented. Done some rough experimentation, the hardware is in place to do more large scale testing. In the end the idea is that the machines will be production domain controllers but will be segmented off in a site that shouldn't be used by anyone. We don't want them processing authentication or other ldap requests, we simply want them replicating to get the DIT so we can shut them down daily and back up the virtual disk file. The huge benefit is that if we have a catastrophic failure, we take any server capable of running Virtual Server and copy these files to it and turn then on and our old environment is back up and running again much faster than any other method we can think of. As for the lab, you occasionally grab the disk file and transport to the lab and bam, you have production in the lab to see what that schema change will do to a live production environment before going into the real production environment. Mirroring production will never be truly close for everything, there will always be something different. I can visualize of no better way to be this close this easily and if done correctly most all of it can be scripted. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marcus Sent: Monday, January 12, 2004 11:57 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Lab Refresh Process Are your virtual servers production servers? This sounds like a pretty cool idea From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 12, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Lab Refresh Process What we are looking at for this is a virtual server setup. We pull the disk file image from production to the lab occasionally and spin it up in the protected network of the lab. It will be a side effect of our disaster recover model we are working on. Every day the virtual servers will be spun down and the disk files backed up and then the virtual servers will be spun back up. The images can then be used to restore the forest in case of huge disaster or could be pulled into a segregated lab for testing. Still a swing server but not as involved as physical hardware. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Monday, January 12, 2004 11:21 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Lab Refresh Process I was trying to think of a way in which I can get the SIDS GUIDs without the swing server, but I can't think of another way. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 10:48 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Lab Refresh
RE: [ActiveDir] Happy Birthday [list owner]
Happy B-Day! :) This forum has saved me many times. Thanks for a great forum. -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 8:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Happy Birthday [list owner] Congrats my friend. Please, no birthday suits. -Original Message- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:32 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Happy Birthday [list owner] The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ --- [This E-mail scanned for viruses by Declude Virus] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] SidHistory migration
NT4 doesn't know about this, so nothing to configure here. It's turned off by default in 2000 (so you don't have to turn it off, if you didn't turn it on...). So there's only 2003 where you may want to turn it off... Also, to further understand your problem: am I correct in assuming, that you've migrated all groups and users to 2003 and that the resources are still in the 2000 forest/domain? Often people forget that you need to migrate the Groups with SID-history as well... It's best to compare one on one which SIDs a user and his/her groups have in 2000 (incl. SIDhistory) to those in 2003, before analysing this further... /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pelle, JoeSent: Montag, 12. Januar 2004 23:52To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] SidHistory migration Thanks, Guido! Ive turned SID filtering off and have had no luck. Is there something I need to do on the Windows 2000 or NT side?! Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED] Sent: Saturday, January 10, 2004 5:13 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] SidHistory migration 2003 has SID-Filterning turned on by default for any external trusts to and from domain - i.e. access with SID-History should work fine as long as the resources your accessing are on servers that are members of the 2003 forest. you can turn off SID-Filtering - this should resolve your problem. However, as this feature generally decreases the attack surface for your 2003 forest in trusted environments, you really only want to consider this as an interims solution. /Guido From: Pelle, Joe [mailto:[EMAIL PROTECTED] Sent: Freitag, 9. Januar 2004 16:37To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] SidHistory migration We were going to do the inplace but we have no choice to do it this way. Any suggestions? Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 10:03 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] SidHistory migration Even if you did make it work, I would be uncomfortable with the complexity involved of permissions. 'Course I'm in a regulated industry, but still... Any reason why you don't upgrade your domain in place? Why the new domain again? Why can't you get rid of the old domain and get rid of the sIDHistory from that migration? In other words, why not complete the migration prior to migrating again? Al From: Pelle, Joe [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 9:04 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] SidHistory migration Hello, All! Happy New Year! I'm hoping you can help me figure this one out! We've migrated from NT to 2000 with SIDHistory and have been running successfully for quite some time now. We now want to move to 2003 with SIDHistory - which, will give our user accounts 3 SIDs (NT, 2000, 2003). We've tested this in the lab and with the migration software we are using we are getting a successful SID migration, however, when logging in as a migrated user in 2003 I don't have the same access I had in 2000 (or NT). It appears that SIDHistory is NOT working. We have a two way trust between our two forests as well as trusts going back to NT. I've disabled SID filtering on the 2003 trust. Any help in this matter would be greatly appreciated! Thanks! Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent.
RE: [ActiveDir] store password using reversible encryption ?
it basically means: store the password in such an unsafe way, that it can be read by other sources... unless you have a really important requirement for this, it's nothing that you'd want to do. -Original Message- From: Fugleberg, David A [mailto:[EMAIL PROTECTED] Sent: Montag, 12. Januar 2004 20:48 To: [EMAIL PROTECTED] Subject: [ActiveDir] store password using reversible encryption ? Can anyone enlighten me about the account option store passord using reversible encryption ? As I understand it, some kinds of clients and some kinds of remote access solutions that use CHAP require that this option be enabled. Just the sound of it makes me uncomfortable. What are the security implications of setting this option on a user account ? Dave List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO and the Outlook Dumpster
Does anyone know a GPO setting that will allow me to prevent users from accessing the Recover Deleted Items addin in Outlook ? Someone on an exchange mailing list said that there is a GP setting to prevent this addin being loaded. Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO and the Outlook Dumpster
It strikes me that it might be part of the Office Administration Templates, which can be distributed via GPOs, but aren't actually part of the GPO settings. http://www.microsoft.com/office/ork/2003/five/ch18/MntA04.htm There are similar templates for Office XP and Office 2000 that might do the trick. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO and the Outlook Dumpster Does anyone know a GPO setting that will allow me to prevent users from accessing the Recover Deleted Items addin in Outlook ? Someone on an exchange mailing list said that there is a GP setting to prevent this addin being loaded. Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] GPO not being applied
I have a simple problem. One GPO is not being applied. I have a GPO with desktop settings being applied for students and faculty. It works. Another GPO for proxy settings and special home page is assigned to the library lab computers. The proxy settings are appearing but the home page setting is not. I have students, faculty and even authenticated users Read and Apply set. Both the groups have a mandatory profile. My goal is for users to login to library and get library home page and proxy settings, anywhere else they get the home page that appears in the profile and no proxy settings. The RSoP says the home page is being set to the library home page. thanks. Bruce Clingaman List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: slipstreaming Win2K
You mean this? http://support.microsoft.com/default.aspx?scid=kb;en-us;828930Product=win2000 Mike From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:06 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: slipstreaming Win2K I've successfully slipstreamed service packs into a Win2K install media before, but never looked into adding any hotfixes to it. So I started looking into how to do it, and was surprised to find dialog from one of Microsoft's online tech chats, in which the rep said you can't do that. Did I misunderstand, or can I really not add hotfixes to a slipstream image? Thanks...oh, and Tony - thanks also from me for a great list! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do
RE: [ActiveDir] OT: slipstreaming Win2K
Unfortunately, you cant slipstream most (any?) hotfixes into installation media, though I seem to remember reading somewhere that Microsoft intends to make all critical updates slipstreamable. In the meantime, though, you can use a workaround to install hotfixes in an unattended install. Though not quite as smooth as slipstreaming, it works just as well in the end. You can find a well-written article about that at the following URL: http://www.cheese.org/~scott/useful/Slipstreaming%20Builds.doc If I remember correctly, you simply have to rename the hotfixes, throw them in a particular directory on the installation media, and write a CMDLINES.TXT file that executes after the installation has completed. -James R. Rogers, MCSE From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Tuesday, January 13, 2004 11:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: slipstreaming Win2K Ive successfully slipstreamed service packs into a Win2K install media before, but never looked into adding any hotfixes to it. So I started looking into how to do it, and was surprised to find dialog from one of Microsofts online tech chats, in which the rep said you cant do that. Did I misunderstand, or can I really not add hotfixes to a slipstream image? Thanksoh, and Tony thanks also from me for a great list! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do smime.p7s Description: S/MIME cryptographic signature
RE: [ActiveDir] Happy Birthday [list owner]
Nice work Tony and ditto on the thanks to all the folks who take time to contribute! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Monday, January 12, 2004 11:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Happy Birthday [list owner] The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO not being applied
you'll want to apply your GPOs for the library computers in loopback mode (depends on other requirements if you choose to go for merge or replace) - this way you can use the settings of the library computer to override the same IE settings that come from other User related GPOs. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adams, Kenneth W (Ken) Sent: Dienstag, 13. Januar 2004 20:14 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO not being applied User GPOs are applied AFTER machine GPOs IIRC. If the user GPOs set the proxy or home page settings differently than the machine GPO, the user GPO settings will be the effective settings. Kenneth W. (Ken) Adams, MCSA, MCSE -Original Message- From: Bruce Clingaman [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:07 PM To: ActiveDir (E-mail) Subject: [ActiveDir] GPO not being applied I have a simple problem. One GPO is not being applied. I have a GPO with desktop settings being applied for students and faculty. It works. Another GPO for proxy settings and special home page is assigned to the library lab computers. The proxy settings are appearing but the home page setting is not. I have students, faculty and even authenticated users Read and Apply set. Both the groups have a mandatory profile. My goal is for users to login to library and get library home page and proxy settings, anywhere else they get the home page that appears in the profile and no proxy settings. The RSoP says the home page is being set to the library home page. thanks. Bruce Clingaman List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: slipstreaming Win2K
Thats right, you have to use qchain and put them in a subdirectory under i386 and so on I had the procedures once upon a time and decided it wasnt worth it, but if you need them I could probably find them again. Rich From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: slipstreaming Win2K Ive successfully slipstreamed service packs into a Win2K install media before, but never looked into adding any hotfixes to it. So I started looking into how to do it, and was surprised to find dialog from one of Microsofts online tech chats, in which the rep said you cant do that. Did I misunderstand, or can I really not add hotfixes to a slipstream image? Thanksoh, and Tony thanks also from me for a great list! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.
RE: [ActiveDir] OT: slipstreaming Win2K
Title: Message Just saw the link below still I think itd be easier to set up SUS for post-imaging pre-deployment use than to follow all that for each patch Dang! What a lot of work. Okay so prior to 11/11/03 I think what I said was true ;-) Havent looked at the susserver.com site yet though. When we were using RIPREP to deploy, within 15 minutes of the computer being built and in the OU for new computers which had the SUS settings applied via GPO, the XP SP1 computers were ready to restart after patching from SUS. 15 minutes for us was an acceptable wait period. I knew a guy who had NT4 SP6a slipstreamed a couple of years ago though supposedly you couldnt do that at the time. Not officially, I dont think, anyway. From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:08 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: slipstreaming Win2K You mean this? http://support.microsoft.com/default.aspx?scid=kb;en-us;828930Product=win2000 Mike From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:33 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: slipstreaming Win2K There's a utility linked off the susserver.com site that can accomplish this as well. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Rich Milburn [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 3:19 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: slipstreaming Win2K That's right, you have to use qchain and put them in a subdirectory under i386 and so on... I had the procedures once upon a time and decided it wasn't worth it, but if you need them I could probably find them again. Rich From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: slipstreaming Win2K I've successfully slipstreamed service packs into a Win2K install media before, but never looked into adding any hotfixes to it. So I started looking into how to do it, and was surprised to find dialog from one of Microsoft's online tech chats, in which the rep said you can't do that. Did I misunderstand, or can I really not add hotfixes to a slipstream image? Thanks...oh, and Tony - thanks also from me for a great list! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.
RE: [ActiveDir] OT: slipstreaming Win2K
Title: Message Nope. I mean this: http://www.nextwish.org/geek.php?page=susutil Its an exe that sets the correct registry settings and restarts the update service, and the system gets the updates in about 10 minutes, then following the reboot it sets the settings back (which would be done by the GPO anyway, if you're using one). I use it quite a bit for servers when I'm ready to patch them. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:08 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: slipstreaming Win2K You mean this? http://support.microsoft.com/default.aspx?scid=kb;en-us;828930Product=win2000 Mike From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:06 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: slipstreaming Win2K I've successfully slipstreamed service packs into a Win2K install media before, but never looked into adding any hotfixes to it. So I started looking into how to do it, and was surprised to find dialog from one of Microsoft's online tech chats, in which the rep said you can't do that. Did I misunderstand, or can I really not add hotfixes to a slipstream image? Thanks...oh, and Tony - thanks also from me for a great list! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do
RE: [ActiveDir] GPO and the Outlook Dumpster
Or other capabilities available in Outlook/Exchange, such as journaling, message tracking, etc. etc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David, Andy Sent: Tuesday, January 13, 2004 4:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster I would argue then that you need to look at 3rd party archival tools! -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 3:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster Because while the Recover Deleted Items addin allows you...err...recover deleted items a user can also delete things permanently. We have had people 'covering their tracks' by deleting emails. I don't want to disable the feature all together as it's a useful IT tool for managers etc, but not for users. Olly -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: 13 January 2004 19:15 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster I'm just wondering why you would want to implement such a thing. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 12:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO and the Outlook Dumpster It strikes me that it might be part of the Office Administration Templates, which can be distributed via GPOs, but aren't actually part of the GPO settings. http://www.microsoft.com/office/ork/2003/five/ch18/MntA04.htm There are similar templates for Office XP and Office 2000 that might do the trick. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO and the Outlook Dumpster Does anyone know a GPO setting that will allow me to prevent users from accessing the Recover Deleted Items addin in Outlook ? Someone on an exchange mailing list said that there is a GP setting to prevent this addin being loaded. Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO and the Outlook Dumpster
I would argue then that you need to look at 3rd party archival tools! -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 3:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster Because while the Recover Deleted Items addin allows you...err...recover deleted items a user can also delete things permanently. We have had people 'covering their tracks' by deleting emails. I don't want to disable the feature all together as it's a useful IT tool for managers etc, but not for users. Olly -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: 13 January 2004 19:15 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster I'm just wondering why you would want to implement such a thing. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 12:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO and the Outlook Dumpster It strikes me that it might be part of the Office Administration Templates, which can be distributed via GPOs, but aren't actually part of the GPO settings. http://www.microsoft.com/office/ork/2003/five/ch18/MntA04.htm There are similar templates for Office XP and Office 2000 that might do the trick. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO and the Outlook Dumpster Does anyone know a GPO setting that will allow me to prevent users from accessing the Recover Deleted Items addin in Outlook ? Someone on an exchange mailing list said that there is a GP setting to prevent this addin being loaded. Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: slipstreaming Win2K
Title: Message Mark, Easily done, maybe the rep meantthat you couldn't roll the hotfixes directly into the i386 dir like the service packs, they have to be added as an "after thought"we usean unattendedbootable CD for our more remote locations and roll all the available hotfixes into it, I do the same with RIS (Roll hotfixes into install that is...), a good site to look at is: http://www.msfn.org/unattended/xp/index.htm I know it is XP but I have done it utilising the same method for W2K, only slightly different for RIS: http://www.winnetmag.com/Articles/ArticleID/24892/pg/2/2.html Rogers suggestion looks pretty good will look into that... James -Original Message-From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, 14 January 2004 6:53 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: slipstreaming Win2K Nope. I mean this: http://www.nextwish.org/geek.php?page=susutil Its an exe that sets the correct registry settings and restarts the update service, and the system gets the updates in about 10 minutes, then following the reboot it sets the settings back (which would be done by the GPO anyway, if you're using one). I use it quite a bit for servers when I'm ready to patch them. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:08 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: slipstreaming Win2K You mean this? http://support.microsoft.com/default.aspx?scid=kb;en-us;828930Product=win2000 Mike From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:06 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] OT: slipstreaming Win2K I've successfully slipstreamed service packs into a Win2K install media before, but never looked into adding any hotfixes to it. So I started looking into how to do it, and was surprised to find dialog from one of Microsoft's online tech chats, in which the rep said you can't do that. Did I misunderstand, or can I really not add hotfixes to a slipstream image? Thanks...oh, and Tony - thanks also from me for a great list! Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do
RE: [ActiveDir] GPO and the Outlook Dumpster
Aren't we neglecting the idea of a big stick to adjust user behavior? ;) Seriously, the only way I've heard of adjusting the dumpster behavior is to either set it on for all items (dumpsteralwayson) and not storing the data on the server. The original intent was to empower users to be able to recover items so that admins wouldn't have to. If the requirement is to keep the data regardless of user intervention, this is the wrong tool. The user that can figure out how to delete from the dumpster, can figure out how to shift+delete and remove the item permanently else move it to a PST and then delete it permanently from another profile etc. Heck, POP would work just fine for that as well. Solving user behavior issues with technology rarely works well. I think in this case, you have a user behavio issue. Al -Original Message- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster Or other capabilities available in Outlook/Exchange, such as journaling, message tracking, etc. etc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David, Andy Sent: Tuesday, January 13, 2004 4:27 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster I would argue then that you need to look at 3rd party archival tools! -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 3:07 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster Because while the Recover Deleted Items addin allows you...err...recover deleted items a user can also delete things permanently. We have had people 'covering their tracks' by deleting emails. I don't want to disable the feature all together as it's a useful IT tool for managers etc, but not for users. Olly -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: 13 January 2004 19:15 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster I'm just wondering why you would want to implement such a thing. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 12:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO and the Outlook Dumpster It strikes me that it might be part of the Office Administration Templates, which can be distributed via GPOs, but aren't actually part of the GPO settings. http://www.microsoft.com/office/ork/2003/five/ch18/MntA04.htm There are similar templates for Office XP and Office 2000 that might do the trick. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO and the Outlook Dumpster Does anyone know a GPO setting that will allow me to prevent users from accessing the Recover Deleted Items addin in Outlook ? Someone on an exchange mailing list said that there is a GP setting to prevent this addin being loaded. Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DC's on VMWare
Thanks and understood. We have multiple datacenters and each datacenter will have one or more new 8-way boxes with 32gb or 64gb ram as the ESX consolidation platform. When/where we need more than one DC in a datacenter we'll distribute the VMs across multiple physical boxes. I believe that covers the distributed aspect of your reply as we'll still have DCs in more than one site and DCs per site across multiple boxes. As far as Microsoft is concerned, they have Virtual Server (not yet ready for primetime) but we're going with VMWare ESX, recently acquired by EMC. Will talk with them about virtualizing DCs in general though as that's a good idea. We've had ongoing design reviews but have not covered this aspect. Thanks, Mike Mulnick, Al [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent by:cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DC's on VMWare tivedir.org 01/13/2004 02:36 PM Please respond to ActiveDir There's no particular reason why you couldn't put a DC on a VM that I'm aware of. However, for production purposes I would say that you should carefully consider this approach. The idea of a distributed directory is to have it, well, distributed. If all you plan to use the ESX for is to put DC's on it, then it really does defeat the purpose of a distributed directory. Failure of ESX hardware, would mean failure of potentially many apps or if multiple DC's then the failure of multiple DC's at one time. Additionally, the cost of the larger hardware to house the multiple VM's may outweigh the cost of multiple physical machines running Windows 2003 DC's. To get similar performance, you'll need to really understand the underlying hardware and the implications of the apps running in those VM sessions to prevent contention of resources. That indicates a fairly large investment in hardware to achieve what you describe. What you may want to do is check with your local Microsoft support office and see about getting a supportability review to ensure that what you are doing is not only possible from their perspective (it's their product right) but also whether or not it's recommended by Microsoft at all. They shouldn't care one way or another about hardware from a money standpoint since you have to buy just as many licences either way or in your case, just as many Windows 2003 licences and an additional ESX license. As is often the case, just because you can doesn't mean you should. :) -Original Message- From: Mike Baudino [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DC's on VMWare All, Server consolidation has us heading towards putting production Windows Server 2003 domain controllers on VMWare VMs using ESX. We have not yet deployed AD widely (some business units have it and some don't) but are working on a new design that will handle all business units. Our lab is a combination of physical servers on workstation-class hardware and VMs on VMWare Workstation4 and on ESX. However, our direction for production DC's is VMs on ESX unless we find that it doesn't work properly or well enough. We're going to be testing this in the lab. I've seen recent emails about using VMs to spin off labs. But does anyone have experience running production DC's on VMs or any known gotcha's that they're willing to share? Thanks, Mike Baudino *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this
[ActiveDir] Backups
I have a schedule backup that just copies everything on my hard drive to a drive on my firewire drive. If my active hard drive crashes, how do I restore it with the data on my firewire drive so I can just boot up the new hard drive and it will have all the active directory users and all that stuff? Thanks List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DC's on VMWare
Well right off the bat... MS doesn't support Windows on VMWARE; it is best effort unless Microsoft can determine that the issue can be reproduced on physical hardware. VMWARE claims this is because of competitive reasons but MS never supported it even before they bought the Connectix product. From what I have heard, our dev guys have actually hit things that they couldn't reproduce. Personally I would run Windows on VMWARE all day in a lab (we do) or at home (I did). I wouldn't even start to consider it for production (never ever ever). If you want to look at virtualization software for running Windows, get into the Virtual Server preview program that MS has as obviously the Windows products will be fully supported on that software. IBM and HP both claim full support for Windows on VMWARE. However you have to keep in mind, what can they really do? If there is a problem with VMWARE they can send that info back to the vendor. If they find a problem in Windows they can send that back to MS. They have no power to really fix anything. I have had a conversation with one of the guys at IBM concerning the support model and in the end he said, there is no SLA for software support from anyone - no guarantees... Great! He mentioned that all of their VMWARE contracts are one offs negotiated specifically with the customer at hand. But again, in the end, all they can do is pat your hand and say, we understand, yes that does suck that it doesn't work, but don't worry we sent someone a note - if we could fix it ourselves we would, but we can't. I actually stopped using the VMWARE products at home about 3 months ago and switched to the MS products as I figured I might as well get used to it. Here are some links worth reading: http://support.microsoft.com/default.aspx?scid=kb;en-us;273508 http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fbin%2Fkbsea rch.asp%3FArticle%3D320220 http://www.computerworld.com/hardwaretopics/hardware/server/story/0,10801,87 185,00.html joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Baudino Sent: Tuesday, January 13, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DC's on VMWare All, Server consolidation has us heading towards putting production Windows Server 2003 domain controllers on VMWare VMs using ESX. We have not yet deployed AD widely (some business units have it and some don't) but are working on a new design that will handle all business units. Our lab is a combination of physical servers on workstation-class hardware and VMs on VMWare Workstation4 and on ESX. However, our direction for production DC's is VMs on ESX unless we find that it doesn't work properly or well enough. We're going to be testing this in the lab. I've seen recent emails about using VMs to spin off labs. But does anyone have experience running production DC's on VMs or any known gotcha's that they're willing to share? Thanks, Mike Baudino *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Remotely Boot into DS Restore Mode?
Use /SAFEBOOT:DSREPAIR /SOS switches in boot.ini: http://support.microsoft.com/?kbid=256588 Guy On Wed, 2004-01-14 at 03:26, David Adner wrote: Without using a lights-out type adapter or something else that will allow me to remotely view the bootup process, is there a way to reboot a server and have it automatically enter DS Restore Mode? TIA List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD DR (was Remotely Boot into DS Restore Mode?)
Wow thanks that is perfect. Didnt even know about that. Much appreicated. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Adner Sent: Tuesday, January 13, 2004 8:38 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] AD DR (was Remotely Boot into DS Restore Mode?) This whitepaper might help. Active Directory Disaster Recovery http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn ol/ad/windows2000/support/adrecov.asp List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Happy Birthday [list owner]
Tony, Congrats. This is one of the most useful sites I have subscribed to in the last 3 years. The info has been more than helpful on many occasions throughout my IT career. Keep up the good work, and thanks to creating such a tech site with so many technical savvy subscribers. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, January 13, 2004 8:32 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Happy Birthday [list owner] The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] GPO and the Outlook Dumpster
your protection against this "CYA" type of deletion is backup. If you maintain a diligent backup of your Exchange Server, you can always do a restore to your offline server whenever you need to "prove" something. Disabling access to the "Recover Deleted Items" folder will not buy you much with a determined user who wants to cover his/her track. Shift-Del will not send deleted items to that folder, you know? Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Oliver MarshallSent: Tue 1/13/2004 12:07 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO and the Outlook Dumpster Because while the Recover Deleted Items addin allows you...err...recover deleted items a user can also delete things permanently. We have had people 'covering their tracks' by deleting emails. I don't want to disable the feature all together as it's a useful IT tool for managers etc, but not for users. Olly -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: 13 January 2004 19:15 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster I'm just wondering why you would want to implement such a thing. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 12:27 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] GPO and the Outlook Dumpster It strikes me that it might be part of the Office Administration Templates, which can be distributed via GPOs, but aren't actually part of the GPO settings. http://www.microsoft.com/office/ork/2003/five/ch18/MntA04.htm There are similar templates for Office XP and Office 2000 that might do the trick. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Oliver Marshall [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:19 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO and the Outlook Dumpster Does anyone know a GPO setting that will allow me to prevent users from accessing the Recover Deleted Items addin in Outlook ? Someone on an exchange mailing list said that there is a GP setting to prevent this addin being loaded. Olly List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Happy Birthday [list owner]
Congrats, Tony. And to everyone who have been filling my head with so much "techie" stuffs since I joined this list, I say thank you for your selfless contributions. I know I have personally benefitted from your contributions. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Tony MurraySent: Mon 1/12/2004 11:32 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Happy Birthday [list owner] The ActiveDir.org discussion forum is 3 years old today! The list membership has grown somewhat since the January 13th 2001 (when it consisted of me, various friends, family, acquaintances and anyone else I could cajole, coerce or bribe) to over 1000 today. I might be ever-so-slightly biased, but I think this is a great technical forum. Thanks for making it what it is today, and especially to those of you who give of their time to make regular, helpful and well-informed contributions (you know who you are). Tony List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
