RE: [ActiveDir] [Dreadfully OT]: Interesting little tidbit....
Actually, my malady is contagious :) It's 4.7MB. I did not want to believe it would be that small when I first look at it, that was why I was confused. But, from what I am reading, I can see it's so small. By the way, this does not appear to me to be any different from running LINUX under a typical VM environment. So, what's new or so cool about that? I guess I should play first before blabbing, eh? :). Downloading the Debian image now. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Sun 2/13/2005 6:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] [Dreadfully OT]: Interesting little tidbit Hallucination. It's a 47MB compressed file system image... No where near as imposing as it looks. It's in bytes - no Kbytes... ;-) -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, February 13, 2005 5:07 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] [Dreadfully OT]: Interesting little tidbit I looked at it, and my eyes (almost) popped out. Is that really a 4.7Gig distro, or am I hallucinating - again? :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Sun 2/13/2005 1:08 PM To: ActiveDir@mail.activedir.org; 'MVP Security Discussion' Subject: [ActiveDir] [Dreadfully OT]: Interesting little tidbit If you haven't looked at this yet - you really NEED to. I have it installed, working and am getting ready to toss X on, and get it functioning. This is one of those things that comes along and you look at it and think, "Huh that's really SUPER cool." Check it out... it's worth the time. http://www.colinux.org Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] [Dreadfully OT]: Interesting little tidbit....
Hallucination. It's a 47MB compressed file system image... No where near as imposing as it looks. It's in bytes - no Kbytes... ;-) -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, February 13, 2005 5:07 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] [Dreadfully OT]: Interesting little tidbit I looked at it, and my eyes (almost) popped out. Is that really a 4.7Gig distro, or am I hallucinating - again? :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Sun 2/13/2005 1:08 PM To: ActiveDir@mail.activedir.org; 'MVP Security Discussion' Subject: [ActiveDir] [Dreadfully OT]: Interesting little tidbit If you haven't looked at this yet - you really NEED to. I have it installed, working and am getting ready to toss X on, and get it functioning. This is one of those things that comes along and you look at it and think, "Huh that's really SUPER cool." Check it out... it's worth the time. http://www.colinux.org Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Command Line AD Question
DSMOVE or you could script it within a VB script For DSMOVE The same user can be moved from the Sales organization to the Marketing organization with the following command: dsmove "cn=Jane Doe,ou=sales,dc=microsoft,dc=com" -newparent ou=Marketing,dc=microsoft,dc=com Jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart, Cory G. Sent: Friday, February 11, 2005 17:42 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Command Line AD Question Hi Everyone, I'm going to be migrating a large number of machines from a workgroup into a domain. I'm probably going to have some people help me and I want to make it as easy for them as I can. I'm planning on giving them a CD with batch files to do all of the work for them. I'm familiar with using netdom to join systems to the domain, but I'm looking for the command line tool to move the system around within AD OUs. For example, before putting the machine into its "permanent" OU, I may want to put it into a software OU so that certain packages will be installed first. So what command line tool(s) would you recommend for this. I really appreciate your help!!! Thanks, Cory List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Investigating GC queries
Title: Investigating GC queries maybe a strange question, but who is doing the query? the workstation itself or outlook? If it is outlook, is the mailbox located on the exchange box that's in the same site as the off-site GC? As I know outlook uses the GC provided by exchange and not the closest DC. you can configure it though to work that way (Q319206) cheers Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Friday, February 11, 2005 17:41To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Investigating GC queries How would I best troubleshoot a machine that seems to be always be going to an off-site GC to get its queries answered? I have verified the machine’s subnet is in Sites & Svcs, and that the subnet is assigned to site closest by (it is in a different building, but here on the same local campus, with a fiber connection between the 2 buildings). Yet it usually finds the GC in Chicago, over a much slower WAN link. Just not sure what my steps should be. Thanks! Mark CreamerThis e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
RE: [ActiveDir] [Dreadfully OT]: Interesting little tidbit....
I looked at it, and my eyes (almost) popped out. Is that really a 4.7Gig distro, or am I hallucinating - again? :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Sun 2/13/2005 1:08 PM To: ActiveDir@mail.activedir.org; 'MVP Security Discussion' Subject: [ActiveDir] [Dreadfully OT]: Interesting little tidbit If you haven't looked at this yet - you really NEED to. I have it installed, working and am getting ready to toss X on, and get it functioning. This is one of those things that comes along and you look at it and think, "Huh that's really SUPER cool." Check it out... it's worth the time. http://www.colinux.org Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada
Dissecting >>> Its Vancouver in March... Yeah, so? Can't be much worse than MI in March. >>> I am pretty tied up with Lame, so lame I'm tempted to not comment :) I am sure most presenters are in the same boat. I am personally in that boat. I am not even sure HOW I will get to DEC yet, because I am not sure which city I will find myself in around that time. So, can't book a flight yet because I don't know where I would be flying in from. So, there try something else :p >>> There is also the whole issue of who do I go as? I would think that going in as Joe would be sufficient. I already told you this before - you don't seem to know how much regards you command within the community. WRT who foots the bill, I'd assume that Gil is ponying up the money either way (either as Joeware or JoeHP), so that should really not be a factor. More so, I am sure Gil will be footing your bill even if you show up as Joe-the-cross-dresser. But, I will let Gil speak for himself on that point :) >>> I am not an ethereal guru I did not know that Gil was looking for gurus. I certainly I'm not a guru in anything, and I would take a back seat to you any day when talking about Exchange security. But, I am going, and you are not. So, there again :) Why am I going? Because I think I have seen and done some things on Exchange security that the attendees "MAY" be interested in listening to. I am definitely not bringing anything revolutionary or earth-shattering. I am only hoping that I will say something that will get some of the attendees to go back to their bases and rethink what they have or implement something (if they haven't). My position on conferences and teaching and stuff like this is that I don't go there hoping to meet wizards and have them implant knowledge into my medula oblongata. I do not expect that most people go there for this reason either. I think re-enforcement and pointers and things that get people thinking carry much more weight than just looking to spoon-feed people information. Are you expecting to transform the attendees into Ether-sniffing K-9 in the span of 90 minutes? Wake up, Joe. So, I chalk this down to the "Lame" category. >>> Possibly Gil can take some informal poll at the event on who would like to see a joeware presentation at a future event Yeah, right. So that you could wiggle your way out of it again. You need no poll, Joe. And I know that you know that I know that you knew that. Gil already floated the idea, so I don't see the need to get Gallup involved at this point. >>> Interesting all the MVPs coming out of the wordwork saying they are going now They are probably signing up in large numbers, hoping their massive presence will be enough reason to compell you to show up. Or they could be signing up because they heard that Joe was there the last time around and they want to be able to claim to have seen you in person. Look at it as a bribe, or peer-presure or something. They could also just be going for the beer, who knows? >>> Anyone who has knowledge on some of the more evil ways of breaking into a forest try to keep mum I can certainly say, with absolute truth, Boy's Scout's honor, that I have no clue what you are talking about. Yet, I am supposed to be a Security MVP :) Ironic, uh? This is why I miss you, man. I remember you explaining 1B and 1C records to me back in 99 and me looking at you like "WTF is he talking about? what do this have to do with WINS?" Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 2/13/2005 9:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada LOL with all of you. Its Vancouver in March... Even DC in March was pushing it, March is Lousiana or Florida or Arizona or Texas. Seriously though, I am pretty tied up with a customer right now with fun issues with Exchange and third party tools where I at the point of monitoring every change to all user objects as a non-admin. There is also the whole issue of who do I go as? Do I go as joe from joeware or Joe Richards Senior Consultant for a major Technology company. Completely different roles that I have to be careful with on both sides of the fence. Most people in the world know me as joe of joeware not as Joe Richards Consultant so I should go as joe the joeware guy which means costing personal money or riding on Gil which I feel I would need to present something for. That doesn't bother me overly much but the question is what to present? I can use ethereal, I am not an ethereal guru. Hate to see people put in a position of supposed expert there to talk and answer questions on something when they aren't that expert, especially when that people is me. There are a lot of people talking and
RE: [ActiveDir] Add Computer to Domain
To delegate the permissions -> yes I would, however, consider removing authenticated users from the privilege "add workstations to domain" in the DDC GPO Greetz Jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, February 11, 2005 16:53 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Add Computer to Domain So I would have to use the delegation wizard at the OU level to add workstations to the domain and ignore the user rights assignments at the DC Level? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, February 10, 2005 3:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Add Computer to Domain Justin, The "Add workstations to domain" user right (configured at DC level) by default assigns each authenticated user the right to add 10 computers (default configured quota for this) to the domain. Those computers will be placed in the COMPUTERS CONTAINER and the default owner is "Domain Admins". However users can be granted an unlimited number of computers they can add to the domain if the permission has been granted to those users on a certain OU, independently of the user right "add workststations to domain" has been granted or not. The owner of the latter objects will be the accounts that created them. Most of the time it is not acceptable that users add computers to the domain just like that. In the environment I created the design for, I removed authenticated users from the user right, created a global group and granted that global group permissions over a certain OU to created computer accounts. If I'm correct the computer accounts need to be created first and then you can join the computer to the domain (as with the join dialog box there is no possibility to specify an OU) and with tools (e.g. NETDOM) where you have the possibility to directly add a computer I presume it is possible to do this without first creating the computeraccount Cheers, Jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, February 09, 2005 19:15 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Add Computer to Domain If I wanted to grant a group the rights to join computers to the domain should I configure the User Assignment setting of a GPO to do that and if so should I create that GPO on the OU I want them to join computers to or do I have to do it at the domain level or within the Domain Controllers Policy? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Display Computer Name on Desktop
Rename "My Computer" to the computername See http://www.computerperformance.co.uk/Registry/registry_hacks_display_compute rname.htm Jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Friday, February 11, 2005 19:41 To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED] Subject: [ActiveDir] Display Computer Name on Desktop I have a question, is there a way to display the computer name on the desktop either through a login script or via GPO? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Display Computer Name on Desktop
Justin, Havn't taken a look at Rick's suggestion WHOAMI but another alternative is BGINFO...http://www.sysinternals.com/ntw2k/freeware/bginfo.shtml...It's freeware and you can create a custom installation package... James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, 14 February 2005 7:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Display Computer Name on Desktop Justin - I'm going to try again because, IMHO, you're working WAY too hard at this one problem. My current preference - http://www.kewlit.com/whoami/index2b.html Great for the Data Center boxes connected via KVM. If you haven't looked at this tool - you have NO IDEA what you're missing. Simply elegant. Not as much info (or, as I've seen it on some systems - flipping information OVERLOAD) as Sysinternals 'bginfo', but if you just want the simple basics and a NAME, here it is. Don't knock this one until you try it. -rtk P.S. Ulf - love the reg hack, BTW... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Friday, February 11, 2005 6:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Display Computer Name on Desktop Hello Justin, Apart from the scripting answers you got, here's a different solution: Rename My Computer on any workstation to WHATEVER-I-DONT-GIVE-A-D. Open up regedit and search for WHATEVER-I-DONT-GIVE-A-D. Create a new Key of the type Reg_expand_sz called WHATEVER, and put in "%computername%" as value. Export the parent key (where WHATEVER-I-DONT-GIVE-A-D was the default value) to a reg file. Open up the regfile in notepad, and change it so that the value of WHATEVER of type reg_expand_sz is assigned to the default key "@". Delete the old key in regedit, then doubleclick the regfile. The type of the key should now be reg_expand_sz (before it was reg_sz and would have shown %computername% instead of resolving it. If you are nice, and want some more information, you can use this regfile: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}] @=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,25,00,20, 00,\ 40,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,6e,00, 61,\ 00,6d,00,65,00,25,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CL SID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}] @=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,25,00,20, 00,\ 40,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,6e,00, 61,\ 00,6d,00,65,00,25,00,00,00 Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsserverfaq.org > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Salandra, Justin A. > Sent: Friday, February 11, 2005 7:41 PM > To: ActiveDir@mail.activedir.org > Cc: [EMAIL PROTECTED] > Subject: [ActiveDir] Display Computer Name on Desktop > > I have a question, is there a way to display the computer > name on the desktop either through a login script or via GPO? > > Justin A. Salandra > MCSE Windows 2000 & 2003 > Network and Technology Services Manager > Catholic Healthcare System > 212.752.7300 - office > 917.455.0110 - cell > [EMAIL PROTECTED] > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] [Dreadfully OT]: Interesting little tidbit....
If you haven't looked at this yet - you really NEED to. I have it installed, working and am getting ready to toss X on, and get it functioning. This is one of those things that comes along and you look at it and think, "Huh that's really SUPER cool." Check it out... it's worth the time. http://www.colinux.org Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Display Computer Name on Desktop
Justin - I'm going to try again because, IMHO, you're working WAY too hard at this one problem. My current preference - http://www.kewlit.com/whoami/index2b.html Great for the Data Center boxes connected via KVM. If you haven't looked at this tool - you have NO IDEA what you're missing. Simply elegant. Not as much info (or, as I've seen it on some systems - flipping information OVERLOAD) as Sysinternals 'bginfo', but if you just want the simple basics and a NAME, here it is. Don't knock this one until you try it. -rtk P.S. Ulf - love the reg hack, BTW... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Friday, February 11, 2005 6:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Display Computer Name on Desktop Hello Justin, Apart from the scripting answers you got, here's a different solution: Rename My Computer on any workstation to WHATEVER-I-DONT-GIVE-A-D. Open up regedit and search for WHATEVER-I-DONT-GIVE-A-D. Create a new Key of the type Reg_expand_sz called WHATEVER, and put in "%computername%" as value. Export the parent key (where WHATEVER-I-DONT-GIVE-A-D was the default value) to a reg file. Open up the regfile in notepad, and change it so that the value of WHATEVER of type reg_expand_sz is assigned to the default key "@". Delete the old key in regedit, then doubleclick the regfile. The type of the key should now be reg_expand_sz (before it was reg_sz and would have shown %computername% instead of resolving it. If you are nice, and want some more information, you can use this regfile: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}] @=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,25,00,20,00,\ 40,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,6e,00,61,\ 00,6d,00,65,00,25,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}] @=hex(2):25,00,75,00,73,00,65,00,72,00,6e,00,61,00,6d,00,65,00,25,00,20,00,\ 40,00,20,00,25,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,6e,00,61,\ 00,6d,00,65,00,25,00,00,00 Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz Weblog: http://msmvps.org/UlfBSimonWeidner WebSite: http://www.windowsserverfaq.org > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Salandra, Justin A. > Sent: Friday, February 11, 2005 7:41 PM > To: ActiveDir@mail.activedir.org > Cc: [EMAIL PROTECTED] > Subject: [ActiveDir] Display Computer Name on Desktop > > I have a question, is there a way to display the computer > name on the desktop either through a login script or via GPO? > > Justin A. Salandra > MCSE Windows 2000 & 2003 > Network and Technology Services Manager > Catholic Healthcare System > 212.752.7300 - office > 917.455.0110 - cell > [EMAIL PROTECTED] > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada
Yep - you can be sure that I'll be taking on a role of 'enforcer' ;o) -rtk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, February 13, 2005 11:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada LOL with all of you. Its Vancouver in March... Even DC in March was pushing it, March is Lousiana or Florida or Arizona or Texas. Seriously though, I am pretty tied up with a customer right now with fun issues with Exchange and third party tools where I at the point of monitoring every change to all user objects as a non-admin. I would hate to start hearing from people who know how to break in that couldn't have figured it out on their own and finding out it is because someone wanted to impress folks by showing how it can be done. I would be less than pleasant to anyone listed as being the supplier of that info; granted that doesn't mean much. I trust Rick will have a couple of empties near him to glance off the foreheads of people sharing a bit too much. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Friday, February 11, 2005 10:21 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada Sorry, I thought they were asking for a show of hands. Mine's been up in the air for a week now...I was counting on a "Joe's Ethereal for Dummies" session. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, February 10, 2005 9:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada Could be you, could be me. Is it that no one but Jorge is going to DEC or is it that no one but Jorge knows who I am? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick Sent: Friday, February 04, 2005 6:57 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada I feel so rejected. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, February 04, 2005 4:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada Hmmm. Listen to the roar of indifference :oP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Friday, February 04, 2005 3:09 AM To: '[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org ' Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada I think Joe needs a bit more convincing. Let's vote: ;-) (1) Joe should come to DEC, tell something interesting and he can "leave his shorts on" AND he will get a beer... ;-)) (2) Joe stays at home and afterwards he hears from us how much fun it was CHOOSE... I say (1) Will this convince him? Cheers Jorge -Original Message- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 2/4/2005 2:21 AM Subject: RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada <> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Question: AD Group Policy not taking effect
Hi, The best way to check this out is to activate detailed logging, reboot & logon and look at the log in:- %windir%\Debug\UserMode\userenv.log. We have written a free utility that will allow you to activate detailed logging and will display the log in a meaningful way. http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml If you still have problems, mail me the log offline and I will look at it for you. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml - Original Message - From: "Umer Y." <[EMAIL PROTECTED]> To: Sent: Sunday, February 13, 2005 10:40 AM Subject: RE: [ActiveDir] Question: AD Group Policy not taking effect > What do you mean, a chance to replicate? Can you please explain a bit more? > > I was working with the user portion of GPO. > > I created a user account in OU. > > The client is XP, and the server is W2K3. > > I tried secedit by chandra, but it doesn't accept the /refreshpolicy. I have > already tried gpupdate /force. It goes through, without any results on the > client side. > > Any other suggestions? > > Thanks for the help. > > From: "Perdue David J Contr InDyne/Enterprise IT" > <[EMAIL PROTECTED]> > Reply-To: ActiveDir@mail.activedir.org > To: > Subject: RE: [ActiveDir] Question: AD Group Policy not taking effect > Date: Fri, 11 Feb 2005 14:06:16 -0800 > > Did the OU and the GPO have a chance to replicate? > The policy that you created, did you configure the computer or user > portion of the policy object? > Do you have a user account or a computer account in the OU? > What OS is the client computer? If it's Win2k or lower did you > configure a WinXP Policy Attribute? > Did you try a GPUPDATE on WinXP or a SECEDIT to update the the policy > applied to the System? > > Dave > > > > //SIGNED// > > David J. Perdue > Network Security Engineer, InDyne Inc > Comm: (805) 606-4597DSN: 276-4597 > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Umer Y. > Sent: Friday, February 11, 2005 13:38 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Question: AD Group Policy not taking effect > > Hello, > > I added an OU. Added a test user. > > I added a group policy by clicking 'add' under 'group policy' in OU's > properties. > > Changed a couple of things around. > > Logged onto a test client. Group policy wouldn't take effect. > > What am I missing? > > I will appreciate your help in this regard. > > Thanks. > > > > > ... you don't know what you've got 'till it's gone.. > > - Joni Mitchell > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > ... you don't know what you've got 'till it's gone.. > > - Joni Mitchell > > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT: Please Settle a Bet
Rick: Excellent logical breakdown you old monkey you. Roger: I agree with you. Win9x was definitely somewhere in the transition zone so thinking of it as 24 bit or a transitional OS makes sense to me. It went so far as to have a different thunking model for 32<->16 available for use due to how many 16 bit DLLs were still in common use. The win9x only special thunking was called flat thunking and required some special compiling but allowed a 16 bit app to call a 32 bit DLL but more importantly allowed a 32 bit app to call a 16 bit DLL. They also had generic thunkking which is the only thunking available now which is one way, 16 bit app -> 32 bit DLL. A major programming aspect to look at was that win9x brought out the Windows 32 bit API (win32 api)) as the standard API for windows. Prior to that you had 16 bit and Win32S which if you ever coded for it could be trying and you could find yourself unloading and reloading the actual binary components. You wouldn't ever find yourself only unloading the Win32 API on Win9x. You would find yourself reloading the OS which people did a time or two. I didn't spend much time on Win9x personally, I jumped to NT4 as soon as I could figure out how to log on and I will admit my PC sat there for a day or maybe two before I figured out how to log on (sometime in 1996 if I recall). Damn thing wouldn't let me bypass the logon screen and I couldn't stop the load process at DOS which really chapped me... I don't recall how I found out about the administrator ID (I certainly didn't read any manuals) but once I did I was like, oh of course, I type in the word administrator and a blank password. Of course, how logical. ugh. I came from the world of sysgens and DEC Mini platforms where you start up in console mode when you booted the system and can do anything and then once you tell it to go multiuser you knew the needed password for the 1,1 or 1,2 accounts. Then the system would stay up and running for months. The only people who could reboot the systems either had a key (starting around the 11/77 or the 11/34a) or knew the right switches to flip on front of the CPU because booting the machine actually involved loading addresses into the proper registers and switching the machine into RUN mode (see pic of 11/70 - http://users.rcn.com/crfriend/museum/TCMtrip/images/1170-34.jpg). The secret of the switches to flip was a trade secret handed down from sysadmin to sysadmin and you were required to memorize it versus writing it down, or at least it was where I came up through the ranks at. Another major programming aspect was around memory management. Obviously you had more memory available to you by jumping to 32 bit pointers but there was also a jump from shared memory for all of the apps to each app having its own virtual space. This broke quite a few apps trying to go to 32 bit because they were all used to be able to talk directly to each other versus having to marshall data between the processes. Basically it wasn't a simple recompile for many apps that communicated to work on 32 versus 16 which is YAR for making the 16/32 border a little nebulous. Companies don't like to have to redesign applications, heck many companies don't like to design applications... They throw some code through a compiler and see who will pay. Win3.0/1/1.1 could all run on the 386 but one of the big complaints about it was that it was a 16 bit OS riding a 32 bit machine. I recall when win95 came out and how MS really pushed the point of it being full 32 bit to take advantage of the power of the newest PCs and corresponding complaint from press that a majority of the stuff available was only 16 bit so you really didn't get the full benefit. I wonder how much better this will be handled in the 32->64 switchover. The big problem we have this time is competing architectures which should cause it to take longer to all shake out. As a developer I intend to stick with 32 bit for some time and rely on good thunking capability in the OS. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Saturday, February 12, 2005 11:41 PMTo: ActiveDir@mail.activedir.org; 'Send - AD mailing list'Subject: RE: [ActiveDir] Very OT: Please Settle a Bet I've alway described Win95 as a 24 bit operating system myself... Actually, the OS (i.e. the kernel) is (was) definitely 32-bit code. Rick backed into the correct answer with that damn logic thing again. However. explorer.exe (i.e. the GUI) was most definitely a 16-bit app, because at the time they hadn't figured out all the 32 bit optimizations for graphics - they had done all the 3.x work in 16 bit. IMO - this is one of the reasons 9x has always been relatively unstable - the mixture of 16 and 32 bit code. Roger Roger SeielstadE-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick KingslanSent
RE: [ActiveDir] OT: POP3 on Exchange 2003
Hey who is giving out free joeware hats. I want one! I did give out some joeware thongs for Christmas this year. My g/f liked hers and she also laughed that I gave one to her sister. I don't think her sister's husband was appreciating it very much though. :o) I looked at setting the POP3/IMAP settings using the protocolsettings attribute with exchmbx but when I started digging into it I backed off. Both because the docs seem to say, "just DON'T do it" and because there is quite a bit of info jammed into those little binary values. I may attack it again but it will be pretty involved and you have the obvious concern of not doing it exactly right or MS changing it since it really isn't a documented format. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, February 11, 2005 1:20 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 Rely on the process? That's only ever effective if you enforce the process as well. To do that in this case, have you considered a "catch-all" process that goes behind and for all users except this small list, will ensure that pop3 is disabled? Shouldn't be a tough script to come up with and to run that as a scheduled job would be a low maintenance alternative to enforce the process I would think. Maybe even a free Joeware hat (or at least contributing author mention) in it if you make it CLI to Python/Perl/C+-#. ;) -Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SCHAN Sent: Friday, February 11, 2005 1:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 Thanks again. Right now, the client hasn't even worked out their delegation model (or OU structure, for that matter), so all account creation is squarely in the hands of the Operations group at the moment. So, if we enable POP3 the feasibale approach for now is likely going to be to rely on their following process and disabling POP3 on user accounts as they create them, and look at the overall provisioning requirements a little later, with this as one requirement. It's unfortunate we have to go through this to support a handful of applications; I'm going to try to meet again with the application owners to see if we have any other alternatives. Andy >From: "Tony Murray" <[EMAIL PROTECTED]> >Reply-To: ActiveDir@mail.activedir.org >To: >Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 >Date: Fri, 11 Feb 2005 14:40:40 +0100 > >FWIW, if you did want to do this with some custom provisioning (or even >after mailbox-enabling a user) it seems the protocolSettings attribute >is the one you need to manipulate. > >There's not a great deal of information available about >protocolSettings, but there's some here: > >http://redmondmag.com/columns/article.asp?EditorialsID=638 > >http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e >2 k3/_clb_enumerating_exchange_object_properties_with_adsi_ado_vb.asp > >And here's a sample script for setting mailbox limits by OU and by >group, which you could perhaps rework for the protocolSettings >attribute. > >http://blogs.brnets.com/michael/archive/2004/11/18/244.aspx > >Tony > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Andy SCHAN >Sent: 11 February 2005 13:53 >To: ActiveDir@mail.activedir.org >Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 > >Thanks for the reply. That's the conclusion I'd come to, but I was >hoping someone with a bigger brain than mine would prove me wrong :-) > > > > >Thanks, >Andy Schan >Schan Consulting, Inc. >[EMAIL PROTECTED] >Home: 613-443-0334 >Cell: 613-851-8443 > > > > > >From: "joe" <[EMAIL PROTECTED]> > >Reply-To: ActiveDir@mail.activedir.org > >To: > >Subject: RE: [ActiveDir] OT: POP3 on Exchange 2003 > >Date: Thu, 10 Feb 2005 23:19:12 -0500 > > > >I don't believe you can't set this as a default with the native tools. >You > >would need to use some custom provisioning to do this. > > > > joe > > > > > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of > >[EMAIL PROTECTED] > >Sent: Tuesday, February 08, 2005 9:08 AM > >To: ActiveDir@mail.activedir.org > >Subject: [ActiveDir] OT: POP3 on Exchange 2003 > > > >Greetings, everyone: > > > >Sorry for the off-topic post, but I've asked this on the E2K3 mailing >list > >and didn't get any answers. At any rate, it's as much an AD challenge >as an > >Exchange one. > > > >I'm working on the final stages of an Exchange 2003 migration, and it >turns > >out we're going to have to enable POP3 on our mailbox servers to >support a > >handful of applications that > > > >were written for the Exchange 5.5 environment. Enabling POP3 isn't > >difficult, and neither is configuring our FE servers to support it, > >but doing this on a limited scale seems to be a bit of a challenge. > > > >What I'd like t
RE: [ActiveDir] VERY VERY OT: DEC and Vancouver/Canada
LOL with all of you. Its Vancouver in March... Even DC in March was pushing it, March is Lousiana or Florida or Arizona or Texas. Seriously though, I am pretty tied up with a customer right now with fun issues with Exchange and third party tools where I at the point of monitoring every change to all user objects as a non-admin. There is also the whole issue of who do I go as? Do I go as joe from joeware or Joe Richards Senior Consultant for a major Technology company. Completely different roles that I have to be careful with on both sides of the fence. Most people in the world know me as joe of joeware not as Joe Richards Consultant so I should go as joe the joeware guy which means costing personal money or riding on Gil which I feel I would need to present something for. That doesn't bother me overly much but the question is what to present? I can use ethereal, I am not an ethereal guru. Hate to see people put in a position of supposed expert there to talk and answer questions on something when they aren't that expert, especially when that people is me. There are a lot of people talking and/or writing on a lot of subjects that they quite frankly shouldn't be talking or writing about and I don't want to drop myself in that category in anyone's mind. I could of course speak about joeware, but it is pretty simple stuff, not sure what could be said about it in a "session" that people would find value in. Possibly Gil can take some informal poll at the event on who would like to see a joeware presentation at a future event, what they think should be in that presentation and we will go from there for the next DEC. I have no problem going as long as work isn't involved or in the way and Gil is getting value out of it. In the meanwhile I will try to figure out something cool to present some time that I would be comfortable presenting and feel is worth Gil giving me that ride as I did thoroughly enjoy the DEC I went to last spring. The straight up best part of the whole event was sitting and casually talking to Stuart and Andreas and Paul Rich and a couple of the other MS guys with beers in our hand after the troubleshooting session. I also thoroughly enjoyed hearing the opinions of the various presenters and where they were taking various ideas layed out and discussed on this actual listserv. Of course the Wook presentation was out of this world; I believe somewhere around Jupiter or Saturn if I had to guess. You had to know quite a bit about AD to really grasp what was being said and make the connections otherwise you were wondering why there was a national forestry service presentation going on at a Directory conference and wondering when Smokey the Bear was going to walk out from the wings. Very enjoyable. Interesting all the MVPs coming out of the wordwork saying they are going now. I don't recall many at the last one. Guido was there but he was ripping DLG/Universal shots off at me up on the podium; you knew the people who were on this list because they would chuckle and turn and look at me which was a pretty good number of the people there. Robbie was trying to get me sick with some kind of cold he had and had me feeling guilty because I knew I had chapters on the laptop up in my room that I needed to get reviewed for him. All and all a lot of fun. Oh BTW, there is a hacking contest I guess. Anyone who has knowledge on some of the more evil ways of breaking into a forest try to keep mum and not impress people. If you know how it is done, you don't need to impress people, you are impressive enough all on your own. Full Disclosure is fine when there is a quick way to fix the problem. Keep in mind, that those holes are not things that MS will be fixing any time soon and if you get them out there in the hands of people who can't find or figure them out on their own you could be opening up cans of worms. Not ripping on anyone, it is just these mechanisms have been around a long time and still most people don't understand how it can be done and I would really not mind if it stayed that way until MS has an answer and unfortunately, that answer is a rather involved redesign or buying products which should not be the base security answer for the forest, that is a position of blackmail. To put it another way, don't show people how to do things that could eventually be used to hurt you unless you explicitely trust the person you are showing to not share with others. I would hate to start hearing from people who know how to break in that couldn't have figured it out on their own and finding out it is because someone wanted to impress folks by showing how it can be done. I would be less than pleasant to anyone listed as being the supplier of that info; granted that doesn't mean much. I trust Rick will have a couple of empties near him to glance off the foreheads of people sharing a bit too much. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunte
RE: [ActiveDir] Command Line AD Question
Admod will do it as well. No licensing questions if you are running W2K. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Friday, February 11, 2005 11:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Command Line AD Question To move a computer from one OU to another I would recommend using dsmove Do a dsmove computer /? To get the syntax etc. Generally it would look like: Dsmove computer "CN=computerName,ou=oldou,dc=domain,dc=com" -newparent ou=newou,dc=domain,dc=com Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart, Cory G. Sent: Friday, February 11, 2005 11:42 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Command Line AD Question Hi Everyone, I'm going to be migrating a large number of machines from a workgroup into a domain. I'm probably going to have some people help me and I want to make it as easy for them as I can. I'm planning on giving them a CD with batch files to do all of the work for them. I'm familiar with using netdom to join systems to the domain, but I'm looking for the command line tool to move the system around within AD OUs. For example, before putting the machine into its "permanent" OU, I may want to put it into a software OU so that certain packages will be installed first. So what command line tool(s) would you recommend for this. I really appreciate your help!!! Thanks, Cory List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Investigating GC queries
Title: Investigating GC queries First thing I would do is look at the DNS records for that site. Is the GC you are concerned about listed in the records for that site? Are there any records for the site? If not, I would look at a network trace. This should be pretty simple in terms of decoding the trace since DNS traffic is all clear text. You should see the resolution request, look at what is returned. Then look to see where the client goes after that. Does it query again? The next one should be a anything in the domain query, not a site specific. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, MarkSent: Friday, February 11, 2005 11:41 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Investigating GC queries How would I best troubleshoot a machine that seems to be always be going to an off-site GC to get its queries answered? I have verified the machine’s subnet is in Sites & Svcs, and that the subnet is assigned to site closest by (it is in a different building, but here on the same local campus, with a fiber connection between the 2 buildings). Yet it usually finds the GC in Chicago, over a much slower WAN link. Just not sure what my steps should be. Thanks! Mark CreamerThis e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation.
Re: [ActiveDir] Very OT: Please Settle a Bet
Win95 was a 32-bit OS, with a lot of 16-bit code for compatibility reasons. There was a fairly significant 16--to-32-bit thunking layer. It was not dependent on DOS in the way that WFW was dependent on DOS, even though it contained more 16-bit code than its NT counterparts... -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On Fri, 11 Feb 2005 16:54:18 -0500, Dan DeStefano <[EMAIL PROTECTED]> wrote: > > > Could anyone settle a bet for me? I would like to know if Windows 95 was a > 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran > 16-bit apps in a VM, while the other one is saying the reverse: it was a > 16-bit OS that was capable of running 32-bit apps in a VM. > > > > Also, one person is saying that W95 required DOS (like Win3.1.1) and the > other is saying that, while built on DOS, DOS was not required and the OS > went above and beyond its DOS roots. > > > > If anyone can settle these issues and offer proof like links to Web pages > and such, we would be grateful. > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT: Please Settle a Bet
What’s the definition of a 32 bit OS? I only ask because Mark Russinovich’s book says that Win95 contained oodles of 16 bit code. So the absence of 16bit code isn’t a requirement for having a 32bit OS. Cheers Ken From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Sunday, 13 February 2005 3:41 PM To: ActiveDir@mail.activedir.org; 'Send - AD mailing list' Subject: RE: [ActiveDir] Very OT: Please Settle a Bet I've alway described Win95 as a 24 bit operating system myself... Actually, the OS (i.e. the kernel) is (was) definitely 32-bit code. Rick backed into the correct answer with that damn logic thing again. However. explorer.exe (i.e. the GUI) was most definitely a 16-bit app, because at the time they hadn't figured out all the 32 bit optimizations for graphics - they had done all the 3.x work in 16 bit. IMO - this is one of the reasons 9x has always been relatively unstable - the mixture of 16 and 32 bit code. Roger Roger Seielstad E-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Saturday, February 12, 2005 12:18 PM To: ActiveDir@mail.activedir.org; 'Send - AD mailing list' Subject: RE: [ActiveDir] Very OT: Please Settle a Bet Charles, I follow your line of thinking and would tend to agree except for my first foray into Networked OS’s – Netware. Netware is CLEARLY an OS – is CLEARLY 32-bit, but requires DOS to boot the kernel, which then continues to load the required pieces of Netware on the Netware kernel. So, in that – Netware is not a frontend for DOS – it simply uses the load routines of DOS to get going, then switches the processor to privileged mode to operate with all of the features of the processor in 32-bit mode. The question that should be asked is this, which should solve the current puzzle and bet: Can Windows 95 be run on a 80286 processor? If not – and must be run on a 80386 and greater – it’s 32-bit and using privileged mode and the features that it affords. The answer to the above question is no – it must be run on a 386 or greater processor because it requires 32-bit addressing. It emulates 16-bit for those legacy apps the needed it. DOS was used, as in Netware, as a launching platform for the ‘kernel’ (though not in anyway as complex). The downside to Win95 was the obvious leverage on some DOS functions, and complete lack of any security and a very lackluster separation of program to program corruption. If you want more info – see here. http://www.webdevelopersjournal.com/archive/win95.html I remember Greg from the ‘Chicago’ (code name for Win95) beta days, and thought he wrote an article or two. Hope this helps. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Friday, February 11, 2005 4:18 PM To: 'ActiveDir@mail.activedir.org'; Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message- From: Dean Wells [mailto:[EMAIL PROTECTED] Sent: Friday, February 11, 2005 4:01 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Friday, February 11, 2005 4:54 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on