RE: [ActiveDir] Demoted DC Lives On

2005-07-27 Thread Steve Linehan 
Title: [ActiveDir] Demoted DC Lives On








What version of the OS are you
running?  I believe replmon and the Config Container are simply showing a
replication connection object that is in a stay of execution, these go away
normally after 15 days.  To see if this is it simply run repadmin
/showreps from the complaining DC and you will likely have a connection object
that shows as deleted.  If it is a connection object in a stay of execution
state and it bugs you repadmin can be used to remove it or it will go away on
its own.

 

Thanks,

 

-Steve

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, July 27, 2005
9:25 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Demoted
DC Lives On



 





That usually works with no problems...





 





 -gil







 







From:
[EMAIL PROTECTED] on behalf of Your Name
Sent: Wed 7/27/2005 7:02 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Demoted DC
Lives On





Hello:

A few weeks ago, I demoted a DC at one of our sites. The demotion
appeared to work correctly, and the server no longer appears as a DC
under the ADUC. Also, while there is an A record for the server, it has
been removed from the  _msdcs, _sites, etc. The server was then
completely shut down and is awaiting a good scrubbing.

All that is good. However, the DC's ghost lingers on in at least three
places:
- When openning replmon, the server shows up as a DC in the site.
- If I use ADSI Edit to poke around in the Configuration Container, its
CN still shows up under the site.
- the current DC is logging an Event 213 complaining about not being
able to see the LicenseService on the old DC.

I thought a metadata cleanup using ntdsutil would fix it. However, the
server does NOT show up when queried with "list servers in site".

So the question is how can I get rid of this beast? Should I simply
remove it using ADSI Edit?

TIA.

-- nme
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Demoted DC Lives On

2005-07-27 Thread freddy_hartono 
For licenselogging issue, open your sites and services, choose the SITE, under 
the Licensing Site Settings - point the licensing computer to the new DC.

That should do it.

Thank you and have a splendid day!
 
Kind Regards,
 
Freddy Hartono
Windows Administrator (ADSM/NT Security)
Spherion Technology Group, Singapore
For Agilent Technologies
E-mail: [EMAIL PROTECTED]
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Your Name
Sent: Thursday, July 28, 2005 10:02 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Demoted DC Lives On

Hello:

A few weeks ago, I demoted a DC at one of our sites. The demotion 
appeared to work correctly, and the server no longer appears as a DC 
under the ADUC. Also, while there is an A record for the server, it has 
been removed from the  _msdcs, _sites, etc. The server was then 
completely shut down and is awaiting a good scrubbing.

All that is good. However, the DC's ghost lingers on in at least three 
places:
- When openning replmon, the server shows up as a DC in the site.
- If I use ADSI Edit to poke around in the Configuration Container, its 
CN still shows up under the site.
- the current DC is logging an Event 213 complaining about not being 
able to see the LicenseService on the old DC.

I thought a metadata cleanup using ntdsutil would fix it. However, the 
server does NOT show up when queried with "list servers in site".

So the question is how can I get rid of this beast? Should I simply 
remove it using ADSI Edit?

TIA.

-- nme 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Demoted DC Lives On

2005-07-27 Thread Gil Kirkpatrick 
That usually works with no problems...
 
 -gil



From: [EMAIL PROTECTED] on behalf of Your Name
Sent: Wed 7/27/2005 7:02 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Demoted DC Lives On



Hello:

A few weeks ago, I demoted a DC at one of our sites. The demotion
appeared to work correctly, and the server no longer appears as a DC
under the ADUC. Also, while there is an A record for the server, it has
been removed from the  _msdcs, _sites, etc. The server was then
completely shut down and is awaiting a good scrubbing.

All that is good. However, the DC's ghost lingers on in at least three
places:
- When openning replmon, the server shows up as a DC in the site.
- If I use ADSI Edit to poke around in the Configuration Container, its
CN still shows up under the site.
- the current DC is logging an Event 213 complaining about not being
able to see the LicenseService on the old DC.

I thought a metadata cleanup using ntdsutil would fix it. However, the
server does NOT show up when queried with "list servers in site".

So the question is how can I get rid of this beast? Should I simply
remove it using ADSI Edit?

TIA.

-- nme
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


<>

[ActiveDir] Demoted DC Lives On

2005-07-27 Thread Your Name 
Hello:

A few weeks ago, I demoted a DC at one of our sites. The demotion 
appeared to work correctly, and the server no longer appears as a DC 
under the ADUC. Also, while there is an A record for the server, it has 
been removed from the  _msdcs, _sites, etc. The server was then 
completely shut down and is awaiting a good scrubbing.

All that is good. However, the DC's ghost lingers on in at least three 
places:
- When openning replmon, the server shows up as a DC in the site.
- If I use ADSI Edit to poke around in the Configuration Container, its 
CN still shows up under the site.
- the current DC is logging an Event 213 complaining about not being 
able to see the LicenseService on the old DC.

I thought a metadata cleanup using ntdsutil would fix it. However, the 
server does NOT show up when queried with "list servers in site".

So the question is how can I get rid of this beast? Should I simply 
remove it using ADSI Edit?

TIA.

-- nme 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] 2003 sp1 security agent

2005-07-27 Thread Ken Schaefer 
SCW does more than just configure the Windows firewall. It can change service
startup settings, configure registry keys around what auth types are used,
configure your local security policy settings (SMB signing, auditing etc),
and do an IIS lockdown. And it supports roll-back, so it's worth checking
out.

Also supports:
a) analysis mode (compare server's actual configuration -vs- a proposed
configuration)
b) remote application mode (so you can apply polices to remote servers)
c) command line support (so you can do this all via batch files)
d) centralised storage of your policy files, so you can just update a single
location with new XML files that all your SCWs should use.

Cheers
Ken


: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Matt Brown
: Sent: Thursday, 28 July 2005 7:56 AM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] 2003 sp1 security agent
: 
: Ya, I mean the security config wizard.  I've normally never had any
: firewall
: stuff on my domain controllers... But was thinking it might be possible
: with
: 2003 SP1.
: 
: Anybody have any recommendations?
: 
: 
: Thanks,
: --
: Matt Brown [EMAIL PROTECTED]
: Consultant for Student Technology Fee
: website: http://techfee.ewu.edu/
: +--+
: | 509.359.6972 ph. - 509.359.7087 fx
: | 307 MONROE HALL | Cheney, WA 99004
: +--+
: 
: 
: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
: Sent: Wednesday, July 27, 2005 9:26 AM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] 2003 sp1 security agent
: 
: Security Config Agent  Not sure on that.  Do you mean the Security
: Config Wizard?  If so - nope - none at all.
: 
: Rick
: 
: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown
: Sent: Wednesday, July 27, 2005 10:42 AM
: To: ActiveDir@mail.activedir.org
: Subject: [ActiveDir] 2003 sp1 security agent
: 
: Anybody used the security config agent and had any issues with it on
: Domain
: Controllers... Or any recommendations?
: 
: Thanks,

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Domain Controller & HP Virus Throttle?

2005-07-27 Thread freddy_hartono 
Hi,

Is anyone using this on a production DC yet? 

Just like to get some comments first.. :-)


--start snip snip--

HP today unveiled newly developed software which it claims can quickly control 
the spread of viruses across corporate networks, and reduce the damage caused 
during an attack.

--end of sniplets-

HP Virus Throttle packet driver (Not free though and requires a Proliant 
Essentials Intelligent Networking License)
http://h18023.www1.hp.com/support/files/networking/us/revision/8664.html

Some infos on what it does
http://www.vnunet.com/vnunet/news/2126740/hp-claims-throttle-viruses



Thank you and have a splendid day!
 
Kind Regards,
 
Freddy Hartono
Windows Administrator (ADSM/NT Security)
Spherion Technology Group, Singapore
For Agilent Technologies
E-mail: [EMAIL PROTECTED]
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] 2003 sp1 security agent

2005-07-27 Thread Matt Brown 
Ya, I mean the security config wizard.  I've normally never had any firewall
stuff on my domain controllers... But was thinking it might be possible with
2003 SP1.

Anybody have any recommendations? 


Thanks,
--
Matt Brown [EMAIL PROTECTED]
Consultant for Student Technology Fee
website: http://techfee.ewu.edu/
+--+
| 509.359.6972 ph. - 509.359.7087 fx
| 307 MONROE HALL | Cheney, WA 99004
+--+


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wednesday, July 27, 2005 9:26 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] 2003 sp1 security agent

Security Config Agent  Not sure on that.  Do you mean the Security
Config Wizard?  If so - nope - none at all.

Rick

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown
Sent: Wednesday, July 27, 2005 10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] 2003 sp1 security agent

Anybody used the security config agent and had any issues with it on Domain
Controllers... Or any recommendations?

Thanks,
--
Matt Brown [EMAIL PROTECTED]
Consultant for Student Technology Fee
website: http://techfee.ewu.edu/
+--+
| 509.359.6972 ph. - 509.359.7087 fx
| 307 MONROE HALL | Cheney, WA 99004
+--+


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Group Policy to Move Folder in Internet Options

2005-07-27 Thread Tony Murray 
Hi Brenda

If it's not part of the standard policy options, you could create your
template and modify the location of the Temporary Internet Files using
registry keys as described in this article.

http://windows.about.com/od/tipsarchive/l/bltip182.htm

See Matty's Group Policy FAQs for information on how to create a custom
template.

http://www.activedir.org/gp_faq.htm

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda Wilkins
Sent: Thursday, 28 July 2005 8:03 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Group Policy to Move Folder in Internet Options

I have looked high and low trying to find the setting in GP to change
where Internet Explorer stores its Temporary Internet Files. Can someone
please help me? TIA


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


This e-mail message has been scanned for Viruses and Content and cleared
by NetIQ MailMarshal at Gen-i Limited 



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Group Policy to Move Folder in Internet Options

2005-07-27 Thread Brenda Wilkins 
I have looked high and low trying to find the setting in GP to change
where Internet Explorer stores its Temporary Internet Files. Can someone
please help me? TIA


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Add domain user to local group?

2005-07-27 Thread Dan Holme 
I put a script on my WIKI that may be a big help for you
http://intelliem.editme.com/vbsadmingroupstartup



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Wednesday, July 27, 2005 12:07 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Add domain user to local group?

better exists use the restricted groups feature of a GPO where you
can dictate who the MEMBERS are of a group or where you can define to
which group a user or a group is a MEMBER OF
 
Works great!
 
Cheers
#JORGE#



From: [EMAIL PROTECTED] on behalf of Harding, Devon
Sent: Wed 7/27/2005 9:04 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Add domain user to local group?



Is there a vb script out there that I can run in a GPO to add a domain
user to the 'Administrators' group on every local PC's in a domain?

 

Sorta like this:

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb03
.mspx 

 

Devon Harding

Windows Systems Engineer

Southern Wine & Spirits - BSG

954-602-2469

 



__
This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use or distribution of
the information included in the message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments. Thank You. 



This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied, disclosed to, retained or used by, any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] OT: empty network neighborhood

2005-07-27 Thread Rick Kingslan 
IPHelper is enabled on your routers, which is allowing broadcasts.  If
that's the case, then yes - this should help to resolve the issue.  It might
be the end-all, but it's certainly in the right direction.

Rick

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Wednesday, July 27, 2005 1:08 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: empty network neighborhood

I think the machine that kept being elected as master browser was a windows
2000 SP4 workstation that had been up for 68 days.

I changed the PDC emulator to the DC that has the IP helper pointed to it
and that became the browser master. 

I think that will fix the problem.

Thanks,jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, July 26, 2005 5:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood


The pecking order is based on the newest version of OS, and SP1 trumps
(wins) over the Gold RTM of the OS.  So, in this example, Win98 wins over
Win95, Windows XP wins over Win98, and Windows XP SP2 wins over all of the
workstation OS's.  BTW, SAMBA plays in this arena as well, but I don't
recall off-hand where it falls in the precedence.

Now, if you toss servers into the mix, Windows XP, by this rule, wins over
Windows 2000 Server.  However, it's considered best practice to have
designated servers (when available) to take the Browse Master / Backup
roles.  This would entail disabling Windows XP from being able to initiate
an election or winning the election, thereby ensuring that Windows 2000
Server will win the roles.

Registry keys are available to 'lock in' servers (or workstations, for that
matter) into the roles.

Regardless, this is a reasonable quick blurb on some quick fixes and
resolves for typical problems.

http://www.tek-tips.com/faqs.cfm?fid=3728

Rick

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Tuesday, July 26, 2005 3:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood

Don't the old client OS's (like Win95) automatically try to be Browse
Master?  Do you have any old computers hooked up to the LAN?

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, July 26, 2005 2:08 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: empty network neighborhood

That's what I was worried about. For some reason, no other workstations are
showing up as backup browsers.

jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, July 26, 2005 2:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood


each subnet should have 1 master browser.
usually there should be 1 backup browser for every 15 pc's on the subnet. 
I believe you get the browse list when going to net neighborhood or doing a
net view froma backup browser which in turn got it from the master browser.

the only reason that pc became a master browser, I think, is because it is
the most up to date(sp'ed,hot fixed) os on that subnet so it keeps wining
browser elections.

Thats my thought.
i'd wait till someone more knowldgeble comes around before listening to me.

-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 26, 2005 2:05 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: empty network neighborhood


Ok, I have can see server when I do a net view now.

Here's what I did. I used browstat tic on that subnet to stop the master
browser. Then I did a browstat el to force an election.

That same computer became the master browser again, with no backup servers,
but atleast now it list the servers when I do the net view.

One last question, should there be any workstations listed as backup servers
other than the machine that is the master browser?

Thank you again for everyone's help.

jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, July 26, 2005 1:57 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: empty network neighborhood


Interesting, The reg value was already set on the computer that reports as
the master browser on that subnet and browstat sta only list the one
computer, no other computers are running as backups.

I tried to force an election with browstat, but it didn't seem to do
anything.

Maybe I should see if I can reboot the machine in question.

Any more ideas?

Thanks,jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, July 26, 2005 10:50 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood


Go to that pc and open regedit and cha

RE: [ActiveDir] Add domain user to local group?

2005-07-27 Thread Almeida Pinto, Jorge de 
better exists use the restricted groups feature of a GPO where you can 
dictate who the MEMBERS are of a group or where you can define to which group a 
user or a group is a MEMBER OF
 
Works great!
 
Cheers
#JORGE#



From: [EMAIL PROTECTED] on behalf of Harding, Devon
Sent: Wed 7/27/2005 9:04 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Add domain user to local group?



Is there a vb script out there that I can run in a GPO to add a domain user to 
the 'Administrators' group on every local PC's in a domain?

 

Sorta like this:

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb03.mspx 

 

Devon Harding

Windows Systems Engineer

Southern Wine & Spirits - BSG

954-602-2469

 



__
This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use or distribution of
the information included in the message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments. Thank You. 



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Add domain user to local group?

2005-07-27 Thread Harding, Devon 










Is there a _vbscript_ out there that I can run in a GPO to
add a domain user to the ‘Administrators’ group on every local PC’s
in a domain?

 

Sorta like this:

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb03.mspx


 

Devon Harding

Windows Systems Engineer

Southern Wine & Spirits
- BSG

954-602-2469

 










__This message and any attachments are solely for the intended recipientand may contain confidential or privileged information.  If you are notthe intended recipient, any disclosure, copying, use or distribution ofthe information included in the message and any attachments isprohibited.  If you have received this communication in error, pleasenotify us by reply e-mail and immediately and permanently delete thismessage and any attachments.  Thank You.

RE: [ActiveDir] OT: empty network neighborhood

2005-07-27 Thread Jason Benway 
I think the machine that kept being elected as master browser was a windows
2000 SP4 workstation that had been up for 68 days.

I changed the PDC emulator to the DC that has the IP helper pointed to it
and that became the browser master. 

I think that will fix the problem.

Thanks,jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, July 26, 2005 5:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood


The pecking order is based on the newest version of OS, and SP1 trumps
(wins) over the Gold RTM of the OS.  So, in this example, Win98 wins over
Win95, Windows XP wins over Win98, and Windows XP SP2 wins over all of the
workstation OS's.  BTW, SAMBA plays in this arena as well, but I don't
recall off-hand where it falls in the precedence.

Now, if you toss servers into the mix, Windows XP, by this rule, wins over
Windows 2000 Server.  However, it's considered best practice to have
designated servers (when available) to take the Browse Master / Backup
roles.  This would entail disabling Windows XP from being able to initiate
an election or winning the election, thereby ensuring that Windows 2000
Server will win the roles.

Registry keys are available to 'lock in' servers (or workstations, for that
matter) into the roles.

Regardless, this is a reasonable quick blurb on some quick fixes and
resolves for typical problems.

http://www.tek-tips.com/faqs.cfm?fid=3728

Rick

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Tuesday, July 26, 2005 3:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood

Don't the old client OS's (like Win95) automatically try to be Browse
Master?  Do you have any old computers hooked up to the LAN?

Mike Thommes

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, July 26, 2005 2:08 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: empty network neighborhood

That's what I was worried about. For some reason, no other workstations are
showing up as backup browsers.

jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, July 26, 2005 2:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood


each subnet should have 1 master browser.
usually there should be 1 backup browser for every 15 pc's on the subnet. 
I believe you get the browse list when going to net neighborhood or doing a
net view froma backup browser which in turn got it from the master browser.

the only reason that pc became a master browser, I think, is because it is
the most up to date(sp'ed,hot fixed) os on that subnet so it keeps wining
browser elections.

Thats my thought.
i'd wait till someone more knowldgeble comes around before listening to me.

-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 26, 2005 2:05 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: empty network neighborhood


Ok, I have can see server when I do a net view now.

Here's what I did. I used browstat tic on that subnet to stop the master
browser. Then I did a browstat el to force an election.

That same computer became the master browser again, with no backup servers,
but atleast now it list the servers when I do the net view.

One last question, should there be any workstations listed as backup servers
other than the machine that is the master browser?

Thank you again for everyone's help.

jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason Benway
Sent: Tuesday, July 26, 2005 1:57 PM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] OT: empty network neighborhood


Interesting, The reg value was already set on the computer that reports as
the master browser on that subnet and browstat sta only list the one
computer, no other computers are running as backups.

I tried to force an election with browstat, but it didn't seem to do
anything.

Maybe I should see if I can reboot the machine in question.

Any more ideas?

Thanks,jb

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, July 26, 2005 10:50 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: empty network neighborhood


Go to that pc and open regedit and change the value of this key to
"false"-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters


this will stop that machine from trying tp participate in browser elections
and become a master browser for your subnet. Also, before doing this, i
would run browstat from the support tools on that machine to see if you get
any more info or errors.


-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED]
Sent: Tuesday

RE: [ActiveDir] 2003 sp1 security agent

2005-07-27 Thread Rick Kingslan 
Security Config Agent  Not sure on that.  Do you mean the Security
Config Wizard?  If so - nope - none at all.

Rick

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown
Sent: Wednesday, July 27, 2005 10:42 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] 2003 sp1 security agent

Anybody used the security config agent and had any issues with it on Domain
Controllers... Or any recommendations?

Thanks,
--
Matt Brown [EMAIL PROTECTED]
Consultant for Student Technology Fee
website: http://techfee.ewu.edu/
+--+
| 509.359.6972 ph. - 509.359.7087 fx
| 307 MONROE HALL | Cheney, WA 99004
+--+


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] 2003 sp1 security agent

2005-07-27 Thread Matt Brown 
Anybody used the security config agent and had any issues with it on Domain
Controllers... Or any recommendations?

Thanks,
--
Matt Brown [EMAIL PROTECTED]
Consultant for Student Technology Fee
website: http://techfee.ewu.edu/
+--+
| 509.359.6972 ph. - 509.359.7087 fx
| 307 MONROE HALL | Cheney, WA 99004
+--+


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Event Log Question

2005-07-27 Thread ASB 
I use psLogList to capture the files as text files.
 
http://www.ultratech-llc.com/KB/?File=EventLog.TXT
 
 
But I agree that LogParser is way cool...
 
 
 
-ASB
 FAST, CHEAP, SECURE: Pick Any TWO
 http://www.ultratech-llc.com/KB/
 
On 7/27/05, Carerros, Charles <[EMAIL PROTECTED]> wrote:

I am using a script to pull all of my event logs from all of my servers (both local and remote) and saving them off as .evt files at my location.  I was wondering if anyone has a script that I can use to go through these files to pull only the critical errors? 

 
I have looked at using Event Comb to do this, but it seems like Event Comb only scans through current event logs not those that are saved off to another location.  The end result I'm looking for is a way to create some stats on the number of errors and warnings I receive per server and over all.  I want to bring some attention to these errors so I can get some additional resources in resolving them as well as putting just the errors in one place to help speed up the process of reviewing them.

 
I have seen a few scripts that do this type of thing but all of those are based on the current event logs not archived copies of the database.
 
In the end, I might just end up changing the time that I run my archive script and run another script prior to that which might help me to gain my statistics.
 
Any suggestions
 
Thanks,
 
Charlie

RE: [ActiveDir] Event Log Question

2005-07-27 Thread Charlie Kaiser 
I use an app called dumpevt. It grabs the logs on a machine and pulls
them to a central location and stores them. I then use Windows Grep to
search for error, failure, or warning (or whatever text) in the logs. It
then displays all the lines containing that desired text. I can find one
or two lines out of several thousand.
What's really nice about dumpevt is that it keeps track of each time you
run it and starts from the last place you ran it. So this morning, I'll
see every event since the last time I ran it, but not the ones from a
month ago.
After I parse the results, I delete the files it creates, but you can
also archive them if you want.
I run a script every morning that pulls the logs, then use grep to walk
through all the files it collects. Works pretty well for me; I have
around 35 servers I hit with it... Needs to run under an account with
admin rights to every box you hit, though, in order to touch the
security logs. I use runas to fire it...
Dumpevt is available from Hyena (http://www.systemtools.com/somarsoft/).
Windows Grep is available at wingrep.com. Both are free, although
Windows Grep would like you to register and send them something.

Here's a snippet from the script I run. Substitute servername with the
name of your server. Repeat these lines for each server. Make sure the
outdir location exists (precreate the folders, one for each server
name). Use the DNS, DIR, and RPL lines only on DCs.
dumpevt /computer=servername /logfile=sec /outdir=c:\dumpevt\servername
/reg=local_machine >>c:\dumpevt\errors.txt
dumpevt /computer=servername /logfile=app /outdir=c:\dumpevt\servername
/reg=local_machine >>c:\dumpevt\errors.txt
dumpevt /computer=servername /logfile=sys /outdir=c:\dumpevt\servername
/reg=local_machine >>c:\dumpevt\errors.txt
dumpevt /computer=servername /logfile=dns /outdir=c:\dumpevt\servername
/reg=local_machine >>c:\dumpevt\errors.txt
dumpevt /computer=servername /logfile=dir /outdir=c:\dumpevt\servername
/reg=local_machine >>c:\dumpevt\errors.txt
dumpevt /computer=servername /logfile=rpl /outdir=c:\dumpevt\servername
/reg=local_machine >>c:\dumpevt\errors.txt

**
Charlie Kaiser
MCSE, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**
 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Carerros, Charles
> Sent: Wednesday, July 27, 2005 6:28 AM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Event Log Question
> 
> I am using a script to pull all of my event logs from all of 
> my servers (both local and remote) and saving them off as 
> .evt files at my location.  I was wondering if anyone has a 
> script that I can use to go through these files to pull only 
> the critical errors? 
>  
> I have looked at using Event Comb to do this, but it seems 
> like Event Comb only scans through current event logs not 
> those that are saved off to another location.  The end result 
> I'm looking for is a way to create some stats on the number 
> of errors and warnings I receive per server and over all.  I 
> want to bring some attention to these errors so I can get 
> some additional resources in resolving them as well as 
> putting just the errors in one place to help speed up the 
> process of reviewing them.
>  
> I have seen a few scripts that do this type of thing but all 
> of those are based on the current event logs not archived 
> copies of the database.
>  
> In the end, I might just end up changing the time that I run 
> my archive script and run another script prior to that which 
> might help me to gain my statistics.
>  
> Any suggestions
>  
> Thanks,
>  
> Charlie
> 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Event Log Question

2005-07-27 Thread Carerros, Charles 
Every time I have looked at MOM it just seemed like a large beast and I
haven't had that much time to work with it.  It is something that is on my
list of things to look at in detail, but right now I'm swamped with little
"Priority" projects that need to be done.

I was also looking to avoid using SQL as I want to stay off our production
SQL server.  It's hard to get additional databases on that thing unless we
are deploying a new application that provides enhanced applications to the
end-users.



-Original Message-
From: Phil Renouf [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 27, 2005 9:02 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Event Log Question


Have you looked at using MOM to provide this functionality. It
collects events from the servers and stores them in a SQL database and
you can use it to do reporting and also alert based on logic that you
specify.

Phil

On 7/27/05, Mike Williams <[EMAIL PROTECTED]> wrote:
> Is there a place I can download that script or is one you wrote. I have
been
> wanting to gather all of my logs in one spot also..
>  
> Mike
> -Original Message-
> From: Carerros, Charles [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 27, 2005 8:28 AM
> To: 'ActiveDir@mail.activedir.org'
> Subject: [ActiveDir] Event Log Question
> 
> I am using a script to pull all of my event logs from all of my servers
> (both local and remote) and saving them off as .evt files at my location.
I
> was wondering if anyone has a script that I can use to go through these
> files to pull only the critical errors? 
>  
> I have looked at using Event Comb to do this, but it seems like Event Comb
> only scans through current event logs not those that are saved off to
> another location.  The end result I'm looking for is a way to create some
> stats on the number of errors and warnings I receive per server and over
> all.  I want to bring some attention to these errors so I can get some
> additional resources in resolving them as well as putting just the errors
in
> one place to help speed up the process of reviewing them.
>  
> I have seen a few scripts that do this type of thing but all of those are
> based on the current event logs not archived copies of the database.
>  
> In the end, I might just end up changing the time that I run my archive
> script and run another script prior to that which might help me to gain my
> statistics.
>  
> Any suggestions
>  
> Thanks,
>  
> Charlie
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Event Log Question

2005-07-27 Thread Carerros, Charles 
With the number of people who have asked for this script, I'll post it on a
web server late tonight and send out its link tomorrow.

Charlie

-Original Message-
From: Carerros, Charles [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 27, 2005 9:00 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] Event Log Question


That looks like it is exactly what I need.

Thanks.

Charlie

-Original Message-
From: John Singler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 27, 2005 8:55 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Event Log Question


Lots of options here but one that i have been fond of is logparser.

The latest version is 2.2.10 and get be DL'd from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-
91b2-f8d975cf8c07&displaylang=en

The support forum at www.logparser.com is great - the author chimes in 
daily.

an example script that searches for the creation of user accounts:

logparser.exe "SELECT TimeWritten,ComputerName, EXTRACT_TOKEN(Strings,0, 
'|') AS NewAcctName, EXTRACT_TOKEN(Strings,3, '|') AS CallerName FROM 
d:\logs\eventlog.evt WHERE EventID IN (624) ORDER BY TimeWritten DESC" 
-o:NAT -rtp:-1 -filemode:0

should get you something like:

TimeWritten ComputerName NewAcctName CallerName
---  --- --
2005-01-28 08:41:16 DC1  userjoe  admin
2005-01-28 08:15:50 DC1  userdean admin
2005-01-26 14:05:23 DC1  useral   admin
2005-01-25 16:52:29 DC1  usertony admin

Statistics:
---
Elements processed: 1257597
Elements output:4
Execution time: 64.31 seconds (00:01:4.31)


finally, logparser handles many types of inputs (IISW3C, IIS, BIN, 
IISODBC, HTTPERR, URLSCAN, CSV, TSV, XML, W3C, NCSA, TEXTLINE, TEXTWORD, 
EVT, FS (files and directories), REG, ADS (info on Active Directory 
objects), NETMON, ETW, COM) and outputs (NAT, CSV, TSV, XML, W3C, TPL, 
IIS, SQl, SYSLOG, DATAGRID, CHART) which allows you get creative with 
data mining.

hth,

john


Carerros, Charles wrote:
> 
> I am using a script to pull all of my event logs from all of my servers 
> (both local and remote) and saving them off as .evt files at my 
> location.  I was wondering if anyone has a script that I can use to go 
> through these files to pull only the critical errors?
>  
> I have looked at using Event Comb to do this, but it seems like Event 
> Comb only scans through current event logs not those that are saved off 
> to another location.  The end result I'm looking for is a way to create 
> some stats on the number of errors and warnings I receive per server and 
> over all.  I want to bring some attention to these errors so I can get 
> some additional resources in resolving them as well as putting just the 
> errors in one place to help speed up the process of reviewing them.
>  
> I have seen a few scripts that do this type of thing but all of those 
> are based on the current event logs not archived copies of the database.
>  
> In the end, I might just end up changing the time that I run my archive 
> script and run another script prior to that which might help me to gain 
> my statistics.
>  
> Any suggestions
>  
> Thanks,
>  
> Charlie
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Event Log Question

2005-07-27 Thread Hunter, Laura E. 
LogParser is a wicked cool utility.  I think it got tossed into a
Resource Kit as an afterthought, and then people realized what it could
do and started dancing in the streets.

I second the nod for logparser.com - Mike Gunderloy has put up quite the
useful repository.  There's also a section of the Technet Script Center
now devoted to it:
http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.ms
px.

- Laura 

> -Original Message-
> From: Carerros, Charles [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, July 27, 2005 10:00 AM
> To: 'ActiveDir@mail.activedir.org'
> Subject: RE: [ActiveDir] Event Log Question
> 
> That looks like it is exactly what I need.
> 
> Thanks.
> 
> Charlie
> 
> -Original Message-
> From: John Singler [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 27, 2005 8:55 AM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Event Log Question
> 
> 
> Lots of options here but one that i have been fond of is logparser.
> 
> The latest version is 2.2.10 and get be DL'd from:
> 
> http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd
> 06b-abf8-4c25-
> 91b2-f8d975cf8c07&displaylang=en
> 
> The support forum at www.logparser.com is great - the author 
> chimes in 
> daily.
> 
> an example script that searches for the creation of user accounts:
> 
> logparser.exe "SELECT TimeWritten,ComputerName, 
> EXTRACT_TOKEN(Strings,0, 
> '|') AS NewAcctName, EXTRACT_TOKEN(Strings,3, '|') AS CallerName FROM 
> d:\logs\eventlog.evt WHERE EventID IN (624) ORDER BY 
> TimeWritten DESC" 
> -o:NAT -rtp:-1 -filemode:0
> 
> should get you something like:
> 
> TimeWritten ComputerName NewAcctName CallerName
> ---  --- --
> 2005-01-28 08:41:16 DC1  userjoe  admin
> 2005-01-28 08:15:50 DC1  userdean admin
> 2005-01-26 14:05:23 DC1  useral   admin
> 2005-01-25 16:52:29 DC1  usertony admin
> 
> Statistics:
> ---
> Elements processed: 1257597
> Elements output:4
> Execution time: 64.31 seconds (00:01:4.31)
> 
> 
> finally, logparser handles many types of inputs (IISW3C, IIS, BIN, 
> IISODBC, HTTPERR, URLSCAN, CSV, TSV, XML, W3C, NCSA, 
> TEXTLINE, TEXTWORD, 
> EVT, FS (files and directories), REG, ADS (info on Active Directory 
> objects), NETMON, ETW, COM) and outputs (NAT, CSV, TSV, XML, 
> W3C, TPL, 
> IIS, SQl, SYSLOG, DATAGRID, CHART) which allows you get creative with 
> data mining.
> 
> hth,
> 
> john
> 
> 
> Carerros, Charles wrote:
> > 
> > I am using a script to pull all of my event logs from all 
> of my servers 
> > (both local and remote) and saving them off as .evt files at my 
> > location.  I was wondering if anyone has a script that I 
> can use to go 
> > through these files to pull only the critical errors?
> >  
> > I have looked at using Event Comb to do this, but it seems 
> like Event 
> > Comb only scans through current event logs not those that 
> are saved off 
> > to another location.  The end result I'm looking for is a 
> way to create 
> > some stats on the number of errors and warnings I receive 
> per server and 
> > over all.  I want to bring some attention to these errors 
> so I can get 
> > some additional resources in resolving them as well as 
> putting just the 
> > errors in one place to help speed up the process of reviewing them.
> >  
> > I have seen a few scripts that do this type of thing but 
> all of those 
> > are based on the current event logs not archived copies of 
> the database.
> >  
> > In the end, I might just end up changing the time that I 
> run my archive 
> > script and run another script prior to that which might 
> help me to gain 
> > my statistics.
> >  
> > Any suggestions
> >  
> > Thanks,
> >  
> > Charlie
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> 
> 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Event Log Question

2005-07-27 Thread Phil Renouf 
Have you looked at using MOM to provide this functionality. It
collects events from the servers and stores them in a SQL database and
you can use it to do reporting and also alert based on logic that you
specify.

Phil

On 7/27/05, Mike Williams <[EMAIL PROTECTED]> wrote:
> Is there a place I can download that script or is one you wrote. I have been
> wanting to gather all of my logs in one spot also..
>  
> Mike
> -Original Message-
> From: Carerros, Charles [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 27, 2005 8:28 AM
> To: 'ActiveDir@mail.activedir.org'
> Subject: [ActiveDir] Event Log Question
> 
> I am using a script to pull all of my event logs from all of my servers
> (both local and remote) and saving them off as .evt files at my location.  I
> was wondering if anyone has a script that I can use to go through these
> files to pull only the critical errors? 
>  
> I have looked at using Event Comb to do this, but it seems like Event Comb
> only scans through current event logs not those that are saved off to
> another location.  The end result I'm looking for is a way to create some
> stats on the number of errors and warnings I receive per server and over
> all.  I want to bring some attention to these errors so I can get some
> additional resources in resolving them as well as putting just the errors in
> one place to help speed up the process of reviewing them.
>  
> I have seen a few scripts that do this type of thing but all of those are
> based on the current event logs not archived copies of the database.
>  
> In the end, I might just end up changing the time that I run my archive
> script and run another script prior to that which might help me to gain my
> statistics.
>  
> Any suggestions
>  
> Thanks,
>  
> Charlie
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Event Log Question

2005-07-27 Thread Carerros, Charles 
That looks like it is exactly what I need.

Thanks.

Charlie

-Original Message-
From: John Singler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 27, 2005 8:55 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Event Log Question


Lots of options here but one that i have been fond of is logparser.

The latest version is 2.2.10 and get be DL'd from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-
91b2-f8d975cf8c07&displaylang=en

The support forum at www.logparser.com is great - the author chimes in 
daily.

an example script that searches for the creation of user accounts:

logparser.exe "SELECT TimeWritten,ComputerName, EXTRACT_TOKEN(Strings,0, 
'|') AS NewAcctName, EXTRACT_TOKEN(Strings,3, '|') AS CallerName FROM 
d:\logs\eventlog.evt WHERE EventID IN (624) ORDER BY TimeWritten DESC" 
-o:NAT -rtp:-1 -filemode:0

should get you something like:

TimeWritten ComputerName NewAcctName CallerName
---  --- --
2005-01-28 08:41:16 DC1  userjoe  admin
2005-01-28 08:15:50 DC1  userdean admin
2005-01-26 14:05:23 DC1  useral   admin
2005-01-25 16:52:29 DC1  usertony admin

Statistics:
---
Elements processed: 1257597
Elements output:4
Execution time: 64.31 seconds (00:01:4.31)


finally, logparser handles many types of inputs (IISW3C, IIS, BIN, 
IISODBC, HTTPERR, URLSCAN, CSV, TSV, XML, W3C, NCSA, TEXTLINE, TEXTWORD, 
EVT, FS (files and directories), REG, ADS (info on Active Directory 
objects), NETMON, ETW, COM) and outputs (NAT, CSV, TSV, XML, W3C, TPL, 
IIS, SQl, SYSLOG, DATAGRID, CHART) which allows you get creative with 
data mining.

hth,

john


Carerros, Charles wrote:
> 
> I am using a script to pull all of my event logs from all of my servers 
> (both local and remote) and saving them off as .evt files at my 
> location.  I was wondering if anyone has a script that I can use to go 
> through these files to pull only the critical errors?
>  
> I have looked at using Event Comb to do this, but it seems like Event 
> Comb only scans through current event logs not those that are saved off 
> to another location.  The end result I'm looking for is a way to create 
> some stats on the number of errors and warnings I receive per server and 
> over all.  I want to bring some attention to these errors so I can get 
> some additional resources in resolving them as well as putting just the 
> errors in one place to help speed up the process of reviewing them.
>  
> I have seen a few scripts that do this type of thing but all of those 
> are based on the current event logs not archived copies of the database.
>  
> In the end, I might just end up changing the time that I run my archive 
> script and run another script prior to that which might help me to gain 
> my statistics.
>  
> Any suggestions
>  
> Thanks,
>  
> Charlie
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Re: [ActiveDir] Event Log Question

2005-07-27 Thread John Singler 

Lots of options here but one that i have been fond of is logparser.

The latest version is 2.2.10 and get be DL'd from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

The support forum at www.logparser.com is great - the author chimes in 
daily.


an example script that searches for the creation of user accounts:

logparser.exe "SELECT TimeWritten,ComputerName, EXTRACT_TOKEN(Strings,0, 
'|') AS NewAcctName, EXTRACT_TOKEN(Strings,3, '|') AS CallerName FROM 
d:\logs\eventlog.evt WHERE EventID IN (624) ORDER BY TimeWritten DESC" 
-o:NAT -rtp:-1 -filemode:0


should get you something like:

TimeWritten ComputerName NewAcctName CallerName
---  --- --
2005-01-28 08:41:16 DC1  userjoe  admin
2005-01-28 08:15:50 DC1  userdean admin
2005-01-26 14:05:23 DC1  useral   admin
2005-01-25 16:52:29 DC1  usertony admin

Statistics:
---
Elements processed: 1257597
Elements output:4
Execution time: 64.31 seconds (00:01:4.31)


finally, logparser handles many types of inputs (IISW3C, IIS, BIN, 
IISODBC, HTTPERR, URLSCAN, CSV, TSV, XML, W3C, NCSA, TEXTLINE, TEXTWORD, 
EVT, FS (files and directories), REG, ADS (info on Active Directory 
objects), NETMON, ETW, COM) and outputs (NAT, CSV, TSV, XML, W3C, TPL, 
IIS, SQl, SYSLOG, DATAGRID, CHART) which allows you get creative with 
data mining.


hth,

john


Carerros, Charles wrote:


I am using a script to pull all of my event logs from all of my servers 
(both local and remote) and saving them off as .evt files at my 
location.  I was wondering if anyone has a script that I can use to go 
through these files to pull only the critical errors?
 
I have looked at using Event Comb to do this, but it seems like Event 
Comb only scans through current event logs not those that are saved off 
to another location.  The end result I'm looking for is a way to create 
some stats on the number of errors and warnings I receive per server and 
over all.  I want to bring some attention to these errors so I can get 
some additional resources in resolving them as well as putting just the 
errors in one place to help speed up the process of reviewing them.
 
I have seen a few scripts that do this type of thing but all of those 
are based on the current event logs not archived copies of the database.
 
In the end, I might just end up changing the time that I run my archive 
script and run another script prior to that which might help me to gain 
my statistics.
 
Any suggestions
 
Thanks,
 
Charlie

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Event Log Question

2005-07-27 Thread Carerros, Charles 
Title: RE: [ActiveDir] OT: Windows 2003 Cluster



I'll 
send it to you offline.  
 
Charlie

  -Original Message-From: Mike Williams 
  [mailto:[EMAIL PROTECTED]Sent: Wednesday, July 27, 
  2005 8:49 AMTo: ActiveDir@mail.activedir.orgSubject: RE: 
  [ActiveDir] Event Log Question
  Is 
  there a place I can download that script or is one you wrote. I have been 
  wanting to gather all of my logs in one spot also..
   
  Mike
  
-Original Message-From: Carerros, Charles 
[mailto:[EMAIL PROTECTED]Sent: Wednesday, July 27, 2005 
8:28 AMTo: 'ActiveDir@mail.activedir.org'Subject: 
[ActiveDir] Event Log Question
I am using a script to pull 
all of my event logs from all of my servers (both local and remote) and 
saving them off as .evt files at my location.  I was wondering if 
anyone has a script that I can use to go through these files to pull only 
the critical errors? 
 
I have looked at using 
Event Comb to do this, but it seems like Event Comb only scans through 
current event logs not those that are saved off to another location.  
The end result I'm looking for is a way to create some stats on the number 
of errors and warnings I receive per server and over all.  I want to 
bring some attention to these errors so I can get some additional resources 
in resolving them as well as putting just the errors in one place to help 
speed up the process of reviewing them.
 
I have seen a few scripts 
that do this type of thing but all of those are based on the current event 
logs not archived copies of the database.
 
In the end, I might just 
end up changing the time that I run my archive script and run another script 
prior to that which might help me to gain my statistics.
 
Any 
suggestions
 
Thanks,
 
Charlie

RE: [ActiveDir] Event Log Question

2005-07-27 Thread Mike Williams 
Title: RE: [ActiveDir] OT: Windows 2003 Cluster



Is 
there a place I can download that script or is one you wrote. I have been 
wanting to gather all of my logs in one spot also..
 
Mike

  -Original Message-From: Carerros, Charles 
  [mailto:[EMAIL PROTECTED]Sent: Wednesday, July 27, 2005 
  8:28 AMTo: 'ActiveDir@mail.activedir.org'Subject: 
  [ActiveDir] Event Log Question
  I am using a script to pull 
  all of my event logs from all of my servers (both local and remote) and 
  saving them off as .evt files at my location.  I was wondering if anyone 
  has a script that I can use to go through these files to pull only the 
  critical errors? 
   
  I have looked at using Event 
  Comb to do this, but it seems like Event Comb only scans through current event 
  logs not those that are saved off to another location.  The end result 
  I'm looking for is a way to create some stats on the number of errors and 
  warnings I receive per server and over all.  I want to bring some 
  attention to these errors so I can get some additional resources in resolving 
  them as well as putting just the errors in one place to help speed up the 
  process of reviewing them.
   
  I have seen a few scripts 
  that do this type of thing but all of those are based on the current event 
  logs not archived copies of the database.
   
  In the end, I might just end 
  up changing the time that I run my archive script and run another script prior 
  to that which might help me to gain my statistics.
   
  Any 
  suggestions
   
  Thanks,
   
  Charlie

[ActiveDir] Event Log Question

2005-07-27 Thread Carerros, Charles 
Title: RE: [ActiveDir] OT: Windows 2003 Cluster



I am using a script to pull all 
of my event logs from all of my servers (both local and remote) and saving 
them off as .evt files at my location.  I was wondering if anyone has a 
script that I can use to go through these files to pull only the critical 
errors? 
 
I have looked at using Event 
Comb to do this, but it seems like Event Comb only scans through current event 
logs not those that are saved off to another location.  The end result I'm 
looking for is a way to create some stats on the number of errors and warnings I 
receive per server and over all.  I want to bring some attention to these 
errors so I can get some additional resources in resolving them as well as 
putting just the errors in one place to help speed up the process of reviewing 
them.
 
I have seen a few scripts that 
do this type of thing but all of those are based on the current event logs not 
archived copies of the database.
 
In the end, I might just end up 
changing the time that I run my archive script and run another script prior to 
that which might help me to gain my statistics.
 
Any 
suggestions
 
Thanks,
 
Charlie

RE: [ActiveDir] OT: Windows 2003 Cluster

2005-07-27 Thread Bahta Nathaniel V Contr NASIC/SCNA 
Title: RE: [ActiveDir] OT: Windows 2003 Cluster



All,
The cluster is now operational.  The problem had to do 
with a series of events that unfolded to make this a complex troubleshooting 
issue.  The security applied by our higher set the STORE LM HASH value in 
the security template to enabled.  With this enabled prior to SP1 if you 
ever change your cluster service account password, the new password must be 15 
characters or greater, unless you apply the hotfix.  We changed the cluster 
service account to a 15 character password, applied LM Hash hotfix and restarted 
services and rebooted nodes.  Cluster has no problem communicating at this 
point.  Since our password change of the cluster account 2 weeks ago was 
the catalyst for the loss in communications between the nodes, it was a very 
troubled process to troubleshoot, but we are now past that point and  just 
left with migrating printer drivers that do not exist on node 1 from node 
2.  Apparently Windows 2003 is not supposed to need a print migration done 
in the way of Windows 2000 Advanced server, which called for you to install 
print drivers on node 1, node 2, and virtual print node.  This is the way 
it is functional in Windows 2003 as well.  
 
Thanks everyone for your suggestions and ideas it helped 
tremendously,
 
Nate
GD-NS


From: Al Mulnick 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Tuesday, July 26, 2005 2:04 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 
Cluster


Almost sounds like a cluster 
is not providing the benefits you were after. 
 
Not sure I can be of any help with the next 
piece.  That is odd, but you might have a look at the TS servers and see if 
they're logging anything else.  Same with the cluster to see if anything in 
the security logs.  Might be to do with the hotfix? 
 
Al


From: [EMAIL PROTECTED] on 
behalf of Bahta Nathaniel V Contr NASIC/SCNASent: Tue 7/26/2005 1:48 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
OT: Windows 2003 Cluster

Well AL,  so far I have figured out that the cluster 
account requires a 15 character or greater password without SP1 or the hotfix 
for it.  So I changed the account password and restarted the services and 
both nodes are online.  The only problem now is that I only see half the 
printers on the new node, and our shares are inaccessible from the 
cluster.  I get a error when trying to log on as a regular user, not a 
admin, that states :  YOU DO NOT HAVE PERMISSION TO ACCESS YOUR 
CENTRAL PROFILE LOCATED AT \\SERVERNAME\SHARE$\USERNAME.  CONTACT 
YOUR NETWORK ADMINISTRATOR.  It is a Userenv Source with an Event ID of 
1000.  So now everybody wants to know why they cant get their profiles 
and I am scrambling for an answer.  Its not permissions, or share 
permissions, I have opened them wide open and I cant understand it because it 
only happens to regular users and only users of the Terminal Server 
enviroment.
 
Today is a crazy day
 
Nate 


From: Al Mulnick 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Monday, July 25, 2005 2:40 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 
Cluster


I'm interested to hear how it 
works out.  
 
When I mentioned the HBA, I was thinking 
more along the lines of ensuring that there are no issues with the physical 
hba.  When an HBA goes, symptoms are often strange and not expected.  
Same for the ports and switches between the hba and the SAN. 

 
Al 


From: [EMAIL PROTECTED] on 
behalf of Bahta Nathaniel V Contr NASIC/SCNASent: Mon 7/25/2005 1:10 
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
OT: Windows 2003 Cluster

Yes,  I pulled up the config gui and read the config 
and compared the functioning node's config with the failing nodes config and 
they are identical.  The HBA sees all assigned LUNS as well.  I dont 
think it is a storage issue.  I have been on the phone with Microsoft and 
they said it may be a security issue and for me to reset the cluster account 
passwords and recycle the services on both nodes,  however I cannot do that 
until there is downtime allowable so probably will have to try that tonight or 
something.  I dont understand their idea of it being a password issue 
though, because they had me log in as the cluster service account, but they said 
the DC's may have a different password in AD than the cluster nodes have in 
SCM.  They said it doesnt make sense either but for me to try 
it.
 
Nate


From: Al Mulnick 
[mailto:[EMAIL PROTECTED] On Behalf Of Al 
MulnickSent: Monday, July 25, 2005 12:08 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] OT: Windows 2003 
Cluster


Have you also verified that 
the HBA is functioning correctly? 


From: [EMAIL PROTECTED] on 
behalf of Bahta Nathaniel V Contr NASIC/SCNASent: Mon 7/25/2005 11:21 
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 
OT: Windows 2003 Cluster

It had WMI access denied errors that entailed ripping apart 
the re

RE: [ActiveDir] Audit Reporting Tools

2005-07-27 Thread Peter Johnson 








You can also look at NetIQ’s
Security Manager which will write the entries to a secure SQL server from
multiple servers. 

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: 27 July 2005 06:57
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Audit
Reporting Tools



 



MOM can
do this – as the events that you decide to capture are written to the
database.  And, with some SQL scripting or custom tools, I’m fairly
certain that the info can be ripped out of the MOM DB.  However, it really
wasn’t designed to handle masses of raw audit logs.

However
(previously known as DADS…) Microsoft Audit Collection Server
(due….. sometime) will provide most of what you’re looking for.

Rick











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, July 26, 2005 9:33
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Audit
Reporting Tools



 

I currently have AD set to audit the account
administration successes so we can pinpoint who is putting users in specific
groups. Although this tracks every modification to our accounts, I was
wondering if anyone has knowledge of a software utility that will export the
Security Log data to an SQL database so we can run queries, generate reports,
and keep a history of what's been changed. I've heard that the Microsoft
Operations Manager Console will do this but I have not found any documentation
on the MS website to support that claim.

 

  

 

Bonnie Pohlschneider

Copeland Corporation

937-493-2333 PH

718-887-7441 FX

RE: [ActiveDir] Startup Scripts...

2005-07-27 Thread Frank Abagnale 
'They' is referring to my colleagues, I have 14 colleagues scattered over the country, what I mean when I say "as soon as they logon" really means once when they have built a w2k3 member server and it's joined to the domain, on the restart, I want the startup script to run and add the global group to the local administrator group on the member server. This global group is our IT Ops team. They do not have Domain Administrator privileges so unless their group is added to the local admins group on the new w2k3 member server, they can't logon.
 
The command which you suggested (net localgroup /add) is basically what I have used inside a _vbscript_ to accomplish this.Darren Mar-Elia <[EMAIL PROTECTED]> wrote:


Not sure what you mean by "as soon as they logon". Who would the "they" be? In other words, if you need to populate a global group into a computer local group as a one time operation, how about putting it into your build script after the machine joins the domain? You can certainly use startup scripts but as Jorge notes it only runs at machine reboot and it runs in the context of the localSystem account or the machine account if it needs network access. The simplest way to do this is to run a net localgroup /add in a batch file, but the security context of the batch file must have rights to resolve the global groups in the domain that you wish to add into the local group.
 
 In any case, you can use Restricted Groups as well. There are two modes to it. One mode does create "exclusive membership" meaning that any groups/users not in the list in the policy will be removed from the local group. The other mode allows you to add a particular group to a list of other groups and is not exclusive.
 
Darren


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank AbagnaleSent: Wednesday, July 27, 2005 10:27 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Startup Scripts...

Thanks Jorge,
 
I only want this script to run at Startup, it's for new servers that are built, as soon as they logon I want the group to populate to the local group so that our Ops team have access. The existing servers already have been done via a previous script.
 
My knowledge of Restricted groups is limited, but from what I read its quite powerful. Does Restricted Groups remove the existing members of a local administrators group on a Server or Workstation once it's been enabled. 
 
"Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> wrote:
oh yes they do... however only when the server is starting the startup script will run. while the server is running then the startup script will not runSam applies for shutdown scripts, logon scripts and logoff scripts -> only when resp. shutdown, logon, or logoff occursWhat you want to use is the restricted groups with the memberof option. (also through GPOs)The member option dictates what the members of a group are and each member in the group but not in the list will be removedThe memberof option does not dictated who the members are. It only says that some sec. princ. is a member of a groupCheers#JORGE#From: [EMAIL PROTECTED] on behalf of Frank AbagnaleSent: Wed 7/27/2005 10:43 AMTo: ActiveSubject: [ActiveDir] Startup Scripts...Hi,I planned to use
 a startup script to populate a global group to a local group on series of Windows 2003 Servers in a single w2k3 domain so that any new Servers which are built other than myself will be automatically populated with this group. The Servers are placed in an sub OU.My colleague has just said Startup Scripts do not run against Serversis this correct? If this is, does anyone have ideas as to how I get the group to automatically populate to all new Server builds without having to do it manually. thanks,- Frank__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you
 are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


Start your day with Yahoo! - make it your home page 
		Yahoo! Mail 
Stay connected, organized, and protected. Take the tour

RE: [ActiveDir] Startup Scripts...

2005-07-27 Thread Darren Mar-Elia 



Not sure what you mean by "as soon as they logon". Who 
would the "they" be? In other words, if you need to 
populate a global group into a computer local group as a one time operation, how 
about putting it into your build script after the machine joins the domain? You 
can certainly use startup scripts but as Jorge notes it only runs at machine 
reboot and it runs in the context of the localSystem account or the machine 
account if it needs network access. The simplest way to do this is to run 
a net localgroup /add in a batch file, but the 
security context of the batch file must have rights to resolve the global groups 
in the domain that you wish to add into the local group.
 
 In any case, you can use Restricted Groups as 
well. There are two modes to it. One mode does create "exclusive 
membership" meaning that any groups/users not in the list in the policy will be 
removed from the local group. The other mode allows you to add a particular 
group to a list of other groups and is not exclusive.
 
Darren


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Frank 
AbagnaleSent: Wednesday, July 27, 2005 10:27 AMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Startup 
Scripts...

Thanks Jorge,
 
I only want this script to run at Startup, it's for new servers that are 
built, as soon as they logon I want the group to populate to the local group so 
that our Ops team have access. The existing servers already have been done via a 
previous script.
 
My knowledge of Restricted groups is limited, but from what I read its 
quite powerful. Does Restricted Groups remove the existing members of a local 
administrators group on a Server or Workstation once it's been enabled. 
 
"Almeida Pinto, Jorge de" 
<[EMAIL PROTECTED]> wrote:
oh 
  yes they do... however only when the server is starting the startup script 
  will run. while the server is running then the startup script will not 
  runSam applies for shutdown scripts, logon scripts and logoff scripts 
  -> only when resp. shutdown, logon, or logoff occursWhat you want 
  to use is the restricted groups with the memberof option. (also through 
  GPOs)The member option dictates what the members of a group are and 
  each member in the group but not in the list will be removedThe memberof 
  option does not dictated who the members are. It only says that some sec. 
  princ. is a member of a 
  groupCheers#JORGE#From: 
  [EMAIL PROTECTED] on behalf of Frank AbagnaleSent: Wed 
  7/27/2005 10:43 AMTo: ActiveSubject: [ActiveDir] Startup 
  Scripts...Hi,I planned to use a startup script to populate 
  a global group to a local group on series of Windows 2003 Servers in a single 
  w2k3 domain so that any new Servers which are built other than myself will be 
  automatically populated with this group. The Servers are placed in an sub 
  OU.My colleague has just said Startup Scripts do not run against 
  Serversis this correct? If this is, does anyone have ideas as to 
  how I get the group to automatically populate to all new Server builds without 
  having to do it manually. thanks,- 
  Frank__Do You 
  Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around 
  http://mail.yahoo.com This e-mail and any attachment is 
  for authorised use by the intended recipient(s) only. It may contain 
  proprietary material, confidential information and/or be subject to legal 
  privilege. It should not be copied, disclosed to, retained or used by, any 
  other party. If you are not an intended recipient then please promptly delete 
  this e-mail and any attachment and all copies and inform the sender. Thank 
  you.List info : http://www.activedir.org/List.aspxList FAQ : 
  http://www.activedir.org/ListFAQ.aspxList archive: 
  http://www.mail-archive.com/activedir%40mail.activedir.org/


Start your 
day with Yahoo! - make it your home page

RE: [ActiveDir] Startup Scripts...

2005-07-27 Thread Almeida Pinto, Jorge de 
using the memberof option will preserve existing members in the target group
using the member option will NOT preserve existing members in the target group 
(if I'm correct the administrator account is not removed form the 
administrators group)
 
The fun part with restricted groups feature is that it will "protect" the 
configuration while the server is running and startup scripts will not
 
#JORGE#



From: [EMAIL PROTECTED] on behalf of Frank Abagnale
Sent: Wed 7/27/2005 11:26 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Startup Scripts...


Thanks Jorge,
 
I only want this script to run at Startup, it's for new servers that are built, 
as soon as they logon I want the group to populate to the local group so that 
our Ops team have access. The existing servers already have been done via a 
previous script.
 
My knowledge of Restricted groups is limited, but from what I read its quite 
powerful. Does Restricted Groups remove the existing members of a local 
administrators group on a Server or Workstation once it's been enabled. 
 

"Almeida Pinto, Jorge de" <> wrote:

oh yes they do... however only when the server is starting the startup 
script will run. while the server is running then the startup script will not 
run
Sam applies for shutdown scripts, logon scripts and logoff scripts -> 
only when resp. shutdown, logon, or logoff occurs

What you want to use is the restricted groups with the memberof option. 
(also through GPOs)

The member option dictates what the members of a group are and each 
member in the group but not in the list will be removed
The memberof option does not dictated who the members are. It only says 
that some sec. princ. is a member of a group

Cheers
#JORGE#



From: [EMAIL PROTECTED] on behalf of Frank Abagnale
Sent: Wed 7/27/2005 10:43 AM
To: Active
Subject: [ActiveDir] Startup Scripts...


Hi,

I plann! ed to use a startup script to populate a global group to a 
local group on series of Windows 2003 Servers in a single w2k3 domain so that 
any new Servers which are built other than myself will be automatically 
populated with this group. The Servers are placed in an sub OU.

My colleague has just said Startup Scripts do not run against 
Serversis this correct? 

If this is, does anyone have ideas as to how I get the group to 
automatically populate to all new Server builds without having to do it 
manually. 

thanks,
- Frank

__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party! . If you are not an 
intended recipient then please promptly delete this e-mail and any attachment 
and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir%40mail.activedir.org/




Start your day with Yahoo! - make it your home page 
 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Startup Scripts...

2005-07-27 Thread Frank Abagnale 
Thanks Jorge,
 
I only want this script to run at Startup, it's for new servers that are built, as soon as they logon I want the group to populate to the local group so that our Ops team have access. The existing servers already have been done via a previous script.
 
My knowledge of Restricted groups is limited, but from what I read its quite powerful. Does Restricted Groups remove the existing members of a local administrators group on a Server or Workstation once it's been enabled. 
 
"Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> wrote:
oh yes they do... however only when the server is starting the startup script will run. while the server is running then the startup script will not runSam applies for shutdown scripts, logon scripts and logoff scripts -> only when resp. shutdown, logon, or logoff occursWhat you want to use is the restricted groups with the memberof option. (also through GPOs)The member option dictates what the members of a group are and each member in the group but not in the list will be removedThe memberof option does not dictated who the members are. It only says that some sec. princ. is a member of a groupCheers#JORGE#From: [EMAIL PROTECTED] on behalf of Frank AbagnaleSent: Wed 7/27/2005 10:43 AMTo: ActiveSubject: [ActiveDir] Startup Scripts...Hi,I planned to use
 a startup script to populate a global group to a local group on series of Windows 2003 Servers in a single w2k3 domain so that any new Servers which are built other than myself will be automatically populated with this group. The Servers are placed in an sub OU.My colleague has just said Startup Scripts do not run against Serversis this correct? If this is, does anyone have ideas as to how I get the group to automatically populate to all new Server builds without having to do it manually. thanks,- Frank__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you
 are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
		 Start your day with Yahoo! - make it your home page

RE: [ActiveDir] Startup Scripts...

2005-07-27 Thread Almeida Pinto, Jorge de 
oh yes they do...  however only when the server is starting the startup script 
will run. while the server is running then the startup script will not run
Sam applies for shutdown scripts, logon scripts and logoff scripts -> only when 
resp. shutdown, logon, or logoff occurs
 
What you want to use is the restricted groups with the memberof option. (also 
through GPOs)
 
The member option dictates what the members of a group are and each member in 
the group but not in the list will be removed
The memberof option does not dictated who the members are. It only says that 
some sec. princ. is a member of a group
 
Cheers
#JORGE#



From: [EMAIL PROTECTED] on behalf of Frank Abagnale
Sent: Wed 7/27/2005 10:43 AM
To: Active
Subject: [ActiveDir] Startup Scripts...


Hi,
 
I planned to use a startup script to populate a global group to a local group 
on series of Windows 2003 Servers in a single w2k3 domain so that any new 
Servers which are built other than myself will be automatically populated with 
this group. The Servers are placed in an sub OU.
 
My colleague has just said Startup Scripts do not run against Serversis 
this correct? 
 
If this is, does anyone have ideas as to how I get the group to automatically 
populate to all new Server builds without having to do it manually. 
 
thanks,
 - Frank

__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Startup Scripts...

2005-07-27 Thread Frank Abagnale 
Hi,
 
I planned to use a startup script to populate a global group to a local group on series of Windows 2003 Servers in a single w2k3 domain so that any new Servers which are built other than myself will be automatically populated with this group. The Servers are placed in an sub OU.
 
My colleague has just said Startup Scripts do not run against Serversis this correct? 
 
If this is, does anyone have ideas as to how I get the group to automatically populate to all new Server builds without having to do it manually. 
 
thanks,
 - Frank__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com

RE: [ActiveDir] turn off replication to a DC in same site

2005-07-27 Thread Almeida Pinto, Jorge de 
As for FRS replication
 
ntfrsutl forcerepl [computer] /r SetName /p DnsName
  = Force FRS to start a replication cycle ignoring the schedule
.
  = Specify the SetName and DnsName.
computer  = talk to the NtFrs service on this machine.
SetName   = Name of the replica set.
DnsName   = DNS name of the inbound partner to force repl from.
 
 
This is the W2K3 SP1 version of NTFRSUTL. The W2K3 SP0 also has a NTFRSUTL but 
without the forcerepl option
 
Cheers
#JORGE#



From: [EMAIL PROTECTED] on behalf of Brett Shirley
Sent: Wed 7/27/2005 3:46 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] turn off replication to a DC in same site




Well you have _two_ completely seperate replication systems to deal with, 
and I know nothing about FRS, but for Active Directory replication, this 
command will do it: 

repadmin /options  +DISABLE_INBOUND_REPL 

To turn back on, change the "+" to a "-".  It's listed in /advhelp 
screen.  You can list a current DC's options like this: 

repadmin /options  


Fun (albeit dangerous) tip: 

Even thought repadmin.exe doesn't admit it in the help, secretly I made 
repadmin /options work with DC_LIST / DSA_LISTS, so you can have the 
equivalent of the big red emergency shutoff button for replication for 
your forest: 
repadmin /options * +DISABLE_INBOUND_REPL 

The /force flag when provided to "repadmin /replicate" WILL override the 
disabled flag I showed above.  In general everyone should be in the habit 
of not providing the /force flag, it's like hitting the OK button as 
habit, stay out of the habit, otherwise it'll be too late. 

This posting is "AS IS", if you turn off replication in your whole forest, 
it's not my problem. 

Cheers, 
-BrettSh [msft] SDE ESE 


On Tue, 26 Jul 2005, Steve Schofield wrote: 

> Hi, 
> 
> I have a single DC I would like to be able to turn on and off replication 
> and only push changes at certain times.   Is there command line utility to 
> turn on and off replication or is it as easy as turning FRS service off.  I 
> can't separate this DC into a separate site to control replication times. 
> 
> Steve 
> 
> 
> List info   : http://www.activedir.org/List.aspx 
> List FAQ: http://www.activedir.org/ListFAQ.aspx 
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 
> 

List info   : http://www.activedir.org/List.aspx 
List FAQ: http://www.activedir.org/ListFAQ.aspx 
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ 



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.
<>