[ActiveDir] OT: Find a use of an account in AD

[Amy Hunter]

Hello all,
  I have a few user accounts which are used as service accounts which are 
member of the Domain Admins group but I have no idea what they are for.
  Does anyone know of a way of identifying where these accounts are used e.g as 
a service etc. using a script or something? if so does anyone have a script 
they could share ;-)
  It's a windows 2003, single forest, single domain
  Ta!
  Amy

 Send instant messages to your online friends http://uk.messenger.yahoo.com 

RE: [ActiveDir] OT: Script or utility to dump certificates on a remote server?

[Udiljak, Russell J]

Steve,
I used Alun Jones's code for SSLScan located here,
 
http://msmvps.com/blogs/alunj/archive/2006/05/14/94968.aspx
 
It's in C # but a managed to convert it to VB .Net 2.0.
Create a file containing the dns names of all your DC's (one per line)
and then run "sslscan server.txt"
The output is something like this,
 
Connecting to server: server.dns.host.name:636
Client connected.
Subject: CN=server.dns.host.name
Issuer : CN=My Internal CA Server , OU=Department, O=Company,
L=SomeTown, S=SomeState, C=XX, [EMAIL PROTECTED]
 
Serial : 418EA72100010005D391
Expires: 7/09/2007 6:23:49 PM
 
Regards
Russell



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Szwejbka
Sent: Thursday, 30 November 2006 5:17 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Script or utility to dump certificates on a
remote server?



We have certificates deployed to some unknown number of Windows (mostly
2k3, but some 2k) servers throughout the environment. The certificates
were generated via some internal root server which apparently does not
have a way to dump what certificates have been issued and when they
expire. So, I'm trying to figure out a way to remotely look at large
numbers of servers (1000+) to see which servers a) have a certificate
installed, and b) when it expires.  It doesn't appear that certutil.exe
does this type of thing for remote servers. Does anyone know of any
vbscript or vb.net calls that can be used to get this info? 

Thanks 

-Steven 



The information contained in this e-mail and any accompanying documents
may contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or if
this message has been addressed to you in error, please immediately
alert the sender by reply e-mail and then delete this message, including
any attachments. Any dissemination, distribution or other use of the
contents of this message by anyone other than the intended recipient is
strictly prohibited. 

[ActiveDir] Import User Details from a XLS file

[Haritwal, Dhiraj]

Dear All,

 

How can I import, AD Users Details like Department, Telephone No,
Location etc... from an XLS file.

 

Dhiraj Haritwal

 



---
This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway.
---

[ActiveDir] Split pagefile?

[Larry Wahlers]

Colleagues,

Is there a best practice for splitting the pagefile on a Windows Server
2003 Standard system (it's running Exchange 2003) across multiple
drives? My C drive is up to nearly 9GB used out of 10GB, and I'd like to
move off most of the 3GB pagefile to maybe the database drive. We have
only 500 users on that system, so performance shouldn't be too much of
an issue.

Thanks in advance, folks.


-- 
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] Import User Details from a XLS file

[Thomas Hess]

Hi Dhiraj,

see MS KB237677 for
Using LDIFDE to import and export directory objects to Active Directory

http://support.microsoft.com/kb/237677/en-us

Greetings
Thomas
2006/11/30, Haritwal, Dhiraj <[EMAIL PROTECTED]>:




Dear All,



How can I import, AD Users Details like Department, Telephone No, Location
etc... from an XLS file.



Dhiraj Haritwal





This email is confidential and intended only for the use of the individual
or entity named above and may contain information that is privileged. If you
are not the intended recipient, you are notified that any dissemination,
distribution or copying of this email is strictly prohibited. If you have
received this email in error, please notify us immediately by return email
or telephone and destroy the original message. - This mail is sent via Sony
Asia Pacific Mail Gateway.


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Import User Details from a XLS file

[Brian Desmond]

Look at csvde

 

Thanks,

Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Haritwal,
Dhiraj
Sent: Thursday, November 30, 2006 10:40 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Import User Details from a XLS file

 

Dear All,

 

How can I import, AD Users Details like Department, Telephone No,
Location etc... from an XLS file.

 

Dhiraj Haritwal

 




This email is confidential and intended only for the use of the
individual or entity named above and may contain information that is
privileged. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this email is strictly
prohibited. If you have received this email in error, please notify us
immediately by return email or telephone and destroy the original
message. - This mail is sent via Sony Asia Pacific Mail Gateway.

[ActiveDir] Child domain for external SharePoint users

[Group, Russ]

Hi all

We are in the process of creating a SharePoint site that external users
(dealers) can access to obtain shipping information.  I have the
SharePoint server in my LAN with a reverse proxy appliance in the DMZ
that the dealers will use to access the SharePoint server.

The discussion came up about using a child domain for these dealers to
authenticate to the SharePoint server.  Is this an accepted practice
(create a child domain for the external users)?  How safe is this
compared to creating a separate OU for the dealer in the parent domain?

Thank you 

Russ

RE: [ActiveDir] Child domain for external SharePoint users

[Brian Desmond]

You need a separate forest to get the effect you want. The Domain gets
you nothing more than an OU would. 

 

Thanks,

Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Group, Russ
Sent: Thursday, November 30, 2006 11:19 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Child domain for external SharePoint users

 

Hi all 

We are in the process of creating a SharePoint site that external users
(dealers) can access to obtain shipping information.  I have the
SharePoint server in my LAN with a reverse proxy appliance in the DMZ
that the dealers will use to access the SharePoint server.

The discussion came up about using a child domain for these dealers to
authenticate to the SharePoint server.  Is this an accepted practice
(create a child domain for the external users)?  How safe is this
compared to creating a separate OU for the dealer in the parent domain?

Thank you

Russ 

RE: [ActiveDir] OT: Vista Stuck on "Completing Upgrade"

[Harding, Devon]

Anyone?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Wednesday, November 29, 2006 7:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Vista Stuck on "Completing Upgrade"

I know it's not AD realated but have anyone had any issues upgrading XP
to Vista RTM and got stuck on 'Completing Upgrade (64%)...'?

I've removed all AV & burning related software & it has been stuck at
this position for over 12 hours now.  When I force reboot, it rolls back
to Windows XP.

Any Ideas?

btw: is there another mailing list for these type of questions?

-Devon

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Larry Wahlers]

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. I'll leave a
meg on the C drive just for the dumpfile, which we limit to 64K, in case
the system crashes and I can actually figure out how to read the
dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/? We
normally leave at least 200Mb on the C: partition when we move the rest
to a different drive.


-- 
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On 
> > Behalf Of Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> > 
> > Colleagues,
> > 
> > Is there a best practice for splitting the pagefile on Exchange 2003
> > across multiple drives? My C drive is up to nearly 9GB used 
> > out of 10GB,
> > and I'd like to move off most of the 3GB pagefile to maybe 
> > the database
> > drive. We have only 500 users on that system, so 
> performance shouldn't
> > be too much of an issue.
> > 
> > Thanks in advance, folks.
> > 
> > -- 
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe: 
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to 
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> > 
> > Please include the email address which you have been contacted with.
> > 
> > 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] OT: Vista Stuck on "Completing Upgrade"

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Never seen that on ones I've upgraded.

Harding, Devon wrote:

Anyone?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: Wednesday, November 29, 2006 7:52 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Vista Stuck on "Completing Upgrade"

I know it's not AD realated but have anyone had any issues upgrading XP
to Vista RTM and got stuck on 'Completing Upgrade (64%)...'?
 
I've removed all AV & burning related software & it has been stuck at

this position for over 12 hours now.  When I force reboot, it rolls back
to Windows XP.
 
Any Ideas?
 
btw: is there another mailing list for these type of questions?
 
-Devon


This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

  


--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[WATSON, BEN]

It really shouldn't matter whether or not the page file resides on the
boot partition or not.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 9:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. I'll leave a
meg on the C drive just for the dumpfile, which we limit to 64K, in case
the system crashes and I can actually figure out how to read the
dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/? We
normally leave at least 200Mb on the C: partition when we move the rest
to a different drive.


-- 
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On 
> > Behalf Of Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> > 
> > Colleagues,
> > 
> > Is there a best practice for splitting the pagefile on Exchange 2003
> > across multiple drives? My C drive is up to nearly 9GB used 
> > out of 10GB,
> > and I'd like to move off most of the 3GB pagefile to maybe 
> > the database
> > drive. We have only 500 users on that system, so 
> performance shouldn't
> > be too much of an issue.
> > 
> > Thanks in advance, folks.
> > 
> > -- 
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe: 
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to 
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> > 
> > Please include the email address which you have been contacted with.
> > 
> > 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

Yes, it's okay, with the crashdump caveats that you've already acknowledged
and accommodated. 

It's also a good idea to split pagefiles across multiple spindles for
performance reasons when possible. I don't know if that's relevant in your
case, but whenever you have the opportunity to split pagefile across disks
(not partitions, disks), you get an associated read/write bump as a result.

P.S. They may have said that in the article you reference below; I didn't
actually click the link and read it. :-)

Laura (Robinson, not Hunter) 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 12:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED] 
> > > [mailto:[EMAIL PROTECTED] On 
> > > Behalf Of Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003
> > > across multiple drives? My C drive is up to nearly 9GB used 
> > > out of 10GB,
> > > and I'd like to move off most of the 3GB pagefile to maybe 
> > > the database
> > > drive. We have only 500 users on that system, so 
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > -- 
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Brian Desmond]

You're going to have other issues if you have that little free space on
your C drive. My suggestion is that you find something else to cleanup
or else replace the spindles with larger ones.

Yes its fine to store the pagefile elsewhere though.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. I'll leave a
meg on the C drive just for the dumpfile, which we limit to 64K, in case
the system crashes and I can actually figure out how to read the
dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/? We
normally leave at least 200Mb on the C: partition when we move the rest
to a different drive.


-- 
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On 
> > Behalf Of Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> > 
> > Colleagues,
> > 
> > Is there a best practice for splitting the pagefile on Exchange 2003
> > across multiple drives? My C drive is up to nearly 9GB used 
> > out of 10GB,
> > and I'd like to move off most of the 3GB pagefile to maybe 
> > the database
> > drive. We have only 500 users on that system, so 
> performance shouldn't
> > be too much of an issue.
> > 
> > Thanks in advance, folks.
> > 
> > -- 
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe: 
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to 
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> > 
> > Please include the email address which you have been contacted with.
> > 
> > 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Kevin Brunson]

I think 2k3r2 requires at least 16MB on C:.  At least that is the error
message I have gotten before when I tried to make it smaller than that.
In 2000 I could make it 10MB without it complaining.  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 11:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. I'll leave a
meg on the C drive just for the dumpfile, which we limit to 64K, in case
the system crashes and I can actually figure out how to read the
dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/? We
normally leave at least 200Mb on the C: partition when we move the rest
to a different drive.


-- 
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On 
> > Behalf Of Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> > 
> > Colleagues,
> > 
> > Is there a best practice for splitting the pagefile on Exchange 2003
> > across multiple drives? My C drive is up to nearly 9GB used 
> > out of 10GB,
> > and I'd like to move off most of the 3GB pagefile to maybe 
> > the database
> > drive. We have only 500 users on that system, so 
> performance shouldn't
> > be too much of an issue.
> > 
> > Thanks in advance, folks.
> > 
> > -- 
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe: 
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to 
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> > 
> > Please include the email address which you have been contacted with.
> > 
> > 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

[ActiveDir] Delegate VPN rights

[WATSON, BEN]

I'm attempting to delegate out the permissions to adjust the Remote
Access Permissions under the Dial-In tab in Active Directory for user
accounts.  When performing an LDAP query, I notice that changes to this
setting are recorded in the msNPAllowDialin attribute.  Set to False
when Deny Access is set, True when Allow Access is set, and "not set"
when Control Access through Remote Access Policy is set.

 

However when I attempt to delegate out the rights to a security group so
they can modify this, it is not listed as a selectable property.  Am I
missing something here?  Should I be looking for a different property to
delegate out this right?

 

Thanks,

~Ben Watson

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

There must be a pagefile on the boot drive in order to facilitate a crash
dump [*if* that is a concern for the environment]; dumps cannot be directed
to another partition. So in that respect, it does matter, but it is not a
hard requirement that there be a pagefile on the boot drive.

Laura

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
> Sent: Thursday, November 30, 2006 12:24 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> It really shouldn't matter whether or not the page file 
> resides on the boot partition or not.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 9:09 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED] 
> > > [mailto:[EMAIL PROTECTED] On 
> > > Behalf Of Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003
> > > across multiple drives? My C drive is up to nearly 9GB used 
> > > out of 10GB,
> > > and I'd like to move off most of the 3GB pagefile to maybe 
> > > the database
> > > drive. We have only 500 users on that system, so 
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > -- 
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Ramon Linan]

Hi, 

I have an answer and a question about the same.

Most of my servers have 2 partition, one for the OS and the other for
data, I always put the pagefile in the data partition, so yes, you can
have the have the whole thing in a different partition or hard drive.

Actually, Linux system always create a swap partition just for that
purpose, so I wonder if it would be more efficient to always create a
partition just for the pagefile... Anyone knows?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. I'll leave a
meg on the C drive just for the dumpfile, which we limit to 64K, in case
the system crashes and I can actually figure out how to read the
dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/? We
normally leave at least 200Mb on the C: partition when we move the rest
to a different drive.


--
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On 
> > Behalf Of Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> > 
> > Colleagues,
> > 
> > Is there a best practice for splitting the pagefile on Exchange 2003
> > across multiple drives? My C drive is up to nearly 9GB used 
> > out of 10GB,
> > and I'd like to move off most of the 3GB pagefile to maybe 
> > the database
> > drive. We have only 500 users on that system, so 
> performance shouldn't
> > be too much of an issue.
> > 
> > Thanks in advance, folks.
> > 
> > -- 
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe: 
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to 
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> > 
> > Please include the email address which you have been contacted with.
> > 
> > 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

That's only if you select the "custom size" radio button and try to set it
to less than 16MB. If you select the "no paging file" option, it works fine.

Laura 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
> Sent: Thursday, November 30, 2006 12:28 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> I think 2k3r2 requires at least 16MB on C:.  At least that is 
> the error message I have gotten before when I tried to make 
> it smaller than that.
> In 2000 I could make it 10MB without it complaining.  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 11:09 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED] 
> > > [mailto:[EMAIL PROTECTED] On 
> > > Behalf Of Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003
> > > across multiple drives? My C drive is up to nearly 9GB used 
> > > out of 10GB,
> > > and I'd like to move off most of the 3GB pagefile to maybe 
> > > the database
> > > drive. We have only 500 users on that system, so 
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > -- 
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] Child domain for external SharePoint users

[Joe Kaplan]

This is also a good application for federation (ADFS).  It gives you
the flexibility of provisioning your dealer accounts in ADAM instead
of AD (which can give you a lot more flexibility in terms of how to
allocate hardware) and can give you the ability to allow the dealers
to log on with their own accounts if they can create a federation
server on their end to provide access to their own domain resources.
This may or may not be possible/desireable, but in many cases it is
because you don't have to provision and manage their identities.

Unfortunately, this is much more complex to implement though.


From a security perspective, though, Brian is right.  If you just want

to do this with AD and trusts, you should do a separate forest and do
a forest trust.  Otherwise, you aren't buying much in terms of real
security.  You might as well just put the accounts in a separate OU.

Joe K.

On 11/30/06, Group, Russ <[EMAIL PROTECTED]> wrote:



Hi all

We are in the process of creating a SharePoint site that external users
(dealers) can access to obtain shipping information.  I have the SharePoint
server in my LAN with a reverse proxy appliance in the DMZ that the dealers
will use to access the SharePoint server.

The discussion came up about using a child domain for these dealers to
authenticate to the SharePoint server.  Is this an accepted practice (create
a child domain for the external users)?  How safe is this compared to
creating a separate OU for the dealer in the parent domain?

Thank you

Russ

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Larry Wahlers]

Thanks, everyone, for your replies. Meanwhile, Laura wrote:

>Yes, it's okay, with the crashdump caveats that you've already
acknowledged
>and accommodated. 

Good!

> It's also a good idea to split pagefiles across multiple spindles

It will be on a RAID-5 array, so technically yes, it will be across
multiple spindles.

Kevin wrote:
>I think 2k3r2 requires at least 16MB on C:.  At least that is the error
> message I have gotten before when I tried to make it smaller than
that.

This isn't R2, but it is 2K3 sp1. I'll see if it complains about 1MB
pagefile on C before I reboot at 5 today.

Thanks again for your comments, folks. 

Larry Wahlers
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Delegate VPN rights

[Wells, James Arthur]

Ben,

 

You're looking for the "remote access information" property group...I haven't 
found a list on TechNet of what is included in this...I believe there is a 
chart in one of the O'Reilly books that details which properties that includes, 
but I'm assuming it's the entire "Dialin" tab in ADUC.

 

The ADUC GUI doesn't have a way to set any more granular than that...

 

--James

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
Sent: Thursday, November 30, 2006 11:35 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Delegate VPN rights

 

I'm attempting to delegate out the permissions to adjust the Remote Access 
Permissions under the Dial-In tab in Active Directory for user accounts.  When 
performing an LDAP query, I notice that changes to this setting are recorded in 
the msNPAllowDialin attribute.  Set to False when Deny Access is
set, True when Allow Access is set, and "not set" when Control Access through 
Remote Access Policy is set.

 

However when I attempt to delegate out the rights to a security group so they 
can modify this, it is not listed as a selectable property.  Am I missing 
something here?  Should I be looking for a different property to delegate out 
this right?

 

Thanks,

~Ben Watson

RE: [ActiveDir] Split pagefile

[Don Hoehn]

Hi,
Best practice used to be to put the pagefile on a different BUS than
the OS. The idea is that you can read/write to both the OS and the PF at the
same time. We always put the entire PF on a separate bus/drive in it's own
partition. That way you have the added speed of a bus apart from the OS bus
and a contiguous PF. We never bothered with a C: swapfile because we could
never afford to send the dump to M$ for decryption. :-}

Don

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
Sent: Thursday, November 30, 2006 11:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Hi, 

I have an answer and a question about the same.

Most of my servers have 2 partition, one for the OS and the other for data, I
always put the pagefile in the data partition, so yes, you can have the have
the whole thing in a different partition or hard drive.

Actually, Linux system always create a swap partition just for that purpose,
so I wonder if it would be more efficient to always create a partition just
for the pagefile... Anyone knows?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. I'll leave a meg on
the C drive just for the dumpfile, which we limit to 64K, in case the system
crashes and I can actually figure out how to read the dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/? We normally
leave at least 200Mb on the C: partition when we move the rest to a different
drive.


--
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of 
> > Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> > 
> > Colleagues,
> > 
> > Is there a best practice for splitting the pagefile on Exchange 2003 
> > across multiple drives? My C drive is up to nearly 9GB used out of 
> > 10GB, and I'd like to move off most of the 3GB pagefile to maybe the 
> > database drive. We have only 500 users on that system, so
> performance shouldn't
> > be too much of an issue.
> > 
> > Thanks in advance, folks.
> > 
> > --
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod 
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe: 
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to 
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> > 
> > Please include the email address which you have been contacted with.
> > 
> > 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Steve Egan \(Temp\)]

Back in the mists of antiquity, when 3 meg disks were the norm
(mainframes...), we always put any files that were going to be heavily
used (in terms of r/w) closest to the spindle since the heads had less
distance to travel.  Fewer milliseconds to get to what you were looking
for.  We also optimized for disk sector interleave, but that's not
important any more...

Here's the point.  I always put swap files, whether Linux or Windows OS,
*closest* (physically) to the FAT.  Where does a disk drive spend most
of its time loitering?  The FAT area, simply to find or record where
everything is.  So, yes, you have to consider where *physically* (disk
geometry) you are going to put the swap file ON THE DISK, not which
partition.  But this is my old mainframe experience (hardware/software)
talking.

Steve Egan
Purcell Systems
System/Network Administrator
desk 509 755-0341 x110
cell 509 475-7682
fax 509 755-0345

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
Sent: Thursday, November 30, 2006 10:08 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Hi, 

I have an answer and a question about the same.

Most of my servers have 2 partition, one for the OS and the other for
data, I always put the pagefile in the data partition, so yes, you can
have the have the whole thing in a different partition or hard drive.

Actually, Linux system always create a swap partition just for that
purpose, so I wonder if it would be more efficient to always create a
partition just for the pagefile... Anyone knows?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. I'll leave a
meg on the C drive just for the dumpfile, which we limit to 64K, in case
the system crashes and I can actually figure out how to read the
dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/? We
normally leave at least 200Mb on the C: partition when we move the rest
to a different drive.


--
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED] On 
> > Behalf Of Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> > 
> > Colleagues,
> > 
> > Is there a best practice for splitting the pagefile on Exchange 2003
> > across multiple drives? My C drive is up to nearly 9GB used 
> > out of 10GB,
> > and I'd like to move off most of the 3GB pagefile to maybe 
> > the database
> > drive. We have only 500 users on that system, so 
> performance shouldn't
> > be too much of an issue.
> > 
> > Thanks in advance, folks.
> > 
> > -- 
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe: 
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to 
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> > 
> > Please include the email address which you have been contacted with.
> > 
> > 
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Kevin Brunson]

Good call.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 12:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

That's only if you select the "custom size" radio button and try to set
it
to less than 16MB. If you select the "no paging file" option, it works
fine.

Laura 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
> Sent: Thursday, November 30, 2006 12:28 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> I think 2k3r2 requires at least 16MB on C:.  At least that is 
> the error message I have gotten before when I tried to make 
> it smaller than that.
> In 2000 I could make it 10MB without it complaining.  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 11:09 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED] 
> > > [mailto:[EMAIL PROTECTED] On 
> > > Behalf Of Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003
> > > across multiple drives? My C drive is up to nearly 9GB used 
> > > out of 10GB,
> > > and I'd like to move off most of the 3GB pagefile to maybe 
> > > the database
> > > drive. We have only 500 users on that system, so 
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > -- 
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[WATSON, BEN]

Ah, that's a nice clarification.  I actually wasn't aware of the 16MB
limitation for page file size on the boot partition, especially since I
had done just what you said.  Set the boot partition to "no paging file"
and just set it manually on an alternative disk.

Very good to know, thanks for the info Laura.

~Ben

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 10:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

That's only if you select the "custom size" radio button and try to set
it
to less than 16MB. If you select the "no paging file" option, it works
fine.

Laura 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
> Sent: Thursday, November 30, 2006 12:28 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> I think 2k3r2 requires at least 16MB on C:.  At least that is 
> the error message I have gotten before when I tried to make 
> it smaller than that.
> In 2000 I could make it 10MB without it complaining.  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 11:09 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED] 
> > > [mailto:[EMAIL PROTECTED] On 
> > > Behalf Of Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003
> > > across multiple drives? My C drive is up to nearly 9GB used 
> > > out of 10GB,
> > > and I'd like to move off most of the 3GB pagefile to maybe 
> > > the database
> > > drive. We have only 500 users on that system, so 
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > -- 
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] Delegate VPN rights

[Tony Murray]

You will need to modify dssec.dat to expose the property.

http://www.activedir.org/article.aspx?aid=24#11

Tony
-- Original Message --
From: "WATSON, BEN" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
Date:  Thu, 30 Nov 2006 09:34:39 -0800

I'm attempting to delegate out the permissions to adjust the Remote
Access Permissions under the Dial-In tab in Active Directory for user
accounts.  When performing an LDAP query, I notice that changes to this
setting are recorded in the msNPAllowDialin attribute.  Set to False
when Deny Access is set, True when Allow Access is set, and "not set"
when Control Access through Remote Access Policy is set.

 

However when I attempt to delegate out the rights to a security group so
they can modify this, it is not listed as a selectable property.  Am I
missing something here?  Should I be looking for a different property to
delegate out this right?

 

Thanks,

~Ben Watson



 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

[ActiveDir] Bulk of client going to PDC

[Kamlesh Parmar]

Hi Guys,

We are facing some strange issue, randomly clients from some sites are going
to PDCe for group policy refresh,along with screensaver and wallpaper stored
in netlogon.

Clients are ignoring their nearest DC, and approaching PDCe.

All DCs : Win2k3 SP1
All Clients: XP SP2

I verified,
1) DNS entries for site DC are correct.
2) Netlogon and Sysvol folder of site DC are accessible.
3) Verified the clients are authenticating with site DC by : nltest.exe
/sc_query:DOMAIN
4) Verified DFS info for netlogon and sysvol on clients is correct :
dfsutil.exe  /pktinfo

I am clueless where else, should I look?

--
Kamlesh
~
You teach best what you most need to learn.
~

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

When I do that, I try to dedicate an entire spindle to the pagefile, if
possible. It eliminates competition for disk I/O from other sources. If I
can't devote a full spindle, I do tend to do a "pagefile partition" just
because it gives the pagefile a nice, clean sandbox of its own without data
storage creeping into its space.

That said, all of the configuration is completely dependent upon hardware
and software configuration. In other words, just because I've done things
this way, that doesn't necessarily mean that I'm advising it as a best
practice. Heck, it doesn't even necessarily mean that it's a good idea. :-)

Laura 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> Sent: Thursday, November 30, 2006 1:08 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi, 
> 
> I have an answer and a question about the same.
> 
> Most of my servers have 2 partition, one for the OS and the 
> other for data, I always put the pagefile in the data 
> partition, so yes, you can have the have the whole thing in a 
> different partition or hard drive.
> 
> Actually, Linux system always create a swap partition just 
> for that purpose, so I wonder if it would be more efficient 
> to always create a partition just for the pagefile... Anyone knows?
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 12:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On 
> Behalf Of 
> > > Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003 
> > > across multiple drives? My C drive is up to nearly 9GB 
> used out of 
> > > 10GB, and I'd like to move off most of the 3GB pagefile 
> to maybe the 
> > > database drive. We have only 500 users on that system, so
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > --
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod 
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

Larry wrote: 
> > It's also a good idea to split pagefiles across multiple spindles
> 
> It will be on a RAID-5 array, so technically yes, it will be 
> across multiple spindles.

Yup. I usually create a separate partition on the array and drop the
pagefile there. That's mostly just because I'm a little OCD, though. :-)

Laura

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

OT: RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

You know, you can actually do your own crashdump analysis. We even used to
teach people how to do it back in the NT4 days. I loved that class. :-D 

Laura

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
> Sent: Thursday, November 30, 2006 2:15 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi,
>   Best practice used to be to put the pagefile on a 
> different BUS than the OS. The idea is that you can 
> read/write to both the OS and the PF at the same time. We 
> always put the entire PF on a separate bus/drive in it's own 
> partition. That way you have the added speed of a bus apart 
> from the OS bus and a contiguous PF. We never bothered with a 
> C: swapfile because we could never afford to send the dump to 
> M$ for decryption. :-}
> 
> Don
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> Sent: Thursday, November 30, 2006 11:07 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi, 
> 
> I have an answer and a question about the same.
> 
> Most of my servers have 2 partition, one for the OS and the 
> other for data, I always put the pagefile in the data 
> partition, so yes, you can have the have the whole thing in a 
> different partition or hard drive.
> 
> Actually, Linux system always create a swap partition just 
> for that purpose, so I wonder if it would be more efficient 
> to always create a partition just for the pagefile... Anyone knows?
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 12:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On 
> Behalf Of 
> > > Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003 
> > > across multiple drives? My C drive is up to nearly 9GB 
> used out of 
> > > 10GB, and I'd like to move off most of the 3GB pagefile 
> to maybe the 
> > > database drive. We have only 500 users on that system, so
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > --
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod 
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> __
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit 
> http://www.messagelabs.com/email 
> __
> 
> 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> --
> No virus found in 

RE: [ActiveDir] Delegate VPN rights

[Laura A. Robinson]

Do a 'net search for "Active Directory display specifiers". It discusses why
some stuff shows up and other stuff doesn't, as well as how to change it.
 
Laura


   _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
Sent: Thursday, November 30, 2006 12:35 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Delegate VPN rights



I’m attempting to delegate out the permissions to adjust the Remote Access
Permissions under the Dial-In tab in Active Directory for user accounts.
When performing an LDAP query, I notice that changes to this setting are
recorded in the msNPAllowDialin attribute.  Set to False when Deny Access is
set, True when Allow Access is set, and “not set” when Control Access
through Remote Access Policy is set.

 

However when I attempt to delegate out the rights to a security group so
they can modify this, it is not listed as a selectable property.  Am I
missing something here?  Should I be looking for a different property to
delegate out this right?

 

Thanks,

~Ben Watson


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

Thanks, Kevin and Ben. I feel all warm and fuzzy and valuable and stuff now.
:-D

Laura 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
> Sent: Thursday, November 30, 2006 2:29 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Ah, that's a nice clarification.  I actually wasn't aware of 
> the 16MB limitation for page file size on the boot partition, 
> especially since I had done just what you said.  Set the boot 
> partition to "no paging file"
> and just set it manually on an alternative disk.
> 
> Very good to know, thanks for the info Laura.
> 
> ~Ben
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
> Robinson
> Sent: Thursday, November 30, 2006 10:24 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> That's only if you select the "custom size" radio button and 
> try to set it to less than 16MB. If you select the "no paging 
> file" option, it works fine.
> 
> Laura 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of 
> Kevin Brunson
> > Sent: Thursday, November 30, 2006 12:28 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > I think 2k3r2 requires at least 16MB on C:.  At least that is the 
> > error message I have gotten before when I tried to make it smaller 
> > than that.
> > In 2000 I could make it 10MB without it complaining.  
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of 
> Larry Wahlers
> > Sent: Thursday, November 30, 2006 11:09 AM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > Sorry for the reply to my own post, but this article:
> > 
> > http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> > /AdminTips
> > /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> > 
> > says I can move the whole thing to a different partition. 
> > I'll leave a meg on the C drive just for the dumpfile, 
> which we limit 
> > to 64K, in case the system crashes and I can actually 
> figure out how 
> > to read the dumpfile.
> > 
> > But, really, is it OK to leave absolutely NO pagefile on C:/? 
> > We normally leave at least 200Mb on the C: partition when 
> we move the 
> > rest to a different drive.
> > 
> > 
> > --
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > 
> > 
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] 
> On Behalf 
> > > > Of Larry Wahlers
> > > > Sent: Thursday, November 30, 2006 9:55 AM
> > > > To: Exchange Discussions
> > > > Subject: Split pagefile
> > > > 
> > > > Colleagues,
> > > > 
> > > > Is there a best practice for splitting the pagefile on
> > Exchange 2003
> > > > across multiple drives? My C drive is up to nearly 9GB 
> used out of 
> > > > 10GB, and I'd like to move off most of the 3GB pagefile 
> to maybe 
> > > > the database drive. We have only 500 users on that system, so
> > > performance shouldn't
> > > > be too much of an issue.
> > > > 
> > > > Thanks in advance, folks.
> > > > 
> > > > --
> > > > Larry Wahlers
> > > > Concordia Technologies
> > > > The Lutheran Church - Missouri Synod 
> > > > mailto:[EMAIL PROTECTED]
> > > > direct office line: (314) 996-1876
> > > > 
> > > > 
> _
> > > > List posting FAQ:   
> http://www.swinc.com/resource/exch_faq.htm
> > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > > To subscribe: 
> > > http://e-newsletters.internet.com/discussionlists.html/
> > > > To unsubscribe send a blank email to 
> > > > [EMAIL PROTECTED]
> > > > Exchange List admin:[EMAIL PROTECTED]
> > > > To unsubscribe via postal mail, please contact us at:
> > > > Jupitermedia Corp.
> > > > Attn: Discussion List Management
> > > > 475 Park Avenue South
> > > > New York, NY 10016
> > > > 
> > > > Please include the email address which you have been
> > contacted with.
> > > > 
> > > > 
> > List info   : http://www.activedir.org/List.aspx
> > List FAQ: http://www.activedir.org/ListFAQ.aspx
> > List archive: 
> > http://www.mail-archive.com/activedir@mail.activedir.org/
> > List info   : http://www.activedir.org/List.aspx
> > List FAQ: http://www.activedir.org/ListFAQ.aspx
> > List archive: 
> > http://www.mail-archive.com/activedir@mail.activedir.org/
> > 
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.430 / Virus Database: 268.15.2/559 - Release
> > Date: 11/30/2006 5:07 AM
> >  
> > 
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
> 11/30/2006

RE: [ActiveDir] Delegate VPN rights

[Laura A. Robinson]

Thank you! I've been giving myself a headache trying to remember the name of
the file! I couldn't remember the extension.

That said, Ben, still take a look at the display specifiers whitepaper; not
all attributes display names match the actual attribute names. I've not
checked the one in question.

Laura 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
> Sent: Thursday, November 30, 2006 2:50 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Delegate VPN rights
> 
> You will need to modify dssec.dat to expose the property.
> 
> http://www.activedir.org/article.aspx?aid=24#11
> 
> Tony
> -- Original Message --
> From: "WATSON, BEN" <[EMAIL PROTECTED]>
> Reply-To: ActiveDir@mail.activedir.org
> Date:  Thu, 30 Nov 2006 09:34:39 -0800
> 
> I'm attempting to delegate out the permissions to adjust the 
> Remote Access Permissions under the Dial-In tab in Active 
> Directory for user accounts.  When performing an LDAP query, 
> I notice that changes to this setting are recorded in the 
> msNPAllowDialin attribute.  Set to False when Deny Access is 
> set, True when Allow Access is set, and "not set"
> when Control Access through Remote Access Policy is set.
> 
>  
> 
> However when I attempt to delegate out the rights to a 
> security group so they can modify this, it is not listed as a 
> selectable property.  Am I missing something here?  Should I 
> be looking for a different property to delegate out this right?
> 
>  
> 
> Thanks,
> 
> ~Ben Watson
> 
> 
> 
>  
> 
> 
> 
> 
> 
> Sent via the WebMail system at mail.activedir.org
> 
> 
>  
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Larry Wahlers]

Laura wrote:
> That's only if you select the "custom size" radio button and 
> try to set it
> to less than 16MB. If you select the "no paging file" option, 
> it works fine.

Very good. I just tried that on a test server, and that worked.

However, I have a very different problem now. I went ahead and put 16Mb
on my C: volume, and 4096Mb on my F: volume, rebooted, the server came
up, Exchange is working, but I cannot log onto the server with Remote
Desktops anymore. Are these related?

Any advice as to how I can get Remote Desktops to this server working
again will be greatly appreciated, as St. Louis is now experiencing one
of its famous ice storms, and going in to where the server is just isn't
an option right now.

Larry Wahlers
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: RE: [ActiveDir] Split pagefile

[Martin Tuip]

Beats having to read SEC17a and NASD guidelines on a saturday night.

Martin Tuip
MVP-Exchange

- Original Message - 
From: "Laura A. Robinson" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, November 30, 2006 12:21 PM
Subject: OT: RE: [ActiveDir] Split pagefile



You know, you can actually do your own crashdump analysis. We even used to
teach people how to do it back in the NT4 days. I loved that class. :-D

Laura


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
Sent: Thursday, November 30, 2006 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Hi,
Best practice used to be to put the pagefile on a
different BUS than the OS. The idea is that you can
read/write to both the OS and the PF at the same time. We
always put the entire PF on a separate bus/drive in it's own
partition. That way you have the added speed of a bus apart
from the OS bus and a contiguous PF. We never bothered with a
C: swapfile because we could never afford to send the dump to
M$ for decryption. :-}

Don

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
Sent: Thursday, November 30, 2006 11:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Hi,

I have an answer and a question about the same.

Most of my servers have 2 partition, one for the OS and the
other for data, I always put the pagefile in the data
partition, so yes, you can have the have the whole thing in a
different partition or hard drive.

Actually, Linux system always create a swap partition just
for that purpose, so I wonder if it would be more efficient
to always create a partition just for the pagefile... Anyone knows?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition.
I'll leave a meg on the C drive just for the dumpfile, which
we limit to 64K, in case the system crashes and I can
actually figure out how to read the dumpfile.

But, really, is it OK to leave absolutely NO pagefile on C:/?
We normally leave at least 200Mb on the C: partition when we
move the rest to a different drive.


--
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876



> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On
Behalf Of
> > Larry Wahlers
> > Sent: Thursday, November 30, 2006 9:55 AM
> > To: Exchange Discussions
> > Subject: Split pagefile
> >
> > Colleagues,
> >
> > Is there a best practice for splitting the pagefile on
Exchange 2003
> > across multiple drives? My C drive is up to nearly 9GB
used out of
> > 10GB, and I'd like to move off most of the 3GB pagefile
to maybe the
> > database drive. We have only 500 users on that system, so
> performance shouldn't
> > be too much of an issue.
> >
> > Thanks in advance, folks.
> >
> > --
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> >
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe:
> http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to
> > [EMAIL PROTECTED]
> > Exchange List admin:[EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> >
> > Please include the email address which you have been
contacted with.
> >
> >
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir@mail.activedir.org/

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit
http://www.messagelabs.com/email
__


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir@mail.activedir.org/

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.

RE: [ActiveDir] Bulk of client going to PDC

[David Adner]

How are you determining the clients are utilizing the PDCE for these
activities?  A network trace from the client may prove useful.

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Thursday, November 30, 2006 1:51 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Bulk of client going to PDC

 

Hi Guys,

We are facing some strange issue, randomly clients from some sites are going
to PDCe for group policy refresh,along with screensaver and wallpaper stored
in netlogon.

Clients are ignoring their nearest DC, and approaching PDCe. 

All DCs : Win2k3 SP1
All Clients: XP SP2

I verified, 
1) DNS entries for site DC are correct.
2) Netlogon and Sysvol folder of site DC are accessible.
3) Verified the clients are authenticating with site DC by : nltest.exe
/sc_query:DOMAIN
4) Verified DFS info for netlogon and sysvol on clients is correct :
dfsutil.exe  /pktinfo

I am clueless where else, should I look?

-- 
Kamlesh
~ 
You teach best what you most need to learn.
~ 

RE: [ActiveDir] Delegate VPN rights

[WATSON, BEN]

Hmm, getting closer but not quite there yet!  Thanks Tony and James for
the excellent responses.

Both of your attempted solutions do grant the ability to modify what I
want to modify in the GUI (ADUC) in the sense that they are no longer
grayed out to members of the delegated security group, however, when a
change is attempted I get a nice error message stating, "Dial-in profile
changes were not saved because: Access is Denied.".

When I try James's method, the entire dial-in tab is not grayed out, but
I get the error message.  When I try Tony's suggestion (grant read/write
to msNPAllowDialin specifically), I am able to do a more granular
delegation in which only the Remote Access Permission portion of the
Dial-in tab is not grayed out (the rest is still grayed out), however
this also results in the same error when a change is attempted.

Any thoughts on what else I may need to grant permissions on so this can
be properly delegated?  The GUI seems to be a hurdle I've jumped over,
but the actual implementation of the change doesn't want to take.

Thanks guys,
~Ben

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Thursday, November 30, 2006 11:50 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Delegate VPN rights

You will need to modify dssec.dat to expose the property.

http://www.activedir.org/article.aspx?aid=24#11

Tony
-- Original Message --
From: "WATSON, BEN" <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
Date:  Thu, 30 Nov 2006 09:34:39 -0800

I'm attempting to delegate out the permissions to adjust the Remote
Access Permissions under the Dial-In tab in Active Directory for user
accounts.  When performing an LDAP query, I notice that changes to this
setting are recorded in the msNPAllowDialin attribute.  Set to False
when Deny Access is set, True when Allow Access is set, and "not set"
when Control Access through Remote Access Policy is set.

 

However when I attempt to delegate out the rights to a security group so
they can modify this, it is not listed as a selectable property.  Am I
missing something here?  Should I be looking for a different property to
delegate out this right?

 

Thanks,

~Ben Watson



 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: RE: [ActiveDir] Split pagefile

[Ramon Linan]

That is pretty cool, where do  I learn about this? do you know of a good
url where it tells you how to do your own crashdump analysis?

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 3:21 PM
To: ActiveDir@mail.activedir.org
Subject: OT: RE: [ActiveDir] Split pagefile

You know, you can actually do your own crashdump analysis. We even used
to teach people how to do it back in the NT4 days. I loved that class.
:-D 

Laura

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
> Sent: Thursday, November 30, 2006 2:15 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi,
>   Best practice used to be to put the pagefile on a different BUS
than 
> the OS. The idea is that you can read/write to both the OS and the PF 
> at the same time. We always put the entire PF on a separate bus/drive 
> in it's own partition. That way you have the added speed of a bus 
> apart from the OS bus and a contiguous PF. We never bothered with a
> C: swapfile because we could never afford to send the dump to M$ for 
> decryption. :-}
> 
> Don
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> Sent: Thursday, November 30, 2006 11:07 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi,
> 
> I have an answer and a question about the same.
> 
> Most of my servers have 2 partition, one for the OS and the other for 
> data, I always put the pagefile in the data partition, so yes, you can

> have the have the whole thing in a different partition or hard drive.
> 
> Actually, Linux system always create a swap partition just for that 
> purpose, so I wonder if it would be more efficient to always create a 
> partition just for the pagefile... Anyone knows?
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 12:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which we limit 
> to 64K, in case the system crashes and I can actually figure out how 
> to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we move the 
> rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On
> Behalf Of
> > > Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on
> Exchange 2003
> > > across multiple drives? My C drive is up to nearly 9GB
> used out of
> > > 10GB, and I'd like to move off most of the 3GB pagefile
> to maybe the
> > > database drive. We have only 500 users on that system, so
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > --
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod 
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> __
> This email has been scanned by the MessageLabs Email Security System.
> For more in

Re: OT: RE: [ActiveDir] Split pagefile

[Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]]

Heck even us SBSers know how to that :-)

E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Hey Peter! That 
was pretty easy!:

http://msmvps.com/blogs/bradley/archive/2006/04/25/92594.aspx
E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : Debugging 101:
http://msmvps.com/blogs/bradley/archive/2006/06/22/102538.aspx
E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : "The" debug 
presentation from TechEd:

http://msmvps.com/blogs/bradley/archive/2006/06/29/103239.aspx


(call me wacko but I love crash dumps.. they are fun  :-)

Laura A. Robinson wrote:

You know, you can actually do your own crashdump analysis. We even used to
teach people how to do it back in the NT4 days. I loved that class. :-D 


Laura

  

-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn

Sent: Thursday, November 30, 2006 2:15 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Hi,
	Best practice used to be to put the pagefile on a 
different BUS than the OS. The idea is that you can 
read/write to both the OS and the PF at the same time. We 
always put the entire PF on a separate bus/drive in it's own 
partition. That way you have the added speed of a bus apart 
from the OS bus and a contiguous PF. We never bothered with a 
C: swapfile because we could never afford to send the dump to 
M$ for decryption. :-}


Don

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
Sent: Thursday, November 30, 2006 11:07 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Hi, 


I have an answer and a question about the same.

Most of my servers have 2 partition, one for the OS and the 
other for data, I always put the pagefile in the data 
partition, so yes, you can have the have the whole thing in a 
different partition or hard drive.


Actually, Linux system always create a swap partition just 
for that purpose, so I wonder if it would be more efficient 
to always create a partition just for the pagefile... Anyone knows?


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
Sent: Thursday, November 30, 2006 12:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Split pagefile

Sorry for the reply to my own post, but this article:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
/AdminTips
/Miscellaneous/EnhancePerformancebyMovingthePagefile.html

says I can move the whole thing to a different partition. 
I'll leave a meg on the C drive just for the dumpfile, which 
we limit to 64K, in case the system crashes and I can 
actually figure out how to read the dumpfile.


But, really, is it OK to leave absolutely NO pagefile on C:/? 
We normally leave at least 200Mb on the C: partition when we 
move the rest to a different drive.



--
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On 

Behalf Of 


Larry Wahlers
Sent: Thursday, November 30, 2006 9:55 AM
To: Exchange Discussions
Subject: Split pagefile

Colleagues,

Is there a best practice for splitting the pagefile on 

Exchange 2003 

across multiple drives? My C drive is up to nearly 9GB 

used out of 

10GB, and I'd like to move off most of the 3GB pagefile 

to maybe the 


database drive. We have only 500 users on that system, so


performance shouldn't
  

be too much of an issue.

Thanks in advance, folks.

--
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod 
mailto:[EMAIL PROTECTED]

direct office line: (314) 996-1876

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: 


http://e-newsletters.internet.com/discussionlists.html/
  
To unsubscribe send a blank email to 
[EMAIL PROTECTED]

Exchange List admin:[EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been 


contacted with.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir@mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: 
http://www.mail-archive.com/activedir@mail.activedir.org/


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit 
http://www.messagelabs.com/email 
__

RE: [ActiveDir] Bulk of client going to PDC

[David Cliffe]

Hi Kamlesh,
 
I'm not necessarily recommending this as a fix, but wondering if
you've seen it yet and if would apply?
 
http://support.microsoft.com/kb/831201/en-us
 
-DaveC



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Thursday, November 30, 2006 2:51 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Bulk of client going to PDC


Hi Guys,

We are facing some strange issue, randomly clients from some
sites are going to PDCe for group policy refresh,along with screensaver
and wallpaper stored in netlogon.

Clients are ignoring their nearest DC, and approaching PDCe. 

All DCs : Win2k3 SP1
All Clients: XP SP2

I verified, 
1) DNS entries for site DC are correct.
2) Netlogon and Sysvol folder of site DC are accessible.
3) Verified the clients are authenticating with site DC by :
nltest.exe  /sc_query:DOMAIN
4) Verified DFS info for netlogon and sysvol on clients is
correct :  dfsutil.exe  /pktinfo

I am clueless where else, should I look?

-- 
Kamlesh
~ 
You teach best what you most need to learn.
~ 



This email was sent to you by Reuters, the global news and information company. 
To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender, except 
where the sender specifically states them to be the views of Reuters Ltd.

RE: [ActiveDir] Delegate VPN rights

[Ulf B. Simon-Weidner]

Hi Ben,

 

the entire Dial-In Tab doesn't allow granular delegation - you need to
delegate everything which is on the tab since it's writing back all
attributes on the Tab no matter what. If you feel this is wrong open up a
case with PSS and line up in the row of customers which want this changed.
I've had a Critical Design Change Request with an Insurance Group about
this, however it was not requested by other customers at this time and
therefore not changed for a single customer.

 

Some Infos I've wrote once about this issue:

http://www.windowsserverfaq.de/faq/DialInTab.asp

 

Gruesse - Sincerely, 

Ulf B. Simon-Weidner 

  Profile & Publications:
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F
2F1214C811D>
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811
D   
  Weblog:  http://msmvps.org/UlfBSimonWeidner>
http://msmvps.org/UlfBSimonWeidner
  Website:  http://www.windowsserverfaq.org/>
http://www.windowsserverfaq.org

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
Sent: Donnerstag, 30. November 2006 18:35
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Delegate VPN rights

 

I'm attempting to delegate out the permissions to adjust the Remote Access
Permissions under the Dial-In tab in Active Directory for user accounts.
When performing an LDAP query, I notice that changes to this setting are
recorded in the msNPAllowDialin attribute.  Set to False when Deny Access is
set, True when Allow Access is set, and "not set" when Control Access
through Remote Access Policy is set.

 

However when I attempt to delegate out the rights to a security group so
they can modify this, it is not listed as a selectable property.  Am I
missing something here?  Should I be looking for a different property to
delegate out this right?

 

Thanks,

~Ben Watson

RE: RE: [ActiveDir] Split pagefile

[Kevin Brunson]

I think Susan brought this up last week or so.  Here's the link she
gave.  I can't find the original post
http://blogs.technet.com/petergal/archive/2006/03/23/422993.aspx


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 2:21 PM
To: ActiveDir@mail.activedir.org
Subject: OT: RE: [ActiveDir] Split pagefile

You know, you can actually do your own crashdump analysis. We even used
to
teach people how to do it back in the NT4 days. I loved that class. :-D 

Laura

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
> Sent: Thursday, November 30, 2006 2:15 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi,
>   Best practice used to be to put the pagefile on a 
> different BUS than the OS. The idea is that you can 
> read/write to both the OS and the PF at the same time. We 
> always put the entire PF on a separate bus/drive in it's own 
> partition. That way you have the added speed of a bus apart 
> from the OS bus and a contiguous PF. We never bothered with a 
> C: swapfile because we could never afford to send the dump to 
> M$ for decryption. :-}
> 
> Don
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> Sent: Thursday, November 30, 2006 11:07 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi, 
> 
> I have an answer and a question about the same.
> 
> Most of my servers have 2 partition, one for the OS and the 
> other for data, I always put the pagefile in the data 
> partition, so yes, you can have the have the whole thing in a 
> different partition or hard drive.
> 
> Actually, Linux system always create a swap partition just 
> for that purpose, so I wonder if it would be more efficient 
> to always create a partition just for the pagefile... Anyone knows?
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 12:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which 
> we limit to 64K, in case the system crashes and I can 
> actually figure out how to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we 
> move the rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On 
> Behalf Of 
> > > Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on 
> Exchange 2003 
> > > across multiple drives? My C drive is up to nearly 9GB 
> used out of 
> > > 10GB, and I'd like to move off most of the 3GB pagefile 
> to maybe the 
> > > database drive. We have only 500 users on that system, so
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > --
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod 
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > > 
> > > Please include the email address which you have been 
> contacted with.
> > > 
> > > 
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> __
> This email has been scanned

RE: [ActiveDir] Delegate VPN rights

[WATSON, BEN]

Hi Laura,

Thanks so much for the response.  It's kind of odd actually.  I did as
Tony suggested and made the adjustment so I could delegate read and
write privileges for msNPAllowDialin.  Once I did this, this definitely
made the Remote Access Permission portion under the Dial-in tab
"ungrayed" I guess you could say.  However when changes are made, and
you attempt to save those changes by hitting OK/Apply, I get an error
that, "Dial-in profile changes were not saved because: Access is
Denied."

I'll continue looking for an answer in the display specifiers whitepaper
and hope it has an answer for me, although I haven't had any real luck
so far.

Thanks,
~Ben

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 1:09 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Delegate VPN rights

Thank you! I've been giving myself a headache trying to remember the
name of
the file! I couldn't remember the extension.

That said, Ben, still take a look at the display specifiers whitepaper;
not
all attributes display names match the actual attribute names. I've not
checked the one in question.

Laura 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
> Sent: Thursday, November 30, 2006 2:50 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: [ActiveDir] Delegate VPN rights
> 
> You will need to modify dssec.dat to expose the property.
> 
> http://www.activedir.org/article.aspx?aid=24#11
> 
> Tony
> -- Original Message --
> From: "WATSON, BEN" <[EMAIL PROTECTED]>
> Reply-To: ActiveDir@mail.activedir.org
> Date:  Thu, 30 Nov 2006 09:34:39 -0800
> 
> I'm attempting to delegate out the permissions to adjust the 
> Remote Access Permissions under the Dial-In tab in Active 
> Directory for user accounts.  When performing an LDAP query, 
> I notice that changes to this setting are recorded in the 
> msNPAllowDialin attribute.  Set to False when Deny Access is 
> set, True when Allow Access is set, and "not set"
> when Control Access through Remote Access Policy is set.
> 
>  
> 
> However when I attempt to delegate out the rights to a 
> security group so they can modify this, it is not listed as a 
> selectable property.  Am I missing something here?  Should I 
> be looking for a different property to delegate out this right?
> 
>  
> 
> Thanks,
> 
> ~Ben Watson
> 
> 
> 
>  
> 
> 
> 
> 
> 
> Sent via the WebMail system at mail.activedir.org
> 
> 
>  
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

Are you able to connect to the server via Computer Management? Meaning, in
the Computer Management console, can you right click on the server and
choose "Connect to.." or whatever it says, then connect to the problem
server? If so, can you see the service statuses and event logs on the
server? You can also connect to the remote machine's logs via the event log
UI, but Computer Management has all the good goop in it, anyway. Can you
telnet to the RDP port? Can you map a drive to a share on the server? When
you say you can't log on, do you get the logon dialog box and a failure to
let you log on, or do you get no remote desktop UI at all?

Laura (probably a bit overcaffeinated now; can you tell?)

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 4:35 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Laura wrote:
> > That's only if you select the "custom size" radio button and try to 
> > set it to less than 16MB. If you select the "no paging 
> file" option, 
> > it works fine.
> 
> Very good. I just tried that on a test server, and that worked.
> 
> However, I have a very different problem now. I went ahead 
> and put 16Mb on my C: volume, and 4096Mb on my F: volume, 
> rebooted, the server came up, Exchange is working, but I 
> cannot log onto the server with Remote Desktops anymore. Are 
> these related?
> 
> Any advice as to how I can get Remote Desktops to this server 
> working again will be greatly appreciated, as St. Louis is 
> now experiencing one of its famous ice storms, and going in 
> to where the server is just isn't an option right now.
> 
> Larry Wahlers
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir@mail.activedir.org/
> 
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.430 / Virus Database: 268.15.2/559 - Release 
> Date: 11/30/2006 5:07 AM
>  
> 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

OT: RE: RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

That's how you spend your Saturday nights? I suddenly feel waaay cooler
(socially speaking) than I did five minutes ago, I gotta tell ya. 

Laura

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Martin Tuip
> Sent: Thursday, November 30, 2006 4:48 PM
> To: ActiveDir@mail.activedir.org
> Subject: Re: RE: [ActiveDir] Split pagefile
> 
> Beats having to read SEC17a and NASD guidelines on a saturday night.
> 
> Martin Tuip
> MVP-Exchange
> 
> - Original Message -
> From: "Laura A. Robinson" <[EMAIL PROTECTED]>
> To: 
> Sent: Thursday, November 30, 2006 12:21 PM
> Subject: OT: RE: [ActiveDir] Split pagefile
> 
> 
> > You know, you can actually do your own crashdump analysis. 
> We even used to
> > teach people how to do it back in the NT4 days. I loved 
> that class. :-D
> >
> > Laura
> >
> >> -Original Message-
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
> >> Sent: Thursday, November 30, 2006 2:15 PM
> >> To: ActiveDir@mail.activedir.org
> >> Subject: RE: [ActiveDir] Split pagefile
> >>
> >> Hi,
> >> Best practice used to be to put the pagefile on a
> >> different BUS than the OS. The idea is that you can
> >> read/write to both the OS and the PF at the same time. We
> >> always put the entire PF on a separate bus/drive in it's own
> >> partition. That way you have the added speed of a bus apart
> >> from the OS bus and a contiguous PF. We never bothered with a
> >> C: swapfile because we could never afford to send the dump to
> >> M$ for decryption. :-}
> >>
> >> Don
> >>
> >> -Original Message-
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Ramon Linan
> >> Sent: Thursday, November 30, 2006 11:07 AM
> >> To: ActiveDir@mail.activedir.org
> >> Subject: RE: [ActiveDir] Split pagefile
> >>
> >> Hi,
> >>
> >> I have an answer and a question about the same.
> >>
> >> Most of my servers have 2 partition, one for the OS and the
> >> other for data, I always put the pagefile in the data
> >> partition, so yes, you can have the have the whole thing in a
> >> different partition or hard drive.
> >>
> >> Actually, Linux system always create a swap partition just
> >> for that purpose, so I wonder if it would be more efficient
> >> to always create a partition just for the pagefile... Anyone knows?
> >>
> >> -Original Message-
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Larry Wahlers
> >> Sent: Thursday, November 30, 2006 12:09 PM
> >> To: ActiveDir@mail.activedir.org
> >> Subject: RE: [ActiveDir] Split pagefile
> >>
> >> Sorry for the reply to my own post, but this article:
> >>
> >> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> >> /AdminTips
> >> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> >>
> >> says I can move the whole thing to a different partition.
> >> I'll leave a meg on the C drive just for the dumpfile, which
> >> we limit to 64K, in case the system crashes and I can
> >> actually figure out how to read the dumpfile.
> >>
> >> But, really, is it OK to leave absolutely NO pagefile on C:/?
> >> We normally leave at least 200Mb on the C: partition when we
> >> move the rest to a different drive.
> >>
> >>
> >> --
> >> Larry Wahlers
> >> Concordia Technologies
> >> The Lutheran Church - Missouri Synod
> >> mailto:[EMAIL PROTECTED]
> >> direct office line: (314) 996-1876
> >>
> >>
> >>
> >> > > -Original Message-
> >> > > From: [EMAIL PROTECTED]
> >> > > [mailto:[EMAIL PROTECTED] On
> >> Behalf Of
> >> > > Larry Wahlers
> >> > > Sent: Thursday, November 30, 2006 9:55 AM
> >> > > To: Exchange Discussions
> >> > > Subject: Split pagefile
> >> > >
> >> > > Colleagues,
> >> > >
> >> > > Is there a best practice for splitting the pagefile on
> >> Exchange 2003
> >> > > across multiple drives? My C drive is up to nearly 9GB
> >> used out of
> >> > > 10GB, and I'd like to move off most of the 3GB pagefile
> >> to maybe the
> >> > > database drive. We have only 500 users on that system, so
> >> > performance shouldn't
> >> > > be too much of an issue.
> >> > >
> >> > > Thanks in advance, folks.
> >> > >
> >> > > --
> >> > > Larry Wahlers
> >> > > Concordia Technologies
> >> > > The Lutheran Church - Missouri Synod
> >> > > mailto:[EMAIL PROTECTED]
> >> > > direct office line: (314) 996-1876
> >> > >
> >> > > 
> _
> >> > > List posting FAQ:   
> http://www.swinc.com/resource/exch_faq.htm
> >> > > Web Interface: 
> http://intm-dl.sparklist.com/read/?forum=exchange
> >> > > To subscribe:
> >> > http://e-newsletters.internet.com/discussionlists.html/
> >> > > To unsubscribe send a blank email to
> >> > > [EMAIL PROTECTED]
> >> > > Exchange List admin:[EMAIL PROTECTED]
> >> > > To unsubscribe via postal mail, please contact us at:
> >> > > Jupitermedia Corp.
> >> > > Attn: Discussion List Management
> >> > > 475 Park Avenue South
> >> >

RE: RE: [ActiveDir] Split pagefile

[Crawford, Scott]

This is Mark Russinovich's presentation from Tech Ed.

http://www.microsoft.com/events/EventDetails.aspx?CMTYSvcSource=MSCOMMed
ia&Params=%7eCMTYDataSvcParams%5e%7earg+Name%3d%22ID%22+Value%3d%2210322
98076%22%2f%5e%7earg+Name%3d%22ProviderID%22+Value%3d%22A6B43178-497C-42
25-BA42-DF595171F04C%22%2f%5e%7earg+Name%3d%22lang%22+Value%3d%22en%22%2
f%5e%7earg+Name%3d%22cr%22+Value%3d%22US%22%2f%5e%7esParams%5e%7e%2fsPar
ams%5e%7e%2fCMTYDataSvcParams%5e

If that link doesn't work, it's towards the bottom of this page:
http://www.microsoft.com/technet/sysinternals/default.mspx


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
Sent: Thursday, November 30, 2006 3:58 PM
To: ActiveDir@mail.activedir.org
Subject: RE: RE: [ActiveDir] Split pagefile

That is pretty cool, where do  I learn about this? do you know of a good
url where it tells you how to do your own crashdump analysis?

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 3:21 PM
To: ActiveDir@mail.activedir.org
Subject: OT: RE: [ActiveDir] Split pagefile

You know, you can actually do your own crashdump analysis. We even used
to teach people how to do it back in the NT4 days. I loved that class.
:-D 

Laura

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
> Sent: Thursday, November 30, 2006 2:15 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi,
>   Best practice used to be to put the pagefile on a different BUS
than 
> the OS. The idea is that you can read/write to both the OS and the PF 
> at the same time. We always put the entire PF on a separate bus/drive 
> in it's own partition. That way you have the added speed of a bus 
> apart from the OS bus and a contiguous PF. We never bothered with a
> C: swapfile because we could never afford to send the dump to M$ for 
> decryption. :-}
> 
> Don
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> Sent: Thursday, November 30, 2006 11:07 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Hi,
> 
> I have an answer and a question about the same.
> 
> Most of my servers have 2 partition, one for the OS and the other for 
> data, I always put the pagefile in the data partition, so yes, you can

> have the have the whole thing in a different partition or hard drive.
> 
> Actually, Linux system always create a swap partition just for that 
> purpose, so I wonder if it would be more efficient to always create a 
> partition just for the pagefile... Anyone knows?
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Larry Wahlers
> Sent: Thursday, November 30, 2006 12:09 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Split pagefile
> 
> Sorry for the reply to my own post, but this article:
> 
> http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> /AdminTips
> /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> 
> says I can move the whole thing to a different partition. 
> I'll leave a meg on the C drive just for the dumpfile, which we limit 
> to 64K, in case the system crashes and I can actually figure out how 
> to read the dumpfile.
> 
> But, really, is it OK to leave absolutely NO pagefile on C:/? 
> We normally leave at least 200Mb on the C: partition when we move the 
> rest to a different drive.
> 
> 
> --
> Larry Wahlers
> Concordia Technologies
> The Lutheran Church - Missouri Synod
> mailto:[EMAIL PROTECTED]
> direct office line: (314) 996-1876
> 
> 
> 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On
> Behalf Of
> > > Larry Wahlers
> > > Sent: Thursday, November 30, 2006 9:55 AM
> > > To: Exchange Discussions
> > > Subject: Split pagefile
> > > 
> > > Colleagues,
> > > 
> > > Is there a best practice for splitting the pagefile on
> Exchange 2003
> > > across multiple drives? My C drive is up to nearly 9GB
> used out of
> > > 10GB, and I'd like to move off most of the 3GB pagefile
> to maybe the
> > > database drive. We have only 500 users on that system, so
> > performance shouldn't
> > > be too much of an issue.
> > > 
> > > Thanks in advance, folks.
> > > 
> > > --
> > > Larry Wahlers
> > > Concordia Technologies
> > > The Lutheran Church - Missouri Synod 
> > > mailto:[EMAIL PROTECTED]
> > > direct office line: (314) 996-1876
> > > 
> > > _
> > > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe: 
> > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to 
> > > [EMAIL PROTECTED]
> > > Exchange List admin:[EMAIL PROTECTED

RE: RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

Ooh, I love it when people get all geeky.

Here's a nice little laundry list of links (I love all this alliteration):
http://labmice.techtarget.com/troubleshooting/memorydumps.htm

If you subscribe to Windows IT Pro, Mark Russinovich [insert awed murmurs
and supplicant posturing] wrote an article on it here:
http://www.windowsitpro.com/Article/ArticleID/16425/16425.html?Ad=1


ooorrr...you could click on them there handy links that Susan just sent and
I'll quit copying and pasting now. :-)

Laura

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> Sent: Thursday, November 30, 2006 4:58 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: RE: [ActiveDir] Split pagefile
> 
> That is pretty cool, where do  I learn about this? do you 
> know of a good url where it tells you how to do your own 
> crashdump analysis?
> 
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
> Robinson
> Sent: Thursday, November 30, 2006 3:21 PM
> To: ActiveDir@mail.activedir.org
> Subject: OT: RE: [ActiveDir] Split pagefile
> 
> You know, you can actually do your own crashdump analysis. We 
> even used to teach people how to do it back in the NT4 days. 
> I loved that class.
> :-D 
> 
> Laura
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
> > Sent: Thursday, November 30, 2006 2:15 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > Hi,
> > Best practice used to be to put the pagefile on a different BUS
> than 
> > the OS. The idea is that you can read/write to both the OS 
> and the PF 
> > at the same time. We always put the entire PF on a separate 
> bus/drive 
> > in it's own partition. That way you have the added speed of a bus 
> > apart from the OS bus and a contiguous PF. We never bothered with a
> > C: swapfile because we could never afford to send the dump 
> to M$ for 
> > decryption. :-}
> > 
> > Don
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> > Sent: Thursday, November 30, 2006 11:07 AM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > Hi,
> > 
> > I have an answer and a question about the same.
> > 
> > Most of my servers have 2 partition, one for the OS and the 
> other for 
> > data, I always put the pagefile in the data partition, so 
> yes, you can
> 
> > have the have the whole thing in a different partition or 
> hard drive.
> > 
> > Actually, Linux system always create a swap partition just for that 
> > purpose, so I wonder if it would be more efficient to 
> always create a 
> > partition just for the pagefile... Anyone knows?
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of 
> Larry Wahlers
> > Sent: Thursday, November 30, 2006 12:09 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > Sorry for the reply to my own post, but this article:
> > 
> > http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> > /AdminTips
> > /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> > 
> > says I can move the whole thing to a different partition. 
> > I'll leave a meg on the C drive just for the dumpfile, 
> which we limit 
> > to 64K, in case the system crashes and I can actually 
> figure out how 
> > to read the dumpfile.
> > 
> > But, really, is it OK to leave absolutely NO pagefile on C:/? 
> > We normally leave at least 200Mb on the C: partition when 
> we move the 
> > rest to a different drive.
> > 
> > 
> > --
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > 
> > 
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On
> > Behalf Of
> > > > Larry Wahlers
> > > > Sent: Thursday, November 30, 2006 9:55 AM
> > > > To: Exchange Discussions
> > > > Subject: Split pagefile
> > > > 
> > > > Colleagues,
> > > > 
> > > > Is there a best practice for splitting the pagefile on
> > Exchange 2003
> > > > across multiple drives? My C drive is up to nearly 9GB
> > used out of
> > > > 10GB, and I'd like to move off most of the 3GB pagefile
> > to maybe the
> > > > database drive. We have only 500 users on that system, so
> > > performance shouldn't
> > > > be too much of an issue.
> > > > 
> > > > Thanks in advance, folks.
> > > > 
> > > > --
> > > > Larry Wahlers
> > > > Concordia Technologies
> > > > The Lutheran Church - Missouri Synod 
> > > > mailto:[EMAIL PROTECTED]
> > > > direct office line: (314) 996-1876
> > > > 
> > > > 
> _
> > > > List posting FAQ:   
> http://www.swinc.com/resource/exch_faq.htm
> > > > Web Interface: http://intm-dl.s

Re: [ActiveDir] Delegate VPN rights

[steve patrick]

Keep in mind that this is only via the ADUC UI - since you have already 
delegated this to the user you can use ldp\script etc.. to set the 
msNPAllowDialin  == true.
It should reflect properly in ADUC when you next view that user..

spat

  - Original Message - 
  From: Ulf B. Simon-Weidner 
  To: ActiveDir@mail.activedir.org 
  Sent: Thursday, November 30, 2006 2:18 PM
  Subject: RE: [ActiveDir] Delegate VPN rights


  Hi Ben,

   

  the entire Dial-In Tab doesn't allow granular delegation - you need to 
delegate everything which is on the tab since it's writing back all attributes 
on the Tab no matter what. If you feel this is wrong open up a case with PSS 
and line up in the row of customers which want this changed. I've had a 
Critical Design Change Request with an Insurance Group about this, however it 
was not requested by other customers at this time and therefore not changed for 
a single customer.

   

  Some Infos I've wrote once about this issue:

  http://www.windowsserverfaq.de/faq/DialInTab.asp

   

  Gruesse - Sincerely, 

  Ulf B. Simon-Weidner 

Profile & Publications:   
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D   
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org

   

  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN
  Sent: Donnerstag, 30. November 2006 18:35
  To: ActiveDir@mail.activedir.org
  Subject: [ActiveDir] Delegate VPN rights

   

  I'm attempting to delegate out the permissions to adjust the Remote Access 
Permissions under the Dial-In tab in Active Directory for user accounts.  When 
performing an LDAP query, I notice that changes to this setting are recorded in 
the msNPAllowDialin attribute.  Set to False when Deny Access is set, True when 
Allow Access is set, and "not set" when Control Access through Remote Access 
Policy is set.

   

  However when I attempt to delegate out the rights to a security group so they 
can modify this, it is not listed as a selectable property.  Am I missing 
something here?  Should I be looking for a different property to delegate out 
this right?

   

  Thanks,

  ~Ben Watson

[ActiveDir] dynamic variables within an event log entry?

[Thommes, Michael M.]

I wonder if someone could explain to me (or point me at some reference)
about what mechanism is used to populate the information in a Windows
event log entry.  The reason why I ask is that I see in the Security log
when a new user account is created by an account which is a member of
the Domain Admins group, the _OBJECT_OWNER=XYZ\Domain Admins , not
XYZ\adminacct1 .  If it is created by an account that is a member of the
Account Operators group, then _OBJECT_OWNER=XYZ\operacct1, not
XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this design on purpose
or a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes

OT: RE: RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

I was out eating turkey. You people were reading the list? Dang, that's
dedication! 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Brunson
> Sent: Thursday, November 30, 2006 5:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: RE: [ActiveDir] Split pagefile
> 
> I think Susan brought this up last week or so.  Here's the 
> link she gave.  I can't find the original post
> http://blogs.technet.com/petergal/archive/2006/03/23/422993.aspx
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
> Robinson
> Sent: Thursday, November 30, 2006 2:21 PM
> To: ActiveDir@mail.activedir.org
> Subject: OT: RE: [ActiveDir] Split pagefile
> 
> You know, you can actually do your own crashdump analysis. We 
> even used to teach people how to do it back in the NT4 days. 
> I loved that class. :-D 
> 
> Laura
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Don Hoehn
> > Sent: Thursday, November 30, 2006 2:15 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > Hi,
> > Best practice used to be to put the pagefile on a 
> different BUS than 
> > the OS. The idea is that you can read/write to both the OS 
> and the PF 
> > at the same time. We always put the entire PF on a separate 
> bus/drive 
> > in it's own partition. That way you have the added speed of a bus 
> > apart from the OS bus and a contiguous PF. We never bothered with a
> > C: swapfile because we could never afford to send the dump 
> to M$ for 
> > decryption. :-}
> > 
> > Don
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Ramon Linan
> > Sent: Thursday, November 30, 2006 11:07 AM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > Hi,
> > 
> > I have an answer and a question about the same.
> > 
> > Most of my servers have 2 partition, one for the OS and the 
> other for 
> > data, I always put the pagefile in the data partition, so 
> yes, you can 
> > have the have the whole thing in a different partition or 
> hard drive.
> > 
> > Actually, Linux system always create a swap partition just for that 
> > purpose, so I wonder if it would be more efficient to 
> always create a 
> > partition just for the pagefile... Anyone knows?
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of 
> Larry Wahlers
> > Sent: Thursday, November 30, 2006 12:09 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: RE: [ActiveDir] Split pagefile
> > 
> > Sorry for the reply to my own post, but this article:
> > 
> > http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003
> > /AdminTips
> > /Miscellaneous/EnhancePerformancebyMovingthePagefile.html
> > 
> > says I can move the whole thing to a different partition. 
> > I'll leave a meg on the C drive just for the dumpfile, 
> which we limit 
> > to 64K, in case the system crashes and I can actually 
> figure out how 
> > to read the dumpfile.
> > 
> > But, really, is it OK to leave absolutely NO pagefile on C:/? 
> > We normally leave at least 200Mb on the C: partition when 
> we move the 
> > rest to a different drive.
> > 
> > 
> > --
> > Larry Wahlers
> > Concordia Technologies
> > The Lutheran Church - Missouri Synod
> > mailto:[EMAIL PROTECTED]
> > direct office line: (314) 996-1876
> > 
> > 
> > 
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On
> > Behalf Of
> > > > Larry Wahlers
> > > > Sent: Thursday, November 30, 2006 9:55 AM
> > > > To: Exchange Discussions
> > > > Subject: Split pagefile
> > > > 
> > > > Colleagues,
> > > > 
> > > > Is there a best practice for splitting the pagefile on
> > Exchange 2003
> > > > across multiple drives? My C drive is up to nearly 9GB
> > used out of
> > > > 10GB, and I'd like to move off most of the 3GB pagefile
> > to maybe the
> > > > database drive. We have only 500 users on that system, so
> > > performance shouldn't
> > > > be too much of an issue.
> > > > 
> > > > Thanks in advance, folks.
> > > > 
> > > > --
> > > > Larry Wahlers
> > > > Concordia Technologies
> > > > The Lutheran Church - Missouri Synod 
> > > > mailto:[EMAIL PROTECTED]
> > > > direct office line: (314) 996-1876
> > > > 
> > > > 
> _
> > > > List posting FAQ:   
> http://www.swinc.com/resource/exch_faq.htm
> > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > > To subscribe: 
> > > http://e-newsletters.internet.com/discussionlists.html/
> > > > To unsubscribe send a blank email to 
> > > > [EMAIL PROTECTED]
> > > > Exchange List admin:[EMAIL PROTECTED]
> > > > To unsubscribe via postal mail, please contact us at:
> > > > Jupitermedia Corp.
> > > > Attn: Discussion List Management
> > > > 475 

RE: [ActiveDir] Split pagefile

[Larry Wahlers]

Thanks for replying, Laura!

You wrote:
> Are you able to connect to the server via Computer 
> Management? 

Yes.

>If so, can you see the service statuses and event logs on the
> server? 

Yes. I looked all through the event logs, and didn't see anything
relating to terminal services failures. And the terminal services
service is started.

> Can you
> telnet to the RDP port? 

If you mean, can I telnet to the server by name or by its IP address,
no. But yes, I can telnet to port 3389 on the server, and the cursor
sits there and blinks at me, but as soon as I hit any key, I get back to
my command prompt.

P:\>telnet ctms100
Connecting To ctms100...Could not open connection to the host, on port
23: Conne
ct failed

> Can you map a drive to a share on the 
> server? 

Yes. And, in fact, I have the same 2Gb pagefile on C: that I had before,
and no pagefile on E: So, I'm thinking that
A. I forgot to hit the set button, or
B. The server got confused.

> When
> you say you can't log on, do you get the logon dialog box and 
> a failure to
> let you log on, or do you get no remote desktop UI at all?

No remote desktop UI at all. I immediately get the "disconnected from
server" message.

> Laura (probably a bit overcaffeinated now; can you tell?)

No problem. I'm snowed in, but the server is running. 

I guess what I'd like to do is see if I can reset the pagefile and
reboot the server, all remotely, and still manage to terminal service to
it and log in.

Thanks for your help, Laura. You deserve many pats on the back,
attagirls, and stuff.

Larry Wahlers

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

Re: [ActiveDir] dynamic variables within an event log entry?

[Tony Murray]

Hi Michael

If you have Account Management auditing enabled you should see 624 events that 
show the account used to create new accounts.  Here's an example.

***
Event Type: Success Audit
Event Source:   Security
Event Category: Account Management 
Event ID:   624
Date:   1/12/2006
Time:   2:48:41 p.m.
User:   DEV\su-141820
Computer:   ADC01
Description:
User Account Created:
New Account Name:   jamesb
New Domain: DEV
New Account ID: DEV\jamesb
Caller User Name:   su-141820
Caller Domain:  DEV
Caller Logon ID:(0x0,0x72DE0)
Privileges  -
 Attributes:
Sam Account Name:   jamesb
Display Name:   James Blench
User Principal Name:[EMAIL PROTECTED]
Home Directory: -
Home Drive: -
Script Path:-
Profile Path:   -
User Workstations:  -
Password Last Set:   
Account Expires: 
Primary Group ID:   513
AllowedToDelegateTo:-
Old UAC Value:  0x0
New UAC Value:  0x15
User Account Control:   
Account Disabled 
'Password Not Required' - Enabled 
'Normal Account' - Enabled 
User Parameters:-
Sid History:-
Logon Hours: 


For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.
***

The name of the account used to create the new user is shown in the Caller User 
Name field (in this case su-141820, which is a member of Domain Admins).

Tony

-- Original Message --
From: "Thommes, Michael M." <[EMAIL PROTECTED]>
Reply-To: ActiveDir@mail.activedir.org
Date:  Thu, 30 Nov 2006 18:33:22 -0600

I wonder if someone could explain to me (or point me at some reference)
about what mechanism is used to populate the information in a Windows
event log entry.  The reason why I ask is that I see in the Security log
when a new user account is created by an account which is a member of
the Domain Admins group, the _OBJECT_OWNER=XYZ\Domain Admins , not
XYZ\adminacct1 .  If it is created by an account that is a member of the
Account Operators group, then _OBJECT_OWNER=XYZ\operacct1, not
XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this design on purpose
or a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes



 





Sent via the WebMail system at mail.activedir.org


 
   
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] dynamic variables within an event log entry?

[Laura A. Robinson]

1. This is one of the eight gazillion reasons to discourage the use of
accounts that are Domain Admins for routine purposes that can be achieved
without that level of rights.
2. By default, when a member of the Domain Admins group creates an object in
the directory, the Domain Admins group becomes the owner of the object. That
is by design. 
3. When I create an object with an account that is a member of Domain
Admins, the creator of the object shows as that account, not as Domain
Admins. Why aren't you just looking at that value in the event logs, rather
than looking at the ownership of the object? That's why auditing allows
tracking of who creates/modifies/deletes directory objects.
 
Laura


   _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Thursday, November 30, 2006 7:33 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] dynamic variables within an event log entry?



I wonder if someone could explain to me (or point me at some reference)
about what mechanism is used to populate the information in a Windows event
log entry.  The reason why I ask is that I see in the Security log when a
new user account is created by an account which is a member of the Domain
Admins group, the _OBJECT_OWNER=XYZ\Domain Admins , not XYZ\adminacct1 .  If
it is created by an account that is a member of the Account Operators group,
then _OBJECT_OWNER=XYZ\operacct1, not XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this design on purpose or
a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

RE: [ActiveDir] Split pagefile

[Laura A. Robinson]

Inline... 


> 
> Thanks for replying, Laura!

Sure thing. 

> 
> You wrote:
> > Are you able to connect to the server via Computer Management?
> 
> Yes.

Then you can use that to reconfigure the pagefile, making very, very sure
you click "Set". :-) After you've connected to it in CM, right click the
computer, choose "Properties", go to the Advanced tab, yada yada yada.
> 
> >If so, can you see the service statuses and event logs on 
> the  server?
> 
> Yes. I looked all through the event logs, and didn't see 
> anything relating to terminal services failures. And the 
> terminal services service is started.

How about the security log? Are you seeing logon failures?
> 
> > Can you
> > telnet to the RDP port? 
> 
> If you mean, can I telnet to the server by name or by its IP 
> address, no. But yes, I can telnet to port 3389 on the 
> server, and the cursor sits there and blinks at me, but as 
> soon as I hit any key, I get back to my command prompt.

Okay, port's open.

> > Can you map a drive to a share on the server?
> 
> Yes. And, in fact, I have the same 2Gb pagefile on C: that I 
> had before, and no pagefile on E: So, I'm thinking that A. I 
> forgot to hit the set button, or B. The server got confused.

The snow might have made it sluggish. (That's a joke, folks.) See above for
remedy (hopefully).

> 
> > When
> > you say you can't log on, do you get the logon dialog box and a 
> > failure to let you log on, or do you get no remote desktop 
> UI at all?
> 
> No remote desktop UI at all. I immediately get the 
> "disconnected from server" message.

Okay. Try logging on with a different account that has TS connection
permissions. Check the security logs. If you're not auditing logon events,
you'll need to do that. Check the terminal services permissions, etc. Maybe
do a preemptive reboot (or just do it as part of that pagefile adjustment)
and see if anything changes. If none of that works, there's still more stuff
to check, but I'm tired of typing right now and hopefully one of the above
things will determine the issue.
> 
> > Laura (probably a bit overcaffeinated now; can you tell?)
> 
> No problem. I'm snowed in, but the server is running. 
> 
> I guess what I'd like to do is see if I can reset the 
> pagefile and reboot the server, all remotely, and still 
> manage to terminal service to it and log in.
> 
> Thanks for your help, Laura. You deserve many pats on the 
> back, attagirls, and stuff.
> 
No problem, and no pats necessary.

Laura

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] dynamic variables within an event log entry?

[David Cliffe]

Hi Laura,
 
I know I misread one of your posts once before, so I'm sorry in
advance if I'm doing it again (!), but aren't you making a conflicting
statement in nos. 2 & 3 below?  Or is #3 supposed to say "that is NOT a
member of Domain Admins..." ?
 
Also, is there a mechanism of some sort which changes the behavior
in #2 such that the actual account used would become the object's owner
(rather than DAs group)?  I remember reading something like this once,
but I could be thinking of something else way off base :-(
 
In any case, I completely agree that delegating the creation right
is the [way!] better option here!
 
Thanks as always,
DaveC




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 9:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log
entry?


1. This is one of the eight gazillion reasons to discourage the
use of accounts that are Domain Admins for routine purposes that can be
achieved without that level of rights.
2. By default, when a member of the Domain Admins group creates
an object in the directory, the Domain Admins group becomes the owner of
the object. That is by design. 
3. When I create an object with an account that is a member of
Domain Admins, the creator of the object shows as that account, not as
Domain Admins. Why aren't you just looking at that value in the event
logs, rather than looking at the ownership of the object? That's why
auditing allows tracking of who creates/modifies/deletes directory
objects.
 
Laura




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, November 30, 2006 7:33 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] dynamic variables within an event
log entry?



I wonder if someone could explain to me (or point me at
some reference) about what mechanism is used to populate the information
in a Windows event log entry.  The reason why I ask is that I see in the
Security log when a new user account is created by an account which is a
member of the Domain Admins group, the _OBJECT_OWNER=XYZ\Domain Admins ,
not XYZ\adminacct1 .  If it is created by an account that is a member of
the Account Operators group, then _OBJECT_OWNER=XYZ\operacct1, not
XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this
design on purpose or a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 -
Release Date: 11/30/2006 5:07 AM



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006 5:07 AM




This email was sent to you by Reuters, the global news and information company. 
To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender, except 
where the sender specifically states them to be the views of Reuters Ltd.

RE: [ActiveDir] dynamic variables within an event log entry?

[Thommes, Michael M.]

Tony and Laura,

   Thanks for the replies!  Actually, I am already trapping eventid 624
and I see the "Caller User Name:" entry with the right value.  Where I
got confused was when I built a daily job using adfind (with the -owner
switch) to produce a list of users created during the previous 24 hours.
Laura's #2 answer explains why I see what I do for accounts created by
members of the "Domain Admins".  Her #1 answer is going to make me
rethink how we do some of the account creations.  Her #3 answer begs the
question of how would I construct a query to produce new accounts
created over a 24 hour period?  Adfind was the first (and maybe only)
tool that popped into my head to do this.  Other suggestions?  Thanks!

 

Mike Thommes



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log entry?

 

1. This is one of the eight gazillion reasons to discourage the use of
accounts that are Domain Admins for routine purposes that can be
achieved without that level of rights.

2. By default, when a member of the Domain Admins group creates an
object in the directory, the Domain Admins group becomes the owner of
the object. That is by design. 

3. When I create an object with an account that is a member of Domain
Admins, the creator of the object shows as that account, not as Domain
Admins. Why aren't you just looking at that value in the event logs,
rather than looking at the ownership of the object? That's why auditing
allows tracking of who creates/modifies/deletes directory objects.

 

Laura

 





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, November 30, 2006 7:33 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] dynamic variables within an event log
entry?

I wonder if someone could explain to me (or point me at some
reference) about what mechanism is used to populate the information in a
Windows event log entry.  The reason why I ask is that I see in the
Security log when a new user account is created by an account which is a
member of the Domain Admins group, the _OBJECT_OWNER=XYZ\Domain Admins ,
not XYZ\adminacct1 .  If it is created by an account that is a member of
the Account Operators group, then _OBJECT_OWNER=XYZ\operacct1, not
XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this design on
purpose or a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes

 

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006 5:07 AM


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006 5:07 AM

RE: [ActiveDir] dynamic variables within an event log entry?

[Brian Desmond]

Michael-

 

I don't have an AD install or ADFind in front of me, but
whencreated>=Now-24hr gives you everything in the past 24 hours.

 

Thanks,

Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, November 30, 2006 9:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log entry?

 

Tony and Laura,

   Thanks for the replies!  Actually, I am already trapping eventid 624
and I see the "Caller User Name:" entry with the right value.  Where I
got confused was when I built a daily job using adfind (with the -owner
switch) to produce a list of users created during the previous 24 hours.
Laura's #2 answer explains why I see what I do for accounts created by
members of the "Domain Admins".  Her #1 answer is going to make me
rethink how we do some of the account creations.  Her #3 answer begs the
question of how would I construct a query to produce new accounts
created over a 24 hour period?  Adfind was the first (and maybe only)
tool that popped into my head to do this.  Other suggestions?  Thanks!

 

Mike Thommes



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A.
Robinson
Sent: Thursday, November 30, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log entry?

 

1. This is one of the eight gazillion reasons to discourage the use of
accounts that are Domain Admins for routine purposes that can be
achieved without that level of rights.

2. By default, when a member of the Domain Admins group creates an
object in the directory, the Domain Admins group becomes the owner of
the object. That is by design. 

3. When I create an object with an account that is a member of Domain
Admins, the creator of the object shows as that account, not as Domain
Admins. Why aren't you just looking at that value in the event logs,
rather than looking at the ownership of the object? That's why auditing
allows tracking of who creates/modifies/deletes directory objects.

 

Laura

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes,
Michael M.
Sent: Thursday, November 30, 2006 7:33 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] dynamic variables within an event log
entry?

I wonder if someone could explain to me (or point me at some
reference) about what mechanism is used to populate the information in a
Windows event log entry.  The reason why I ask is that I see in the
Security log when a new user account is created by an account which is a
member of the Domain Admins group, the _OBJECT_OWNER=XYZ\Domain Admins ,
not XYZ\adminacct1 .  If it is created by an account that is a member of
the Account Operators group, then _OBJECT_OWNER=XYZ\operacct1, not
XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this design on
purpose or a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes

 

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006 5:07 AM

 

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date:
11/30/2006 5:07 AM

RE: [ActiveDir] Import User Details from a XLS file

[Haritwal, Dhiraj]

Dear Thomas/Brian,

Thanks for ur reply. But I want to add some information (Attributes)
with existing users. Like I wanaa add Contact No, location, Department
etc... to the existing users from an Excel file.

Thanks,

Dhiraj Haritwal
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thomas Hess
Sent: Thursday, November 30, 2006 9:31 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Import User Details from a XLS file

Hi Dhiraj,

see MS KB237677 for
Using LDIFDE to import and export directory objects to Active Directory

http://support.microsoft.com/kb/237677/en-us

Greetings
Thomas
2006/11/30, Haritwal, Dhiraj <[EMAIL PROTECTED]>:
>
>
>
> Dear All,
>
>
>
> How can I import, AD Users Details like Department, Telephone No,
Location
> etc... from an XLS file.
>
>
>
> Dhiraj Haritwal
>
>
>
> 
>
> This email is confidential and intended only for the use of the
individual
> or entity named above and may contain information that is privileged.
If you
> are not the intended recipient, you are notified that any
dissemination,
> distribution or copying of this email is strictly prohibited. If you
have
> received this email in error, please notify us immediately by return
email
> or telephone and destroy the original message. - This mail is sent via
Sony
> Asia Pacific Mail Gateway.
>
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/




---
This email is confidential and intended only for the use of the individual or 
entity named above and may contain information that is privileged. If you are 
not the intended recipient, you are notified that any dissemination, 
distribution or copying of this email is strictly prohibited. If you have 
received this email in error, please notify us immediately by return email or 
telephone and destroy the original message. - This mail is sent via Sony Asia 
Pacific Mail Gateway.
---
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

RE: [ActiveDir] dynamic variables within an event log entry?

[Laura A. Robinson]

Nope, it's not a typo- note the difference between *owner* and *creator*.
When a user who is a member of the Domain Admins group, by default, the DA
group is the *owner* of the object. However, what is logged in the audit
(security event) log does list the specific account that was used to
*create* the object. 
 
As far as changing the behavior for #2, there is a group policy setting
"System Objects: Default owner for objects created by members of the
Administrators group"  in the Computer Configuration\Windows Settings\Local
Policies\Security Options section of group policy. That setting can be set
to "Administrators group" or to "Object creator". That may be what you're
thinking of. That setting, however, refers to system objects (thus the
"system objects" predicate. :-) ) You may also be thinking of the ability in
the property sheets for any object to set the owner of DA-owned objects to
either a specific DA account or to the group. 
 
I don't remember you misreading one of my posts; you must have a much better
memory than I do. Then again, I usually can't remember what I ate for
breakfast. :-)
 
Laura


   _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe
Sent: Thursday, November 30, 2006 10:34 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log entry?


Hi Laura,
 
I know I misread one of your posts once before, so I'm sorry in advance
if I'm doing it again (!), but aren't you making a conflicting statement in
nos. 2 & 3 below?  Or is #3 supposed to say "that is NOT a member of Domain
Admins..." ?
 
Also, is there a mechanism of some sort which changes the behavior in #2
such that the actual account used would become the object's owner (rather
than DAs group)?  I remember reading something like this once, but I could
be thinking of something else way off base :-(
 
In any case, I completely agree that delegating the creation right is
the [way!] better option here!
 
Thanks as always,
DaveC


   _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson
Sent: Thursday, November 30, 2006 9:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log entry?


1. This is one of the eight gazillion reasons to discourage the use of
accounts that are Domain Admins for routine purposes that can be achieved
without that level of rights.
2. By default, when a member of the Domain Admins group creates an object in
the directory, the Domain Admins group becomes the owner of the object. That
is by design. 
3. When I create an object with an account that is a member of Domain
Admins, the creator of the object shows as that account, not as Domain
Admins. Why aren't you just looking at that value in the event logs, rather
than looking at the ownership of the object? That's why auditing allows
tracking of who creates/modifies/deletes directory objects.
 
Laura


   _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Thursday, November 30, 2006 7:33 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] dynamic variables within an event log entry?



I wonder if someone could explain to me (or point me at some reference)
about what mechanism is used to populate the information in a Windows event
log entry.  The reason why I ask is that I see in the Security log when a
new user account is created by an account which is a member of the Domain
Admins group, the _OBJECT_OWNER=XYZ\Domain Admins , not XYZ\adminacct1 .  If
it is created by an account that is a member of the Account Operators group,
then _OBJECT_OWNER=XYZ\operacct1, not XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this design on purpose or
a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM




This email was sent to you by Reuters, the global news and information
company. 
To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of Reuters
Ltd.



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM
 

RE: [ActiveDir] dynamic variables within an event log entry?

[Laura A. Robinson]

Okay, the below totally cracked me up. :-) Brian gave you the ADFind answer,
but I guess I would also ask in what format you need to retrieve this
information and whether or not you're plugging it into something. I'm not
sure that last sentence even made sense, sorry. I'm sleep deprived. 
 
Laura


   _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Thursday, November 30, 2006 10:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log entry?



Tony and Laura,

   Thanks for the replies!  Actually, I am already trapping eventid 624 and
I see the “Caller User Name:” entry with the right value.  Where I got
confused was when I built a daily job using adfind (with the –owner switch)
to produce a list of users created during the previous 24 hours.  Laura’s #2
answer explains why I see what I do for accounts created by members of the
“Domain Admins”.  Her #1 answer is going to make me rethink how we do some
of the account creations.  Her #3 answer begs the question of how would I
construct a query to produce new accounts created over a 24 hour period?
Adfind was the first (and maybe only) tool that popped into my head to do
this.  Other suggestions?  Thanks!

 

Mike Thommes


   _  


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Laura A. Robinson
Sent: Thursday, November 30, 2006 8:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] dynamic variables within an event log entry?

 

1. This is one of the eight gazillion reasons to discourage the use of
accounts that are Domain Admins for routine purposes that can be achieved
without that level of rights.

2. By default, when a member of the Domain Admins group creates an object in
the directory, the Domain Admins group becomes the owner of the object. That
is by design. 

3. When I create an object with an account that is a member of Domain
Admins, the creator of the object shows as that account, not as Domain
Admins. Why aren't you just looking at that value in the event logs, rather
than looking at the ownership of the object? That's why auditing allows
tracking of who creates/modifies/deletes directory objects.

 

Laura

 


   _  


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Thursday, November 30, 2006 7:33 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] dynamic variables within an event log entry?

I wonder if someone could explain to me (or point me at some reference)
about what mechanism is used to populate the information in a Windows event
log entry.  The reason why I ask is that I see in the Security log when a
new user account is created by an account which is a member of the Domain
Admins group, the _OBJECT_OWNER=XYZ\Domain Admins , not XYZ\adminacct1 .  If
it is created by an account that is a member of the Account Operators group,
then _OBJECT_OWNER=XYZ\operacct1, not XYZ\Account Operators .

 

This makes auditing somewhat less worthwhile.  Is this design on purpose or
a deficiency?  Any help is appreciated.  Thanks!

 

Mike Thommes

 

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.15.2/559 - Release Date: 11/30/2006
5:07 AM