RE: [ActiveDir] Creating WMI Filters
Your URLs got mangled by OWA. Hope all is well with you! - Brendan Moon [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain LissoirSent: Wednesday, November 08, 2006 2:37 PMTo: ActiveDir@mail.activedir.orgCc: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Creating WMI Filters 1/ Can we see the WMI filter? :) That will help ... 2/ Have you run WMIDiag on your XP SP2 machine to asses the WMI state? WMIDiag usage:http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx WMIDiag FAQ: http://blogs.msdn.com/wmi/archive/2006/05/12/596266.aspx WMIDiag Download:http://www.microsoft.com/downloads/details.aspx?FamilyID=d7ba3cd6-18d1-4d05-b11e-4c64192ae97d&DisplayLang=en WMIDiag webcast:http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032290320&Culture=en-US WMI Troubleshooting:http://www.microsoft.com/technet/scriptcenter/topics/help/wmi.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.Sent: Wednesday, November 08, 2006 10:35 AMTo: ActiveDir@mail.activedir.orgCc: [EMAIL PROTECTED]Subject: [ActiveDir] Creating WMI Filters On my Windows XP SP2 workstation I get a “Generic Failure” when I try to create or import a WMI Filter. On my Windows 2003 SP1 Domain Controller I am able to create the filter. What could be stopping me from being able to on my XP workstation. I can’t find anything on the web about this. Thanks Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED]
[ActiveDir] Quiet? DEC? Related?
Hmm.. everyone must be having fun at DEC... this list has been very quiet this week! - Brendan Moon
RE: [ActiveDir] Exchange Mailbox Limits
Actually, higher limits are possible, but require modifying the AD attributes outside of the normal GUI. For example using ADSI Edit to change these attributes of a user/mailbox: mDBStorageQuota - Warning Limit mDBOverQuotaLimit - Prohibit Send mDBOverHardQuotaLimit - Prohibit Send / Receive - Brendan Moon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 2:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Yes, I'm using Exchange 2003. I guess if you are going to set limits, the biggest limit you can set is 1kb less than 2Gb (2Gb = 2097152 Kb). Maybe MS figures that anyone who's going to set a limit over two gigs really shouldn't bother setting limits? If you don't set limits then, well, I haven't seen a hard number on the ceiling yet as to how big a mailbox can get.. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Thursday, June 09, 2005 1:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Hi Joe, What version of Exchange are you using is it 2003? One of my user group members just mentioned that he was limited to 2GB, however he had enforced " prohibit send and receive " and tried setting the limit to 2.5GB when he receive the error I have attached. Sincerely, Jose Medeiros Former Vice President and Postmaster NTEA MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 10:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Yes it is... I have one user with a 13Gb mailbox. (Yes, that's gigabytes.) Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burkes, Jeremy [Contractor] Sent: Thursday, June 09, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits In my current position they were in the process of migrating from Exchange 5.5 to 2000 and had to turn off the limitation policy for the migration (I cannot remember why). I have users with 800 - 1000 MB mailboxes. My information stores are growing somewhat out of control. We are turning back on our email deletion policy and are going to enforce 500MB limitations for most users and probably 750MB for our "commanders". It is amazing what users will do when given the space. Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Pochedley Sent: Thursday, June 09, 2005 12:28 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits Dèjì, I'd tend to agree with you there... 25Mb is nothing when you can go out and get a free email account with a gig a space from many providers. I do believe I'd be drawn and quartered if I recommended a 25mb, or even a 250 mb limit here... That being said, every organization is different. If they have a business justification for such a small mailbox size that's up to them... Hopefully when being so restrictive, they're properly controlling the usage of PST's (for various reasons) and controlling business use of external email accounts (in part to control garbage, and in part to comply with any retention regulations as applicable). Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 09, 2005 11:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Exchange Mailbox Limits This is NOT personal, but let me say that your limits are overly restrictive and counter-productive as far as fostering good relationship with your end-users is concerned. In this day and age (html email and all), 25MB is nothing, especially when you consider the fact that hard drive costs are exponentially less than what they used to be 2-3 years ago. That is all my opinion and, again, it's not meant to knock you in a personal way. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomol
RE: [ActiveDir] mstsc /console switch for non admins
Joe, I disagree. And since that has not happened often with your posts, I'll take some time to elaborate. :) We all understand that someone on a DC console can take control of the data on it, and via replication the forest. However this is not achievable without "hacking" (for lack of a better term) the intended and pre-assigned rights and directory data. In other words, the "bad guy" would know he was a bad guy when he was doing it. Every day we draw lines around what people are authorized to do, knowing full well that they could potentially do more, and perhaps even something very damaging. For instance, the fire alarm handles in most buildings are a very easy way to effect a crude "denial of service" attack on the occupants of a building. A little more to the point, a system administrator can "take ownership" of files he does not have rights to, and therefore obtain data which he is not authorized to have. I think it is reasonable and proper to have files on a system (e.g. payroll or medical files) for which an administrator does not have rights to. Even though there is a "risk" that a malicious administrator can access this data, that alone is not reason to explicitly grant him access to it. And to the scenario below, just because a Server Operator can hack a DC, doesn't mean he should be a Domain Admin. Nor does it mean Server Operators on DCs are always a bad idea. It just has risks that everyone needs to understand and accept. While you are right that someone who configures this scenario may not understand Windows, or assume the Server Operators are not knowledgeable -- the other reasonable possibility is that there is a some level of trust with the Server Operators that makes the risk acceptable. - Brendan Moon From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Friday, June 10, 2005 10:30 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] mstsc /console switch for non admins Honestly any time someone asks a question like this my response is make them domain admins because any time they want it they can take it and making them server ops is just a way so you can report you have fewer admins, basically you are adhering to the letter of some rule instead of the intended spirit. Someone who gives enhanced rights less than administrator on a DC to someone either doesn't understand how Windows works (nor Forest security) or assumes that the people they are giving the access to don't know how it works or how to enhance themselves. The bad thing is they may at some point those untrusted people may run some program that does know how to enhance those permissions OR they learn how to do it themselves. Basically what security do you think you have by not giving them domain admins right up front? This has been a popular discussion point over the years on this list. Look through the archives. This also goes for people who allow other non-admin groups to run things like monitoring, Software Delivery, Auditing, and distributed AV solutions that have services running on DCs as local system or with other high privileges that allow ad hoc software load or process execution. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank AbagnaleSent: Friday, June 10, 2005 4:57 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] mstsc /console switch for non admins Hi, Our IT Operations team will require access to our remote Windows 2003 DC's which act as File & Print Servers. At the moment, they are members of the Built-in domain Server Operators group which they use Remote Desktop to connect through to the DC's for data/print services support/administration which gives them the remote access they require. I would like them to use the mstsc /console switch however, it seems only members of the domain administrators group can use this switch as they are unable to logon. The IT Ops user can logon to the server via the physical kvm console using the same account and have access. Only through mstsc /console are they denied access. The Server Operators group have the following rights: Allow logon through Terminal ServicesLog on Locally Does anyone know of a way around this so I can allow Non-Admins use the /console switch? Any ideas or alternative workarounds appreciated and I already understand that Non-admins are not supposed to logon to DC's but due to politics we have to allow this...for the time being. Thanks - Frank Discover Yahoo!Have fun online with music videos, cool games, IM & more. Check it out!
RE: [ActiveDir] Basic question
The domain admin of any child domain can (through non-obvious means) make any changes he/she wants to the Configuration and Schema naming contexts. - Brendan Moon [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Wednesday, August 25, 2004 10:31 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Basic question what rights does a domain admin of a child domain(not an enterprise admin) have on the config and schema partions of AD in a win2k active directory by default? thanks and i'm sorry if this is too basic and simple. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD Consultants
And at least one of those companies that does great AD consulting has folks everywhere. ;-) Brendan MoonHP Services - US Federal[EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: Friday, April 09, 2004 1:51 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Consultants just want to mention, that other companies to AD consulting as well ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT)Sent: Dienstag, 6. April 2004 15:35To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Consultants I highly recommend Dean as well.. Todd From: joe [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 2:26 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Consultants http://www.msetechnology.com/ This is where Dean Wells works, they are out of Florida but go all over. You probably have seen Dean's posts on here. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, MikeSent: Monday, April 05, 2004 2:14 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] AD Consultants Before I start just to let you know I checked with Tony before sending this to the list. Does anyone know anyone companies in the North Eastern US area that does AD consulting and design? My CIO would like to bring in a consulting company to help us out with a global AD design for our company. If anyone has any suggestions or needs more infomation please email OFF the list. Any and all help is appreciated. Mike
RE: [ActiveDir] How to recreate SYSVOL?
Title: Message Check these articles: KB315457 and KB316790. - Brendan Moon [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Niklas WikanderSent: Tuesday, February 03, 2004 5:40 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] How to recreate SYSVOL? Hi all! Is there an easy way (or hard way) to recreate the SYSVOL share if it has been deleted, and the domain only has one dc and no backup has been taken?? I'm laborating a little with a server and I can't find any good documents how to do this. Any help is appreciated. / Niklas
