[ActiveDir] bulk user creation

2006-07-30 Thread Sharif Naser 
Title: Message



Hello
All,

I have a round 350
users to be created with their mailboxes in windows 2003, what is the best way
to automate the process or delegate this job to two account
operators.

Any suggestions are
highly recommended.


Regards,

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel Company (QASCO)
which  may be confidential or privileged. The information is intended to be for the use of 
the individual or entity named above. Be aware that any disclosure,copying, distribution 
or use of the contents of this information,including attachments, is prohibited without 
the written consent of Qatar Steel Company (QASCO).

RE: [ActiveDir] internet explorer is frozen

2006-03-15 Thread Sharif Naser 


Thanks ken

I re-started my domain controllers ,deleted alias record from dns added
again. I was getting dns errors 4004,4015  and 4016.
I'm watching the DNS and see whether those errors will come again or
not.

Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: Wednesday, March 15, 2006 1:47 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] internet explorer is frozen

As mentioned before, please get a packet capture using Ethereal or
Netmon.
Then we can see what's actually happening on the network.

Cheers
Ken

: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Sharif Naser
: Sent: Wednesday, 15 March 2006 6:03 PM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] internet explorer is frozen
:
:
: If I try to access the web server by ip address or the hostname it
: works.
: I mean IE just hung with connecting to site message down and does not
: display anything.
:
: Regards,
:
: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Wednesday, March 15, 2006 9:55 AM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] internet explorer is frozen
:
: --- Original Message ---
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
: Subject: [ActiveDir] internet explorer is frozen
:
:  Internal explorer is frozen, I' m trying to access
:
:  an internal site but it shows connecting to site
:
:  and frozen.
: 
:
:  DNS is working fine, what could be the reason for IE
:
:  not being able to resolve names.
:
: How do you know that the problem is IE resolving names? There doesn't
: seem to
: be any evidence that this is the problem. Maybe the problem is simply
: that
: the webserver is not responding.
:
: Get a packet capture using Ethereal to see what's actually being
placed
: onto
: the network.
:
: Cheers
: Ken

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO)
which  may be confidential or privileged. The information is intended to be for 
the use of
the individual or entity named above. Be aware that any disclosure,copying, 
distribution
or use of the contents of this information,including attachments, is prohibited 
without
the written consent of Qatar Steel Company (QASCO).

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] internet explorer is frozen

2006-03-15 Thread Sharif Naser 

Yes, I was able.


Regards,

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Olivarez,
Sergio J Mr CTNOSC/GD-NS
Sent: Wednesday, March 15, 2006 6:18 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] internet explorer is frozen

Before you deleted the CNAME record were you able to resolve the CNAME
record using nslookup?

Thanks... ... ... ...
Sergio J. Olivarez - Contractor
GD-NS

-Original Message-
From: Sharif Naser [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 15, 2006 4:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] internet explorer is frozen



Thanks ken

I re-started my domain controllers ,deleted alias record from dns added
again. I was getting dns errors 4004,4015  and 4016.
I'm watching the DNS and see whether those errors will come again or
not.

Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: Wednesday, March 15, 2006 1:47 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] internet explorer is frozen

As mentioned before, please get a packet capture using Ethereal or
Netmon.
Then we can see what's actually happening on the network.

Cheers
Ken

: -Original Message-
: From: [EMAIL PROTECTED] [mailto:ActiveDir-
: [EMAIL PROTECTED] On Behalf Of Sharif Naser
: Sent: Wednesday, 15 March 2006 6:03 PM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] internet explorer is frozen
:

:

: If I try to access the web server by ip address or the hostname it
: works.
: I mean IE just hung with connecting to site message down and does not
: display anything.
:

: Regards,
:

: -Original Message-
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
: Sent: Wednesday, March 15, 2006 9:55 AM
: To: ActiveDir@mail.activedir.org
: Subject: RE: [ActiveDir] internet explorer is frozen
:

: --- Original Message ---
: From: [EMAIL PROTECTED]
: [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
: Subject: [ActiveDir] internet explorer is frozen
:

:  Internal explorer is frozen, I' m trying to access
:

:  an internal site but it shows connecting to site
:

:  and frozen.
: 
:

:  DNS is working fine, what could be the reason for IE
:

:  not being able to resolve names.
:

: How do you know that the problem is IE resolving names? There doesn't
: seem to
: be any evidence that this is the problem. Maybe the problem is simply
: that
: the webserver is not responding.
:

: Get a packet capture using Ethereal to see what's actually being
placed
: onto
: the network.
:

: Cheers
: Ken

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

DISCLAIMER:
This electronic message transmission contains information from Qatar
Steel
Company (QASCO)
which  may be confidential or privileged. The information is intended to
be
for the use of

the individual or entity named above. Be aware that any
disclosure,copying,
distribution

or use of the contents of this information,including attachments, is
prohibited without

the written consent of Qatar Steel Company (QASCO).

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO)
which  may be confidential or privileged. The information is intended to be for 
the use of
the individual or entity named above. Be aware that any disclosure,copying, 
distribution
or use of the contents of this information,including attachments, is prohibited 
without
the written consent of Qatar Steel Company (QASCO).

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] internet explorer is frozen

2006-03-14 Thread Sharif Naser 

If I try to access the web server by ip address or the hostname it
works.
I mean IE just hung with connecting to site message down and does not
display anything.

Regards,

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: Wednesday, March 15, 2006 9:55 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] internet explorer is frozen

--- Original Message ---
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Subject: [ActiveDir] internet explorer is frozen

 Internal explorer is frozen, I' m trying to access
 an internal site but it shows connecting to site
 and frozen.

 DNS is working fine, what could be the reason for IE
 not being able to resolve names.

How do you know that the problem is IE resolving names? There doesn't
seem to
be any evidence that this is the problem. Maybe the problem is simply
that
the webserver is not responding.

Get a packet capture using Ethereal to see what's actually being placed
onto
the network.

Cheers
Ken
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO)
which  may be confidential or privileged. The information is intended to be for 
the use of
the individual or entity named above. Be aware that any disclosure,copying, 
distribution
or use of the contents of this information,including attachments, is prohibited 
without
the written consent of Qatar Steel Company (QASCO).

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] internet explorer is frozen

2006-03-14 Thread Sharif Naser 

If I access the web site by using alias into the url as we do always it
hangs but if I access by the hostname , it goes fine.


Regards,

-Original Message-
From: Sharif Naser
Sent: Wednesday, March 15, 2006 10:03 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] internet explorer is frozen

If I try to access the web server by ip address or the hostname it
works.
I mean IE just hung with connecting to site message down and does not
display anything.

Regards,

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer
Sent: Wednesday, March 15, 2006 9:55 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] internet explorer is frozen

--- Original Message ---
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Subject: [ActiveDir] internet explorer is frozen

 Internal explorer is frozen, I' m trying to access
 an internal site but it shows connecting to site
 and frozen.

 DNS is working fine, what could be the reason for IE
 not being able to resolve names.

How do you know that the problem is IE resolving names? There doesn't
seem to
be any evidence that this is the problem. Maybe the problem is simply
that
the webserver is not responding.

Get a packet capture using Ethereal to see what's actually being placed
onto
the network.

Cheers
Ken
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO)
which  may be confidential or privileged. The information is intended to be for 
the use of
the individual or entity named above. Be aware that any disclosure,copying, 
distribution
or use of the contents of this information,including attachments, is prohibited 
without
the written consent of Qatar Steel Company (QASCO).

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] EVENT 1083

2006-02-12 Thread Sharif Naser 









We have
around 500 users, two DCs  only one site.



Regards,



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Grillenmeier, Guido
Sent: Sunday, February 12, 2006 1:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] EVENT
1083



maybe
your DC is very busy :-)



can
you give us some more details on your environment? How many users / how many
DCs / is thisa hub-site DC that's replicating changes from many branch
office DCs ? etc...



/Guido









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Sent: Sonntag, 12. Februar 2006
09:16
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] EVENT 1083

Hello experts,



Why Im getting this the
following warning very often.



Regards,



Event Type: Warning

Event Source: NTDS Replication

Event Category: Replication 

Event ID: 1083

Date: 2/12/2006

Time: 10:44:57 AM

User: NT AUTHORITY\ANONYMOUS LOGON

Computer: QASCODC2

Description:

Active Directory could not update
the following object with changes received from the domain controller at the
following network address because Active Directory was busy processing
information. 



Object:

CN=EL SAYED MOHD.ABDEL HAMID
MOUSA,OU=Manufacturing,OU=Production--(D),OU=QASCO-ORG,DC=qasco,DC=com,DC=qa


Network address:

1ef2aa44-896c-4512-b59b-323c246afe06._msdcs.qasco.com.qa




This operation will be tried again
later.



For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


 
  
  DISCLAIMER:
  This electronic message transmission contains information from Qatar Steel
  Company (QASCO)
  which may be confidential or privileged. The information is intended to be
  for the use of 
  the individual or entity named above. Be aware that any disclosure,copying,
  distribution 
  or use of the contents of this information,including attachments, is
  prohibited without 
  the written consent of Qatar Steel Company (QASCO).
  
 










DISCLAIMER:
This electronic message transmission contains information from Qatar Steel Company (QASCO)
which  may be confidential or privileged. The information is intended to be for the use of 
the individual or entity named above. Be aware that any disclosure,copying, distribution 
or use of the contents of this information,including attachments, is prohibited without 
the written consent of Qatar Steel Company (QASCO).

[ActiveDir] removing my computer icon recycle bin on windows 2000 from desktop through editing the registry keys

2005-06-21 Thread Sharif Naser 








Hello,



Could any body tell me how do I remove my computer icon
 recycle bin from desktop on windows 2000 through registry key.



Regards,









DISCLAIMER:
This electronic message transmission contains information from Qatar Steel Company (QASCO)
which  may be confidential or privileged. The information is intended to be for the use of 
the individual or entity named above. Be aware that any disclosure,copying, distribution 
or use of the contents of this information,including attachments, is prohibited without 
the written consent of Qatar Steel Company (QASCO).

[ActiveDir] Disabling tools menu in IE through group policy in windows 2000 domain

2005-06-15 Thread Sharif Naser 








Hello experts,



How can I disable the tools menu in IE through group policy
in windows 2000 domain?



Regards,







DISCLAIMER:
This electronic message transmission contains information from Qatar Steel Company (QASCO)
which  may be confidential or privileged. The information is intended to be for the use of 
the individual or entity named above. Be aware that any disclosure,copying, distribution 
or use of the contents of this information,including attachments, is prohibited without 
the written consent of Qatar Steel Company (QASCO).

RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others

2005-06-13 Thread Sharif Naser 

Hi Mike,

Sorry again for not reading your answer properly, anyway if automatic login 
needs to be enabled on windows 2000 domain , i need to add default domain, 
default user name , default password  change AutoAdminLogon key from 0 to 1.

Regards,




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Sent: Sunday, June 12, 2005 9:27 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] how to allow a specific user to access the domain from 
one pc  disallow the others


Thanks alot Mike, you have been very helpful
 
Sorry for not making myself clear. Can this be achieved in win2k domain 
environment.
I have already searched the web but i could not find a useful information
 
Any help in this regard is really highly appreciated.
 
Regards,

-Original Message- 
From: [EMAIL PROTECTED] on behalf of mike kline 
Sent: Sun 6/12/2005 4:03 PM 
To: ActiveDir@mail.activedir.org 
Cc: 
Subject: Re: [ActiveDir] how to allow a specific user to access the 
domain from one pc  disallow the others



This should help you

http://support.microsoft.com/kb/315231
How to turn on automatic logon in Windows XP

You are definitely taking a risk with this box on your domain in the
open like this.

Since this box will be in the open with no logon requirements you will
want to really tighten security on this box.

On top of the OS lockdowns at a minimum I would recommend putting a
password on the BIOS and prevent users from booting to a CD or USB
(easy enough to boot into Knoppix or use other methods to control of
the box)

Thanks
Mike




On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote:

 Thanks Mike  Robert.

 Now, I have a bonus question which is how do I allow automatic login 
so
 that I don't tag the password on the kiosk console.

 Regards

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams
 (RRE)
 Sent: Sunday, June 12, 2005 12:36 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] how to allow a specific user to access the
 domain from one pc  disallow the others

 I meant to have this in my last post...

 You could put the User Right Deny Logon Locally on all machines 
OTHER
 than your kiosk machine to accomplish the other part of your scenario
 (logging onto ONLY one machine).  The method mentioned below by Mike
 would suffice also for that purpose.

 Sorry for the extra junk in your mailbox ;-)  Have a good day!

 Robert Williams, MCSE NT4/2K/2K3, Security+
 Infrastructure Rapid Response Engineer
 Northeast Region
 Microsoft Corporation
 Global Solutions Support Center

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of mike kline
 Sent: Sunday, June 12, 2005 5:21 AM
 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] how to allow a specific user to access the
 domain from one pc  disallow the others

 To allow the user to only logon on to that machine go into their
 Account Tab and use the Log On To feature and only allow access to
 that particular machine.

 You could deny everyone else the right to log on locally using a 
policy.

 This is the setting in the GPO

 Computer Configuration\Windows Settings\Security Settings\Local
 Policies\User Rights Assignment

 Go into Log on Locally  remove Users, Power Users, and Backup
 Operators then add this particular user.  I would not remove the
 administrators but you can do that and just add your account in case
 you ever need to access the machine interactively.

 Thanks
 Mike


 On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote:
 
 
  Hello experts,
 
 
 
  I'm setting a kiosk machine, my question is how do I allow a 
specific
 user
  to login  to my domain from only one machine  disallow other users
 from
  logging from the same machine.
 
 
 
  Regards,
  DISCLAIMER:
  This electronic message transmission contains information from Qatar
 Steel
  Company (QASCO)
  which may be confidential or privileged. The information is intended
 to be
  for the use

[ActiveDir] how to allow a specific user to access the domain from one pc disallow the others

2005-06-12 Thread Sharif Naser 








Hello experts,



Im setting a kiosk machine, my question is how do I allow
a specific user to login
to my domain from only one machine  disallow other users
from logging from the same machine.



Regards,







DISCLAIMER:
This electronic message transmission contains information from Qatar Steel Company (QASCO)
which  may be confidential or privileged. The information is intended to be for the use of 
the individual or entity named above. Be aware that any disclosure,copying, distribution 
or use of the contents of this information,including attachments, is prohibited without 
the written consent of Qatar Steel Company (QASCO).

RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others

2005-06-12 Thread Sharif Naser 

Thanks Mike  Robert.

Now, I have a bonus question which is how do I allow automatic login so
that I don't tag the password on the kiosk console.

Regards

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams
(RRE)
Sent: Sunday, June 12, 2005 12:36 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] how to allow a specific user to access the
domain from one pc  disallow the others

I meant to have this in my last post...

You could put the User Right Deny Logon Locally on all machines OTHER
than your kiosk machine to accomplish the other part of your scenario
(logging onto ONLY one machine).  The method mentioned below by Mike
would suffice also for that purpose.

Sorry for the extra junk in your mailbox ;-)  Have a good day!

Robert Williams, MCSE NT4/2K/2K3, Security+
Infrastructure Rapid Response Engineer
Northeast Region
Microsoft Corporation
Global Solutions Support Center

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of mike kline
Sent: Sunday, June 12, 2005 5:21 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] how to allow a specific user to access the
domain from one pc  disallow the others

To allow the user to only logon on to that machine go into their
Account Tab and use the Log On To feature and only allow access to
that particular machine.

You could deny everyone else the right to log on locally using a policy.

This is the setting in the GPO

Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment

Go into Log on Locally  remove Users, Power Users, and Backup
Operators then add this particular user.  I would not remove the
administrators but you can do that and just add your account in case
you ever need to access the machine interactively.

Thanks
Mike


On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote:


 Hello experts,

 

 I'm setting a kiosk machine, my question is how do I allow a specific
user
 to login  to my domain from only one machine  disallow other users
from
 logging from the same machine.

 

 Regards,
 DISCLAIMER:
 This electronic message transmission contains information from Qatar
Steel
 Company (QASCO)
 which may be confidential or privileged. The information is intended
to be
 for the use of
 the individual or entity named above. Be aware that any
disclosure,copying,
 distribution
 or use of the contents of this information,including attachments, is
 prohibited without
 the written consent of Qatar Steel Company (QASCO).


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO)
which  may be confidential or privileged. The information is intended to be for 
the use of
the individual or entity named above. Be aware that any disclosure,copying, 
distribution
or use of the contents of this information,including attachments, is prohibited 
without
the written consent of Qatar Steel Company (QASCO).

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others

2005-06-12 Thread Sharif Naser 

Thanks alot Mike, you have been very helpful
 
Sorry for not making myself clear. Can this be achieved in win2k domain 
environment.
I have already searched the web but i could not find a useful information
 
Any help in this regard is really highly appreciated.
 
Regards,

-Original Message- 
From: [EMAIL PROTECTED] on behalf of mike kline 
Sent: Sun 6/12/2005 4:03 PM 
To: ActiveDir@mail.activedir.org 
Cc: 
Subject: Re: [ActiveDir] how to allow a specific user to access the 
domain from one pc  disallow the others



This should help you

http://support.microsoft.com/kb/315231
How to turn on automatic logon in Windows XP

You are definitely taking a risk with this box on your domain in the
open like this.

Since this box will be in the open with no logon requirements you will
want to really tighten security on this box.

On top of the OS lockdowns at a minimum I would recommend putting a
password on the BIOS and prevent users from booting to a CD or USB
(easy enough to boot into Knoppix or use other methods to control of
the box)

Thanks
Mike




On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote:

 Thanks Mike  Robert.

 Now, I have a bonus question which is how do I allow automatic login 
so
 that I don't tag the password on the kiosk console.

 Regards

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams
 (RRE)
 Sent: Sunday, June 12, 2005 12:36 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] how to allow a specific user to access the
 domain from one pc  disallow the others

 I meant to have this in my last post...

 You could put the User Right Deny Logon Locally on all machines 
OTHER
 than your kiosk machine to accomplish the other part of your scenario
 (logging onto ONLY one machine).  The method mentioned below by Mike
 would suffice also for that purpose.

 Sorry for the extra junk in your mailbox ;-)  Have a good day!

 Robert Williams, MCSE NT4/2K/2K3, Security+
 Infrastructure Rapid Response Engineer
 Northeast Region
 Microsoft Corporation
 Global Solutions Support Center

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of mike kline
 Sent: Sunday, June 12, 2005 5:21 AM
 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] how to allow a specific user to access the
 domain from one pc  disallow the others

 To allow the user to only logon on to that machine go into their
 Account Tab and use the Log On To feature and only allow access to
 that particular machine.

 You could deny everyone else the right to log on locally using a 
policy.

 This is the setting in the GPO

 Computer Configuration\Windows Settings\Security Settings\Local
 Policies\User Rights Assignment

 Go into Log on Locally  remove Users, Power Users, and Backup
 Operators then add this particular user.  I would not remove the
 administrators but you can do that and just add your account in case
 you ever need to access the machine interactively.

 Thanks
 Mike


 On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote:
 
 
  Hello experts,
 
 
 
  I'm setting a kiosk machine, my question is how do I allow a 
specific
 user
  to login  to my domain from only one machine  disallow other users
 from
  logging from the same machine.
 
 
 
  Regards,
  DISCLAIMER:
  This electronic message transmission contains information from Qatar
 Steel
  Company (QASCO)
  which may be confidential or privileged. The information is intended
 to be
  for the use of
  the individual or entity named above. Be aware that any
 disclosure,copying,
  distribution
  or use of the contents of this information,including attachments, is
  prohibited without
  the written consent of Qatar Steel Company (QASCO).
 
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org

RE: [ActiveDir] kiosk setting

2005-05-30 Thread Sharif Naser 

Thanks guys,

I will add how to allow only kiosk users to access the kiosk machine.

Regards,

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brendan Kwolek
Sent: Monday, May 30, 2005 11:26 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] kiosk setting

Sharif;

We do something very very similar to this...sadly, we do it with reg 
hacks on individual users (since we don't have AD here yet -- stop 
yelling at me, I'm working on it ;))

Currently, we have no context menus, remove file and edit menus from IE, 
cannot create new icons on the desktop, and various other limited things 
to remove items from My Computer and the start menu

Note these are for some clinical workstations -- for other areas where 
we really need to be strict, we've managed to enforce some policies 
(since they're connecting to 2000 Server via Terminal Services)

If you need the reg hacks to at least see which sections of the registry 
need to be modified, let me know and I'll paste them into an email...

Thx

Brendan

(P.S. -- Anyone have suggestions for convincing your boss that AD is a 
necessity other than the usual this would make our lives so much 
easier, and provide a better experience for our end users?)
(I'm kidding -- we're still working on getting something off the ground 
-- imagine a shop with the foresight to have set up an Enterprise 
Directory more than 5 years ago, but still doesn't use even so much as 
an NT domain for workstation authentication)

Wish us luck!


Sharif Naser wrote:

Hello exports,
 
how can i do the following in group policy:

1. No right click on the desktop.
2. standard buttons on ie like back (--) forward(--), No file menu,edit 
menu, view menu  tool menu but only help menu.
3. should not be able to create any document in the desktop.
4. should not be able to remove any icon from the desktop.

Regards,


DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO)
which  may be confidential or privileged. The information is intended to be 
for the use of 
the individual or entity named above. Be aware that any disclosure,copying, 
distribution 
or use of the contents of this information,including attachments, is 
prohibited without 
the written consent of Qatar Steel Company (QASCO).

[EMAIL PROTECTED]  
Vry-4ibb/===


This email message and any attachments are intended only for the use of the 
individual to which it is addressed, and may contain information that is 
privileged, confidential and exempt from disclosure under applicable law. If 
the recipient of this email is not the intended recipient (or the employee or 
agent responsible for delivering the email to the intended recipient), you are 
hereby notified that any review, dissemination, distribution or copying or 
other use of this message is strictly prohibited. If you have received this 
communication in error, please notify the sender immediately by return email 
and delete this message and attachments from your system. Thank You.



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO)
which  may be confidential or privileged. The information is intended to be for 
the use of 
the individual or entity named above. Be aware that any disclosure,copying, 
distribution 
or use of the contents of this information,including attachments, is prohibited 
without 
the written consent of Qatar Steel Company (QASCO).

[EMAIL PROTECTED]   Vry4i

[ActiveDir] shutdown of all clients machines remotely

2005-03-23 Thread Sharif Naser 








Hello experts,



How can i issue a shutdown (restart)
to all the clients machines on my domain.



Regards,



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

[ActiveDir] upgrading domain controllers to windows 2k3

2005-03-20 Thread Sharif Naser 








Hello experts,



I have windows two 2k domain controllers  want to upgrade
(migrate) them to windows 2k3. Can somebody outline the best practices for
doing this activity in a procedural way?





Regards,



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

[ActiveDir] upgrading from windows 2000 exchange 2000 to window2k3 exchange 2003

2005-03-07 Thread Sharif Naser 








Hello experts,



We need to upgrade our existing 2000 environment to windows
2003 environment. How can i do that smoothly without
any hassle?



At this moment, Im in process of taking one extra
domain controller (has no role) from the existing active directory structure 
isolate it in a separate network to try the upgrade.



Is this the right scenario otherwise how can I replicate my
domain controllers in different hardware  do an upgrade test.



Is there any recommendation I need to be aware of.



Regards,









DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

RE: [ActiveDir] lsass.exe hogs my domain controller cpu

2005-03-02 Thread Sharif Naser 









Thanks a lot guys,



Im afraid it was not the right KB
article but I do appreciate your response. On the other hand I did my home work
in order to find a solution for this problem.

Unfortunately, my home work was
unfruitful.



Now, the good news is that the problem was
solved through solving an exchange problem I dont know whether this
could be a coincident but this is what happened



Finally, I need to know how do you collect
network trace  what is SPA data.





Thanks  best regards,

Sharif



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto
Sent: Tuesday, March 01, 2005 5:26 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] lsass.exe
hogs my domain controller cpu



Sorry, tried to help in a very quick and dirty way.
;-))



I agree that researching is always better than guessing!



On the other side please tell if I've thrown the correct KB article
so I can start running to buy a lotto ticket... ;-))



Jorge













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Tuesday, March 01, 2005
14:49
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] lsass.exe
hogs my domain controller cpu

Jorge, the problem with
throwing a KB at it is that there are hundreds..probably
thousands..of things that could cause this. With the data provided, it
is nearly impossible to effectively diagnose the problem. This KB could be it,
and if it is, I suggest you go out and buy a lotto ticket immediately. :)



This is my standard
action plan I use for high lsass/dsamain utilization cases:

0) During the problem state please collect 3-5 dumps of lsass using
adplus as follows: adplus Hang p 123 o c:\dumps
(instead of 123 use the PID of lsass please)

1) During the problem please collect a network trace with a duration
of at least 2 minutes in length

2) If on 2k3, collect =5 minutes worth of SPA data. Set SPA to
data only mode, and just zip up the transfer directory. We can compile it
after.

















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto
Sent: Tuesday, March 01, 2005 1:28
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] lsass.exe
hogs my domain controller cpu





See the following if it applies:

http://support.microsoft.com/Default.aspx?kbid=842382

Jorge













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif
 Naser
Sent: Tuesday, March 01, 2005
08:22
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] lsass.exe
hogs my domain controller cpu

Hello experts,



Lsass.exe hogs my domain controllers
cpu (99%), what could be the reason for this, how do I get rid off this
problem.



Machine was started twice but the problem
still persists.

By the way, machines has advanced
windows 2000 with sp4.



Regards,

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel
Company (QASCO) which may be confidential or privileged. The information is intended
to be for the use of the individual or entity named above. Be aware that any
disclosure, copying, distribution or use of the contents of this information,
including attachments, is prohibited without the written consent of Qatar Steel
Company (QASCO). 


This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.


This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

[ActiveDir] lsass.exe hogs my domain controller cpu

2005-02-28 Thread Sharif Naser 








Hello experts,



Lsass.exe hogs my domain controllers cpu (99%), what could be the reason for this, how do I
get rid off this problem.



Machine was started twice but the problem still persists.

By the way, machines has advanced windows 2000 with sp4.



Regards,



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

[ActiveDir] win32 time service in domain controllers

2005-02-21 Thread Sharif Naser 








Hello experts,



I set the time properly in my domain controllers  after
one month the system clock is late by 5 minutes.



How could this happen, how do I make sure this will never happen
again.



Regards,



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

RE: [ActiveDir] win32 time service in domain controllers

2005-02-21 Thread Sharif Naser 









My domain controllers synchronize with the
system clock of one of the domain controllers. No external time source servers



Regards,



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe
Sent: Tuesday, February 22, 2005 10:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] win32
time service in domain controllers



You don't specify what
system clock is off by 5 minutes but for fun I will assume all system clocks in
your forest. To that I ask... Are you syncing your forests to an external
authoritative source? There is a time service available because computers tend
to not keep time all that great and need constant adjustments. You do this by
pointing a couple of your forest root DCs (specifically anything that can
become the PDC of the root domain) to some external authoritative source and
then let the rest of your environment autosync to (eventually) these servers.



 joe









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Sent: Tuesday, February 22, 2005 1:47 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] win32 time
service in domain controllers

Hello experts,



I set the time properly in my domain
controllers  after one month the system clock is late by 5 minutes.



How could this happen, how do I make
sure this will never happen again.



Regards,

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel
Company (QASCO) which may be confidential or privileged. The information is
intended to be for the use of the individual or entity named above. Be aware
that any disclosure, copying, distribution or use of the contents of this
information, including attachments, is prohibited without the written consent
of Qatar Steel Company (QASCO). 



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

RE: [ActiveDir] win32 time service in domain controllers

2005-02-21 Thread Sharif Naser 








Guys,



My network is simple two domain controllers(
win 2000). Pdc is the my
time server for the domain. Now why my domain controllers
time changed to 5 minutes late. Is this normal or could happen. What are the
causes?





Regards,



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saleem, Mohamed Yunus
Sent: Tuesday, February 22, 2005
10:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] win32
time service in domain controllers



I believe that domain
controller which you use as the time source to sync other DCs will be monitored
and time adjusted to suit the correct time.



I have made one server to
sync with time.windows.com. Then let all other servers including DCs to sync
with this one server. Internally my time server is that server which syncs with
the external time source. 



There are other time
sources externally from where you can sync your server. The info is at

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262680



in our environment
sometimes I do get serious problems with the XP clients as they are out of time
sync with the DC.











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Sent: Tuesday, February 22, 2005
10:11 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] win32
time service in domain controllers





My domain controllers
synchronize with the system clock of one of the domain controllers. No external
time source servers



Regards,



-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, February 22, 2005
10:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] win32
time service in domain controllers



You
don't specify what system clock is off by 5 minutes but for fun I will assume
all system clocks in your forest. To that I ask... Are you syncing your forests
to an external authoritative source? There is a time service available because
computers tend to not keep time all that great and need constant adjustments.
You do this by pointing a couple of your forest root DCs (specifically anything
that can become the PDC of the root domain) to some external authoritative
source and then let the rest of your environment autosync to (eventually) these
servers.




joe













From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Sent: Tuesday, February 22, 2005
1:47 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] win32 time
service in domain controllers

Hello experts,



I set the time properly in my domain
controllers  after one month the system clock is late by 5 minutes.



How could this happen, how do I make
sure this will never happen again.



Regards,

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel
Company (QASCO) which may be confidential or privileged. The information is
intended to be for the use of the individual or entity named above. Be aware
that any disclosure, copying, distribution or use of the contents of this
information, including attachments, is prohibited without the written consent
of Qatar Steel Company (QASCO). 

DISCLAIMER:
This electronic message transmission contains information from Qatar Steel
Company (QASCO) which may be confidential or privileged. The information is
intended to be for the use of the individual or entity named above. Be aware
that any disclosure, copying, distribution or use of the contents of this
information, including attachments, is prohibited without the written consent
of Qatar Steel Company (QASCO).



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).

RE: [ActiveDir] oracle directory service integration with windows 2000 active directory

2004-12-20 Thread Sharif Naser 

oracle guys need to know what kind of operation  has occured in active 
directory which is associated with a certain usnchanged number at the time that 
operation took place. is that possible like can i read the active directory log 
 know what operation has been done in active directory.

regards,

-Original Message-
From:   [EMAIL PROTECTED] on behalf of Mulnick, Al
Sent:   Mon 12/20/2004 7:07 PM
To: ActiveDir@mail.activedir.org
Cc: 
Subject:RE: [ActiveDir] oracle directory service integration with 
windows 2000 active directory
Can you reword that another way?  What are you trying to accomplish in this?


Your subject says one thing, but your question says another the way I read
it.

Al 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser
Sent: Sunday, December 19, 2004 4:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] oracle directory service integration with windows 2000
active directory

Hello All,
 
How do I know the operation which has been done on windows 2000 active
directory  identified by a certain usnchangednumber.
 
Regards,
DISCLAIMER:
This electronic message transmission contains information from Qatar Steel
Company (QASCO) which may be confidential or privileged. The information is
intended to be for the use of the individual or entity named above. Be aware
that any disclosure, copying, distribution or use of the contents of this
information, including attachments, is prohibited without the written
consent of Qatar Steel Company (QASCO).
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/





DISCLAIMER:
This electronic message transmission contains information from Qatar Steel 
Company (QASCO) which may be confidential or privileged. The information is 
intended to be for the use of the individual or entity named above. Be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, including attachments, is prohibited without the written consent 
of Qatar Steel Company (QASCO).
winmail.dat

[ActiveDir] oracle directory service integration with windows 2000 active directory

2004-12-19 Thread Sharif Naser 








Hello All,



How do I know the operation which has been done on windows
2000 active directory  identified by a certain usnchangednumber.



Regards,



DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).