[ActiveDir] bulk user creation
Title: Message Hello All, I have a round 350 users to be created with their mailboxes in windows 2003, what is the best way to automate the process or delegate this job to two account operators. Any suggestions are highly recommended. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
RE: [ActiveDir] internet explorer is frozen
Thanks ken I re-started my domain controllers ,deleted alias record from dns added again. I was getting dns errors 4004,4015 and 4016. I'm watching the DNS and see whether those errors will come again or not. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Wednesday, March 15, 2006 1:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] internet explorer is frozen As mentioned before, please get a packet capture using Ethereal or Netmon. Then we can see what's actually happening on the network. Cheers Ken : -Original Message- : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Sharif Naser : Sent: Wednesday, 15 March 2006 6:03 PM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] internet explorer is frozen : : : If I try to access the web server by ip address or the hostname it : works. : I mean IE just hung with connecting to site message down and does not : display anything. : : Regards, : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer : Sent: Wednesday, March 15, 2006 9:55 AM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] internet explorer is frozen : : --- Original Message --- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser : Subject: [ActiveDir] internet explorer is frozen : : Internal explorer is frozen, I' m trying to access : : an internal site but it shows connecting to site : : and frozen. : : : DNS is working fine, what could be the reason for IE : : not being able to resolve names. : : How do you know that the problem is IE resolving names? There doesn't : seem to : be any evidence that this is the problem. Maybe the problem is simply : that : the webserver is not responding. : : Get a packet capture using Ethereal to see what's actually being placed : onto : the network. : : Cheers : Ken List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] internet explorer is frozen
Yes, I was able. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Olivarez, Sergio J Mr CTNOSC/GD-NS Sent: Wednesday, March 15, 2006 6:18 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] internet explorer is frozen Before you deleted the CNAME record were you able to resolve the CNAME record using nslookup? Thanks... ... ... ... Sergio J. Olivarez - Contractor GD-NS -Original Message- From: Sharif Naser [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 4:01 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] internet explorer is frozen Thanks ken I re-started my domain controllers ,deleted alias record from dns added again. I was getting dns errors 4004,4015 and 4016. I'm watching the DNS and see whether those errors will come again or not. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Wednesday, March 15, 2006 1:47 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] internet explorer is frozen As mentioned before, please get a packet capture using Ethereal or Netmon. Then we can see what's actually happening on the network. Cheers Ken : -Original Message- : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Sharif Naser : Sent: Wednesday, 15 March 2006 6:03 PM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] internet explorer is frozen : : : If I try to access the web server by ip address or the hostname it : works. : I mean IE just hung with connecting to site message down and does not : display anything. : : Regards, : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer : Sent: Wednesday, March 15, 2006 9:55 AM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] internet explorer is frozen : : --- Original Message --- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser : Subject: [ActiveDir] internet explorer is frozen : : Internal explorer is frozen, I' m trying to access : : an internal site but it shows connecting to site : : and frozen. : : : DNS is working fine, what could be the reason for IE : : not being able to resolve names. : : How do you know that the problem is IE resolving names? There doesn't : seem to : be any evidence that this is the problem. Maybe the problem is simply : that : the webserver is not responding. : : Get a packet capture using Ethereal to see what's actually being placed : onto : the network. : : Cheers : Ken List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] internet explorer is frozen
If I try to access the web server by ip address or the hostname it works. I mean IE just hung with connecting to site message down and does not display anything. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Wednesday, March 15, 2006 9:55 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] internet explorer is frozen --- Original Message --- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Subject: [ActiveDir] internet explorer is frozen Internal explorer is frozen, I' m trying to access an internal site but it shows connecting to site and frozen. DNS is working fine, what could be the reason for IE not being able to resolve names. How do you know that the problem is IE resolving names? There doesn't seem to be any evidence that this is the problem. Maybe the problem is simply that the webserver is not responding. Get a packet capture using Ethereal to see what's actually being placed onto the network. Cheers Ken List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] internet explorer is frozen
If I access the web site by using alias into the url as we do always it hangs but if I access by the hostname , it goes fine. Regards, -Original Message- From: Sharif Naser Sent: Wednesday, March 15, 2006 10:03 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] internet explorer is frozen If I try to access the web server by ip address or the hostname it works. I mean IE just hung with connecting to site message down and does not display anything. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Wednesday, March 15, 2006 9:55 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] internet explorer is frozen --- Original Message --- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Subject: [ActiveDir] internet explorer is frozen Internal explorer is frozen, I' m trying to access an internal site but it shows connecting to site and frozen. DNS is working fine, what could be the reason for IE not being able to resolve names. How do you know that the problem is IE resolving names? There doesn't seem to be any evidence that this is the problem. Maybe the problem is simply that the webserver is not responding. Get a packet capture using Ethereal to see what's actually being placed onto the network. Cheers Ken List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] EVENT 1083
We have around 500 users, two DCs only one site. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Sunday, February 12, 2006 1:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] EVENT 1083 maybe your DC is very busy :-) can you give us some more details on your environment? How many users / how many DCs / is thisa hub-site DC that's replicating changes from many branch office DCs ? etc... /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Sent: Sonntag, 12. Februar 2006 09:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] EVENT 1083 Hello experts, Why Im getting this the following warning very often. Regards, Event Type: Warning Event Source: NTDS Replication Event Category: Replication Event ID: 1083 Date: 2/12/2006 Time: 10:44:57 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: QASCODC2 Description: Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information. Object: CN=EL SAYED MOHD.ABDEL HAMID MOUSA,OU=Manufacturing,OU=Production--(D),OU=QASCO-ORG,DC=qasco,DC=com,DC=qa Network address: 1ef2aa44-896c-4512-b59b-323c246afe06._msdcs.qasco.com.qa This operation will be tried again later. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
[ActiveDir] removing my computer icon recycle bin on windows 2000 from desktop through editing the registry keys
Hello, Could any body tell me how do I remove my computer icon recycle bin from desktop on windows 2000 through registry key. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
[ActiveDir] Disabling tools menu in IE through group policy in windows 2000 domain
Hello experts, How can I disable the tools menu in IE through group policy in windows 2000 domain? Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others
Hi Mike, Sorry again for not reading your answer properly, anyway if automatic login needs to be enabled on windows 2000 domain , i need to add default domain, default user name , default password change AutoAdminLogon key from 0 to 1. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Sent: Sunday, June 12, 2005 9:27 PM To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others Thanks alot Mike, you have been very helpful Sorry for not making myself clear. Can this be achieved in win2k domain environment. I have already searched the web but i could not find a useful information Any help in this regard is really highly appreciated. Regards, -Original Message- From: [EMAIL PROTECTED] on behalf of mike kline Sent: Sun 6/12/2005 4:03 PM To: ActiveDir@mail.activedir.org Cc: Subject: Re: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others This should help you http://support.microsoft.com/kb/315231 How to turn on automatic logon in Windows XP You are definitely taking a risk with this box on your domain in the open like this. Since this box will be in the open with no logon requirements you will want to really tighten security on this box. On top of the OS lockdowns at a minimum I would recommend putting a password on the BIOS and prevent users from booting to a CD or USB (easy enough to boot into Knoppix or use other methods to control of the box) Thanks Mike On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote: Thanks Mike Robert. Now, I have a bonus question which is how do I allow automatic login so that I don't tag the password on the kiosk console. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Sunday, June 12, 2005 12:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others I meant to have this in my last post... You could put the User Right Deny Logon Locally on all machines OTHER than your kiosk machine to accomplish the other part of your scenario (logging onto ONLY one machine). The method mentioned below by Mike would suffice also for that purpose. Sorry for the extra junk in your mailbox ;-) Have a good day! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Sunday, June 12, 2005 5:21 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others To allow the user to only logon on to that machine go into their Account Tab and use the Log On To feature and only allow access to that particular machine. You could deny everyone else the right to log on locally using a policy. This is the setting in the GPO Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Go into Log on Locally remove Users, Power Users, and Backup Operators then add this particular user. I would not remove the administrators but you can do that and just add your account in case you ever need to access the machine interactively. Thanks Mike On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote: Hello experts, I'm setting a kiosk machine, my question is how do I allow a specific user to login to my domain from only one machine disallow other users from logging from the same machine. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use
[ActiveDir] how to allow a specific user to access the domain from one pc disallow the others
Hello experts, Im setting a kiosk machine, my question is how do I allow a specific user to login to my domain from only one machine disallow other users from logging from the same machine. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others
Thanks Mike Robert. Now, I have a bonus question which is how do I allow automatic login so that I don't tag the password on the kiosk console. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Sunday, June 12, 2005 12:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others I meant to have this in my last post... You could put the User Right Deny Logon Locally on all machines OTHER than your kiosk machine to accomplish the other part of your scenario (logging onto ONLY one machine). The method mentioned below by Mike would suffice also for that purpose. Sorry for the extra junk in your mailbox ;-) Have a good day! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Sunday, June 12, 2005 5:21 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others To allow the user to only logon on to that machine go into their Account Tab and use the Log On To feature and only allow access to that particular machine. You could deny everyone else the right to log on locally using a policy. This is the setting in the GPO Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Go into Log on Locally remove Users, Power Users, and Backup Operators then add this particular user. I would not remove the administrators but you can do that and just add your account in case you ever need to access the machine interactively. Thanks Mike On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote: Hello experts, I'm setting a kiosk machine, my question is how do I allow a specific user to login to my domain from only one machine disallow other users from logging from the same machine. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others
Thanks alot Mike, you have been very helpful Sorry for not making myself clear. Can this be achieved in win2k domain environment. I have already searched the web but i could not find a useful information Any help in this regard is really highly appreciated. Regards, -Original Message- From: [EMAIL PROTECTED] on behalf of mike kline Sent: Sun 6/12/2005 4:03 PM To: ActiveDir@mail.activedir.org Cc: Subject: Re: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others This should help you http://support.microsoft.com/kb/315231 How to turn on automatic logon in Windows XP You are definitely taking a risk with this box on your domain in the open like this. Since this box will be in the open with no logon requirements you will want to really tighten security on this box. On top of the OS lockdowns at a minimum I would recommend putting a password on the BIOS and prevent users from booting to a CD or USB (easy enough to boot into Knoppix or use other methods to control of the box) Thanks Mike On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote: Thanks Mike Robert. Now, I have a bonus question which is how do I allow automatic login so that I don't tag the password on the kiosk console. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Williams (RRE) Sent: Sunday, June 12, 2005 12:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others I meant to have this in my last post... You could put the User Right Deny Logon Locally on all machines OTHER than your kiosk machine to accomplish the other part of your scenario (logging onto ONLY one machine). The method mentioned below by Mike would suffice also for that purpose. Sorry for the extra junk in your mailbox ;-) Have a good day! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mike kline Sent: Sunday, June 12, 2005 5:21 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] how to allow a specific user to access the domain from one pc disallow the others To allow the user to only logon on to that machine go into their Account Tab and use the Log On To feature and only allow access to that particular machine. You could deny everyone else the right to log on locally using a policy. This is the setting in the GPO Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment Go into Log on Locally remove Users, Power Users, and Backup Operators then add this particular user. I would not remove the administrators but you can do that and just add your account in case you ever need to access the machine interactively. Thanks Mike On 6/12/05, Sharif Naser [EMAIL PROTECTED] wrote: Hello experts, I'm setting a kiosk machine, my question is how do I allow a specific user to login to my domain from only one machine disallow other users from logging from the same machine. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org
RE: [ActiveDir] kiosk setting
Thanks guys, I will add how to allow only kiosk users to access the kiosk machine. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brendan Kwolek Sent: Monday, May 30, 2005 11:26 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] kiosk setting Sharif; We do something very very similar to this...sadly, we do it with reg hacks on individual users (since we don't have AD here yet -- stop yelling at me, I'm working on it ;)) Currently, we have no context menus, remove file and edit menus from IE, cannot create new icons on the desktop, and various other limited things to remove items from My Computer and the start menu Note these are for some clinical workstations -- for other areas where we really need to be strict, we've managed to enforce some policies (since they're connecting to 2000 Server via Terminal Services) If you need the reg hacks to at least see which sections of the registry need to be modified, let me know and I'll paste them into an email... Thx Brendan (P.S. -- Anyone have suggestions for convincing your boss that AD is a necessity other than the usual this would make our lives so much easier, and provide a better experience for our end users?) (I'm kidding -- we're still working on getting something off the ground -- imagine a shop with the foresight to have set up an Enterprise Directory more than 5 years ago, but still doesn't use even so much as an NT domain for workstation authentication) Wish us luck! Sharif Naser wrote: Hello exports, how can i do the following in group policy: 1. No right click on the desktop. 2. standard buttons on ie like back (--) forward(--), No file menu,edit menu, view menu tool menu but only help menu. 3. should not be able to create any document in the desktop. 4. should not be able to remove any icon from the desktop. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). [EMAIL PROTECTED] Vry-4ibb/=== This email message and any attachments are intended only for the use of the individual to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the recipient of this email is not the intended recipient (or the employee or agent responsible for delivering the email to the intended recipient), you are hereby notified that any review, dissemination, distribution or copying or other use of this message is strictly prohibited. If you have received this communication in error, please notify the sender immediately by return email and delete this message and attachments from your system. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure,copying, distribution or use of the contents of this information,including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). [EMAIL PROTECTED] Vry4i
[ActiveDir] shutdown of all clients machines remotely
Hello experts, How can i issue a shutdown (restart) to all the clients machines on my domain. Regards, DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
[ActiveDir] upgrading domain controllers to windows 2k3
Hello experts, I have windows two 2k domain controllers want to upgrade (migrate) them to windows 2k3. Can somebody outline the best practices for doing this activity in a procedural way? Regards, DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
[ActiveDir] upgrading from windows 2000 exchange 2000 to window2k3 exchange 2003
Hello experts, We need to upgrade our existing 2000 environment to windows 2003 environment. How can i do that smoothly without any hassle? At this moment, Im in process of taking one extra domain controller (has no role) from the existing active directory structure isolate it in a separate network to try the upgrade. Is this the right scenario otherwise how can I replicate my domain controllers in different hardware do an upgrade test. Is there any recommendation I need to be aware of. Regards, DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
RE: [ActiveDir] lsass.exe hogs my domain controller cpu
Thanks a lot guys, Im afraid it was not the right KB article but I do appreciate your response. On the other hand I did my home work in order to find a solution for this problem. Unfortunately, my home work was unfruitful. Now, the good news is that the problem was solved through solving an exchange problem I dont know whether this could be a coincident but this is what happened Finally, I need to know how do you collect network trace what is SPA data. Thanks best regards, Sharif -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Tuesday, March 01, 2005 5:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] lsass.exe hogs my domain controller cpu Sorry, tried to help in a very quick and dirty way. ;-)) I agree that researching is always better than guessing! On the other side please tell if I've thrown the correct KB article so I can start running to buy a lotto ticket... ;-)) Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, March 01, 2005 14:49 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] lsass.exe hogs my domain controller cpu Jorge, the problem with throwing a KB at it is that there are hundreds..probably thousands..of things that could cause this. With the data provided, it is nearly impossible to effectively diagnose the problem. This KB could be it, and if it is, I suggest you go out and buy a lotto ticket immediately. :) This is my standard action plan I use for high lsass/dsamain utilization cases: 0) During the problem state please collect 3-5 dumps of lsass using adplus as follows: adplus Hang p 123 o c:\dumps (instead of 123 use the PID of lsass please) 1) During the problem please collect a network trace with a duration of at least 2 minutes in length 2) If on 2k3, collect =5 minutes worth of SPA data. Set SPA to data only mode, and just zip up the transfer directory. We can compile it after. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Tuesday, March 01, 2005 1:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] lsass.exe hogs my domain controller cpu See the following if it applies: http://support.microsoft.com/Default.aspx?kbid=842382 Jorge From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Sent: Tuesday, March 01, 2005 08:22 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] lsass.exe hogs my domain controller cpu Hello experts, Lsass.exe hogs my domain controllers cpu (99%), what could be the reason for this, how do I get rid off this problem. Machine was started twice but the problem still persists. By the way, machines has advanced windows 2000 with sp4. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
[ActiveDir] lsass.exe hogs my domain controller cpu
Hello experts, Lsass.exe hogs my domain controllers cpu (99%), what could be the reason for this, how do I get rid off this problem. Machine was started twice but the problem still persists. By the way, machines has advanced windows 2000 with sp4. Regards, DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
[ActiveDir] win32 time service in domain controllers
Hello experts, I set the time properly in my domain controllers after one month the system clock is late by 5 minutes. How could this happen, how do I make sure this will never happen again. Regards, DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
RE: [ActiveDir] win32 time service in domain controllers
My domain controllers synchronize with the system clock of one of the domain controllers. No external time source servers Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, February 22, 2005 10:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] win32 time service in domain controllers You don't specify what system clock is off by 5 minutes but for fun I will assume all system clocks in your forest. To that I ask... Are you syncing your forests to an external authoritative source? There is a time service available because computers tend to not keep time all that great and need constant adjustments. You do this by pointing a couple of your forest root DCs (specifically anything that can become the PDC of the root domain) to some external authoritative source and then let the rest of your environment autosync to (eventually) these servers. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Sent: Tuesday, February 22, 2005 1:47 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] win32 time service in domain controllers Hello experts, I set the time properly in my domain controllers after one month the system clock is late by 5 minutes. How could this happen, how do I make sure this will never happen again. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
RE: [ActiveDir] win32 time service in domain controllers
Guys, My network is simple two domain controllers( win 2000). Pdc is the my time server for the domain. Now why my domain controllers time changed to 5 minutes late. Is this normal or could happen. What are the causes? Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saleem, Mohamed Yunus Sent: Tuesday, February 22, 2005 10:22 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] win32 time service in domain controllers I believe that domain controller which you use as the time source to sync other DCs will be monitored and time adjusted to suit the correct time. I have made one server to sync with time.windows.com. Then let all other servers including DCs to sync with this one server. Internally my time server is that server which syncs with the external time source. There are other time sources externally from where you can sync your server. The info is at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262680 in our environment sometimes I do get serious problems with the XP clients as they are out of time sync with the DC. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Sent: Tuesday, February 22, 2005 10:11 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] win32 time service in domain controllers My domain controllers synchronize with the system clock of one of the domain controllers. No external time source servers Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, February 22, 2005 10:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] win32 time service in domain controllers You don't specify what system clock is off by 5 minutes but for fun I will assume all system clocks in your forest. To that I ask... Are you syncing your forests to an external authoritative source? There is a time service available because computers tend to not keep time all that great and need constant adjustments. You do this by pointing a couple of your forest root DCs (specifically anything that can become the PDC of the root domain) to some external authoritative source and then let the rest of your environment autosync to (eventually) these servers. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Sent: Tuesday, February 22, 2005 1:47 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] win32 time service in domain controllers Hello experts, I set the time properly in my domain controllers after one month the system clock is late by 5 minutes. How could this happen, how do I make sure this will never happen again. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).
RE: [ActiveDir] oracle directory service integration with windows 2000 active directory
oracle guys need to know what kind of operation has occured in active directory which is associated with a certain usnchanged number at the time that operation took place. is that possible like can i read the active directory log know what operation has been done in active directory. regards, -Original Message- From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Mon 12/20/2004 7:07 PM To: ActiveDir@mail.activedir.org Cc: Subject:RE: [ActiveDir] oracle directory service integration with windows 2000 active directory Can you reword that another way? What are you trying to accomplish in this? Your subject says one thing, but your question says another the way I read it. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharif Naser Sent: Sunday, December 19, 2004 4:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] oracle directory service integration with windows 2000 active directory Hello All, How do I know the operation which has been done on windows 2000 active directory identified by a certain usnchangednumber. Regards, DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ DISCLAIMER: This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO). winmail.dat
[ActiveDir] oracle directory service integration with windows 2000 active directory
Hello All, How do I know the operation which has been done on windows 2000 active directory identified by a certain usnchangednumber. Regards, DISCLAIMER:This electronic message transmission contains information from Qatar Steel Company (QASCO) which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. Be aware that any disclosure, copying, distribution or use of the contents of this information, including attachments, is prohibited without the written consent of Qatar Steel Company (QASCO).