RE: [ActiveDir] [ActiveDir Digest]
Jeri, System ODBC DSN's are stored in the registry at HKLM\SOFTWARE\ODBC\ODBC.INI\DSN NAME. The DSN names themselves are listed as values in HKLM\SOFTWARE\ODBC\ODBC.INI\ODBC Data Sources If you create the DSN's you need by hand, then you can export them to a reg file and build a custom ADM file around it. Be aware that these are system DSN's, so they apply to the machine. If users from different OU's need the same DSN name, but with different parameters, then you will need to use user level DSN's, which are in the same location but in HKCU. Jef -Original Message- From: Bland, Jeri [mailto:[EMAIL PROTECTED] Sent: Monday, May 15, 2006 4:38 PM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] [ActiveDir Digest] Is there a way to set up Group Policy to direct two different OUs at login to connect to their respective system DSNs pointing to specific SQL databases running on the same terminal server? Am I even saying this right? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT - Clear IE Cache on Remote machines
Or (remotely) delete the "c:\documents and settings\username\Local Settings\Temporary Internet Files" folder prior to the migration. You could have a script got the machine remotely, enumerate all the user accounts in documents and settings and remove the folder. This will definitely improve the speed of your migration. Jef From: Steve Rochford [mailto:[EMAIL PROTECTED] Sent: Thursday, January 26, 2006 05:44 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT - Clear IE Cache on Remote machines Not quite the answer you want, but I suspect it's taking ages because the cache size has defaulted to several hundred megabytes. If you set the cache size lower (we use 4Mb) then it won't take so long to migrate. In our login script we have (watch for wrapping- second and third lines are all one line) to set this. Steve set oShell=createobject(wscript.shell) oShell.RegWrite HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit,4096,REG_DWORD From: [EMAIL PROTECTED] on behalf of Mengwasser, Kevin Sent: Wed 25/01/2006 17:54 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT - Clear IE Cache on Remote machines I realize that this is off topic, but related in a way,so forgive me. I've searched through Google and the list archives and did not find an answer to this question I have around a 1000 xp and win2000 machines in an NT domain that I'm getting ready to migrate to AD. The problem is that ADMT v3 takes forever to migrate the user profiles on most pilot machines. As I'm watching the machines migrate it seems to take forever on the IE cache. So what I would like to do is remotely clear the IE cachefor all of the users profiles on themachinesbefore I migrate them. Is there a utility to do this or a way to script it? Thanks. *** CONFIDENTIALITY STATEMENT: This e-mail and any attachments are intended only for those to which it is addressed and may contain information which is privileged, confidential and prohibited from disclosure and unauthorized use under applicable law. If you are not the intended recipient of this e-mail, you are hereby notified that any use, dissemination, or copying of this e-mail or the information contained in this e-mail is strictly prohibited by the sender. If you have received this transmission in error, please return the material received to the sender and delete all copies from your system.
RE: [ActiveDir] GPO problem - Network card disappearing
Aaron, I have had this happen to me also. The way to fix this is as follows: - run mmc. - Add the security configuration and analysis snapin - Create a database - Import the setup security.inf - Right click the server icon and select analyze computer now. - You'll see that under local policies/user rights assignment in the computer setting column most service accounts will have been removed. - Check the other settings and make sure your account policies are correct (change them if necessary). - Right click the server icon and select configure computer now. This will set all your user rights back the way they were. - Reboot and you should be fine. Good luck. Jef From: Joseph B. Luptak [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 14:16 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] GPO problem - Network card disappearing We had this issue occur with systems also. Turned up to be an issue with the firewall configuration on the PCs. This configuration problem was created by group policy, which was limiting the services... which created a problem with SP2 for XP which used different services then XP SP1. Not sure if this helps, but you can check this by placing a new system into a OU with blocking any GPO from getting to it to see if this resolves the issue after a few reboots. Joseph B. Luptak Information Resources Group, Advanced Technology Program National Institute of Standards and Technology [EMAIL PROTECTED] (301) 975-3940 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Steele [BSD] - ADM Sent: Wednesday, January 11, 2006 11:57 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] GPO problem - Network card disappearing Hi all, I was wondering if anyone here had experienced something, and if so, had any advice. On a few systems, mostly servers, but a couple desktops as well, we setup a version of the Microsoft High Security policy, at an OU level that applied to some machines. Upon application and first reboot, all seems to work perfectly. If we reboot the machine again, while booting, the machine begins to process the GPO and then loses it's network connectivity. The network cards no longer appear inside the Network Connections folder. If one were to run ipconfig /all the network connections appear, and have IP address information associated to them. The machine can not ping out, nor respond to ping from outside. Thanks for any help that can be given. /aaron Aaron Steele University of Chicago Enterprise Systems Administrator P: 773.834.9099 E: [EMAIL PROTECTED] This email is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this email message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is prohibited. If you have received this email in error, please notify the sender and destroy/delete all copies of the transmittal. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: FTP server
Bryan, We prefer a VPN also, but one of our clients wanted to use GnuPG instead. This is an open source encryption tool and is easily scripted. We used vbscript to encapsulate the encryption and ftp processes and WinPT to manage the keys. Jef -Original Message- From: Bryan Schlegel [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 10:27 To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: FTP server Anyone know of a good FTP server that uses PGP or some type of encryption for passing traffic? I was looking at just using the Windows 2000 IIS 5.0 FTP server, but apparently my manager promised a client of ours some type of encrypted ftp server. I know this is way off topic here but, but my solution really needs to be low maintenance on the administrative side. Our environment is completely Windows 2000. The box hasn't been added to the domain and it's on a DMZ separated from out network. If I had my way we'd be outsourcing this or making the client do it. I just thought someone might know of a good product that works well with Windows 2000 Server. Thanks for any advise and sorry for being so far in OT field. - Bryan List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Modifying Multiple Active Directory User Accountsat Once
I'm not sure about an TS specific login script option in AD, but in our TS/Citrix environment we have solved this using the %systemroot%\system32\usrlogn.cmd command file mechanism. The usrlogon.cmd file gets called by default when a user logs on. From the .cmd file we would call a separate script that checks the user's group membership and maps the appropriate drive. I know this is not a centrally controlled file, but does the job. Another method may be using the regular AD logon script and check the %computername% environment variable. When you are on your app server, and the user belongs to the appropriate security group, map the drive. Good luck Jef -Original Message- From: Devan Pala [mailto:dpala;hotmail.com] Sent: Thursday, October 24, 2002 10:07 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Modifying Multiple Active Directory User Accounts at Once Hello all, While on the subject of Citrix/ Terminal Services, has anyone come across the need to modify the user object class to include an attribute for 'Login Scripts' with the 'Terminal Server Profile'? There is a need for us to run another login script to map some drives to a data-sensitive app. server through published applications on MetaFrame. I quickly poked around in ADSI without really knowing what to look for? I'm not sure if this is even supported with the architecture surrounding the logon process (netlogon) etc. Just looking for ideas! Thanks for your help... Original Message Follows From: Keith Williams [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [ActiveDir] Modifying Multiple Active Directory User Accounts at Once Date: Thu, 24 Oct 2002 09:26:35 +0100 Thanks for this guys! I also found a couple of very useful applications which aid with AD maintenance, one aimed specifically at user, share and acl maintenance and the other at entire AD maintenance. Not sure I should be advertising these products on this list, so if you want to know what they are drop me an email. Thanks for your help, Keith -Original Message- From: De Schepper Marc [mailto:marc.de.schepper;staff.telenet.be] Sent: 16 October 2002 12:25 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Modifying Multiple Active Directory User Accounts at Once These I found at the MS Site Set objUser = GetObject(LDAP://cn=youngrob,ou=rd,dc=fabrikam,dc=com;) '** '* Terminal Services Profile tab '** objUser.AllowLogon= 1 ' Disabled = 0, Enabled = 1 objUser.TerminalServicesHomeDirectory = \\Server\Share\User objUser.TerminalServicesHomeDrive = t: objUser.TerminalServicesProfilePath = \\Server\Profiles\User '** '* Remote control tab '** objUser.EnableRemoteControl = 3 ' EnableRemoteControl Values: ' Disable = 0 ' EnableInputNotify = 1 ' EnableInputNoNotify = 2 ' EnableNoInputNotify = 3 ' EnableNoInputNoNotify = 4 '** '* Sessions tab '** objUser.BrokenConnectionAction = 1' Disconnect = 0, End Session = 1 objUser.MaxConnectionTime = 60 ' Time in minutes objUser.MaxDisconnectionTime = 1' Time in minutes objUser.MaxIdleTime= 10 ' Time in minutes objUser.ReconnectionAction = 1' Any Client = 0, Originating client = 1 '** '* Environment tab '** objUser.ConnectClientDrivesAtLogon = 1 ' Disabled = 0, Enabled = 1 objUser.ConnectClientPrintersAtLogon = 1 ' Disabled = 0, Enabled = 1 objUser.DefaultToMainPrinter = 1 ' Disabled = 0, Enabled = 1 objUser.TerminalServicesInitialProgram = notepad.exe objUser.TerminalServicesWorkDirectory = tmp objUser.SetInfo Marc De Schepper ** Marc De Schepper IT System Engineer Telenet - Liersestwg. 4 - 2800 Mechelen Tel: 015/33.54.49 - Fax: 015/33.36.21 ** -Original Message- From: Keith Williams [mailto:kwilliams;nts.org.uk] Sent: Wednesday, October 16, 2002 10:31 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Modifying Multiple Active Directory User Accounts at Once Having just installed Citrix I need to change the Terminal Services Profile, User Profile attribute of all the terminal services user accounts. Having over 1000 users makes this
RE: [ActiveDir] Running progam automatically at logon
Title: Message You could use the usrlogon.cmd login files available on all w2k servers in the \system32 folder. I believe they will run even if terminal services are not enabled. Good luck -Original Message-From: Fleenor Todd [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 10:31To: '[EMAIL PROTECTED]'Subject: [ActiveDir] Running progam automatically at logon I am looking for suggestions on the best place to run a program that monitors Administrator personell logging into Domain controllers. This program asks the user to type in the reason for the login session. This could be run from a login script or a Group Policy, but I'd rather not depend on either of those. It could also be placed into the RUN registery key for windows. What are some other ways to run a program just after someone has logged in? I'd rather this run just before the login script if possible. Thanks for any suggestions!
[ActiveDir] Location of terminal server settings in active directory schema
Title: Message We are trying to programmatically affect user configuration settings with ADSI. The settings we have not been able to locate are the terminal services related settings. Is there anyone out there that knows the attribute name(s) for these settings? Thanks