Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
Hi Al, Just came accross this link... Didn't test it myself as I am going to do a real upgrade of the stuff (I still don't understand why there is no real upgrade package, I really don't see any difference except the added feature and I want to have both mstsc.exe as the MMC with the feature)... http://www.petri.co.il/download_rdp_5_2.htm Regards, Bart On 7/4/06, Al Mulnick [EMAIL PROTECTED] wrote: Sounds suspiciously like a bug of omission that ought to be reported. The newer version should be laid down with the applications that it comes with IMHO. If it's in the code tree that far ahead, then I can't see a reason that it isn't laid down. Al On 7/4/06, Bart Van den Wyngaert [EMAIL PROTECTED] wrote: What I have found today is that I actually don't have to register the .DLL file, only have both files in the same directory present already does the trick. Although when you do a 'Start Run mstsc' it will start the one in your Windows folder ofcourse. Old version: 5.1.2600.2180 New version: 5.2.3790.1830 And when registering the new .DLL in another location then the current one (ex. D:\MSTSC\MSTSCAX.DLL), I receive the message *.DLL was loaded, but the DllInstall entry point was not found. *.DLL does not appear the be a .DLL or .OCX file For tsmmc.msc I have found that I needed to install the MMC 3.0 update, register the .DLL (although I had a warning) and then it was available... I've installed W2K3 SP1 Administration Tools, but that didn't actually do the upgrade. If I look into the source of the Support Tools, I don't see the .DLL files or the .EXE files located there. So actually we should fine tune this to have the ideal 'upgrade' ;-) Regards, Bart On 6/21/06, Al Mulnick [EMAIL PROTECTED] wrote: I would have expected the support tools from W2K3 SP1 Server to upgrade the version. Can you send the file version and time stamp information for those files? Al On 6/20/06, Ravi Dogra [EMAIL PROTECTED] wrote: HI, Al Mulnick:: I have tried updating the version but that didnt helped me. Did you see the snapshot without security tab it was same after installing updated version. Can you send me a link from where i can find Updated version to modify built in MSTSC. Thanks for all your help. Bart Van den Wyngaert:: You are right i tried same but it wasnt giving me option to select Require Authentication It look like there is a dll which is used by both mstsc and tsmmc.msc because when i registered this dll both things worked fine for me. Let me know if i am missing something? Thanks and Regards Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
What I have found today is that I actually don't have to register the .DLL file, only have both files in the same directory present already does the trick. Although when you do a 'Start Run mstsc' it will start the one in your Windows folder ofcourse. Old version: 5.1.2600.2180 New version: 5.2.3790.1830 And when registering the new .DLL in another location then the current one (ex. D:\MSTSC\MSTSCAX.DLL), I receive the message *.DLL was loaded, but the DllInstall entry point was not found. *.DLL does not appear the be a .DLL or .OCX file For tsmmc.msc I have found that I needed to install the MMC 3.0 update, register the .DLL (although I had a warning) and then it was available... I've installed W2K3 SP1 Administration Tools, but that didn't actually do the upgrade. If I look into the source of the Support Tools, I don't see the .DLL files or the .EXE files located there. So actually we should fine tune this to have the ideal 'upgrade' ;-) Regards, Bart On 6/21/06, Al Mulnick [EMAIL PROTECTED] wrote: I would have expected the support tools from W2K3 SP1 Server to upgrade the version. Can you send the file version and time stamp information for those files? Al On 6/20/06, Ravi Dogra [EMAIL PROTECTED] wrote: HI, Al Mulnick:: I have tried updating the version but that didnt helped me. Did you see the snapshot without security tab it was same after installing updated version. Can you send me a link from where i can find Updated version to modify built in MSTSC. Thanks for all your help. Bart Van den Wyngaert:: You are right i tried same but it wasnt giving me option to select Require Authentication It look like there is a dll which is used by both mstsc and tsmmc.msc because when i registered this dll both things worked fine for me. Let me know if i am missing something? Thanks and Regards Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
Sounds suspiciously like a bug of omission that ought to be reported. The newer version should be laid down with the applications that it comes with IMHO. If it's in the code tree that far ahead, then I can't see a reason that it isn't laid down. Al On 7/4/06, Bart Van den Wyngaert [EMAIL PROTECTED] wrote: What I have found today is that I actually don't have to register the.DLL file, only have both files in the same directory present already does the trick. Although when you do a 'Start Run mstsc' it willstart the one in your Windows folder ofcourse.Old version: 5.1.2600.2180New version: 5.2.3790.1830And when registering the new .DLL in another location then the current one (ex. D:\MSTSC\MSTSCAX.DLL), I receive the message *.DLL wasloaded, but the DllInstall entry point was not found. *.DLL does notappear the be a .DLL or .OCX fileFor tsmmc.msc I have found that I needed to install the MMC 3.0update, register the .DLL (although I had a warning) and then it wasavailable...I've installed W2K3 SP1 Administration Tools, but that didn't actuallydo the upgrade. If I look into the source of the Support Tools, I don't see the .DLL files or the .EXE files located there.So actually we should fine tune this to have the ideal 'upgrade' ;-)Regards,BartOn 6/21/06, Al Mulnick [EMAIL PROTECTED] wrote: I would have expected the support tools from W2K3 SP1 Server to upgrade the version.Can you send the file version and time stamp information for those files? Al On 6/20/06, Ravi Dogra [EMAIL PROTECTED] wrote: HI, Al Mulnick:: I have tried updating the version but that didnt helped me. Did you see the snapshot without security tab it was same after installing updated version. Can you send me a link from where i can find Updated version to modify built in MSTSC. Thanks for all your help. Bart Van den Wyngaert:: You are right i tried same but it wasnt giving me option to select Require Authentication It look like there is a dll which is used by both mstsc and tsmmc.msc because when i registered this dll both things worked fine for me. Let me know if i am missing something? Thanks and Regards Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
To be clear, I was talking about implementing the new version on my XP workstation, not on the server itself. I assume (not yet tested) that if you deregister the current MSTSCAX.DLL, copy the 2 new files (.DLL + .EXE), register the new .DLL, that you should have done an 'upgrade'. Did not yet tested that one. Also will this not trigger File Protection? From my point of view, I think it's silly not to have the upgrade. Perhaps they already implemented it in R2 and are we just a little too fast before they have a chance to release a decent upgrade for other versions of Windows? Bart On 7/4/06, Al Mulnick [EMAIL PROTECTED] wrote: Sounds suspiciously like a bug of omission that ought to be reported. The newer version should be laid down with the applications that it comes with IMHO. If it's in the code tree that far ahead, then I can't see a reason that it isn't laid down. Al On 7/4/06, Bart Van den Wyngaert [EMAIL PROTECTED] wrote: What I have found today is that I actually don't have to register the .DLL file, only have both files in the same directory present already does the trick. Although when you do a 'Start Run mstsc' it will start the one in your Windows folder ofcourse. Old version: 5.1.2600.2180 New version: 5.2.3790.1830 And when registering the new .DLL in another location then the current one (ex. D:\MSTSC\MSTSCAX.DLL), I receive the message *.DLL was loaded, but the DllInstall entry point was not found. *.DLL does not appear the be a .DLL or .OCX file For tsmmc.msc I have found that I needed to install the MMC 3.0 update, register the .DLL (although I had a warning) and then it was available... I've installed W2K3 SP1 Administration Tools, but that didn't actually do the upgrade. If I look into the source of the Support Tools, I don't see the .DLL files or the .EXE files located there. So actually we should fine tune this to have the ideal 'upgrade' ;-) Regards, Bart On 6/21/06, Al Mulnick [EMAIL PROTECTED] wrote: I would have expected the support tools from W2K3 SP1 Server to upgrade the version. Can you send the file version and time stamp information for those files? Al On 6/20/06, Ravi Dogra [EMAIL PROTECTED] wrote: HI, Al Mulnick:: I have tried updating the version but that didnt helped me. Did you see the snapshot without security tab it was same after installing updated version. Can you send me a link from where i can find Updated version to modify built in MSTSC. Thanks for all your help. Bart Van den Wyngaert:: You are right i tried same but it wasnt giving me option to select Require Authentication It look like there is a dll which is used by both mstsc and tsmmc.msc because when i registered this dll both things worked fine for me. Let me know if i am missing something? Thanks and Regards Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
wrinkles nose Why? Why did you not just install the updated version using the installer? Was there an advantage? I'm so full of questions I know, but this seems the hard way with issues waiting for later. On 6/20/06, Ravi Dogra [EMAIL PROTECTED] wrote: Thanks,I have acheived by making a copy of mstsc.exe and mstscax.dll fromwindows2k3 sp1 box and placing it in a different folder of client other than system32.Registered the dll and this fixed the problem.Thanks Again,Ravi DograList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
OK cool... But as most know, there is 'tsmmc.msc' also to work with RDP. I use this a lot to have less windows open... If they make SSL available, what about having SSL with the 'tsmmc.msc' ? TIA On 6/20/06, Al Mulnick [EMAIL PROTECTED] wrote: wrinkles nose Why? Why did you not just install the updated version using the installer? Was there an advantage? I'm so full of questions I know, but this seems the hard way with issues waiting for later. On 6/20/06, Ravi Dogra [EMAIL PROTECTED] wrote: Thanks,I have acheived by making a copy of mstsc.exe and mstscax.dll fromwindows2k3 sp1 box and placing it in a different folder of client other than system32.Registered the dll and this fixed the problem.Thanks Again,Ravi DograList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
If you're not getting a Security tab on your clients, update their client RDP software from the 2003 R2 CD (I think that 2003 w/SP1 will do as well, but I don't have a representative box in front of me to confirm.) On 6/16/06, Ravi Dogra [EMAIL PROTECTED] wrote: Hi All, I have configured RDP Over SSL and its working fine when i tested it from my Servers using tsmmc.msc Whereas when i am trying to install a client (RDP 5.2) it is not giving me any option to select Authentication Mode (Require Authentication) in the client installed. What should i do to resolve the issue. Attached are both snapshots. I am getting it without security tab. it should be with security tab as shown in snapshots. -- Thanks and Regards Ravi Dogra 9899647200 -- --- Laura E. Hunter Microsoft MVP - Windows Server Networking Author: _Active Directory Consultant's Field Guide_ (http://tinyurl.com/7f8ll) List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Over SSL (No Security tab in Client)
Thanks, I have acheived by making a copy of mstsc.exe and mstscax.dll from windows2k3 sp1 box and placing it in a different folder of client other than system32. Registered the dll and this fixed the problem. Thanks Again, Ravi Dogra List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
Re: [ActiveDir] RDP Script
Would this help?
http://marcusoh.blogspot.com/2006/04/misc-enabling-terminal-services.html#links
Teo
On 4/19/06, Adeel Ansari [EMAIL PROTECTED] wrote:
AD Gurus,
I am trying to create a script that adds TS accounts for W2K AD domain. I have tried eolwtscom and wts_admin.dll with no luck.
Iam lookingforsomething like this below but this one only works in 2003 server.
http://www.microsoft.com/technet/scriptcenter/scripts/ts/users/tsusvb01.mspx
Const GUEST_ACCESS = 0
strComputer = . Set objWMIService = GetObject(winmgmts: _ {impersonationLevel=impersonate}!\\ strComputer \root\cimv2)
Set colItems = objWMIService.ExecQuery _ (Select * from Win32_TSPermissionsSetting)
For Each objItem in colItems errResult = objItem.AddAccount(fabrikam\bob, GUEST_ACCESS) Next
Can someone please help? Adeel
Re: [ActiveDir] RDP
I don't think anybody will be against it. But the thing is that you can make such connections more secure by modifying Registry and configuring it to work on some other port. using default port is an open invitation for bad guys. Well i am taking all benefits out of it. Rest is up to you. On 8/16/05, Tom Kern [EMAIL PROTECTED] wrote: Does anyone know of any articles from MS that advise for or againsthaving term services kept on a win2k3 DC? Does anyone on this list turn it off on DC's?Should I leave it on?thanksList info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] RDP
A port scanner will find the port, but I do agree it provides some security. However, I still use a VPN and term. srvice is allowed only from certain IPs. Ravi Dogra wrote: I don't think anybody will be against it. But the thing is that you can make such connections more secure by modifying Registry and configuring it to work on some other port. using default port is an open invitation for bad guys. Well i am taking all benefits out of it. Rest is up to you. On 8/16/05, Tom Kern [EMAIL PROTECTED] wrote: Does anyone know of any articles from MS that advise for or against having term services kept on a win2k3 DC? Does anyone on this list turn it off on DC's? Should I leave it on? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
I guess it works with any other ports, if you dont need it close itwell all of the servers that Im handling are not local so this is needed for me. You can use 128-bit encryption built into the 2003 if you like, and you can even implement that settings via GPO. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Za Vue Sent: Wednesday, August 17, 2005 9:21 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] RDP A port scanner will find the port, but I do agree it provides some security. However, I still use a VPN and term. srvice is allowed only from certain IPs. Ravi Dogra wrote: I don't think anybody will be against it. But the thing is that you can make such connections more secure by modifying Registry and configuring it to work on some other port. using default port is an open invitation for bad guys. Well i am taking all benefits out of it. Rest is up to you. On 8/16/05, Tom Kern [EMAIL PROTECTED] wrote: Does anyone know of any articles from MS that advise for or against having term services kept on a win2k3 DC? Does anyone on this list turn it off on DC's? Should I leave it on? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
How else do you plan to access the server? ILO port? Walk up access to the DC in the Tuvalu field office can sometimes be difficult. It's the first thing I ever turn on, personally. If your servers are in dedicated server VLANs, you can always set the firewall rules as to what hostgroup has access to TCP3389. --brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Tuesday, August 16, 2005 11:35 AM To: activedirectory Subject: [ActiveDir] RDP Does anyone know of any articles from MS that advise for or against having term services kept on a win2k3 DC? Does anyone on this list turn it off on DC's? Should I leave it on? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
Hi Tom, Here's what I used to do in another life: -We kept term. Services opened since it was always easier to manage (although most management was done from a remote mmc and/or cli tools -Kept the number of Domain Admins to a minimum :-) -Created an IPSec Policy for all DCs where any incomming connections but a small subnet to 3389(where the windows admins sat) were denied. -iLO w/ integrated AD accounts was enabled and configured as an additional entry point if RDP were to fail for some odd reason. The iLO port was on a totally different physical network (netops only hardware switches) and couldn't be accessed from the corp network. So hmm...no, we didn't turn it off :) Oh yeah, while I'm almost OT...If you're running on hp Proliants you can use the iLO-RDP redirector that's be available for a while now in the iLO firmware. Hope this helps! Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: August 16, 2005 12:35 PM To: activedirectory Subject: [ActiveDir] RDP Does anyone know of any articles from MS that advise for or against having term services kept on a win2k3 DC? Does anyone on this list turn it off on DC's? Should I leave it on? thanks List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
You also need enterprise for autoenrollment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] RDP
Ken Cornetet wrote: You also need enterprise for autoenrollment. Weird, I wonder why autoenrollment works for me then? I'm only running standard, not enterprise. Autoenrollment is definitely working. - Robbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
My company was using Standard and auto enrollment would not work. We consulted our TAM and he said we had to have Enterprise for Auto Enrollment. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Tuesday, November 16, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ken Cornetet wrote: You also need enterprise for autoenrollment. Weird, I wonder why autoenrollment works for me then? I'm only running standard, not enterprise. Autoenrollment is definitely working. - Robbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] RDP
I'm sure that is the case. I'll take a look at my setup and see if I can figure out what I did to make it work. (or maybe discover that I'm completely going insane) :-) - Robbie Ellis, Debbie wrote: My company was using Standard and auto enrollment would not work. We consulted our TAM and he said we had to have Enterprise for Auto Enrollment. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Tuesday, November 16, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ken Cornetet wrote: You also need enterprise for autoenrollment. Weird, I wonder why autoenrollment works for me then? I'm only running standard, not enterprise. Autoenrollment is definitely working. - Robbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
Ok, maybe this clears it up (from windows server 2003 help) Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition, is required to configure version 2 certificate templates for autoenrollment requests. However, autoenrollment manages certificates or pending certificate requests based on any version of certificate template. So it sounds like you need enterprise to autoenroll from version 2 templates. Again, from windows help: Version 2 certificate templates Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, certification authorities support two types of certificate templates: version 1 and version 2. Version 2 templates are new to the Windows Server 2003 family. They allow customization of most settings in the template. Several preconfigured version 2 templates are supplied in the default configuration, and more can be added as necessary. This allows complete configuration flexibility for administrators. Version 2 templates are only available as part of a certification authority that is installed as an enterprise certification authority. For that reason, they require Active Directory. Although Version 2 templates can be created and duplicated in the Windows Server 2003 family, certificates that are based on Version 2 templates can only be issued by a certification authority that is running Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Tuesday, November 16, 2004 10:41 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP I'm sure that is the case. I'll take a look at my setup and see if I can figure out what I did to make it work. (or maybe discover that I'm completely going insane) :-) - Robbie Ellis, Debbie wrote: My company was using Standard and auto enrollment would not work. We consulted our TAM and he said we had to have Enterprise for Auto Enrollment. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Tuesday, November 16, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ken Cornetet wrote: You also need enterprise for autoenrollment. Weird, I wonder why autoenrollment works for me then? I'm only running standard, not enterprise. Autoenrollment is definitely working. - Robbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
Correct - Auto-enrollment is not available to Standard. Why it works for some Good question. Upgrade, perhaps? Rick -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Tuesday, November 16, 2004 9:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP My company was using Standard and auto enrollment would not work. We consulted our TAM and he said we had to have Enterprise for Auto Enrollment. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Tuesday, November 16, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ken Cornetet wrote: You also need enterprise for autoenrollment. Weird, I wonder why autoenrollment works for me then? I'm only running standard, not enterprise. Autoenrollment is definitely working. - Robbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
You need Windows 2003 Domain controllers (STD edition is Ok) and a CA with Windows 2003 Enterprise edition to do this. Martin. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kingslan, Rick T. Sent: Tuesday, November 16, 2004 1:04 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP Correct - Auto-enrollment is not available to Standard. Why it works for some Good question. Upgrade, perhaps? Rick -Original Message- From: [EMAIL PROTECTED] [mailto:ActiveDir- [EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Tuesday, November 16, 2004 9:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP My company was using Standard and auto enrollment would not work. We consulted our TAM and he said we had to have Enterprise for Auto Enrollment. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Tuesday, November 16, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ken Cornetet wrote: You also need enterprise for autoenrollment. Weird, I wonder why autoenrollment works for me then? I'm only running standard, not enterprise. Autoenrollment is definitely working. - Robbie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renouf, Phil Sent: Monday, November 15, 2004 4:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ AVISO LEGAL: Esta informacion es privada y confidencial y esta dirigida unicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha informacion por favor elimine el mensaje. La distribucion o copia de este mensaje esta estrictamente prohibida. Esta comunicacion es solo para propositos de informacion y no debe ser considerada como propuesta, aceptacion ni como una declaracion de voluntad oficial de REPSOL YPF S.A. y/o subsidiarias y/o afiliadas. La transmision de e-mails no garantiza que el correo electronico sea seguro o libre de error. Por consiguiente, no manifestamos que esta informacion sea completa o precisa. Toda informacion esta sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from REPSOL YPF S.A. and/or subsidiaries and/or affiliates. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] RDP
Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution? Does this happen as soon as the connection is established, or while you're logging on? I've never been a fan of domain controller upgrades. Too many things can break or become unstable. You're better off demoting it and rebuilding it from scratch. - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
Title: Message Hi Debbie, This is not an answer but I wonder if you see a differnce in behavior if you use the "/console" switch in your call to mstsc.exe (ie, "mstsc.exe /console"? Mike Thommes -Original Message-From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, November 15, 2004 2:15 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] RDP I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution?
RE: [ActiveDir] RDP
When it tries to connect, before the log on screen. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution? Does this happen as soon as the connection is established, or while you're logging on? I've never been a fan of domain controller upgrades. Too many things can break or become unstable. You're better off demoting it and rebuilding it from scratch. - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] RDP
Ellis, Debbie wrote: When it tries to connect, before the log on screen. I don't know if it will help with Windows 2003 RD but some time ago I have similiar problems winth Windows 2000 terminal services - upgrading graphic card driver helps. -- Tomasz Onyszko [MVP] [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
There are a number of PKI things that can't be done without Enterprise Edition. I believe the most important being extra certificate templates that can be used (although my terminology may be wrong). Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
We had some issues with the way we had delegated our help desk authority for some computer and user work. Take a look at this article and see if it applies: http://support.microsoft.com/default.aspx?scid=kb;en-us;818080 From: Ellis, Debbie [mailto:[EMAIL PROTECTED] Sent: Monday, November 15, 2004 12:15 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] RDP I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution? -- The information in this e-mail and any attachments are for the sole use of the intended recipient and may contain privileged and confidential information. If you are not the intended recipient, any use, disclosure, copying or distribution of this message or attachment is strictly prohibited. If you believe that you have received this e-mail in error, please contact the sender immediately and delete the e-mail and all of its attachments. ==
RE: [ActiveDir] RDP
Title: RE: [ActiveDir] RDP What type of server is this? Specifically what video card? I had a machine I was using as a test server with an ATI card in it. Whenever I connected via Terminal Services the thing would boot on me. Updating the video card driver fixed it for me. Mike -Original Message- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Monday, November 15, 2004 3:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP When it tries to connect, before the log on screen. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution? Does this happen as soon as the connection is established, or while you're logging on? I've never been a fan of domain controller upgrades. Too many things can break or become unstable. You're better off demoting it and rebuilding it from scratch. - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP
Have you set the offending box to do a kernel memory dump then passed it through Windbg to see what's actually happening? What's the blue screen stop code? Roger Seielstad E-mail Geek MS-MVP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ellis, Debbie Sent: Monday, November 15, 2004 12:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] RDP When it tries to connect, before the log on screen. Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust Sent: Monday, November 15, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] RDP Ellis, Debbie wrote: I recently upgraded one of our Windows 2003 Domain Controllers to Enterprise Edition. (Needed for Certificates, auto enrollment). You don't need enterprise edition for that. I'm doing it with standard edition and it works fine. The problem I am having is when I try to connect remotely via Remote Desktop Protocol, the server reboots. It worked fine before the upgrade. Has anyone experienced this problem or know a solution? Does this happen as soon as the connection is established, or while you're logging on? I've never been a fan of domain controller upgrades. Too many things can break or become unstable. You're better off demoting it and rebuilding it from scratch. - Robbie -- Robbie Foust, IT Analyst OIT/CASI - Administrative Information Support Duke University List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] RDP and Domain Local Group
Well it looks like it throws principals into the remote desktop users group. In your shoes I would just try throwing a user from the domain into that group that wouldn't otherwise have perms to connect and see if that works, that means that is all that is done and you can just add dlg's (assuming native mode) to the local group on the machines. This could very possibly be a GUI error which isn't unheard of. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Active Dir Sent: Wednesday, July 14, 2004 2:53 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] RDP and Domain Local Group I am deploying and AD 2003 Domain and Windows XP client machines. I created a Domain Local group called RDP Admins for Remote Desktop Administration. When I go to Windows XP ,System Properties -Remote -Remote Desktop, I can only add Domain Global group I cannot add my RDP Admins domain local group. Is there anyway to fix this problem? Thanks in advance! _ Is your PC infected? Get a FREE online computer virus scan from McAfeeR Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
