RE: Odd GP issue

[Owens, Michael]

Thank you. Sorry I don't know GPs at all.


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, December 09, 2009 9:09 AM
To: NT System Admin Issues
Subject: Re: Odd GP issue

Possibly one of the ones that restricts access to the c: drive? I can't 
remember the GPO exactly offhand...

2009/12/9 Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>>
Good call. Do you know which GP would lock out the Temp directory?

:)



From: Christopher Bodnar 
[mailto:christopher_bod...@glic.com<mailto:christopher_bod...@glic.com>]
Sent: Tuesday, December 08, 2009 11:50 AM

To: NT System Admin Issues
Subject: RE: Odd GP issue

I believe it's creating a temporary file in the %TEMP% directory, which is 
probably not set to the users desktop.




Chris Bodnar, MCSE
Sr. Systems Engineer
Infrastructure Service Delivery
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com>
Phone: 610-807-6459
Fax: 610-807-6003

________
From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Tuesday, December 08, 2009 10:29 AM
To: NT System Admin Issues
Subject: Odd GP issue

Hey guys -

I have a Citrix server that is locked down pretty well. People can create items 
on their desktop, which is fine but no where else. (if i create a document in 
word, I get errors saying I cant open my documents folder, but I CAN save it to 
the desktop without any problems) This is a school, and I only want the 
students to be able to save to their desktop. It is easier for me to see if 
they are doing something they shouldnt be.

However, if they run Microsoft Access, it will not allow users to create a 
database on the desktop. Does anyone know why?

I know it is a GP, I just dont know which one. It tells me there is a policy in 
effect disallowing that action.



This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient, you are notified that 
any use, dissemination, distribution, copying, or communication of this message 
is strictly prohibited. If you have received this message in error, please 
notify the sender immediately by return e-mail and delete the message and any 
attachments. Thank you.


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.







--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."

http://raythestray.blogspot.com






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd GP issue

[Owens, Michael]

Good call. Do you know which GP would lock out the Temp directory?

:)



From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Tuesday, December 08, 2009 11:50 AM
To: NT System Admin Issues
Subject: RE: Odd GP issue

I believe it's creating a temporary file in the %TEMP% directory, which is 
probably not set to the users desktop.




Chris Bodnar, MCSE
Sr. Systems Engineer
Infrastructure Service Delivery
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com>
Phone: 610-807-6459
Fax: 610-807-6003


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Tuesday, December 08, 2009 10:29 AM
To: NT System Admin Issues
Subject: Odd GP issue

Hey guys -

I have a Citrix server that is locked down pretty well. People can create items 
on their desktop, which is fine but no where else. (if i create a document in 
word, I get errors saying I cant open my documents folder, but I CAN save it to 
the desktop without any problems) This is a school, and I only want the 
students to be able to save to their desktop. It is easier for me to see if 
they are doing something they shouldnt be.

However, if they run Microsoft Access, it will not allow users to create a 
database on the desktop. Does anyone know why?

I know it is a GP, I just dont know which one. It tells me there is a policy in 
effect disallowing that action.



This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient, you are notified that 
any use, dissemination, distribution, copying, or communication of this message 
is strictly prohibited. If you have received this message in error, please 
notify the sender immediately by return e-mail and delete the message and any 
attachments. Thank you.


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Odd GP issue

[Owens, Michael]

Hey guys -

I have a Citrix server that is locked down pretty well. People can create items 
on their desktop, which is fine but no where else. (if i create a document in 
word, I get errors saying I cant open my documents folder, but I CAN save it to 
the desktop without any problems) This is a school, and I only want the 
students to be able to save to their desktop. It is easier for me to see if 
they are doing something they shouldnt be.

However, if they run Microsoft Access, it will not allow users to create a 
database on the desktop. Does anyone know why?

I know it is a GP, I just dont know which one. It tells me there is a policy in 
effect disallowing that action.



This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Moto Droid

[Owens, Michael]

As far as the battery goes -
Did you turn of your sync with Gmail? That KILLS it. I manually refresh mine.

-Original Message-
From: Brumbaugh, Luke [mailto:luke.brumba...@butlerahs.com]
Sent: Tuesday, December 08, 2009 8:34 AM
To: NT System Admin Issues
Subject: RE: Moto Droid

If you have a holster with a magnet, it will hold screen on.
Other than that, I have been finding a lot on the forums to help me through 
problems.


-Original Message-
From: Fogarty, Richard R CTR USA USASOC [mailto:rick.foga...@us.army.mil]
Sent: Tuesday, December 08, 2009 8:22 AM
To: NT System Admin Issues
Subject: RE: Moto Droid

Agreed.  I'm having a battery issue too.  I suspect I have a bad batt, as I 
have EVERYTHING turned off and still can't make it past the 4 hour part.
Will replace it this weekend.  The apps are pretty incredible for only a short 
time.

-Original Message-
From: Benjamin Zachary - Lists [mailto:li...@levelfive.us]
Sent: Monday, December 07, 2009 9:10 PM
To: NT System Admin Issues
Subject: RE: Moto Droid

I picked up an HTC droid and its been pretty good. The browsing has been 
fantastic, the battery doesn't last as long as Id like. I find myself turning 
off gps/BT in order to get through the day w/o charging. The email interface is 
nice and works with ActiveSync a couple of times I ended up with duplicate 
contacts not sure why. Overall Id say the phone is really good minus those 
couple of things.

The apps are abundant too, many free and useful.

-Original Message-
From: Fogarty, Richard R CTR USA USASOC [mailto:rick.foga...@us.army.mil]
Sent: Monday, December 07, 2009 8:37 AM
To: NT System Admin Issues
Subject: RE: Moto Droid

I think so.  I have a 3G and LOVE it.  But, as Rod has stated, the AT&T 
coverage problem (at least in my area) is a major issue for me.  There doesn't 
seem to be a day that I drop a call or two in the iPhone.  Have had the Droid 
for a week or so now, and haven't dropped one call.  It's promising for me.

Rick

-Original Message-
From: Phillip Partipilo [mailto:p...@psnet.com]
Sent: Monday, December 07, 2009 8:15 AM
To: NT System Admin Issues
Subject: Moto Droid

Met somebody who has a Droid at this past friday's pub crawl, very intrigueing 
phone indeed. I think it's enough to ditch the iPhone.
Thoughts?

Regards,

Phillip Partipilo
p...@psnet.com


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


**

CONFIDENTIALITY NOTICE - The information transmitted in this message is 
intended only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any review, retransmission, 
dissemination or other use of this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, 
please contact the sender and destroy all copies of this document. Thank you.

Butler Animal Health Supply

**


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Disable F keys

[Owens, Michael]

If it was another medium, I'd have a lot to say. :)


From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Friday, September 11, 2009 2:54 PM
To: NT System Admin Issues
Subject: Re: Disable F keys

It's much worse here in Englandan acquaintance of mine actually 
deliberately failed a drugs test in prison because he hadn't completed the game 
he was playing on the PS2, and he wanted his release date put back a couple of 
weeks. I thought the idea was that the inmates were supposed to want to get 
out, but clearly life was better on the inside.

2009/9/11 Charlie Kaiser 
mailto:charl...@golden-eagle.org>>
Take away the computers and make them read books or do hard labor... It's
prison fergawd's sake...

***
Charlie Kaiser
charl...@golden-eagle.org<mailto:charl...@golden-eagle.org>
Kingman, AZ
***

> -Original Message-
> From: Sean Martin 
> [mailto:seanmarti...@gmail.com<mailto:seanmarti...@gmail.com>]
> Sent: Friday, September 11, 2009 10:23 AM
> To: NT System Admin Issues
> Subject: Re: Disable F keys
>
> Design a plexiglass case to fit around the monitors.
>
> - Sean
>
>
> On Fri, Sep 11, 2009 at 9:20 AM, Owens, Michael
> mailto:michael.ow...@dys.ohio.gov>> wrote:
>
>
>   Haha already done. :) The wierdest thing to get used to
> is them punching monitors.
>
> 
>
>   From: Phillip Partipilo [mailto:p...@psnet.com<mailto:p...@psnet.com>]
>   Sent: Friday, September 11, 2009 12:15 PM
>
>   To: NT System Admin Issues
>
>   Subject: RE: Disable F keys
>
>
>   Yank the cd/dvdrom drives out of the system too.  They
> use them to create makeshift tattoo guns.  My brother was in
> a juvi facility for 4 years, told me lots of their tricks :)
>
>
>   Phillip Partipilo
>   Parametric Solutions Inc.
>   Jupiter, Florida
>   (561) 747-6107
>
>
>
>
> 
>
>
>   From: Owens, Michael 
> [mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
>
>   Sent: Friday, September 11, 2009 12:11 PM
>
>   To: NT System Admin Issues
>
>   Subject: RE: Disable F keys
>
>
>   It is for a juvenile prison.
>
>   The main reason is, I dont know what all the F keys do
> in all the applications they will be using, but I do know
> they have no business pressing them. :) They purposfully try
> to make things not work, or to get around anything.
>
>
>
> 
>
>   From: John Cook [mailto:john.c...@pfsf.org<mailto:john.c...@pfsf.org>]
>   Sent: Thursday, September 10, 2009 3:27 PM
>   To: NT System Admin Issues
>   Subject: Re: Disable F keys
>
>
>
>   Out of morbid curiosity why would you want to do this?
>   John W. Cook
>   Systems Administrator
>   Partnership For Strong Families
>   Sent to you from my Blackberry in the Cloud
>
>
>
> 
>
>   From: Owens, Michael
>   To: NT System Admin Issues
>   Sent: Thu Sep 10 15:24:47 2009
>   Subject: Disable F keys
>
>
>
>
>   Does anyone know how to disable the F keys via
> registry? I found programs that do it, but id rather have reg
> keys so I can run them on new images. For windows XP
>
> 
>
>   This message, and any response to it, may constitute a
> public record and
>   thus may be publicly available to anyone who requests
> it in accordance
>   with Chapter 149 of the Ohio Revised Code.
>
>
>
>
>
>
>
>
>
>
>
> 
>
>   CONFIDENTIALITY STATEMENT: The information transmitted,
> or contained or attached to or with this Notice is intended
> only for the person or entity to which it is addressed and
> may contain Protected Health Information (PHI), confidential
> and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in
> reliance upon this information by persons or entities other
> than the intended recipient without the express written
> consent of the sender are prohibited. This information may be
> protected by the Health Insurance Portability and
> Accountability Act of 1996 (HIPAA), and other Federal and
> Florida laws. Improper or unauthorized use or disclosure of
> this information could result in civil and/or criminal penalties.
>   Consider the environment. Please don't print this
> e-mail unless you really need to.
>
>
>   This email and any attach

RE: Disable F keys

[Owens, Michael]

Well, I actually remember that program from when I was in high school. 
Unfortunately for me I wasn't given much funding to do it the way I would like.

What I've done, was make every client load an Internet Explorer shell directly 
into the Citrix Web interface. When they log on, they get one option... my 
shared desktop. When they log on there, they get their apps. The client thin 
clients and PCs I am not too worried about. If they do anything without 
explorer, and no access to start any other local processes, I will be truely 
impressed.

Or are you saying run deep freeze on the servers?


From: Rob Bonfiglio [mailto:robbonfig...@gmail.com]
Sent: Friday, September 11, 2009 1:27 PM
To: NT System Admin Issues
Subject: Re: Disable F keys

You might also consider DeepFreeze if you haven't already.  I'm not sure it 
will disable shortcut keys and such...but it will return the machine to a set 
state on every reboot.

On Fri, Sep 11, 2009 at 12:10 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
It is for a juvenile prison.

The main reason is, I dont know what all the F keys do in all the applications 
they will be using, but I do know they have no business pressing them. :) They 
purposfully try to make things not work, or to get around anything.




From: John Cook [mailto:john.c...@pfsf.org<mailto:john.c...@pfsf.org>]
Sent: Thursday, September 10, 2009 3:27 PM

To: NT System Admin Issues
Subject: Re: Disable F keys


Out of morbid curiosity why would you want to do this?
John W. Cook
Systems Administrator
Partnership For Strong Families
Sent to you from my Blackberry in the Cloud

____________
From: Owens, Michael
To: NT System Admin Issues
Sent: Thu Sep 10 15:24:47 2009
Subject: Disable F keys

Does anyone know how to disable the F keys via registry? I found programs that 
do it, but id rather have reg keys so I can run them on new images. For windows 
XP


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Disable F keys

[Owens, Michael]

Haha already done. :) The wierdest thing to get used to is them punching 
monitors.


From: Phillip Partipilo [mailto:p...@psnet.com]
Sent: Friday, September 11, 2009 12:15 PM
To: NT System Admin Issues
Subject: RE: Disable F keys

Yank the cd/dvdrom drives out of the system too.  They use them to create 
makeshift tattoo guns.  My brother was in a juvi facility for 4 years, told me 
lots of their tricks :)


Phillip Partipilo
Parametric Solutions Inc.
Jupiter, Florida
(561) 747-6107





From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Friday, September 11, 2009 12:11 PM
To: NT System Admin Issues
Subject: RE: Disable F keys

It is for a juvenile prison.

The main reason is, I dont know what all the F keys do in all the applications 
they will be using, but I do know they have no business pressing them. :) They 
purposfully try to make things not work, or to get around anything.




From: John Cook [mailto:john.c...@pfsf.org]
Sent: Thursday, September 10, 2009 3:27 PM
To: NT System Admin Issues
Subject: Re: Disable F keys


Out of morbid curiosity why would you want to do this?
John W. Cook
Systems Administrator
Partnership For Strong Families
Sent to you from my Blackberry in the Cloud


From: Owens, Michael
To: NT System Admin Issues
Sent: Thu Sep 10 15:24:47 2009
Subject: Disable F keys

Does anyone know how to disable the F keys via registry? I found programs that 
do it, but id rather have reg keys so I can run them on new images. For windows 
XP


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






If this email is spam, report it here:
http://www.OnlyMyEmail.com/ReportSpam<http://www.onlymyemail.com/view/?action=reportSpam&Id=ODEzNjQ6OTYxODkzODY3OnBqcEBwc25ldC5jb20%3D>
THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY 
PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE 
ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE 
IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY 
NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT FORWARD THIS 
MESSAGE WITHOUT PERMISSION OF THE SENDER.

THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY 
PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE 
ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE 
IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY 
NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT FORWARD THIS 
MESSAGE WITHOUT PERMISSION OF THE SENDER.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Disable F keys

[Owens, Michael]

It is for a juvenile prison.

The main reason is, I dont know what all the F keys do in all the applications 
they will be using, but I do know they have no business pressing them. :) They 
purposfully try to make things not work, or to get around anything.




From: John Cook [mailto:john.c...@pfsf.org]
Sent: Thursday, September 10, 2009 3:27 PM
To: NT System Admin Issues
Subject: Re: Disable F keys


Out of morbid curiosity why would you want to do this?
John W. Cook
Systems Administrator
Partnership For Strong Families
Sent to you from my Blackberry in the Cloud


From: Owens, Michael
To: NT System Admin Issues
Sent: Thu Sep 10 15:24:47 2009
Subject: Disable F keys

Does anyone know how to disable the F keys via registry? I found programs that 
do it, but id rather have reg keys so I can run them on new images. For windows 
XP


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Disable F keys

[Owens, Michael]

Does anyone know how to disable the F keys via registry? I found programs that 
do it, but id rather have reg keys so I can run them on new images. For windows 
XP


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: BS: Microsoft leads browsers in malware, phishing defense

[Owens, Michael]

What are you talking about?! Ie 6 is well known for it's unbeatable malware 
protection!
*that's sarcasm*

-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Wednesday, August 19, 2009 11:02 AM
To: NT System Admin Issues
Subject: Re: BS: Microsoft leads browsers in malware, phishing defense

Oh, I know.  But I still appreciate where all this is going.  By even making 
these kinds of claims, they are throwing themselves in to the game/wolves - 
which should only be a good thing.

--
ME2



On Wed, Aug 19, 2009 at 10:02 AM, Sam Cayze wrote:
> Turns out this study was funded by...
>
> wait for it...
>
> Microsoft.
>
> My favorite quote: "[T]his stuff is expensive to do right, and we need
> to monetize it somehow." ... "We invited Google, Mozilla, Apple, Opera
> to participate, but they didn't even bother to respond, except for
> Opera, which stated they 'don't really focus on malware.'"
>
>
> Sam
> [Uninstalling Opera]
>
>
> 
> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> Sent: Friday, August 14, 2009 3:43 PM
> To: NT System Admin Issues
> Subject: Re: Yay! Microsoft leads browsers in malware, phishing
> defense
>
> And now for the article link!  Whoops:
>
> http://www.scmagazineus.com/Microsoft-leads-browsers-in-malware-phishi
> ng-defense/article/146505/
>
> --
> ME2
>
>
> On Fri, Aug 14, 2009 at 4:32 PM, Micheal Espinola Jr
>  wrote:
>>>
>>> "Everyone thinks Microsoft stinks at security," he said. "They need
>>> to get some credit for some of the good stuff they've done.
>>> Microsoft has been a big target for attacks for a long time, and
>>> that's actually a benefit to them. They've learned how they can turn
>>> that around and protect themselves better."
>>
>>
>> ...
>>
>>>
>>> In catching and stopping socially engineered malware, a significant
>>> drop-off occurred after the Microsoft browser. Firefox 3 was next in
>>> line, blocking 27 percent. Apple's Safari 4 thwarted 21 percent,
>>> followed by Google Chrome (seven percent) and Opera 10 (one percent).
>>>
>>> The browsers, as a group, performed relatively better in offering
>>> phishing protection. Firefox deterred 80 percent of suspected fraud
>>> sites, Opera caught 54 percent, followed by Chrome (26 percent) and
>>> Safari (two percent).
>>>
>>> "It's pretty shocking how bad some of the vendors are doing," Moy said.
>>> "Everyone should challenge their assumptions and look at some real
>>> data when they're making decisions [on which browser to use]."
>>
>> It doesnt change my mind about why I use Firefox, but this is some
>> great news for Microsoft and IE. Its good too see these security
>> initiatives coming to fruition.
>>
>> --
>> ME2
>>
>>
>>
>>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Selecting a domain controller to get GPOs from

[Owens, Michael]

I copied the wrong error.  :)


This is the replication status for the following directory partition on the 
local domain controller.

Directory partition:

DC=ForestDnsZones,DC=dysstudent,DC=local

The local domain controller has not received replication information from a 
number of domain controllers within the configured latency interval.

Latency Interval (Hours):

24

Number of domain controllers in all sites:

1

Number of domain controllers in this site:

1

The latency interval can be modified with the following registry key.

Registry Key:

HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error 
interval (hours)

To identify the domain controllers by name, install the support tools included 
on the installation CD and run dcdiag.exe.

You can also use the support tool repadmin.exe to display the replication 
latencies of the domain controllers in the forest. The command is "repadmin 
/showvector /latency ".

For more information, see Help and Support Center at

____
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Wednesday, August 19, 2009 10:07 AM
To: NT System Admin Issues
Subject: RE: Selecting a domain controller to get GPOs from

I know what the replication problem is, the sysvol needs rebuilt. We can fix 
the server but I was told that it wasn't broken. So in frusteration (after 
showing the powers that be) the error message, I figured a work around was in 
order. :)


This directory partition has not been backed up since at least the following 
number of days.

Directory partition:

DC=DomainDnsZones,DC=dysstudent,DC=local

'Backup latency interval' (days):

384

It is recommended that you take a backup as often as possible to recover from 
accidental loss of data. However if you haven't taken a backup since at least 
the 'backup latency interval' number of days, this message will be logged every 
day until a backup is taken. You can take a backup of any replica that holds 
this partition.

By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime 
Interval'. If you want to change the default 'Backup latency interval', you 
could do so by adding the following registry key.

'Backup latency interval' (days) registry key:

System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold 
(days)



For more information, see Help and Support Center at






From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Wednesday, August 19, 2009 10:02 AM
To: NT System Admin Issues
Subject: RE: Selecting a domain controller to get GPOs from

Rather than that, I would try to figure out what's causing the replication 
issues.  Have you checked the event logs or ran a dcdiag?


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Wednesday, August 19, 2009 8:57 AM
To: NT System Admin Issues
Subject: Selecting a domain controller to get GPOs from

Is there a way to choose which DC a machine goes to by default?


I have a few domain controllers that are at remote sites, that are giving me 
replication issues. I am not allowed to touch these servers.  However, whenever 
I change a GPO... it doesn't replicate to these 2 servers.  I know this, 
because my servers for some reason automatically point to the problem domain 
controllers. I don't want to change the entire network, I just want to change 
all 7 of my servers so they all get the most recent policy. Can this be done?



This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Selecting a domain controller to get GPOs from

[Owens, Michael]

I know what the replication problem is, the sysvol needs rebuilt. We can fix 
the server but I was told that it wasn't broken. So in frusteration (after 
showing the powers that be) the error message, I figured a work around was in 
order. :)


This directory partition has not been backed up since at least the following 
number of days.

Directory partition:

DC=DomainDnsZones,DC=dysstudent,DC=local

'Backup latency interval' (days):

384

It is recommended that you take a backup as often as possible to recover from 
accidental loss of data. However if you haven't taken a backup since at least 
the 'backup latency interval' number of days, this message will be logged every 
day until a backup is taken. You can take a backup of any replica that holds 
this partition.

By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime 
Interval'. If you want to change the default 'Backup latency interval', you 
could do so by adding the following registry key.

'Backup latency interval' (days) registry key:

System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold 
(days)



For more information, see Help and Support Center at






From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Wednesday, August 19, 2009 10:02 AM
To: NT System Admin Issues
Subject: RE: Selecting a domain controller to get GPOs from

Rather than that, I would try to figure out what's causing the replication 
issues.  Have you checked the event logs or ran a dcdiag?


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Wednesday, August 19, 2009 8:57 AM
To: NT System Admin Issues
Subject: Selecting a domain controller to get GPOs from

Is there a way to choose which DC a machine goes to by default?


I have a few domain controllers that are at remote sites, that are giving me 
replication issues. I am not allowed to touch these servers.  However, whenever 
I change a GPO... it doesn't replicate to these 2 servers.  I know this, 
because my servers for some reason automatically point to the problem domain 
controllers. I don't want to change the entire network, I just want to change 
all 7 of my servers so they all get the most recent policy. Can this be done?



This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Selecting a domain controller to get GPOs from

[Owens, Michael]

Is there a way to choose which DC a machine goes to by default?


I have a few domain controllers that are at remote sites, that are giving me 
replication issues. I am not allowed to touch these servers.  However, whenever 
I change a GPO... it doesn't replicate to these 2 servers.  I know this, 
because my servers for some reason automatically point to the problem domain 
controllers. I don't want to change the entire network, I just want to change 
all 7 of my servers so they all get the most recent policy. Can this be done?



This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Salary rant

[Owens, Michael]

Hey!



From: Vicky Spelshaus [mailto:vicky.spelsh...@gmail.com]
Sent: Tuesday, August 11, 2009 4:54 PM
To: NT System Admin Issues
Subject: Re: OT: Salary rant

I feel your pain, but it could be worse you mentioned unemployment... let 
me offer you another 'worse' - state employment.

On Tue, Aug 11, 2009 at 3:49 PM, Christopher Bodnar 
mailto:christopher_bod...@glic.com>> wrote:
I know I'm not going to get a any sympathy here, due to the unemployment rate, 
and the economy in general, but needed to vent a little. Was hired as a 
contract to hire position last year. Great company, close to home, good salary. 
6 months in they cut my salary by 10% to the contracting company, which was 
then passed on to me. I was told at the time, that if/when I was offered full 
time employment, I would be brought on with the initial salary I had started 
at. Just go the official offer, and it's 5% below that. I know I should be 
thankful I even have a job, which I am. But I still feel like they are 
low-balling me just because of the economy. If the economy would be better and 
more IT jobs out there, I'd tell them to take a hike and see what happens. 
Can't afford to do that right now with a mortgage and 2 kids. For once I just 
wish someone would offer me what was promised. Sorry, not looking to offend 
anyone out there. Just blowing off some steam.

Chris
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
Organization and good planning are just crutches for people that can't handle 
stress and caffeine. - unknown






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: LinkedIn

[Owens, Michael]

Oh god that brings back nightmares. I can name a company (at least one) that 
still uses that crap.


From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Friday, August 07, 2009 9:01 AM
To: NT System Admin Issues
Subject: RE: LinkedIn

TwinAx bay-bee!

-sc

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Friday, August 07, 2009 8:58 AM
To: NT System Admin Issues
Subject: RE: LinkedIn

SNA...wow that takes me back!

Shook

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Friday, August 07, 2009 8:44 AM
To: NT System Admin Issues
Subject: RE: LinkedIn

Sweet... maybe I should add my MS SNA Server experience... AS/400 and System/36 
integration!

-sc

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Friday, August 07, 2009 8:39 AM
To: NT System Admin Issues
Subject: RE: LinkedIn

I'm on there. Mainly to try and reconnect with former colleagues. I did get a 
job offer from that one time, but I wasn't really qualified...probably the only 
person there listing AS/400 skills... :)

[cid:031261213@07082009-2F39][cid:031261...@07082009-2f40]

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, August 07, 2009 5:10 AM
To: NT System Admin Issues
Subject: LinkedIn

Anyone using this?  I have had a consultant we use put me on his list but I 
usually just stay away from these things is it worth the pain?

Thanks,

Jon





No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.406 / Virus Database: 270.13.45/2287 - Release Date: 08/07/09 
06:22:00


















This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Cisco VPN client on Vista 64 bit

[Owens, Michael]

ahahhaah Well I guess theres that too.

Wow it's early.


From: David W. McSpadden [mailto:dav...@imcu.org]
Sent: Friday, August 07, 2009 8:23 AM
To: NT System Admin Issues
Subject: Re: Cisco VPN client on Vista 64 bit

Just more licenses...
- Original Message -
From: Owens, Michael<mailto:michael.ow...@dys.ohio.gov>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Friday, August 07, 2009 8:19 AM
Subject: RE: Cisco VPN client on Vista 64 bit

So wait - when Windows 7 comes out, (and supposedly everyone goes to it) 
Everyone will need to buy new ASAs, or more SSL lisenses? I read that Ncp 
secure entry client, works... I dont suppose anyone has given it a shot?


http://www.ncp-e.com/en/solutions/vpn-products/secure-entry-client.html

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, August 07, 2009 8:11 AM
To: NT System Admin Issues
Subject: Re: Cisco VPN client on Vista 64 bit

ASA will generate a self-signed cert for you and on X64 you will use 
AnyConnect.  Depending on how you set it up you can make it so that only 
preinstalled users can access it.  I just finished getting ours up and running 
with 2 clients using the AnyConnect, and now have to look at getting an 
expanded license so that I can use the AnyConnect more.

Jon

On Fri, Aug 7, 2009 at 8:02 AM, N Parr 
mailto:npar...@mortonind.com>> wrote:
Load a cert and away you go, it's all web based.

____________
From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Friday, August 07, 2009 6:59 AM

To: NT System Admin Issues
Subject: RE: Cisco VPN client on Vista 64 bit

I was afraid you'd say that. It actually isn't MY ASA. I do side work for a 
company I used to work for... one of the big wigs there still refuses to use 
anyone but me, and he pays me well!

Anyway I guess I walked into this one. :)

With the SSL lisenses, how do you connect?

Mike


From: Eldridge, Dave [mailto:d...@parkviewmc.com<mailto:d...@parkviewmc.com>]
Sent: Friday, August 07, 2009 7:53 AM

To: NT System Admin Issues
Subject: RE: Cisco VPN client on Vista 64 bit


Nadda.

Did your asa come with 3 ssl licenses? Mine did and that is what I use.

It will be interesting to see what they do with 64 bit 7.



From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Friday, August 07, 2009 5:50 AM
To: NT System Admin Issues
Subject: Cisco VPN client on Vista 64 bit



I think I remember seeing someone post about this a while back...



Is there something that will connect to an ASA (preferebly free)  since 
apparently Cisco has never made (and has no intention of making) a 64 bit 
version of their client?



I will accept limited juryrigging. :)


I refuse to believe that Cisco has yet to come out with something for 64bit 
operationg systems? Its been like 7 years?





Thanks!

Mike





This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.





This e-mail contains the thoughts and opinions of the sender and does not 
represent official Parkview Medical Center policy.

This communication is intended only for the recipient(s) named above, may be 
confidential and/or legally privileged: and, must be treated as such in 
accordance with state and federal laws. If you are not the intended recipient, 
you are hereby notified that any use of this communication, or any of its 
contents, is prohibited. If you have received this communication in error, 
please return to sender and delete the message from your computer system.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.















This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco VPN client on Vista 64 bit

[Owens, Michael]

So wait - when Windows 7 comes out, (and supposedly everyone goes to it) 
Everyone will need to buy new ASAs, or more SSL lisenses? I read that Ncp 
secure entry client, works... I dont suppose anyone has given it a shot?


http://www.ncp-e.com/en/solutions/vpn-products/secure-entry-client.html

From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Friday, August 07, 2009 8:11 AM
To: NT System Admin Issues
Subject: Re: Cisco VPN client on Vista 64 bit

ASA will generate a self-signed cert for you and on X64 you will use 
AnyConnect.  Depending on how you set it up you can make it so that only 
preinstalled users can access it.  I just finished getting ours up and running 
with 2 clients using the AnyConnect, and now have to look at getting an 
expanded license so that I can use the AnyConnect more.

Jon

On Fri, Aug 7, 2009 at 8:02 AM, N Parr 
mailto:npar...@mortonind.com>> wrote:
Load a cert and away you go, it's all web based.


From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Friday, August 07, 2009 6:59 AM

To: NT System Admin Issues
Subject: RE: Cisco VPN client on Vista 64 bit

I was afraid you'd say that. It actually isn't MY ASA. I do side work for a 
company I used to work for... one of the big wigs there still refuses to use 
anyone but me, and he pays me well!

Anyway I guess I walked into this one. :)

With the SSL lisenses, how do you connect?

Mike


From: Eldridge, Dave [mailto:d...@parkviewmc.com<mailto:d...@parkviewmc.com>]
Sent: Friday, August 07, 2009 7:53 AM

To: NT System Admin Issues
Subject: RE: Cisco VPN client on Vista 64 bit


Nadda.

Did your asa come with 3 ssl licenses? Mine did and that is what I use.

It will be interesting to see what they do with 64 bit 7.



From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Friday, August 07, 2009 5:50 AM
To: NT System Admin Issues
Subject: Cisco VPN client on Vista 64 bit



I think I remember seeing someone post about this a while back...



Is there something that will connect to an ASA (preferebly free)  since 
apparently Cisco has never made (and has no intention of making) a 64 bit 
version of their client?



I will accept limited juryrigging. :)


I refuse to believe that Cisco has yet to come out with something for 64bit 
operationg systems? Its been like 7 years?





Thanks!

Mike





This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.





This e-mail contains the thoughts and opinions of the sender and does not 
represent official Parkview Medical Center policy.

This communication is intended only for the recipient(s) named above, may be 
confidential and/or legally privileged: and, must be treated as such in 
accordance with state and federal laws. If you are not the intended recipient, 
you are hereby notified that any use of this communication, or any of its 
contents, is prohibited. If you have received this communication in error, 
please return to sender and delete the message from your computer system.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.















This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cisco VPN client on Vista 64 bit

[Owens, Michael]

I was afraid you'd say that. It actually isn't MY ASA. I do side work for a 
company I used to work for... one of the big wigs there still refuses to use 
anyone but me, and he pays me well!

Anyway I guess I walked into this one. :)

With the SSL lisenses, how do you connect?

Mike


From: Eldridge, Dave [mailto:d...@parkviewmc.com]
Sent: Friday, August 07, 2009 7:53 AM
To: NT System Admin Issues
Subject: RE: Cisco VPN client on Vista 64 bit

Nadda.
Did your asa come with 3 ssl licenses? Mine did and that is what I use.
It will be interesting to see what they do with 64 bit 7.

From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Friday, August 07, 2009 5:50 AM
To: NT System Admin Issues
Subject: Cisco VPN client on Vista 64 bit

I think I remember seeing someone post about this a while back...

Is there something that will connect to an ASA (preferebly free)  since 
apparently Cisco has never made (and has no intention of making) a 64 bit 
version of their client?

I will accept limited juryrigging. :)


I refuse to believe that Cisco has yet to come out with something for 64bit 
operationg systems? Its been like 7 years?


Thanks!
Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.





This e-mail contains the thoughts and opinions of the sender and does not 
represent official Parkview Medical Center policy.

This communication is intended only for the recipient(s) named above, may be 
confidential and/or legally privileged: and, must be treated as such in 
accordance with state and federal laws. If you are not the intended recipient, 
you are hereby notified that any use of this communication, or any of its 
contents, is prohibited. If you have received this communication in error, 
please return to sender and delete the message from your computer system.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Cisco VPN client on Vista 64 bit

[Owens, Michael]

I think I remember seeing someone post about this a while back...

Is there something that will connect to an ASA (preferebly free)  since 
apparently Cisco has never made (and has no intention of making) a 64 bit 
version of their client?

I will accept limited juryrigging. :)


I refuse to believe that Cisco has yet to come out with something for 64bit 
operationg systems? Its been like 7 years?


Thanks!
Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

The problem I was having was part of Server 2008. if you logged in once before 
with a user profile and you get a temp profile, it will continue to load the 
temp profile until you manually delete the registry key corresponding to that 
user.

The profile keys can be found in the following locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Go through carefully and find the key on the right that corresponds to the 
ProfileImagePath, then delete it.

Launch the remote session again and see if you still have the temp profile 
being created, it may also be a permissions problem.


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Tuesday, July 07, 2009 2:22 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

Yes I go to the parent folder Edit the list and Add Administrators.  I am doing 
the opposite I am removing permissions I have to Remove the user/group from the 
list.  It is kind of a pain but it works when I get it right.  It also makes it 
quicker to force changes down.

Jon

On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com<mailto:jk.har...@gmail.com>]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Terminal Services Profiles

[Owens, Michael]

Share:
Everyone has full control

NTFS

under NTFS:

Authenticated users (modify)

Local admins (Full COntrol)

CREATOR OWNER (only special permissions is checked, if I go to advanced it says 
it has full control, but it will not allow me to apply it if I simply check 
full control)

SYSTEM (Full Control)

Local server users (read and execute, write, special permissions)


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, July 16, 2009 9:48 AM
To: NT System Admin Issues
Subject: RE: Terminal Services Profiles

Verify these permissions at your profiles$ share:
Everyone - Full control share permissions

NTFS:
creator owner - full control, subfolders and files only
local system - full control, this folder, subfolders, files
whatever user group you create for ts users - list folder/read data, create 
folders/append data, this folder only

>>> "Owens, Michael"  7/15/2009 3:02 PM >>>
I think I may of explained my problem incorrectly, now that I look at what I 
wrote.

I have the GPO set to create a TS roaming user profile in 
\\server\profiles$

Everyone, and authenticated users have access to that share, and the changes 
propogate to child objects.

The permissions appear to be correct, because when the user logs on, there is a 
folder created called 
\\server\profiles$\username.domain.v2

however, when I look at the desktop of the user logged in, he gets an error 
saying the profile cannot be created. But, it created the folder!

I look at the rights of the folder that it created on its own, and the local 
administator, the user accountm and SYSTEM all have full control to that folder.

As the user, I can navigate out to it and create a file and a folder inside the 
profile folder it created for itself.


____________
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Wednesday, July 15, 2009 11:43 AM
To: NT System Admin Issues
Subject: RE: Terminal Services Profiles

Yes. I have the "Set path for TS Roaming User Profile" set. I am trying to 
create them on a larger share, and it is working... kind of.

The folder gets created, so it is clear the account has access to that folder, 
but it doesn't create a profile in that folder, it creates a temporary profile 
locally.


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, July 15, 2009 11:18 AM
To: NT System Admin Issues
Subject: Re: Terminal Services Profiles

Are you using TS profiles?  I have a GPO set on the Terminal Servers OU, and 
that sets profiles to be stored on a large share, and allows profiles to be 
cached on the TS servers as well.

That's in the TS 2008 Resource Guide.  I don't have it handy but can get more 
details if you need it.

>>> "Owens, Michael"  7/15/2009 10:07 AM >>>
All -

I have TS profiles, configured through GP. The GP works, as it actually creates 
the profile when the user logs on, as it is supposed to. However, the folders 
remain empty and I recieve errors that the profile cannot load correctly. Any 
thoughts?

Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Terminal Services Profiles

[Owens, Michael]

I think I may of explained my problem incorrectly, now that I look at what I 
wrote.

I have the GPO set to create a TS roaming user profile in 
\\server\profiles$

Everyone, and authenticated users have access to that share, and the changes 
propogate to child objects.

The permissions appear to be correct, because when the user logs on, there is a 
folder created called 
\\server\profiles$\username.domain.v2

however, when I look at the desktop of the user logged in, he gets an error 
saying the profile cannot be created. But, it created the folder!

I look at the rights of the folder that it created on its own, and the local 
administator, the user accountm and SYSTEM all have full control to that folder.

As the user, I can navigate out to it and create a file and a folder inside the 
profile folder it created for itself.



From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Wednesday, July 15, 2009 11:43 AM
To: NT System Admin Issues
Subject: RE: Terminal Services Profiles

Yes. I have the "Set path for TS Roaming User Profile" set. I am trying to 
create them on a larger share, and it is working... kind of.

The folder gets created, so it is clear the account has access to that folder, 
but it doesn't create a profile in that folder, it creates a temporary profile 
locally.


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, July 15, 2009 11:18 AM
To: NT System Admin Issues
Subject: Re: Terminal Services Profiles

Are you using TS profiles?  I have a GPO set on the Terminal Servers OU, and 
that sets profiles to be stored on a large share, and allows profiles to be 
cached on the TS servers as well.

That's in the TS 2008 Resource Guide.  I don't have it handy but can get more 
details if you need it.

>>> "Owens, Michael"  7/15/2009 10:07 AM >>>
All -

I have TS profiles, configured through GP. The GP works, as it actually creates 
the profile when the user logs on, as it is supposed to. However, the folders 
remain empty and I recieve errors that the profile cannot load correctly. Any 
thoughts?

Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Who deleted files

[Owens, Michael]

do you have auditing enabled?


From: Robert LeBlanc [mailto:robert.lebl...@aanmpc.com]
Sent: Wednesday, July 15, 2009 12:25 PM
To: NT System Admin Issues
Subject: Who deleted files

Hi all,

Is there an easy way to see who deleted files from a networks drive. I've been 
able to restore the files from backup but we'd like to know who deleted 
initially. The server is Win2K.

Thanks, Robert

Robert LeBlanc
Network Administrator MCP,MCSE
Anesthesia Associates of New Mexico, P.C.
(P)505-260-4300
(F)505-260-4338
(E)robert.lebl...@aanmpc.com



Please note that the information contained in this message may be privileged 
and confidential and protected from disclosure.  If the reader of this message 
is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that 
any dissemination, distribution or copying of this communication is strictly 
prohibited.  If you have received this communication in error, please notify us 
by replying to the message and deleting it from your computer.  Thank you. 
Anesthesia Associates of New Mexico, P.C.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Terminal Services Profiles

[Owens, Michael]

Yes. I have the "Set path for TS Roaming User Profile" set. I am trying to 
create them on a larger share, and it is working... kind of.

The folder gets created, so it is clear the account has access to that folder, 
but it doesn't create a profile in that folder, it creates a temporary profile 
locally.


From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, July 15, 2009 11:18 AM
To: NT System Admin Issues
Subject: Re: Terminal Services Profiles

Are you using TS profiles?  I have a GPO set on the Terminal Servers OU, and 
that sets profiles to be stored on a large share, and allows profiles to be 
cached on the TS servers as well.

That's in the TS 2008 Resource Guide.  I don't have it handy but can get more 
details if you need it.

>>> "Owens, Michael"  7/15/2009 10:07 AM >>>
All -

I have TS profiles, configured through GP. The GP works, as it actually creates 
the profile when the user logs on, as it is supposed to. However, the folders 
remain empty and I recieve errors that the profile cannot load correctly. Any 
thoughts?

Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






Confidentiality Notice: This e-mail message, including attachments, is for the 
sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure, or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Terminal Services Profiles

[Owens, Michael]

All -

I have TS profiles, configured through GP. The GP works, as it actually creates 
the profile when the user logs on, as it is supposed to. However, the folders 
remain empty and I recieve errors that the profile cannot load correctly. Any 
thoughts?

Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

oooh ok my bad-- I do have the apply to folders and subfolders set.

From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Thursday, July 09, 2009 1:20 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

No, I meant NTFS permissions.  I noticed in one of your first emails that you 
were adjusting ntfs permissions (Security Tab).  So, what are the ntfs 
permissions on that parent folder?  Do you have the Apply to Folders, 
subfolders and files enabled?

What happens if you try and create a file manually (for both admin and not), 
really seems like it's a permissions issue that needs to be sorted out.

On Thu, Jul 9, 2009 at 10:37 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Do you mean to the share? Example, my path is \\stuctx07\profiles$


Profiles$ did not grant write access tot he user... I just changed it. The 
strange thing - it was working... I did not change the permissions.
After changing them to allow the users right access... it was still a no go. 
The Admin cannot create a profile either.


However here is my caveot- I want the admins unaffected by the GPO for these 
machines- when I log on they pull down the GPO. I had it working a while back - 
but I recreated the GPO and I cant figure out the deligations tab.

Mike


From: Jonathan Link 
[mailto:jonathan.l...@gmail.com<mailto:jonathan.l...@gmail.com>]
Sent: Thursday, July 09, 2009 10:13 AM

To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I'd see if an admin account could create a profile.  Double check the 
permissions on the parent folder, of course.  You had been adjusting 
permissions before I advised verifying the GPO setting, you might want to 
verify the permissions will still allow users to create files and folders...

On Thu, Jul 9, 2009 at 9:47 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Ok - I just tried that option - and now it wont create the roaming profile at 
first log on. Did I do something wrong?

Thanks,
Mike


From: Jonathan Link 
[mailto:jonathan.l...@gmail.com<mailto:jonathan.l...@gmail.com>]
Sent: Tuesday, July 07, 2009 4:42 PM

To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

Did you adjust the GPO?
Administrative Templates\System\User Profiles

"Add the Administrators security group to roaming user profiles"


On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com<mailto:jk.har...@gmail.com>]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

Do you mean to the share? Example, my path is 
\\stuctx07\profiles$


Profiles$ did not grant write access tot he user... I just changed it. The 
strange thing - it was working... I did not change the permissions.
After changing them to allow the users right access... it was still a no go. 
The Admin cannot create a profile either.


However here is my caveot- I want the admins unaffected by the GPO for these 
machines- when I log on they pull down the GPO. I had it working a while back - 
but I recreated the GPO and I cant figure out the deligations tab.

Mike


From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Thursday, July 09, 2009 10:13 AM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I'd see if an admin account could create a profile.  Double check the 
permissions on the parent folder, of course.  You had been adjusting 
permissions before I advised verifying the GPO setting, you might want to 
verify the permissions will still allow users to create files and folders...

On Thu, Jul 9, 2009 at 9:47 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Ok - I just tried that option - and now it wont create the roaming profile at 
first log on. Did I do something wrong?

Thanks,
Mike


From: Jonathan Link 
[mailto:jonathan.l...@gmail.com<mailto:jonathan.l...@gmail.com>]
Sent: Tuesday, July 07, 2009 4:42 PM

To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

Did you adjust the GPO?
Administrative Templates\System\User Profiles

"Add the Administrators security group to roaming user profiles"


On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com<mailto:jk.har...@gmail.com>]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

Ok - I just tried that option - and now it wont create the roaming profile at 
first log on. Did I do something wrong?

Thanks,
Mike


From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, July 07, 2009 4:42 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

Did you adjust the GPO?
Administrative Templates\System\User Profiles

"Add the Administrators security group to roaming user profiles"


On Tue, Jul 7, 2009 at 2:12 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com<mailto:jk.har...@gmail.com>]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Server 2008 fail/ My fail?

[Owens, Michael]

Heres what is going on.

I have a share, that TS profiles get created on. Only that account has access 
to them, and system. For some reason it takes away administrators - I would 
like to add a group, to the parent folder, to propogate to all child objects 
created. Does that make sense?


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Tuesday, July 07, 2009 1:46 PM
To: NT System Admin Issues
Subject: Re: Server 2008 fail/ My fail?

I have been doing that for the last week while I move from 2003 to 2008.  Look 
at the Security Tab bottom Advanced then Edit then Edit again then Apply To.  
Will this not work or do you want to Add a group/person/etc.  If you are adding 
then the second Edit should be Add instead.

Jon

On Tue, Jul 7, 2009 at 1:38 PM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Server 2008 fail/ My fail?

[Owens, Michael]

Does anyone know why they got rid of the option to "replace permission entries 
on all child objects with entries shown here that apply to child objects?" Or 
did they move it?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Treo 700 to Exchange?

[Owens, Michael]

Verizon has the wireless sync that you can do. Or you can always do Microsoft's 
active sync, but that doesnt work over the air.


From: David Lum [mailto:david@nwea.org]
Sent: Monday, June 29, 2009 12:56 PM
To: NT System Admin Issues
Subject: Treo 700 to Exchange?

Note this is a NON-Exchange connection Q: What options exist to sync a Treo 700 
series Verizon phone w/ a stand-alone Outlook 2007 install (No Exchange)?
Lowest cost option wins ;)
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764







This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: V2 profiles revisited

[Owens, Michael]

 For your TS did you do mandatory profiles?   Because that is really all I am 
trying to set up. It is normally an easy task, which is why I am so frustrated!

From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Wednesday, June 24, 2009 10:10 AM
To: NT System Admin Issues
Subject: Re: V2 profiles revisited

Yes I used that for my 2008 Term server...with folder redirection, the v2 
profiles work fine.  There is a good MS article on setting that up. I'll try to 
find it.This is close to what I used.
http://social.technet.microsoft.com/forums/en-US/winservergen/thread/2e3d27cf-38ec-433d-8bee-2a69a73871a5/
Steve

On Wed, Jun 24, 2009 at 9:04 AM, Jon Harris 
mailto:jk.har...@gmail.com>> wrote:
Vista has a different file structure from XP.  XP profles will only load 
correctly on XP and Vista will only load Vista profiles.  For Vista use folder 
redirection instead.

Jon

On Wed, Jun 24, 2009 at 9:55 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
Has anyone had roaming, or mandatory profile problems, only with the v2 
profiles for vista or server 2008?

When I try an an XP machine, it pulls everything group policy and AD says to do 
exactly as I tell it.

I log on as the same user, and the machines are part of the same OU.

It WILL NOT load the V2 profile.


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.
















This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

V2 profiles revisited

[Owens, Michael]

Has anyone had roaming, or mandatory profile problems, only with the v2 
profiles for vista or server 2008?

When I try an an XP machine, it pulls everything group policy and AD says to do 
exactly as I tell it.

I log on as the same user, and the machines are part of the same OU.

It WILL NOT load the V2 profile.


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Happy Fathers Day

[Owens, Michael]

Speaking as a fresh college gradaute, (member of the younger crowd) I have 
never called my dad asking for bail money.

I ask my friends. My dad would kill me. ;)


From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: Monday, June 22, 2009 12:41 PM
To: NT System Admin Issues
Subject: RE: Happy Fathers Day

And usually involves money, either for gas or bail.


From: Brumbaugh, Luke [mailto:luke.brumba...@butlerahs.com]
Sent: Monday, June 22, 2009 11:35 AM
To: NT System Admin Issues
Subject: RE: Happy Fathers Day

That keeps happening when they get older too.

Starts with "Dad can you come get me..."

From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Monday, June 22, 2009 12:25 PM
To: NT System Admin Issues
Subject: RE: Happy Fathers Day

And even then you can get woke up in the middle of the night...  :-)


From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Monday, June 22, 2009 10:15 AM
To: NT System Admin Issues
Subject: Re: Happy Fathers Day
Sleep as much as possible after that you don't get any sleep.  Until they are 
married and gone.

Jon
On Sun, Jun 21, 2009 at 8:19 PM, Kurt Buff 
mailto:kurt.b...@gmail.com>> wrote:
On Sat, Jun 20, 2009 at 21:47, Jon 
Harrismailto:jk.har...@gmail.com>> wrote:
> I know some of us have to work today but have a happy Fathers day specially
> the first time Dads.
>
> Jon Harris
Just a hair over two months until D-day...

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~










**

CONFIDENTIALITY NOTICE: The information transmitted in this message is intended 
only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any review, retransmission, 
dissemination or other use of this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, 
please contact the sender and destroy all copies of this document. Thank you.

Butler Animal Health Supply

**












This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Palm Treo 755p?

[Owens, Michael]

Whoops... didnt notice there were two different cell phone threads.


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, June 18, 2009 1:32 PM
To: NT System Admin Issues
Subject: RE: Palm Treo 755p?

755 is only for sprint last I heard?

You hated your treo? At first I did have a lot of problems with it... but we 
upgraded the firmware to the newest version and all is well. I can do all I 
want and more. I've never had a problem since! I am really suprised to hear 
that you did not like it.

Mike


From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Thursday, June 18, 2009 1:22 PM
To: NT System Admin Issues
Subject: Re: Palm Treo 755p?


Hopefully, the 755p is a great improvment over the 700p!

1. It (700p) was one of the worst phones I'd ever used.  We eventually found a 
piece of software which would boost the volume up to where you could nearly 
hear it most places.

2. We are a Lotus shop.  There is a service (ActiveSync?) that would push mail 
out to your Treo.  If you happened to be doing anything else at the time, your 
Treo would re-boot.  (We finally set ours to where it would only sync mail if 
and when we told it to.)

Before we went with Blackberrys, though, the 700p's had far fewer problems than 
the 700w's.  (Our New York office went with the 700w.  I believe a number of 
them are on the bottom of the East River.)

Other than those two annoyances, it was my favorite PDA!
--
Richard D. McClary
Systems Administrator, Information Technology Group

ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org<http://www.aspca.org/>


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


"Angus Scott-Fleming"  wrote on 06/18/2009 11:58:03 AM:

> Is anyone here using a Palm Treo 755p?  I have to replace my failingphone and
> since my Palm TX is on its last legs, maybe it's time to move to a
> smartphone.
>
> I use and am dependent on several PalmOS programs which sync with
> their desktop
> versions, and the Classic emulator for the Palm Pre does NOT provide
> HotSyncing.  That means the Palm Pre is out until HotSyncing is
> fixed, or until
> WebOS versions of my apps appear (which doesn't appear likely in the next 6
> months, according to the publishers of the programs).  The Palm Centro is the
> only other possibility but I haven't heard anything positive about it.
>
> My work takes me into small towns where AT&T and T-Mobile coverage isn't
> available, so I have to stay with CDMA.  I'm currently on Sprint but I could
> move to Verizon, except the only PalmOS device they have is the Palm Centro.
>
> TIA for any feedback.
>
> I suppose I could consider a different CDMA smartphone as long as it had a
> time-and-billing app like Responsive Time Logger, a database like
> HandBase, and
> a calendar like Pimlico Software's DateBk6.  Ideas welcome there, too.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Palm Treo 755p?

[Owens, Michael]

755 is only for sprint last I heard?

You hated your treo? At first I did have a lot of problems with it... but we 
upgraded the firmware to the newest version and all is well. I can do all I 
want and more. I've never had a problem since! I am really suprised to hear 
that you did not like it.

Mike


From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org]
Sent: Thursday, June 18, 2009 1:22 PM
To: NT System Admin Issues
Subject: Re: Palm Treo 755p?


Hopefully, the 755p is a great improvment over the 700p!

1. It (700p) was one of the worst phones I'd ever used.  We eventually found a 
piece of software which would boost the volume up to where you could nearly 
hear it most places.

2. We are a Lotus shop.  There is a service (ActiveSync?) that would push mail 
out to your Treo.  If you happened to be doing anything else at the time, your 
Treo would re-boot.  (We finally set ours to where it would only sync mail if 
and when we told it to.)

Before we went with Blackberrys, though, the 700p's had far fewer problems than 
the 700w's.  (Our New York office went with the 700w.  I believe a number of 
them are on the bottom of the East River.)

Other than those two annoyances, it was my favorite PDA!
--
Richard D. McClary
Systems Administrator, Information Technology Group

ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


"Angus Scott-Fleming"  wrote on 06/18/2009 11:58:03 AM:

> Is anyone here using a Palm Treo 755p?  I have to replace my failingphone and
> since my Palm TX is on its last legs, maybe it's time to move to a
> smartphone.
>
> I use and am dependent on several PalmOS programs which sync with
> their desktop
> versions, and the Classic emulator for the Palm Pre does NOT provide
> HotSyncing.  That means the Palm Pre is out until HotSyncing is
> fixed, or until
> WebOS versions of my apps appear (which doesn't appear likely in the next 6
> months, according to the publishers of the programs).  The Palm Centro is the
> only other possibility but I haven't heard anything positive about it.
>
> My work takes me into small towns where AT&T and T-Mobile coverage isn't
> available, so I have to stay with CDMA.  I'm currently on Sprint but I could
> move to Verizon, except the only PalmOS device they have is the Palm Centro.
>
> TIA for any feedback.
>
> I suppose I could consider a different CDMA smartphone as long as it had a
> time-and-billing app like Responsive Time Logger, a database like
> HandBase, and
> a calendar like Pimlico Software's DateBk6.  Ideas welcome there, too.
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Mandatory profiles?

[Owens, Michael]

I should clarify. There are 7 servers. (1-7) The profiles share is on #7. I 
logged on using ICA on #1. The profile loaded, GPOs did not. So, I recreated 
the profile thinking maybe it was just a bad profile. Copied over the same 
profile I used before to the profile.v2 folder on my share, and gave it the 
same permissions I did the other one. When I logged on aagain using the ICA 
connection, I got an error in loading the profile. After much playing, I 
noticed that the v2 profile was no longer the one I copied over, but it was my 
DA account from server #1.

I am unsure if I logged in and out of that account on that server as part of my 
trouble shooting... this is the second time it has happend and I am going to 
try to duplicate it now.

The domain admin account is not affected by GPOs
The domain admin account also does not have anything in TS profiles, or the 
profiles tab.



From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, June 18, 2009 8:06 AM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

I am having trouble finding that setting. I apologize, I don't know GPOs very 
well. Is that under folder redirection?

I am actually using I noticed a unique problem now though, when I tried to log 
on using the test account (lab rat) and for some reason it copied my Domain 
administrator account's profile. I noticed, because the profile I copied over 
there yesterday was like 6 megs, and today the roaming profile is 500 megs. 
When I looked at the desktop... sure enough it was my DA account...

I never told it to copy that!!! I am sure I probably did something stupid but I 
have no idea what it was. :)


From: Troy Meyer [mailto:tme...@uoregon.edu]
Sent: Wednesday, June 17, 2009 8:17 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

It's a setting in the GPO.  It simply adds permissions, it wont remove existing 
permissions if the folder exists.  Haven't looked to see if it doesn't affect 
parent permissions that apply to child objects when the folder doesn't exist 
initially, but I would assume it doesn't.  May have to test that one (our 
provisioning creates the user folder(s) so I have not run into it yet).

-troy

From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Wednesday, June 17, 2009 9:11 AM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

When you say exclusive do you mean full control, or are they the only ones that 
have access?



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 17, 2009 10:50 AM
To: NT System Admin Issues
Subject: Re: Mandatory profiles?
Are your profile areas set to give the user exclusive access? I found problems 
with GPO application from 2008 AD till I overrode that setting
2009/6/17 Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>>
Actually no one from XP will be logging on to it, only Server 2008. I just 
tried the XP because I was out of ideas.

I took what I learned from you guys, applied it, and now the profiles are 
working flawlessly. But here is what is wierd. If the profile takes, the group 
policies do not apply. If I remove the users access to the profile (something I 
would thinl would be completely unrelated to GPO) the group policy doesnt apply?

I've tinkered with it for the last few days and can't put my finger on it.

Also, in the v2 profile there is no ntuser.dat? there is an ntuser.dat.log. is 
this correct?


From: Kelsey, John [mailto:jckel...@drmc.org<mailto:jckel...@drmc.org>]
Sent: Monday, June 15, 2009 1:28 PM

To: NT System Admin Issues
Subject: RE: Mandatory profiles?

Vista profiles are stored in a completely different folder structure than XP.  
If you need to use the same profile on both XP and Vista, the 'recommended' way 
is with folder redirection in a GPO.

Here is a good link.  http://technet.microsoft.com/en-us/library/cc766489.aspx


***
John C. Kelsey
DuBois Regional Medical Center
*:  814.375.3073
*:   jckel...@drmc.org<mailto:jckel...@drmc.org>
***
-Original Message-
From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Monday, June 15, 2009 12:46
To: NT System Admin Issues
Subject: RE: Mandatory profiles?
I see. We are having an issue where event viewer says that it cannot gain 
access to the profiles, but it works on an XP machine and I can navigate to 
it.


Very strange.


From: Bob Fronk [mailto:b...@btrfronk.com<mailto:b...@btrfronk.com>]
Sent: Monday, June 15, 2009 12:30 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

We have had issues with roaming profiles, but it was due to lack of 
understanding (on my part) about changes in roaming profiles and redirect

RE: Best Verizon Smartphone?

[Owens, Michael]

It is not a consumer unit!!! I can think of a thousand reasons to use you tube 
on a phone.

None productive. ;)


From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Thursday, June 18, 2009 8:44 AM
To: NT System Admin Issues
Subject: RE: Best Verizon Smartphone?

Thanks!  No we do not surf much only to do research on certain things when we 
are not at our desks etc.  Does it have mobile office built into its 
application set?

Thanks!


From: Rod Trent [mailto:rodtr...@myitforum.com]
Sent: Thursday, June 18, 2009 8:35 AM
To: NT System Admin Issues
Subject: RE: Best Verizon Smartphone?

Its not stellar, but manageable.  If you surf the Internet all day, yeah, 
you'll need to charge often.



What about battery life on the Saga?  I heard it is pretty bad, but that was a 
couple months ago.


From: Rod Trent [mailto:rodtr...@myitforum.com]
Sent: Thursday, June 18, 2009 8:22 AM
To: NT System Admin Issues
Subject: re: Best Verizon Smartphone?

Check out the Samsung Saga.  Love it.


Some of our Treo 700's are pas their prime and breaking down at our place and 
we are looking at new smartphones.  We have Verizon for a carrier and was 
wondering which Verizon smartphone everyone likes the best.  I have read 
reviews on the web, but I always like to get reviews from people that actually 
"use" the phones.  We mainly use them for enterprise communication functions: 
internet, e-mail (Exchange Server 2003), text, vpn would be nice but not 
totally necessary.

I also would like to hear from people who aren't suing Blackberry.  Opinions on 
Windows-based Verizon smartphones?

Thanks for your input.




























This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Best Verizon Smartphone?

[Owens, Michael]

I love my treo 700p. I went to a newer supposedly cooler phone then got my treo 
back. I hope it never breaks. :( Supposedly Apple is talking to verizon about 
the Iphone in 2010. Havent heard anything in a while about that though,


From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Thursday, June 18, 2009 8:26 AM
To: NT System Admin Issues
Subject: RE: Best Verizon Smartphone?

I have two users on the HTC Touch Pro, and one on the i760.  They're quite 
happy with them, and they sync very well with our Outlook 2003 server.

Sean Rector, MCSE

From: Chyka, Robert [mailto:bch...@medaille.edu]
Sent: Thursday, June 18, 2009 8:13 AM
To: NT System Admin Issues
Subject: Best Verizon Smartphone?

Some of our Treo 700's are pas their prime and breaking down at our place and 
we are looking at new smartphones.  We have Verizon for a carrier and was 
wondering which Verizon smartphone everyone likes the best.  I have read 
reviews on the web, but I always like to get reviews from people that actually 
"use" the phones.  We mainly use them for enterprise communication functions: 
internet, e-mail (Exchange Server 2003), text, vpn would be nice but not 
totally necessary.

I also would like to hear from people who aren't suing Blackberry.  Opinions on 
Windows-based Verizon smartphones?

Thanks for your input...





Information Technology Manager
Virginia Opera Association

E-Mail: sean.rec...@vaopera.org
Phone:(757) 213-4548 (direct line)
{+}

Virginia Opera's 35th Anniversary Season The One You 
Love
Celebrate with a 2009-2010 Subscription: La 
Bohème, The Daughter of 
the Regiment, Don 
Giovanni and Porgy and 
BessSM
Visit us online at www.vaopera.org or call 
1-866-OPERA-VA

This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

{*}






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Mandatory profiles?

[Owens, Michael]

I am having trouble finding that setting. I apologize, I don't know GPOs very 
well. Is that under folder redirection?

I am actually using I noticed a unique problem now though, when I tried to log 
on using the test account (lab rat) and for some reason it copied my Domain 
administrator account's profile. I noticed, because the profile I copied over 
there yesterday was like 6 megs, and today the roaming profile is 500 megs. 
When I looked at the desktop... sure enough it was my DA account...

I never told it to copy that!!! I am sure I probably did something stupid but I 
have no idea what it was. :)


From: Troy Meyer [mailto:tme...@uoregon.edu]
Sent: Wednesday, June 17, 2009 8:17 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

It's a setting in the GPO.  It simply adds permissions, it wont remove existing 
permissions if the folder exists.  Haven't looked to see if it doesn't affect 
parent permissions that apply to child objects when the folder doesn't exist 
initially, but I would assume it doesn't.  May have to test that one (our 
provisioning creates the user folder(s) so I have not run into it yet).

-troy

From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Wednesday, June 17, 2009 9:11 AM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

When you say exclusive do you mean full control, or are they the only ones that 
have access?



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 17, 2009 10:50 AM
To: NT System Admin Issues
Subject: Re: Mandatory profiles?
Are your profile areas set to give the user exclusive access? I found problems 
with GPO application from 2008 AD till I overrode that setting
2009/6/17 Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>>
Actually no one from XP will be logging on to it, only Server 2008. I just 
tried the XP because I was out of ideas.

I took what I learned from you guys, applied it, and now the profiles are 
working flawlessly. But here is what is wierd. If the profile takes, the group 
policies do not apply. If I remove the users access to the profile (something I 
would thinl would be completely unrelated to GPO) the group policy doesnt apply?

I've tinkered with it for the last few days and can't put my finger on it.

Also, in the v2 profile there is no ntuser.dat? there is an ntuser.dat.log. is 
this correct?


From: Kelsey, John [mailto:jckel...@drmc.org<mailto:jckel...@drmc.org>]
Sent: Monday, June 15, 2009 1:28 PM

To: NT System Admin Issues
Subject: RE: Mandatory profiles?

Vista profiles are stored in a completely different folder structure than XP.  
If you need to use the same profile on both XP and Vista, the 'recommended' way 
is with folder redirection in a GPO.

Here is a good link.  http://technet.microsoft.com/en-us/library/cc766489.aspx


***
John C. Kelsey
DuBois Regional Medical Center
*:  814.375.3073
*:   jckel...@drmc.org<mailto:jckel...@drmc.org>
***
-Original Message-
From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Monday, June 15, 2009 12:46
To: NT System Admin Issues
Subject: RE: Mandatory profiles?
I see. We are having an issue where event viewer says that it cannot gain 
access to the profiles, but it works on an XP machine and I can navigate to 
it.


Very strange.


From: Bob Fronk [mailto:b...@btrfronk.com<mailto:b...@btrfronk.com>]
Sent: Monday, June 15, 2009 12:30 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

We have had issues with roaming profiles, but it was due to lack of 
understanding (on my part) about changes in roaming profiles and redirection in 
Vista.



-

Bob Fronk

P Please print only as needed.











From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Monday, June 15, 2009 11:11 AM
To: NT System Admin Issues
Subject: Mandatory profiles?



Has anyone had any problem with mandatory profiles in vista, or server 2008?





This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.





This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is

RE: Mandatory profiles?

[Owens, Michael]

When you say exclusive do you mean full control, or are they the only ones that 
have access?



From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, June 17, 2009 10:50 AM
To: NT System Admin Issues
Subject: Re: Mandatory profiles?

Are your profile areas set to give the user exclusive access? I found problems 
with GPO application from 2008 AD till I overrode that setting

2009/6/17 Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>>
Actually no one from XP will be logging on to it, only Server 2008. I just 
tried the XP because I was out of ideas.

I took what I learned from you guys, applied it, and now the profiles are 
working flawlessly. But here is what is wierd. If the profile takes, the group 
policies do not apply. If I remove the users access to the profile (something I 
would thinl would be completely unrelated to GPO) the group policy doesnt apply?

I've tinkered with it for the last few days and can't put my finger on it.

Also, in the v2 profile there is no ntuser.dat? there is an ntuser.dat.log. is 
this correct?


From: Kelsey, John [mailto:jckel...@drmc.org<mailto:jckel...@drmc.org>]
Sent: Monday, June 15, 2009 1:28 PM

To: NT System Admin Issues
Subject: RE: Mandatory profiles?

Vista profiles are stored in a completely different folder structure than XP.  
If you need to use the same profile on both XP and Vista, the 'recommended' way 
is with folder redirection in a GPO.

Here is a good link.  http://technet.microsoft.com/en-us/library/cc766489.aspx


***
John C. Kelsey
DuBois Regional Medical Center
*:  814.375.3073
*:   jckel...@drmc.org<mailto:jckel...@drmc.org>
***
-----Original Message-
From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Monday, June 15, 2009 12:46
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

I see. We are having an issue where event viewer says that it cannot gain 
access to the profiles, but it works on an XP machine and I can navigate to 
it.


Very strange.


From: Bob Fronk [mailto:b...@btrfronk.com<mailto:b...@btrfronk.com>]
Sent: Monday, June 15, 2009 12:30 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?


We have had issues with roaming profiles, but it was due to lack of 
understanding (on my part) about changes in roaming profiles and redirection in 
Vista.



-

Bob Fronk

P Please print only as needed.











From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Monday, June 15, 2009 11:11 AM
To: NT System Admin Issues
Subject: Mandatory profiles?



Has anyone had any problem with mandatory profiles in vista, or server 2008?





This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Mandatory profiles?

[Owens, Michael]

Actually no one from XP will be logging on to it, only Server 2008. I just 
tried the XP because I was out of ideas.

I took what I learned from you guys, applied it, and now the profiles are 
working flawlessly. But here is what is wierd. If the profile takes, the group 
policies do not apply. If I remove the users access to the profile (something I 
would thinl would be completely unrelated to GPO) the group policy doesnt apply?

I've tinkered with it for the last few days and can't put my finger on it.

Also, in the v2 profile there is no ntuser.dat? there is an ntuser.dat.log. is 
this correct?


From: Kelsey, John [mailto:jckel...@drmc.org]
Sent: Monday, June 15, 2009 1:28 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

Vista profiles are stored in a completely different folder structure than XP.  
If you need to use the same profile on both XP and Vista, the 'recommended' way 
is with folder redirection in a GPO.

Here is a good link.  http://technet.microsoft.com/en-us/library/cc766489.aspx


***
John C. Kelsey
DuBois Regional Medical Center
*:  814.375.3073
*:   jckel...@drmc.org<mailto:jckel...@drmc.org>
***
-Original Message-
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Monday, June 15, 2009 12:46
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

I see. We are having an issue where event viewer says that it cannot gain 
access to the profiles, but it works on an XP machine and I can navigate to 
it.


Very strange.


From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Monday, June 15, 2009 12:30 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

We have had issues with roaming profiles, but it was due to lack of 
understanding (on my part) about changes in roaming profiles and redirection in 
Vista.

-
Bob Fronk
P Please print only as needed.





From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Monday, June 15, 2009 11:11 AM
To: NT System Admin Issues
Subject: Mandatory profiles?

Has anyone had any problem with mandatory profiles in vista, or server 2008?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.






This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Mandatory profiles?

[Owens, Michael]

I see. We are having an issue where event viewer says that it cannot gain 
access to the profiles, but it works on an XP machine and I can navigate to 
it.


Very strange.


From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Monday, June 15, 2009 12:30 PM
To: NT System Admin Issues
Subject: RE: Mandatory profiles?

We have had issues with roaming profiles, but it was due to lack of 
understanding (on my part) about changes in roaming profiles and redirection in 
Vista.

-
Bob Fronk
P Please print only as needed.





From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Monday, June 15, 2009 11:11 AM
To: NT System Admin Issues
Subject: Mandatory profiles?

Has anyone had any problem with mandatory profiles in vista, or server 2008?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Mandatory profiles?

[Owens, Michael]

Has anyone had any problem with mandatory profiles in vista, or server 2008?


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: http://www.oovoo.com/

[Owens, Michael]

I havent tried it, but skype has always treated me well.



From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Thursday, June 11, 2009 2:44 PM
To: NT System Admin Issues
Subject: http://www.oovoo.com/

Anyone used it?  Thoughts?

What is ooVoo?
ooVoo is FREE video calling. See up to six friends, family or colleagues at the 
same time - with video quality that's like being face-to-face the same room!

*
  Video Chat
   with up to six people at the same time.
*
  Experience
   great video and audio.
*
  See
   people without the expense of travel.
*
  Easy to Use
   for customers and businesses.




Sam Cayze
Information Technology Administrator
ROLLOUTS
ONSITE * ON DEMAND
952.279.6218...Direct Dial
612.386.3946...Mobile
877.471.6495...eFax
www.Rollouts.comhttp://www.Rollouts.com>
www.e-Technicians.net

CONFIDENTIALITY NOTICE: This email and any attachment(s) are intended only for 
the designated recipient(s).   Rollouts Incorporated prohibits use, 
distribution or transmittal by or to an unintended recipient without Rollouts' 
express written approval.  If you are not the intended recipient, please delete 
this email and notify Rollouts.








This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Error joining PC to a domain

[Owens, Michael]

WEBES cleaner fixed it. Thanks guys.


From: Orland, Kathleen [mailto:korl...@rogers.com]
Sent: Thursday, June 11, 2009 10:54 AM
To: NT System Admin Issues
Subject: Re: Error joining PC to a domain

How to troubleshoot RPC Endpoint Mapper errors
http://support.microsoft.com/?id=839880

Also, try running DCDiag from the Res Kit against your domain controller.
- Original Message -
From: Owens, Michael<mailto:michael.ow...@dys.ohio.gov>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Thursday, June 11, 2009 10:04 AM
Subject: RE: Error joining PC to a domain

Sorry it is 2003 -  but the firewall service is disabled on both of them.


From: Orland, Kathleen [mailto:korl...@rogers.com]
Sent: Thursday, June 11, 2009 9:58 AM
To: NT System Admin Issues
Subject: Re: Error joining PC to a domain

Server 2003? Disable the firewall if it's on and see if the unwanted behaviour 
stops. If you don't want to do that, leave the following ports open:

LDAP 389, DNS 53, SMTP 25 or 587, POP3 110, FTP 21, HTTP 80.
- Original Message -
From: Maglinger, Paul<mailto:pmaglin...@scvl.com>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Thursday, June 11, 2009 9:43 AM
Subject: RE: Error joining PC to a domain

Is this an HP server?  Are you running WEBES?  Try uninstalling WEBES.

________
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, June 11, 2009 8:26 AM
To: NT System Admin Issues
Subject: Error joining PC to a domain

This is a random event, it doesnt happen all the time. When I join a computer 
to the domain, I get "There are no more endpoints available from the endpoint 
mapper"

Everything that comes up on google doesn't seem to apply and since it is 
intermintant, it is hard to test it just leads me to believe something is 
set up incorrectly somehwhere. Has anyone seen this before?

Thanks guys,
Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.














This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Error joining PC to a domain

[Owens, Michael]

Sorry it is 2003 -  but the firewall service is disabled on both of them.


From: Orland, Kathleen [mailto:korl...@rogers.com]
Sent: Thursday, June 11, 2009 9:58 AM
To: NT System Admin Issues
Subject: Re: Error joining PC to a domain

Server 2003? Disable the firewall if it's on and see if the unwanted behaviour 
stops. If you don't want to do that, leave the following ports open:

LDAP 389, DNS 53, SMTP 25 or 587, POP3 110, FTP 21, HTTP 80.
- Original Message -
From: Maglinger, Paul<mailto:pmaglin...@scvl.com>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Thursday, June 11, 2009 9:43 AM
Subject: RE: Error joining PC to a domain

Is this an HP server?  Are you running WEBES?  Try uninstalling WEBES.

________
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, June 11, 2009 8:26 AM
To: NT System Admin Issues
Subject: Error joining PC to a domain

This is a random event, it doesnt happen all the time. When I join a computer 
to the domain, I get "There are no more endpoints available from the endpoint 
mapper"

Everything that comes up on google doesn't seem to apply and since it is 
intermintant, it is hard to test it just leads me to believe something is 
set up incorrectly somehwhere. Has anyone seen this before?

Thanks guys,
Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.














This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Error joining PC to a domain

[Owens, Michael]

There are two domain controllers. (both a DL380 G4) I was not the one who 
originally installed this- and I do not see WEBES on them. I looked in 
services.msc and I lookedd add remove programs. I did not see it. Do I removie 
it via smart start?


From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Thursday, June 11, 2009 9:43 AM
To: NT System Admin Issues
Subject: RE: Error joining PC to a domain

Is this an HP server?  Are you running WEBES?  Try uninstalling WEBES.


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, June 11, 2009 8:26 AM
To: NT System Admin Issues
Subject: Error joining PC to a domain

This is a random event, it doesnt happen all the time. When I join a computer 
to the domain, I get "There are no more endpoints available from the endpoint 
mapper"

Everything that comes up on google doesn't seem to apply and since it is 
intermintant, it is hard to test it just leads me to believe something is 
set up incorrectly somehwhere. Has anyone seen this before?

Thanks guys,
Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Error joining PC to a domain

[Owens, Michael]

This is a random event, it doesnt happen all the time. When I join a computer 
to the domain, I get "There are no more endpoints available from the endpoint 
mapper"

Everything that comes up on google doesn't seem to apply and since it is 
intermintant, it is hard to test it just leads me to believe something is 
set up incorrectly somehwhere. Has anyone seen this before?

Thanks guys,
Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: LogMeIn Rescue Alternative help

[Owens, Michael]

again noy sure if it meets all your requirements... showmypc


From: Roger Wright [mailto:rwri...@evatone.com]
Sent: Wednesday, June 10, 2009 3:34 PM
To: NT System Admin Issues
Subject: RE: LogMeIn Rescue Alternative help

Oh... and TeamViewer is $700 for lifetime use, not per year.



Roger Wright
Network Administrator
Evatone, Inc.
727.572.7076  x388
_

From: Roger Wright [mailto:rwri...@evatone.com]
Sent: Wednesday, June 10, 2009 3:29 PM
To: NT System Admin Issues
Subject: RE: LogMeIn Rescue Alternative help

TeamViewer is about $700 and works very well.  I'm pretty sure it handles Safe 
Mode reconnects okay.



Roger Wright
Network Administrator
Evatone, Inc.
727.572.7076  x388
_

From: Matt Plahtinsky [mailto:cbusitl...@gmail.com]
Sent: Wednesday, June 10, 2009 3:21 PM
To: NT System Admin Issues
Subject: LogMeIn Rescue Alternative help

I have been looking for a product like LogMeIn Rescue that's a bit cheaper 
($1200.00 a year).  There are a few things that I really like that LogMeIn 
Rescue does that most others don't do.

1.  Works on port 443 so it will work through most proxy's and firewalls.
2.  Can automatically reconnect the session after a reboot.
3.  Works in safe mode.
4.  Can transfter files between computers.

The problem I have run into with most of the other tools out there is they 
don't do the above list.

I'm willing to dish out some money but not $1200.00 a year for just me.

Thanks

Matt














This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

"Help and Support" Service in Server 2008, or lack there of.

[Owens, Michael]

All -

In Server 2003 there was a service that you could stop, or disable via group 
policy to disallow help on a terminal server. In server 2008, it appears to be 
missing. I googled it, and it says to disable it via a reg entry. I would 
rather not touch the registry if I don't have to. Does anyone have experience 
with disabling Help in Server 2008?

Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Group Policy Problem - I've lost all my hair

[Owens, Michael]

What if I want to make domain administrators (or anouther security group) able 
to log on without group policy restictions?


From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Thursday, May 28, 2009 3:32 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

If you have blocked inheritance at that OU, then it shouldn't receive any 
polices above that OU level.  You use loopback processing when you want the 
same *user* policies to apply to a computer, regardless of who logs on.  Say 
for example you have a logon script applied via GPO to some of your users at 
their OU level.  This logon script does some things that you don't want to 
happen if they log onto some specific computer/server.  What you do is setup 
the OU in which the computer/server sits with a user policy that you do want 
applied and turn on loopback processing.  When you log onto computers in that 
OU, ALL users will then get the settings that you have specified in that 
policy, and not the policies from their home OU.  This does assume, of course, 
that the computer OU is not inheriting the same policy due to OU structure.

Bill

____
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 2:54 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

I had disabled inheritance on that OU, so the OUs further down the tree should 
not grab any other policies either, correct? should loopback be enabled or 
disabled on THIS policy?


From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Thursday, May 28, 2009 12:54 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

If the servers/computers are not included in the security filtering, then the 
policy will not affect them.  Whether or not this is a problem has to do with 
the policies invoked within the GPO.  If all the policy items are user 
configuration items, then it will make no difference.  If there are computer 
configuration items in the policy, then the security has to be set to include 
the servers/computers.  If you have a mixture, you need to ensure that the GPO 
applies to the computer(s) and user(s).  This is the default; it is only an 
issue if it has been changed.

The other thing I would mention is that you might need to check to see if there 
are any other policies that invoke loopback processing.  When this is in effect 
(on a computer object), it applies policies from the OU of the computer only 
(more info at http://support.microsoft.com/kb/231287, if you are unfamiliar 
with this).

Bill Mayo


________
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

The only security filter I have in place is tied to a security group that the 
account (lab rat) is a member of. Should I specify the servers in there as 
well? The server that works is not a member of that security group.


From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Thursday, May 28, 2009 12:09 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

If a policy applied at the OU level is not affecting all the computers in the 
OU, the first thing I would suspect is that security filtering is in place.  
Have you confirmed that the Security Filtering section shows Authenticated 
Users having (read) permissions to the policy?  You may have to go to the 
Delegation tab to see all the permissions applied.

Bill Mayo

________
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:03 PM
To: NT System Admin Issues
Subject: Group Policy Problem - I've lost all my hair


All-

I seem to have a problem with GPO replication. I think. I am not really sure 
what the problem is - it just confuses me at this point. Here is the deal.

I have a 7 server TS farm. They all run server 2008 64 bit edition, but I 
believe the problem is something with our DCs. Our domain is 2003.

 Server 1 has the licenses, and distributes them out accordingly. I added a GPO 
to it, to lock them down. All servers are in the same OU, and my test account 
is in a different OU with the same GPO applied to it. The servers are named 
STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the 
GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my 
test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the 
DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab 
rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and 
did a "gpresult /user lrat /v" It gives me "INFO: The user "

RE: Group Policy Problem - I've lost all my hair

[Owens, Michael]

I had disabled inheritance on that OU, so the OUs further down the tree should 
not grab any other policies either, correct? should loopback be enabled or 
disabled on THIS policy?


From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Thursday, May 28, 2009 12:54 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

If the servers/computers are not included in the security filtering, then the 
policy will not affect them.  Whether or not this is a problem has to do with 
the policies invoked within the GPO.  If all the policy items are user 
configuration items, then it will make no difference.  If there are computer 
configuration items in the policy, then the security has to be set to include 
the servers/computers.  If you have a mixture, you need to ensure that the GPO 
applies to the computer(s) and user(s).  This is the default; it is only an 
issue if it has been changed.

The other thing I would mention is that you might need to check to see if there 
are any other policies that invoke loopback processing.  When this is in effect 
(on a computer object), it applies policies from the OU of the computer only 
(more info at http://support.microsoft.com/kb/231287, if you are unfamiliar 
with this).

Bill Mayo



From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:38 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

The only security filter I have in place is tied to a security group that the 
account (lab rat) is a member of. Should I specify the servers in there as 
well? The server that works is not a member of that security group.


From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Thursday, May 28, 2009 12:09 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

If a policy applied at the OU level is not affecting all the computers in the 
OU, the first thing I would suspect is that security filtering is in place.  
Have you confirmed that the Security Filtering section shows Authenticated 
Users having (read) permissions to the policy?  You may have to go to the 
Delegation tab to see all the permissions applied.

Bill Mayo

____
From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:03 PM
To: NT System Admin Issues
Subject: Group Policy Problem - I've lost all my hair


All-

I seem to have a problem with GPO replication. I think. I am not really sure 
what the problem is - it just confuses me at this point. Here is the deal.

I have a 7 server TS farm. They all run server 2008 64 bit edition, but I 
believe the problem is something with our DCs. Our domain is 2003.

 Server 1 has the licenses, and distributes them out accordingly. I added a GPO 
to it, to lock them down. All servers are in the same OU, and my test account 
is in a different OU with the same GPO applied to it. The servers are named 
STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the 
GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my 
test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the 
DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab 
rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and 
did a "gpresult /user lrat /v" It gives me "INFO: The user "lrat" does not have 
RSOP data."

When I do that on stuctx01, it pulls the correct policy. Replication otherwise 
on the domain controllers appear to be working correctly. How do I get it to 
apply to all of the servers in that OU? Everything looks right to me, and I do 
not even know what to look at next!



Thanks guys,

Mike




This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Amusing

[Owens, Michael]

I started a war. I just thought sending a 9 meg file to 3000 people was funny. 
:)


From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, May 28, 2009 2:51 PM
To: NT System Admin Issues
Subject: RE: Amusing

SIS is purely on the server. The temp instance is client-side as a function of 
Outlook.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Thursday, May 28, 2009 1:41 PM
To: NT System Admin Issues
Subject: RE: Amusing

I thought that even if you open an attachment locally, SIS integrity is 
maintained, and a copy is created in your local temp folder structure ( had a 
security issue once with sensitive documents persisting in the temp folders ) 
from a pointer to the original single instance

( unless you're just referring to the overhead on cpu/disk io/bandwidth from 
450 simultaneous hits )

Erik Goldoff

IT  Consultant

Systems, Networks, & Security



From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 28, 2009 2:37 PM
To: NT System Admin Issues
Subject: RE: Amusing
SIS means that while he sent that 9MB file to 3000 users, if all 3000 are on 
the same Exchange server then there's only 9MB storednow, if say, 450 of 
them decide to open the file or download the file to their desktop around the 
same time, you might have an issue
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764













This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Amusing

[Owens, Michael]

Thats a lot of files!

That's what I gathered from Google, but when I asked the exchange guy here if 
they have it enabled, he said that it didn't work because of their backups.

I immediately shut up because I have no idea what I am talking about. haha


From: David Lum [mailto:david@nwea.org]
Sent: Thursday, May 28, 2009 2:37 PM
To: NT System Admin Issues
Subject: RE: Amusing

SIS means that while he sent that 9MB file to 3000 users, if all 3000 are on 
the same Exchange server then there's only 9MB storednow, if say, 450 of 
them decide to open the file or download the file to their desktop around the 
same time, you might have an issue
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764



From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 11:24 AM
To: NT System Admin Issues
Subject: RE: Amusing

Yeah. :)


From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: Thursday, May 28, 2009 2:21 PM
To: NT System Admin Issues
Subject: Re: Amusing
So I take it you weren't brought on as an Exchange Consultantjust happen to 
be there during this particular incident?

- Sean
On Thu, May 28, 2009 at 10:01 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
I really wish I knew more about exchange, I am a citrix admin through and 
through I used exchange once! :)


From: Brian Desmond 
[mailto:br...@briandesmond.com<mailto:br...@briandesmond.com>]
Sent: Thursday, May 28, 2009 1:54 PM

To: NT System Admin Issues
Subject: RE: Amusing


That shouldn't have happened ... You have bigger problems than a single 
attachment.



Thanks,

Brian Desmond

br...@briandesmond.com<mailto:br...@briandesmond.com>



c - 312.731.3132



Active Directory, 4th Ed - http://www.briandesmond.com/ad4/

Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian



From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Thursday, May 28, 2009 12:34 PM
To: NT System Admin Issues
Subject: RE: Amusing



Haha, they dont have it set up here, I am a consultant just brought on... and 
the exchange server was slowed to a halt...





From: Sam Cayze [mailto:sam.ca...@rollouts.com<mailto:sam.ca...@rollouts.com>]
Sent: Thursday, May 28, 2009 1:24 PM
To: NT System Admin Issues
Subject: RE: Amusing

Probably a vid that was already on YouTube!



Thank god for Single Instance Storage





From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Thursday, May 28, 2009 12:20 PM
To: NT System Admin Issues
Subject: Amusing

Amusing user dunce moment:



We just had a user (one of the higher ups, obviously since not everyone has 
access to do this) send a 9 meg file to all users. (3000)



Hilarity ensues.





This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.













This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Group Policy Problem - I've lost all my hair

[Owens, Michael]

Everyones answers:

Richard:

1. All servers can ping all DCs.
2. I do get a 1704 applied succesfully event.
3. It does host both computers, and user policies. I was thinking about redoing 
the policies after something Bill told me, sometimes they arent so happy.

Bill:

1. I am not sure where to find the setting you are talking about here. ( If 
there are computer configuration items in the policy, then the security has to 
be set to include the servers/computers.  If you have a mixture, you need to 
ensure that the GPO applies to the computer(s) and user(s).  This is the 
default; it is only an issue if it has been changed.) I was under the 
impression that the securities applied to whatever I applied them to under 
either the security filters field, or under delegation tab? Which, I discovered 
if I try to add something to either of those fields, I get errors. Want 
specifics? Or should I just recreate the policies from scratch?

2. I will look into loopback after I send this.

Tom:

When you say enable network browsing... do you mean in the GPO itself?



From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 2:01 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

Give me a minute I am trying all these things. Thanks for the help guys. :)


From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, May 28, 2009 1:22 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

One last wild shot in the dark...

Can these servers ping the DCs?  I saw a pretty large environment  one time 
(several thousand nodes) where Group Policy didn't work because the network 
team had prohibited ICMP on all the switches and routers because of Welchia.  
They didn't disable slow link detection beforehand and it completely broke 
Group Policy.  A Nasty little chicken and egg scenario developed because of it. 
 Couldn't use Group Policy because of slow link detection.  Couldn't disable 
slow link detection b/c Group Policy wasn't working.  I begged them to allow 
ICMP just for a few days to get it resolved, but they wouldn't do it.

From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, May 28, 2009 1:10 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

So it looks like DNS and share permissions are probably OK.

Do you get a happy scecli 1704 event "Security policy in the Group policy 
objects has been applied successfully" after gpupdate?

What type of settings are in the GPO?  User and Computer?  You could always try 
enabling some innocuous computer setting like adding a logon message box and 
seeing if it propagates.

Here is one fix that involved corruption of a user profile, thought I would 
think it's unlikely in your case since it's happening on 6 different machines.
http://msinfluentials.com/blogs/jesper/archive/2006/11/25/group-policy-fails-for-one-user.aspx



From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:49 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

No errors on the app log when I run GP update, and yes I can navigate out to 
the policies folder.


From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, May 28, 2009 12:11 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair
What do you see in the app logs of the problem machines when you run "gpupdate 
/force" on them?

Can you browse to 
\\domaindns.name\SYSVOL\domaindnas.name\Policies
 from the 02-07?

From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:03 PM
To: NT System Admin Issues
Subject: Group Policy Problem - I've lost all my hair


All-

I seem to have a problem with GPO replication. I think. I am not really sure 
what the problem is - it just confuses me at this point. Here is the deal.

I have a 7 server TS farm. They all run server 2008 64 bit edition, but I 
believe the problem is something with our DCs. Our domain is 2003.

 Server 1 has the licenses, and distributes them out accordingly. I added a GPO 
to it, to lock them down. All servers are in the same OU, and my test account 
is in a different OU with the same GPO applied to it. The servers are named 
STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the 
GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my 
test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the 
DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab 
rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and 
did a "gpresult /user lrat /v" It giv

RE: Amusing

[Owens, Michael]

Yeah. :)


From: Sean Martin [mailto:seanmarti...@gmail.com]
Sent: Thursday, May 28, 2009 2:21 PM
To: NT System Admin Issues
Subject: Re: Amusing

So I take it you weren't brought on as an Exchange Consultantjust happen to 
be there during this particular incident?

- Sean

On Thu, May 28, 2009 at 10:01 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
I really wish I knew more about exchange, I am a citrix admin through and 
through I used exchange once! :)


From: Brian Desmond 
[mailto:br...@briandesmond.com<mailto:br...@briandesmond.com>]
Sent: Thursday, May 28, 2009 1:54 PM

To: NT System Admin Issues
Subject: RE: Amusing


That shouldn't have happened ... You have bigger problems than a single 
attachment.



Thanks,

Brian Desmond

br...@briandesmond.com<mailto:br...@briandesmond.com>



c - 312.731.3132



Active Directory, 4th Ed - http://www.briandesmond.com/ad4/

Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian



From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Thursday, May 28, 2009 12:34 PM
To: NT System Admin Issues
Subject: RE: Amusing



Haha, they dont have it set up here, I am a consultant just brought on... and 
the exchange server was slowed to a halt...





From: Sam Cayze [mailto:sam.ca...@rollouts.com<mailto:sam.ca...@rollouts.com>]
Sent: Thursday, May 28, 2009 1:24 PM
To: NT System Admin Issues
Subject: RE: Amusing

Probably a vid that was already on YouTube!



Thank god for Single Instance Storage



________

From: Owens, Michael 
[mailto:michael.ow...@dys.ohio.gov<mailto:michael.ow...@dys.ohio.gov>]
Sent: Thursday, May 28, 2009 12:20 PM
To: NT System Admin Issues
Subject: Amusing

Amusing user dunce moment:



We just had a user (one of the higher ups, obviously since not everyone has 
access to do this) send a 9 meg file to all users. (3000)



Hilarity ensues.





This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.













This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.











This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Amusing

[Owens, Michael]

I really wish I knew more about exchange, I am a citrix admin through and 
through I used exchange once! :)


From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Thursday, May 28, 2009 1:54 PM
To: NT System Admin Issues
Subject: RE: Amusing

That shouldn't have happened ... You have bigger problems than a single 
attachment.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

Active Directory, 4th Ed - http://www.briandesmond.com/ad4/
Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian

From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:34 PM
To: NT System Admin Issues
Subject: RE: Amusing

Haha, they dont have it set up here, I am a consultant just brought on... and 
the exchange server was slowed to a halt...


From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Thursday, May 28, 2009 1:24 PM
To: NT System Admin Issues
Subject: RE: Amusing
Probably a vid that was already on YouTube!

Thank god for Single Instance Storage


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:20 PM
To: NT System Admin Issues
Subject: Amusing
Amusing user dunce moment:

We just had a user (one of the higher ups, obviously since not everyone has 
access to do this) send a 9 meg file to all users. (3000)

Hilarity ensues.


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Group Policy Problem - I've lost all my hair

[Owens, Michael]

Give me a minute I am trying all these things. Thanks for the help guys. :)


From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, May 28, 2009 1:22 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

One last wild shot in the dark...

Can these servers ping the DCs?  I saw a pretty large environment  one time 
(several thousand nodes) where Group Policy didn't work because the network 
team had prohibited ICMP on all the switches and routers because of Welchia.  
They didn't disable slow link detection beforehand and it completely broke 
Group Policy.  A Nasty little chicken and egg scenario developed because of it. 
 Couldn't use Group Policy because of slow link detection.  Couldn't disable 
slow link detection b/c Group Policy wasn't working.  I begged them to allow 
ICMP just for a few days to get it resolved, but they wouldn't do it.

From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, May 28, 2009 1:10 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

So it looks like DNS and share permissions are probably OK.

Do you get a happy scecli 1704 event "Security policy in the Group policy 
objects has been applied successfully" after gpupdate?

What type of settings are in the GPO?  User and Computer?  You could always try 
enabling some innocuous computer setting like adding a logon message box and 
seeing if it propagates.

Here is one fix that involved corruption of a user profile, thought I would 
think it's unlikely in your case since it's happening on 6 different machines.
http://msinfluentials.com/blogs/jesper/archive/2006/11/25/group-policy-fails-for-one-user.aspx



From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:49 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

No errors on the app log when I run GP update, and yes I can navigate out to 
the policies folder.


From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, May 28, 2009 12:11 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair
What do you see in the app logs of the problem machines when you run "gpupdate 
/force" on them?

Can you browse to 
\\domaindns.name\SYSVOL\domaindnas.name\Policies
 from the 02-07?

From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:03 PM
To: NT System Admin Issues
Subject: Group Policy Problem - I've lost all my hair


All-

I seem to have a problem with GPO replication. I think. I am not really sure 
what the problem is - it just confuses me at this point. Here is the deal.

I have a 7 server TS farm. They all run server 2008 64 bit edition, but I 
believe the problem is something with our DCs. Our domain is 2003.

 Server 1 has the licenses, and distributes them out accordingly. I added a GPO 
to it, to lock them down. All servers are in the same OU, and my test account 
is in a different OU with the same GPO applied to it. The servers are named 
STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the 
GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my 
test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the 
DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab 
rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and 
did a "gpresult /user lrat /v" It gives me "INFO: The user "lrat" does not have 
RSOP data."

When I do that on stuctx01, it pulls the correct policy. Replication otherwise 
on the domain controllers appear to be working correctly. How do I get it to 
apply to all of the servers in that OU? Everything looks right to me, and I do 
not even know what to look at next!



Thanks guys,

Mike




This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.














This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Amusing

[Owens, Michael]

Haha, they dont have it set up here, I am a consultant just brought on... and 
the exchange server was slowed to a halt...


From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Thursday, May 28, 2009 1:24 PM
To: NT System Admin Issues
Subject: RE: Amusing

Probably a vid that was already on YouTube!

Thank god for Single Instance Storage


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:20 PM
To: NT System Admin Issues
Subject: Amusing

Amusing user dunce moment:

We just had a user (one of the higher ups, obviously since not everyone has 
access to do this) send a 9 meg file to all users. (3000)

Hilarity ensues.


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Amusing

[Owens, Michael]

Amusing user dunce moment:

We just had a user (one of the higher ups, obviously since not everyone has 
access to do this) send a 9 meg file to all users. (3000)

Hilarity ensues.


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Group Policy Problem - I've lost all my hair

[Owens, Michael]

No errors on the app log when I run GP update, and yes I can navigate out to 
the policies folder.


From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Thursday, May 28, 2009 12:11 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

What do you see in the app logs of the problem machines when you run "gpupdate 
/force" on them?

Can you browse to 
\\domaindns.name\SYSVOL\domaindnas.name\Policies
 from the 02-07?

From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:03 PM
To: NT System Admin Issues
Subject: Group Policy Problem - I've lost all my hair


All-

I seem to have a problem with GPO replication. I think. I am not really sure 
what the problem is - it just confuses me at this point. Here is the deal.

I have a 7 server TS farm. They all run server 2008 64 bit edition, but I 
believe the problem is something with our DCs. Our domain is 2003.

 Server 1 has the licenses, and distributes them out accordingly. I added a GPO 
to it, to lock them down. All servers are in the same OU, and my test account 
is in a different OU with the same GPO applied to it. The servers are named 
STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the 
GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my 
test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the 
DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab 
rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and 
did a "gpresult /user lrat /v" It gives me "INFO: The user "lrat" does not have 
RSOP data."

When I do that on stuctx01, it pulls the correct policy. Replication otherwise 
on the domain controllers appear to be working correctly. How do I get it to 
apply to all of the servers in that OU? Everything looks right to me, and I do 
not even know what to look at next!



Thanks guys,

Mike




This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Group Policy Problem - I've lost all my hair

[Owens, Michael]

The only security filter I have in place is tied to a security group that the 
account (lab rat) is a member of. Should I specify the servers in there as 
well? The server that works is not a member of that security group.


From: Mayo, Bill [mailto:bem...@pittcountync.gov]
Sent: Thursday, May 28, 2009 12:09 PM
To: NT System Admin Issues
Subject: RE: Group Policy Problem - I've lost all my hair

If a policy applied at the OU level is not affecting all the computers in the 
OU, the first thing I would suspect is that security filtering is in place.  
Have you confirmed that the Security Filtering section shows Authenticated 
Users having (read) permissions to the policy?  You may have to go to the 
Delegation tab to see all the permissions applied.

Bill Mayo


From: Owens, Michael [mailto:michael.ow...@dys.ohio.gov]
Sent: Thursday, May 28, 2009 12:03 PM
To: NT System Admin Issues
Subject: Group Policy Problem - I've lost all my hair


All-

I seem to have a problem with GPO replication. I think. I am not really sure 
what the problem is - it just confuses me at this point. Here is the deal.

I have a 7 server TS farm. They all run server 2008 64 bit edition, but I 
believe the problem is something with our DCs. Our domain is 2003.

 Server 1 has the licenses, and distributes them out accordingly. I added a GPO 
to it, to lock them down. All servers are in the same OU, and my test account 
is in a different OU with the same GPO applied to it. The servers are named 
STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the 
GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my 
test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the 
DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab 
rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and 
did a "gpresult /user lrat /v" It gives me "INFO: The user "lrat" does not have 
RSOP data."

When I do that on stuctx01, it pulls the correct policy. Replication otherwise 
on the domain controllers appear to be working correctly. How do I get it to 
apply to all of the servers in that OU? Everything looks right to me, and I do 
not even know what to look at next!



Thanks guys,

Mike




This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.










This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Group Policy Problem - I've lost all my hair

[Owens, Michael]

All-

I seem to have a problem with GPO replication. I think. I am not really sure 
what the problem is - it just confuses me at this point. Here is the deal.

I have a 7 server TS farm. They all run server 2008 64 bit edition, but I 
believe the problem is something with our DCs. Our domain is 2003.

 Server 1 has the licenses, and distributes them out accordingly. I added a GPO 
to it, to lock them down. All servers are in the same OU, and my test account 
is in a different OU with the same GPO applied to it. The servers are named 
STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the 
GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my 
test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the 
DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab 
rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and 
did a "gpresult /user lrat /v" It gives me "INFO: The user "lrat" does not have 
RSOP data."

When I do that on stuctx01, it pulls the correct policy. Replication otherwise 
on the domain controllers appear to be working correctly. How do I get it to 
apply to all of the servers in that OU? Everything looks right to me, and I do 
not even know what to look at next!



Thanks guys,

Mike




This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SMS startup help

[Owens, Michael]

We are going with SCCM 2007 on Server 2008.

Do you think we should setup a server at every remote site, or keep a server 
just at our datacenter?
Like you stated, trying to figure out the routing situation will be a 
challenge. Although we will probably find a way to focus it on certain sites, 
on off hour times.
I appreciate your help, ill use MyItForums to read up on and try to use it as a 
guide.


From: MarvinC [mailto:marv...@gmail.com]
Sent: Friday, May 22, 2009 10:15 AM
To: NT System Admin Issues
Subject: Re: SMS startup help

Are you speaking of SMS 2003 or SCCM? A lot has to do with the size of your 
environment, number of clients, etc.
1. The installation is straight forward provided you spec out a decent server 
or set of servers.
2. Make a decision to install it on the same with SQL server or put it and SQL 
on separate boxes. I vote put them on the same server.
3. If SMS 2003 a challenge "may" be getting the SMS client installed. So make 
sure to read over the installation methods.
4. Another challenge "may" be tied to how routing is configured in your 
environment as software deployments "may" lead to bandwidth saturation. 
Therefore read up on configuring throttling at the sites.

There's a lot tied to the installation and configuration but once you get her 
up she pretty much hums. Then again like any woman she can be hard to figure 
out at times. Be sure to check out the MyItforum site as it's considered 
probably the Best resource for SMS related issues.

It really doesn't matter which book you get just get one as it'll at least give 
you an overview of the basics. After that it's all hands on.

gl
hth


On Fri, May 22, 2009 at 9:00 AM, Owens, Michael 
mailto:michael.ow...@dys.ohio.gov>> wrote:
All -

I have been tasked with starting up SMS on our environment. The problem is, I 
cannot fins a good start to finish write up on it... Is there a good resource 
for this? Or if SMS sucks I am open to alternatives as well... I know nothing 
about this.

Thanks.

Mike

This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~








This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

SMS startup help

[Owens, Michael]

All -

I have been tasked with starting up SMS on our environment. The problem is, I 
cannot fins a good start to finish write up on it... Is there a good resource 
for this? Or if SMS sucks I am open to alternatives as well... I know nothing 
about this.

Thanks.

Mike

This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Canon MFD printer, SBS2008, and VMWare

[Owens, Michael]

Open source equivalent to Vmware
http://www.virtualbox.org/


-Original Message-
From: Charlie Kaiser [mailto:charl...@golden-eagle.org]
Sent: Thursday, May 21, 2009 12:01 PM
To: NT System Admin Issues
Subject: Canon MFD printer, SBS2008, and VMWare

Got an odd problem with a client's setup. They had an SBS 2003 box that smoked. 
We got them new hardware, installed SBS2008, everything's up and working. 
Except for the printer. It's a Canon MF8180C. They use it as networked printer 
and also want the fax and scan capability back.

Problem: Canon's toolbox software isn't available for the 64-bit OS. The 32-bit 
one won't install. They need the scan/fax capacity and don't want to buy a 
different unit.
So my boss is thinking VMWare, 32-bit OS, install the print software, run it 
from there.

Anyone tried it? I don't have any experience with the hardware virtualization 
between the 32/64 -bit systems and what we might run into.
Sounds like a heck of a lot of work for a scanner...

We're considering hooking the thing up to an XP box via USB and setting up the 
software on that instead, but there are physical limitations/issues with doing 
that... I'm still pushing for that solution, though. A long USB cable would be 
a LOT cheaper than setting up a VM... :-)

***
Charlie Kaiser
charl...@golden-eagle.org
Kingman, AZ
***


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: mass email

[Owens, Michael]

Do you have an email address for the organizations? Will it be to all the 
organizations at the same time all the time, or do you want them devided up on 
a regional basis?


From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org]
Sent: Thursday, May 21, 2009 11:35 AM
To: NT System Admin Issues
Subject: OT: mass email

I have question, we have a new CEO that recently started here at the 
organization. She inquired that she would like to create a 1 page informational 
email and have it sent to numerous agencies (nation wide). I'm not familiar 
with on sending out a mass email to agencies, but was wondering is there a 
service that sends out in behalf of you (customer) to legitimate organizations; 
announcement.

I hope my request is clear, if not I'll try to explain.


TIA,

Thomas Gonzalez
Technology Manager
Girl Scouts of Southwest Texas
210.349.2404 phone
210.403.1586 DID
210.349.2666 fax
www.girlscouts-swtx.org
tgonza...@girlscouts-swtx.org



This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the Girl Scouts of 
Southwest Texas. Warning: Although precautions have been taken to make sure no 
viruses are present in this email, Girl Scouts of Southwest Texas cannot accept 
responsibility for any loss or damage that arise from the use of this email or 
attachments.






This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Ease of Access in 2008 and Vista

[Owens, Michael]

Good morning all -

I have a quick question - has anyone found a way to disable the "ease of 
access" button using GPO? This is for a citrix farm, users connect to a shared 
desktop and can see the ease of access button when they select Start > settigns 
> Windows Security. I have disabled every other option in there, but the ease 
of access button remains. Any thoughts?


Thanks,
Mike


This message, and any response to it, may constitute a public record and
thus may be publicly available to anyone who requests it in accordance
with Chapter 149 of the Ohio Revised Code.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~