Stuart,
By all means - thanks for this. It's nice to see you, Levon and others
stop by. Adds a nice 'ambiance'.
Looking forward to seeing you in February, as MEC isn't going to happen
for me (doing an inter-forest migration)
Tony (and others, if you're going - ) full book trip reports on
Title: Message
What are the subnets? And what is the
gateway config.
Also, When you
say browse do you mean Network neighborhood? If so play with the LMHosts file to
see if you can force resolution if you can it is probably a WINS issue. Are the
servers WINS clients? Do the registration
Thanks everyone.
Raun Holmes
-Original Message-
From: Puckett, Richard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 3:23 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Joining computers to a domain?
Picky, picky, picky... *grin*. Here is it in VBS (and a little
Title: Message
Okay,
Situation:
I have two subnets
(subnet A and subnet B) with gateways between then. All my DCs (and the
rest of my server farm) is on subnet A. There are clients on
both subnets. All the the clients are either Windows XP or
Windows 2000 Prof patched to current standar
Does anyone have a Script or seen a script to be able to take a list of
computer names or even 1 computer name and query AD to tell what OU the
computer account is currently in without having to scan each OU
individually?
I actually need to take a huge list of computers and produce a placement
br
Perfect... Thanks Richard. The new Perl below works like a charm as well
as the VBScript. Great work.
-Original Message-
From: Puckett, Richard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 3:23 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Joining computers to a doma
Picky, picky, picky... *grin*. Here is it in VBS (and a little cleaner Perl
below it).
Richard
--
' VBS ms-DS-MachineAccountQuota Modifier
Option Explicit
On Error Resume Next
Dim DSO, DSBind, strDS, strDC, strPath, strUsr, strPw
I used this back in NT4 days. It might be worth your time to take a look and
see if will work in an AD environment.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q197478&;
-Original Message-
From: Jason Benway [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 11:36 AM
That's great Richard. I would still like to see the VBScript though. Any
for Jscript or Python?
-Original Message-
From: Puckett, Richard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 2:40 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Joining computers to a domain?
Dunno if this is useful for anyone, but here it is in Perl...
Regards,
Richard
use strict;
use Win32::OLE 'in';
use Win32::OLE::Const 'Active DS Type Library';
$Win32::OLE::Warn = 3;
# domain, access & quota variables
my $usr = 'DOMAIN\userid';
my $pwd = 'password';
my $dse = 'dc=mycompanyna
I tried to post the swynk script and it didn't send. From past
experience it will probably show up in a while. Anyway, I couldn't get
the script that Tony mentioned to run. Can someone put their eyes on the
script and let me know if you see any problems or lines that I may need
to edit.
Thanks,
Diane,
Thanks for the info - it has been a help.
Ken
-Original Message-
From: Ayers, Diane [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 02, 2002 4:22 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Add computer to domain delegation
Kenneth:
For the easiest approach, you ca
Title: Message
Domain Users Cannot Join Workstation or Server to a
Domainhttp://support.microsoft.com/default.aspx?scid=kb;en-us;Q251335
From
the article:
"Windows 2000 grants the "Add workstations to
domain" privilege to the Authenticated Users group by default. When this
privilege is
$)C
Ok, thanks for the help, I will play
around with it and see what I can get.
Thanks
"Darren Sykes"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
10/03/2002 12:37 PM
Please respond to
[EMAIL PROTECTED]
To
<[EMAIL PROTECTED]>
cc
Subject
RE: [ActiveDir] OT: Security
Template D
To be completely honest, I can’t
remember; It’s been a while since I did it.
It’s easily tested though –
create a folder in the root with a couple of subfolder and apply the template
with secedit.
The key to it is that as far as I remember,
the settings are applied in order of appearanc
$)C
I am using the mmc console. I do see
the options for propagation of settings, at first I was setting them to
Propagate Inheritable permission's to all subfolders and files. If
I set my needed permission's at the root of C: would I choose to
replace existing permission's on subfolders and fil
John,
That’s a tad confusing. When you say
that you’re looking through the templates, you are using the MMC snap-in
aren’t you?
When looking at file/registry permissions
the option regarding propagation of settings is on the first page, before you
have the opportunity to modify the DAC
I posted a message earlier about a security
template that I am working on. I am going by a article on the SANS site
and it is based on manually applying NTFS and registry permission's on
each machine. I am trying to accomplish the same thing through a security
template. I looked through the basicd
Our AD was upgraded from a NT domain. We have a bunch of old machine
accounts. What is the best method to tell if a machine no longer exists or
hasn't connected to the network?
Thanks,jb
--
Jason Benway
[EMAIL PROTECTED]
1250 S.Beechtree
Grand Haven, MI 49417
616-847-847
Thank you very much for your help.
Raun Holmes
-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 11:46 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Joining computers to a domain?
Here's a good article on this, including a sample scri
Here's a good article on this, including a sample script to change the
ms-DS-MachineAccountQuota attribute value.
http://www.swynk.com/friends/policht/103101.asp
Tony
-- Original Message --
From: "Holmes,Raun M" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTEC
Title: Joining computers to a domain?
The
ms-ds-machineAccountQuota (I believe) is a per domain
setting. It allows any user in the domain to create 10 computer accounts in AD.
I also think this is possibly restricted to the default computer container but am not sure. This really helps for
Cool, that is what I was hoping. Thanks
for the info
"Darren Sykes"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
10/03/2002 11:10 AM
Please respond to
[EMAIL PROTECTED]
To
<[EMAIL PROTECTED]>
cc
Subject
RE: [ActiveDir] OT: Security
Templates
As far as I am aware, and t
Title: Joining computers to a domain?
I
don’t believe so. I’m not actually sure of the official way to
reset the counter, other than through script/ADSIEdit.
You really need to be asking why the user
needs to add that many machines, if they’re an admin, they should be
given explicit righ
Title: Joining computers to a domain?
Hello,
I have a support person who is getting a msg: the following error occurred while attempting to join the domain"xxx.xxx.xxx": you computer could not be joined to the domain, you have exceeded the max number of computer accounts you are allowed t
Sorry that should be .inf files, not .ini
files (another point dropped on those MCSE modules then!!!). Thinking about
this, the local part of the built in objects SID are the same on all machines,
thus the reason why you can identify the built in administrator on every
machine even when ren
As far as I am aware, and through basic
testing, well known groups and accounts are referred to in the .ini file by generic
identifiers, whereas other accounts (such as domain accounts) are stored using
the SID of the user. So, in your example, that template should be able to be
applied to
I am in the process of creating a baseline
security template for our Win2k servers based off of a SANS guideline.
We do not have AD in place yet, so the templates will be applied to each
server after it is built. I am setting NTFS permission's on the root of
the C: drive and in the doc I am going
When you made the GPO on the server, did you browse using
E:\apps\msoffice or \\servername\sharename\msoffice? If the former, go
redo your GPO. The latter should work.
> -Original Message-
> From: marija efnuseva [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 03, 2002 08:59 AM
>
One thing you might want to make sure of is that 'System' has read
access. Since I am assuming you are assigning this 'per user', it is
going to be running as 'System'
Benton Chase Wink
-
Benton Chase Wink, CCNA MCSE
The University of Texas at Aust
Hallo,
I would like to thank everybofy for thir help. I find this mailing list very helpful
in my work.
Now I have a question about Software installation through Group Policy.
We want to deploy Microsoft Office through GP, and we have created a shared folder on
one of our Domain Controllers. W
31 matches
Mail list logo