Password complexity is enabled thru the Domain GPO. It is an on or
off function, not configurable. It curtails the success of dictionary
hacks by requiring 3 out of the following 4 in all user's passwords - Uppercase,
lowercase, numbers, special characters. It also will not allow the
password
It's in the "Domain Security Policy" mmc, under
Windows Settings/Security Settings/Account Policies/Password
Policy
Passwords must meet complexity requirements = Enabled
Mike
Thommes
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Ryan,
My understanding is that the only way to do this is to hook into the
password filter DLL. This is a Win32 DLL that the DC calls whenever a user
or administrator initiates a password change, whose job is to verify the
quality of the new password.
The DLL is your own code, so it can do whate
Cindy,
If you're going to have to keep all audit entries, you're going to have a
tough time. I can help decipher these records for you (I do a lot of
this!), but in a nutshell you've recorded a successful logoff (the Event
538) and a successful network logon via the Kerberos authentication packag
Title: LDAP & LastLogin for Computers
Hunter,
Are you actually querying the workstation, or just
the user accounts ? If your finding out when a computer was last logged onto, I
would LOVE to have a copy of the script as well (so I can kick our desktop
support guys in the bum to clean up *MY
I am having some strange issues in a domain we have. One user in particular
has a laptop and he is unable to access his local server. I am able to ping
the server and it resolves name to IP. If I open the IP from a run command
it shows all shared folders and printers. If I however do the same to t
We do. It is our way to display the GPO's in human readable format.
Dan
-Original Message-
From: Ellis, Debbie [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 10:32 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Group Policy
Does anyone have a Group Policy Spreadsheet ?
List
John,
Stella has put the world-famous Official DEC Screaming Yellow Rubber Chicken
in the mail, so you should get it by the end of the week or so. When you do
get it, be sure to give it a good squeeze.
When I spoke at the 2002 AFITC, a general from ACC (I've forgotten his name)
told me that someo
My great uncle who was a Computer Scientist with AT&T back in the '50's
(sorry Gil) told me about it. I didn't know we were talking about any
language that had been invented since the beginning of time :-P
My point isn't that the language necessarily dictates how unreadable the
code is although i
MOM is probably a bit of overkill for something that simple (although thats
what I use)
Justin, the products you've looked at should be able to do it, you just need
to set up some alternative SMTP routing if the email server is down. Can
you send SMTP mail directly upstream to your ISP from anoth
Dean -
given all that, why not just do the whole ADPrep /forestprep and /domainprep
? Even if the domain stays Win2K forever, would there be any harm in doing
so? From what I've seen, there isn't.
I
guess the question is, why is it more acceptable (to your customer) to do a
subset of thes
Title: Message
Hi
Mike,
You
can require "complex" passwords by setting the Domain Security Policy ->
Account Policies -> Password Policy -> Password must meet complexity
requirements.
Here
is more info:
http://www.microsoft.com/technet/treeview/default.asp?url="">
After
setting pas
Gil, you should give one out for every Enterprise purchase of Netpro
Products.
Todd Myrick
-Original Message-
From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 3:22 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] WOT Unreadable code (was Connection String
Great post
--
Sent from my BlackBerry Wireless Handheld
- Original Message -
From: ActiveDir-owner
Sent: 08/05/2003 11:03 PM
To: <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] Anonymous Logon
Cindy,
If you're going to have to keep all audit entries, you're going
Do you have your GPO set to apply the
changes even when the GPO hasn’t changed? If not, it may be worth
enabled this option in your GPO:
Computer Configuration/Administrative
Templates/System/Group Policy/Internet Explorer Maintenance/‘Process even
if Group Policy Objects have not c
If web services or ftp are running on those, both those services allow anon
to access the main page,
- Original Message -
From: "Rittenhouse, Cindy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 05, 2003 1:02 PM
Subject: RE: [ActiveDir] Anonymous Logon
> Rick,
> The
Title: Message
use a
local SMTP engine (IIS SMTP ) and let DNS route the messages out for
you.
Shawn
-Original Message-From: Salandra, Justin
A. [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003
8:57 AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] OT: Ser
Could you please send it to [EMAIL PROTECTED] Thanks
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 2:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Group Policy
We do. It is our way to display the GPO's in human readable format
Yes, you could have an OU for groups if you want. But the pros and cons all
depend on the way you want to administrate your AD. Can you give a bit more
info on your environment?
Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB
CEO & Principal A
Title: Message
repadmin and / or AD sites and services snap-in
Shawn
-Original Message-From: Dipowarga
Wirawan [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06,
2003 2:52 PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Synchronize AD
I
don't have problem in t
Title: Message
Machine account change frequency (default) NT is 7 days W2K is 30.
That's
how we have always managed machine accounts. Just had to tweak the interval in
the PERL script when W2K showed up :-]
Over
the threshold, whack the account
-Original Message-From: Steve R
Dean,
thanks for the info.
As you said, the changes dont sound too extreme,
but yes, the SchemaVersion would be the major concern.
I would be interested to see what the MS guys have
to say.
G.
- Original Message -
From:
Dean
Wells
To: AD mailing list (send)
Alain Lissoir's two books are great:
Understanding WMI Scripting
Leveraging WMI Scripting
-gil
Gil Kirkpatrick
CTO, NetPro
-Original Message-
From: Raymond McClinnis [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 8:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] VBscri
In my real world there are only 3 people other than myself in the whole
world who have administrator level rights in AD and on DC's and have
interactive logon rights to DC's who can make core level changes. This
is for a global production forest comprising around 380 domain
controllers and some 200
Jacqui,
I feel your pain; I read your e-mail and thought I had written it :-).
I went to a book store and picked up "Microsoft's Windows 2000 Scripting
Guide" I have had really good luck with it, although everything I need
isn't in there, I have been able to find what else I need on the web or
by
Sounds like a good idea Mark.
Creation of a private VPN over the internet to form the larger Lab would
take care of the "external" security problems, but not the "internal" ones
(ie do you trust the other people).
the main issues I can see with doing this is exactly what people want to
test, and
CHEER!
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Allen
Sent: Tuesday, August 05, 2003 9:14 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Connection String
Come on guys, why go to VB.NET when you can get most of the benefits o
Title: Message
The
only thing that comes to mind is using an GPO with block inheritance, but I
don't believe that works. Alternately, one could script an unlock tool
which periodically unlocks the account.
So,
how far in the future will it be when the IIS SMTP event sink model is
integrat
Many thanks for all the pointers. I better order some of the books :-) and read them,
QUICK!
Jacqui
> from:Gil Kirkpatrick <[EMAIL PROTECTED]>
> date:Thu, 07 Aug 2003 17:36:25
> to: [EMAIL PROTECTED]
> subject: RE: [ActiveDir] VBscript Help
>
> Alain Lissoir's two books are gr
Add myITforum.com to that list...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 10:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] VBscript Help
I keep a list of these sites - hope this helps (watc
I made those changes and I found an article about scripting home
folders. I can not find the article here, but I have it booked marked at
home. The article said something about making sure the folders exist
before attempting to set the home folder. So I changed the code to
below.
I still need to t
Just write it clearly... Use whitespace and good variables and DOCUMENT
your regexs...
Also perl is easy to read (and possible to write) in notepad...
Perl can be a write only language, but then so can just about any
language if you don't try to make it readable.
-Original Message-
Thanks for all enlighten!!!
Can this command be called from machine other than the server it self?
Best regards,
Agung
-Original Message-
From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 8:55 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Who's onli
Title: Message
> For normal day
to day things like resetting passwords, unlocking accounts, the normal tools are
just fine.
This
entirely depends on the size of the organization in relation to the size of the
help desk staff and I guess coupled with SLA's (i.e. is it ok to wait 3 days for
Do you have the exact virus name?
CM
-
This email and any files transmitted are
confidential and intended solely for the
use of the individual or entity to which
they are addressed, whose privacy
should be respected. Any
LOL :^) Ok, it's VERY rough.
John A. Bjelke
Unisys
505.853.6774
[EMAIL PROTECTED]
If it's as difficult as pulling teeth through an elephants rump, then the
approach needs to be reevaluated.
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent
I've been getting hammered on this one myself... My firewall logs are packed
with hits to ports 135 and 445.
Charles
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe
Sent: Monday, August 11, 2003 19:41
To: [EMAIL PROTECTED]
Subject: [ActiveDir] [OT] RP
Thanks,
I have a question though. I want to still use this server. I got a
completely new
HD in there now, and I want to use the same name. Bad idea? What should
I really do, this is the first time this has happened and I haven't read of
what
should be done when something like this occurs.
Erne
You can certainly use it again after you dcpromo it and remove all
references of it from the domain (adsiedit.msc) and DNS. Using the same
name should not be an issue. You just want to make sure it doesn't think it
owns the original RID master FSMO roll.
Regards,
Dave
-Original Message--
Charles-
Have you checked out this article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306915? Its not exactly the
same but could be your problem.
Darren
-Original Message-
From: Charles Campbell [mailto:[EMAIL PROTECTED]
Sent: Mon 8/11/2003 6:10
MessageIm searching the knowledgebase,but I thought maybe someone had
something
I could use here as well.
Well, one of my DCs just died, hard drive failed completely. Fine.
I have another DC, but now I can't change the RID role. I could change the
GC, PDC and infrastructure,
but the RID master c
Title: OT: Has anyone had a problem with the RPC call to the OS
I have seen one Xp
workstation that starts up and just wants to shut down within 2 minutes of bootup, a shutdown /a kills the issue but it is 100%
related to what is going on. As soon as
I unplug the internet line or put a fi
"Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller"
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
-Original Message-
From: EN [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 11:27 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] How to forc
How i can create one attribute and add to the
class using visual basic???
For example create the attribute
"socialNumber" and adding to "user" class in optional attributes.
At this moment i manage all objects, only need
extend the schema, i have the progam oidgen.exe (Microsoft Resources
NETDOM and NLTEST works on Win2000. with NETDOM i can also see trusts to NT4-Domains.
but what can i do, to see trusts from NT4-Servers. i need a way to find it out
with a (selfprogrammed) programm/script.
in Win2000 the script
http://www.rallenhome.com/books/adcookbook/source/02/2.20-view_trusts.
Title: Message
What
you're looking for is any log items from the IE Maintenance extension as it
tries to process the policy during user logon. Look for messages as to whether
it skipped processing for some reason or couldn't process the policy.
-Original Message-From: Charles
Dennis,
He's not looking to set this through policy, methinks.
Erick, try this link for how to do this through script:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi
/winnt_account_expiration.asp
Watch the word wrap, and good luck!
John A.
Title: Message
You
can use set logonserver to get the OS to tell you what it used for an
interactive logon. You can use nltest /dsgetdc:domainname to see what its
preferred ldap server is. You can use nltest /sc_query to see where the secure
channel is.
To
force a specific DC to be used y
I think the standard formulas work well as a starting point, but over the years I've
gotten stingy on pagefile size, since you can get defragmentation in the pagefile and
really big ones can get correspondingly more fragmented if they start to get up to a
fair percentage of total disk space. In
Title: Message
You
can not set password expiration for a group of users. Password expiration is a
global domain policy. Now if you are looking to simply unexpire a group of users
you could write (or most likely at this point) find a script that will take a
CSV file and either reset the passw
All,
I 've been
scrambling around the Internet looking for information about the ISA-Front End
server combination. There are not too many informative sites out
there. I've been trying to design a load balancing solution from the
connection from my ISA server to my multiple front
end servers
Title: Message
We are rolling our
W2k network out, and have successfully migrated from NT4.0. Previously we had
sat our user account's password to expire at the end of the year. However, going
through and enabling each individual account is not an option, as of yet I have
not found a way in
Thanks Dean - from your answer and that of Mr. Welch, it was a quick trip to Google to
find MS KB article 269181 that explains this in detail (in case anybody else is
interested). The part about there being two controls available (bitwise AND and
bitwise OR) will be helpful for other things I m
i know this one has probably been done about 500 times already, but was
hoping to sound the mailing list out on techniques of differentiating
between Windows 2000 / NT4 from login script, given that both Windows 2000
and NT4 return "Windows NT" from a query of the "OS Version" environment
variable
Title: Message
These are all 2000 machines…
Under the GPO, I have Apply Group Policy Asynchronously for Users
enabled.
Charles
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Wednesday, August 13, 2003
13:47
To: [E
Non-disabled user accounts (excluding system security principals such as
trust accounts) -
(&(objectcategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!
userAccountControl=2080))
Disabled user accounts (excluding system security principals such as trust
accounts) -
(&(objectcatego
Hi,
For 2000 and later you can use wmi to sort this out:
For Each os in
GetObject("winmgmts:").InstancesOf("Win32_OperatingSystem")
WScript.Echo " Version: ", os.Caption, os.Version
Next
Regards
Volker
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Thursday
maybe a wayward browse master?
Mike Thommes
-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 12:12 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Max Connections?
I'm using a Windows 2000 Server computer as a File Server but sometimes
p
We got this issue resolved late last night. The simplest solution for
us, was to enable a trust relationship with the NT4.0 domain. Then we
simply made the necessary changes via NT4.0. It worked suprisingly well.
Thanks for all of the information everyone. This issue can now be
closed.
Erick Chri
The rule of thumb I've always heard is RAM×1.5, so 1.5 GB.
Ray at work
> -Original Message-
> From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
>
> So you have a Gig of ram on a DC, what do you all set the
> pagefile size to?
> Memory +11 MB?
>
> Like to hear your feedback.
So you have a Gig of ram on a DC, what do you all set the pagefile size to?
Memory +11 MB?
Like to hear your feedback.
Toddler
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.acti
Title: Message
IE
Maintenance has two modes--preference and mandatory. Preference says, "hand down
IE policy but then let the user change it" whereas mandatory says, "reinforce it
all the time". You can see this by right clicking the IE Maintenance node and
choosing either Preference mode or
Yes
(ADS Library refrence if you use COM interface)
(library active directory VS 2002 VS 2003)
Bye
_
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
List info : http://www.active
Graham,
>From the Script Center in Technet:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem
Title: Message
Well, I did a reset with no problems…
I tried setting to preference mode, but seem unable to input any
changes.
I tried adding the *.adm files for IE (inetcorp.adm and inetset.adm),
however, when I go to access the settings, I see the following:
The inetset.adm file is no
Title: Message
Thank
you Joe ... high praise indeed and rigt back at ya ... though in my case, I'm
not certain it's deserved but I'll take what I can get :-)))
PS -
Being English, I do read tea leaves and as such am perfectly capable of
predicting the future, in fact, I predict that this P
I've been trying to track them with MOM and have concluded that 642's are a
"can of worms." What tends to happen is that a single change will generate
one 642 with a description of the change (Account Unlocked, etc.), followed
by one or more additional 642's with no description whatsoever.
I've
We had a discussion involving this very issue on this list last week - MS has a KB
article that describes this:
http://support.microsoft.com/?scid=812499
There is a hotfix (referenced in this article), and the fix is included in Win2K SP4.
Hope this helps...we're updating all our DCs to SP4 now, s
Hey,
I was aware of the vulnerability (and
thank you for pointing out the MS article for those who weren't), I just
wanted to make sure we where all talking about the same thing ;)
SUS is a wonderful thing ;-)
Carlos Magalhaes - ADSI MVP
http://groups.yahoo.com/group/adsianddir
Just as an aside here - MS of course displayed their VM server at tech ed -
one nice idea was DR for Exchange 2003 - you would basically generate a new
email server in minutes on a VM - users are then back online and you then
begin to backfill their email from tape.
List info : http://www.activ
Title: Message
You lost me on one part…
What are you referring to when you say “Preference mode settings”?
As for local GPO IE settings, there are none set.
I will enable the verbose logging and see what happens…
Thanks
Charles
-Original Message-
From:
[EMAIL PROTECTE
There is no change log maintained however you can look at the
replication metadata for an object (assuming you have appropriate
permissions) that will give you date and time stamps of originating
changes. Take a look at repadmin /showmeta. Also if you are nice Robbie
might post a code snippet utili
Title: Message
You
can alter the SRV priority and weight settings for the DC so that clients will
select one DC over another. See the Windows .NET mag article I wrote in the
March issue, or DL it from http://www.netpro.com/forum/files/authentication_topology.pdf.
-gil
Gil KirkpatrickCTO, Ne
The name is going to depend on the antivirus vendor.
But...this is not an antivirus vendor issue...this is a patch issue. The
patch has been available for a couple weeks. Grab
MS03-026.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Carlos
MagalhaesSent: Tuesday, August
I would have to get the books out but that seems a little rough in more
than spelling but I think I get the drift... LOL.
I'll take it as a generic 'them' versus specifically 'her' as indicated
by the gender of the pronoun...
:o)
joe
-Original Message-
From: [EMAIL PROTECTED]
[ma
You can also type "set L" if you just want to see the logon
server (sometimes the local variables screen gets a little
crowded).
John WitasickProject Manager - Windows Networking Services
Group
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
S
Title: Message
Update:
I have now noticed (beating my head on desk for not seeing it sooner)…
that the server also sees the ‘reset’ of the site changes…
Meaning:
1)
I log onto the server, change the site listings as
needed under IE Maintenance/Security…
2)
Run Secedit,
Except Gettype.exe from the Windows 2000 Resource Kit doesn't properly detect Windows
2003 or XP and the Gettype version from 2003 doesn't work on previous versions of
Windows.
Catch-22.
Cathy Hooper
Sr. NT Administrator
Getty Images, Inc.
206-925-6615 (Office)
www.gettyimages.com
http://tec
Is there anything I can use in a LDAP search filter to include only accounts that are
enabled ? For example, a filter like
(&(objectclass=user)(objectcategory=person)(physicalDeliveryOfficeName=MSPJ)) will
find all user objects whose office is in building MSPJ - I'd like to add an argument
tha
David,
We use similar methodology for our DR tests, by keeping a laptop running as a
DC on our live network, then transferring FSMO roles at the DR site. This has worked
flawlessly for us. We are now looking to be able to restore our AD evironment to a
totally different server. Problem
Title: Message
Try
turning that off (make it synchronous).
-Original Message-From: Charles Campbell
[mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 12:46
PMTo: [EMAIL PROTECTED]Subject: RE:
[ActiveDir] Group Policy and IE Zone Security
These are all 2000 m
Marc,
Forewarned is ... Well, you get the drift. It would be irresonsible of me
to suggest adding your own entries to an .ADM without first mentioning the
issue. So with that disclaimer out of the way
I'd suggest that your solution would likely be the best. Take a snapshot of
what it look
Title: Message
http://isc.sans.org/diary.html?date=2003-08-11
It goes
by different names, depending on the antivirus vendor. The patch has been out
for this for a while now. Our servers our patched, and we've seen no issues as
of yet.
-Original Message-From: Carlos Magalha
Title: Message
Yuck
(technical term). Dr. Watson isn't a good thing. Loading a Win2K .adm should not
cause a Dr. Watson on the MMC. Not sure why you're getting a SQLServerAgent
error--that's pretty unrelated to policy. If its possible, you may want to
delete this GPO and start from scratch.
Yeah
Thanks again guys for your responses.
I was not sure what the virus was called
however the symptoms, that you guys gave to me is exactly what some of our
clients were experiencing.
"The continuous reboot problem"
The servers however are not having any
problems as we patch
A "ver" command?
-Original Message-
From: Graham Turner [mailto:[EMAIL PROTECTED]
Sent: Thu 8/14/2003 6:08 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [ActiveDir] os version
i know this one has probably been done abo
Title: Message
I know that "echo %LOGONSERVER%"
from the command prompt will give you the DC that you used but the only way I know
how to force the use of a particular DC is to put garbage information for the
DC you do not want to use in the Hosts/LMHosts file on
the client.
The machine w
Interestingly enough, I have that policy enabled (IE Maintenance policy
processing).
However, I do notice that when I go to the registry key mentioned in that
article, the value is still set to 1, instead of 0.
I changed it manually, and will reboot to see what happens.
Does anyone know what would
Thanks!
I finally got everything working...at least so far, we'll see how it fares
tomorrow and such.
Did get some really weird errors, but they were fixable, according to MS.
Ernesto
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 12, 2003
That was my major concern too Hunter. Although we have not seen this in the
lab, I am wondering in a more complex environment (like production) if the
beast will rear it's ugly head then. That would be bad, very bad.
Btw, thanks to all of you for the comments and scenario recommendations.
Much
Erick,
Joe makes a good point -- password expiration policy is global.
However, you can avoid the rush of everyone's passwords expiring at once
with the following process:
1) enable global password expiration, but set the interval really long.
2) run a batch file nightly to expire a small g
I try to enforce a standard Policy for the POWER options in the control
panel so that everybody ues the same power settings, this for Desktops as
for portables.
I can't seem to find any ADM file for this. Is there somebody who can help
me on this one?
Marc
Title: RE: [ActiveDir] Anonymous Logon
Then again you know Rick Kingslan has wonderful AD knowledge !!!
Carlos Magalhaes ADSI MVP
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 06, 2003 3:02 PM
To: ActiveDir
Subject: Re: [ActiveDir] A
Hi All
The virus is w32.blaster.worm - the details were released by Symantec about
12 hours ago. The hole it is using was patched by Microsoft a couple of
weeks ago.
Here is the link to the Symantec write up
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
It woul
I believe those would show a logon by the IUSR (or other specified
account) account because it isn't truly anonymous, you are simply
proxied into the IUSR or some other specified anonymous access account.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behal
Title: Message
Well
it doesn't give a lot of info but the RegOpenKey failing on GetHKeyCU (Get a
handle to the user's profile in HKEY_CURRENT_USER) looks like a problem. The
policy extension can't access the user's profile. The strange thing is that it
returns a 0x0, which usually means ever
Don-
We're in the same spot, with production DCs running on Dell and DR hardware
often being Compaq. We've found that KB810161
(http://support.microsoft.com/default.aspx?scid=kb;en-us;810161) has been
important to successfully accomplishing the restores. Recently, we've also
found that building th
Or maybe DirectoryInsight :-)
-Original Message-
From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 2:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Home Labs Interconnected
This sounds like a job for Directory Lockdown!
Toddler
-Origina
Heh thanks Rick.
I am going to push that solution all the time, I worked too hard to get
MS to make that change and stop giving the old tired answer of "change
the password on the DC the user will authenticate on". :P
I had some time so I went through most of the posts. Been really busy
lately w
Heh Telemarketing company that I worked for in the early 80's did their
coding in MUMPS. Interesting use for a language that was developed to
target the medical industry, as I recall - Massachusetts General Hospital
Utility Multi Programming System.
Rick Kingslan MCSE, MCSA, MCT
Microsoft
1 - 100 of 242 matches
Mail list logo
