12. re-join all your Win2000/XP/2003 clients + servers to the new domain as
their secure channel will have likely been broken (unless you had previously
configured all AD DCs to run in NT4Emulator mode)
13. re-create all your OUs and delegation permissions that you had
previously set on them
14.
Title: Windows 2000 Security Log Rights
possible, but not without leaving tracks, as MACS will
1. Detect gaps in the data transmitted from the agent
to the collector (which is usually a different machine) and alerts the
auditor2. Signs and encrypts communication between the agent and the
Hi,
Exchange 2003 will work on a DC. Just keep in mind that because of a 'bug' a
shutdown/reboot of that combination takes quite some time.
Best regards,
Han Valk.
From: [EMAIL PROTECTED] on behalf of Chris Flesher
Sent: Wed 07-Jan-04 17:59
To: [EMAIL
It's possible re-configure a server (DC or not) if you change the hardware.
You must have all main peripherals and a different mainboard;
If you change disk architeture (from scsi to ide, eide, sata etc.) you can
do some before to speed tre process.
In Tehnet there are the detailed explanation.
I
I doubt this would work in my senario (step 1) since I am running 2003 in
native-mode.
Also, I am in doubt about your statement in the third paragraph demote ALL
of your current Windows 2000 DCs to member servers. This procedure will
retain all current users, groups, and computers. I was
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Bruce Clingaman
Sent: 08 January 2004 14:15
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Changing domain name/joining a
forest or parent d omain
I doubt this would work in my senario
Title: Remote time sync of DC
Hello all,
I'm trying to find an script/tool to synchronize the time (remote from another computer) of a particular domain controller (Windows 2000) with a domain controller that is specified by me. Is this possible at all? Is it possible to use WMI?
Thanx!
It doesn't remove domain accounts because you have an NT4 BDC in the domain
still (step 1).
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Bruce Clingaman [mailto:[EMAIL
Title: Message
From
a command line:
net
time /setsntp:server.domain.com
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message-From: Jorge de Almeida
Pinto [mailto:[EMAIL
Title: Message
Hi Roger,
I don't want to specify a SNTP
server that a server will use to sync the time from time to time, I just want to
force a timesync of a certain DC (task remote executed) with a DC that I
specify. Something that works like: "net time \\server /set" but remote
executed
Title: Message
Why
not? That way, you only have to do the command once.
If you
are serious about time sync use a real NTP client. See http://www.ntp.org/for more
information.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Jorge de
Title: Message
Then
you'll either need to use rcmd or terminal services - I don't believe net time
works remotely
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original
Title: Message
psexec is a better alternative, I
think.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger
SeielstadSent: Thursday, January 08, 2004 11:37 AMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] Remote time sync
of DC
Then
you'll either need to use rcmd or
Title: Message
I
suppose you could use psexec from sysinternals, or the "AT" command to execute
the "net time" command remotely.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Roger SeielstadSent: Thursday, January 08, 2004
11:37 AMTo:
Thanks for the comments. Really just wanted to eliminate an easily
accessable, easy to use GUI based tool. Ya know
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
GRILLENMEIER,GUIDO (HP-Germany,ex1)
Sent: Wednesday, January 07, 2004 5:49 PM
To: [EMAIL
Return Receipt
Your RE: [ActiveDir] Remote time sync of DC
document
:
Return Receipt
Your [ActiveDir] Remote time sync of DC
document
:
Does anyone have a quick and easy script that will scan the user acounts
to see if the users haven't changed thir passwords in so many days?
Also, a way to force those users passwords to change without having to
touch each users acct. Running W2K SP3
Ron Pennell
List info :
Hello Todd - a couple of thoughts:
0.when you move computer accounts
from one domain to another, the local file system or the local user profile do
NOT need to be re-ACLed (providing, that the account domain doesn't change)
= as the user can continue to use the same user-id he will keep
Title: Message
Forgot about that one, but you're correct.
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message-From: Michael B. Smith
[mailto:[EMAIL PROTECTED] Sent:
yeap, MemberOf (backlink) is system-owned and Member (forward link) is
editable by an admin. Looks different when you're using UIs like ADUC,
where you open the MemberOf tab of a User and add groups to the user =
infact you're adding the user to the group's Member attribute and the
Backlink to
just analyse the pwLastSet attribute of the accounts - how about using the
PW age policy to force user's to change the PW... (although this is always
difficult for accounts that hardly logon interactively - i.e. remote users)
- that's why we send out automated eMails to remind users of an upcoming
How about?
dsquery user OU=xx,DC=yy,DC=zz -stalepwd 7
Just select the number of days you want to check. i.e. passwords that are
older than 7 days.
Dan
-Original Message-
From: Pennell, Ronald B. [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 12:00 PM
To: [EMAIL PROTECTED]
Title: Windows 2000 Security Log Rights
Sounds like MACS does some things certain
unnamed products do at a much higher fee. Itd be nice to do some
testing and evaluation of it to be ready to go live when the SP1 comes out
is there a beta/preview of it for lab testing? SP1 is not due for
is there a beta/preview of it for lab testing?
Yes there is a Preview Release Beta Program, I got in on it in June 02.
My TAM had me fill out a nomination form. I don't know if they are still
accepting new participants or not.
From: Rich Milburn [mailto:[EMAIL
Title: Message
MACS
is in Beta and AFAIK Microsoft is still accpeting Beta
customers.
-gil
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rich MilburnSent: Thursday, January 08, 2004
1:46 PMTo: [EMAIL PROTECTED]Subject:
[ActiveDir]
Title: Message
After
purchasing Patchlink 5.0 as a patch management solution for our 5000 desktops,
we have become aware after looking at the "software inventory" feature of it,
that a very large amount of our desktops have various forms of Spyware installed
on them.
ClockSync
Title: Message
Thanks
Guido...
I will
incorporate the information your provided in your message in my recommendation
for a standard.
About
Quote 3, I meant to say VPN and Wireless Access for clients but it was
getting late.
Thanks.
Todd
-Original Message-From:
Title: Message
good point - yes if you want to secure wireless clients
with certificates for securing the access to your network in a pure 2003
environment, then you may want to join them to the domain
afterall.
however, as it's rather difficult to make a Wireless
reliably secure, a safer
Title: Message
Ad -
Aware from Lavasoft will remove everything about these spyware/malware apps, but
I'm not sure how easy it will be to automate.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Rimmerman,
RussSent: Thursday, January 08,
Title: Message
Spybot has command-line parameters but I
havent used them yet
From: Kevin Gent
[mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004
4:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] GPOs for
Spyware
Ad - Aware from Lavasoft will remove
As stated, you can do that with GPO if you know which app you want to block.
You could go so far to block using the hash features if you want to grab
apps that aren't MMC based. Just wanted to be sure you got a complete
answer :)
Al
-Original Message-
From: Douglas M. Long
Guido,
I agree that there are lots of issues with this option, but it *is* an
option that I've been successful with. And, you're exactly right - GPO,
Dfs, etc - anything that really relies on Windows 2000 is going to have to
be recreated.
And, I, too - like the multi-forest option. Those
Title: Message
Russ,
SpyWareBlaster http://www.javacoolsoftware.com/spywareblaster.htmlis
Freeware/Donationware and can be installed "silently" using a login script using
the Inno Setup command line parameter /VERYSILENT eg. code used during a
batch:
ECHO.ECHO Installing SpyWareBlaster
Yep - you're right. It won't work. As I said from the start, if you're
doing anything other than Mixed-mode, it won't work. Delete the message,
ignore it, have a mind erase, whatever works for you. ;o)
To add clarification:
I was thinking that the demoting process removes all the domain
Title: Windows 2000 Security Log Rights
Ah sorry, I meant without MACS. I.E. Giving manage security
log rights. While it will let you read the security logs it also allows writing
and clearing. The clearing will still show that there was tampering but if you
write enough bogus events you can
Does any one know how to get taken off this list
Thanks
ger
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Thursday, January 08, 2004 2:28 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Don't want users to view Directory Info
At this time they are not accepting any more applications. You can always
try to appeal through your TAM though :)
/Siddharth
On Thu, 8 Jan 2004, Free, Bob wrote:
is there a beta/preview of it for lab testing?
Yes there is a Preview Release Beta Program, I got in on it in June 02.
My TAM
38 matches
Mail list logo