[ActiveDir] Useful Group Policy Tool:

Playing around on the web last night and found this thought some of you may be interested…   http://ntsecurity.nu/toolbox/gplist/   James Blair IT Support Admin Upstream IT Origin Energy CSG Limited (07) 3858-0628  

RE: [ActiveDir] Information Bar in IE 6 after SP 2 Install

Justin, Goto Internet Options - Security tab - Local Intranet - Custom Level.. - Scroll down to "Downloads"...You can do the same for Internet... James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, 20 October 2004

RE: [ActiveDir] RIS computer account OU placement

Michael,   Hope I read your question correctly, OU placement can be done through the answer file so you can associate a different answer file to the same image:   [Identification]     DomainAdmin=     DomainAdminPassword=     JoinDomain=%MACHINEDOMAIN%     MachineObjectOU="OU= ,

RE: [ActiveDir] AD through a firewall

Thank you for the quick response, Al. It's going to take a few to research your points to see if there may be a better way to do this. Thanks again! -Original Message- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 11:34 AM To: '[EMAIL PROTECTED]' Subject:

RE: [ActiveDir] Hyperlinks

Man, Talk about being too close... I looked at that page so many times and it was right there. Feel free to flame, I accept the newbie point. Thank you. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9

RE: [ActiveDir] Hyperlinks

Oeps, forgot to mention. GENERAL tab -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: dinsdag 19 oktober 2004 23:36 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hyperlinks Hi, In IE -> Tools -> Internet Options. At

RE: [ActiveDir] Hyperlinks

Hi, In IE -> Tools -> Internet Options. At the bottom (left side) button COLORS Regards, Jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Parker Sent: dinsdag 19 oktober 2004 23:32 To: [EMAIL PROTECTED] Subject: [ActiveDir] Hyperlinks Hey all

[ActiveDir] Hyperlinks

Hey all, Where do you change the color of Hyperlinks? I have a user who has changed the color and I cannot find where he did it... Thank you. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. List info : http://www.activedir.org/mail_list.htm List FAQ: http:/

[ActiveDir] MOM alerts

All, I know this is OT, but I am sure you guys will help me out. We are using MOM in our setup, everything is working fine except that we are getting one mom alert on daily basis for the same server for LOW DISK SPACE and its says Failed to create the object 'ExchKP.PubKeyPublisher'.. But if I che

RE: [ActiveDir] IIS 6.0 AGAIN...

Forgot to mention that I am running in IIS 5.0 Isolation Mode if that makes a different. Thank you, Z.V. -Original Message- From: Za Vue [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 4:30 PM To: '[EMAIL PROTECTED]' Subject: IIS 6.0 AGAIN... Hi all. Has anyone seen the error

[ActiveDir] IIS 6.0 AGAIN...

Hi all. Has anyone seen the error below? I am running IIS 6.0 on a Windows 2003 server. Every time this error comes on my website asked for a username and password. I restart IIS services and things are fine afterward. Event Type: Error Event Source: W3SVC Event Category: None Event ID:

[ActiveDir] FW: KDC Errors--Help

I believe I did it correct, but those are famous last words.   Once I connect using LDP I choose browse/search  For my search entry I choose:   Base DN: dc=mydomain,dc=com Filter: serviceprincipalname=MSSQLSvc/server.mydomain.org:1523 Scope: Subtree under options I had to add the "ser

RE: [ActiveDir] AD through a firewall

SMTP transport isn't an option? When you lock down the RPC ports, what you are really doing is just pre-seeding what would otherwise be a random allocation. I.e. instead of negotiating from a pool of possible, you're telling the RPC process to always pick port . Saturation would occur regard

Re: [ActiveDir] groups vs attributes

If they insist on the attribute route, I sort of like this answer! You can add and remove instances of ADAM for apps that get deployed, and your internal AD stays clean. It's also a really nice answer for apps that may be deployed outside your internal network (if that was the goal - as someone e

RE: [ActiveDir] groups vs attributes

Title: Message I don't think you're missing anything.  I think you also have articulated the reason that third-party authentication systems exist.    It's been easier to integrate a third party authentication system for web apps, than to work in the non-windows systems.  That's changing, bu

RE: [ActiveDir] groups vs attributes

Title: Message Yes, a sticky issue indeed.  Many of these 'solutions' are only workable if you have some processes and standards in place beforehand, and you're reasonably sure they are followed (i.e., they're automated).  The 'service account' approach to allow the 'consumer' system to sear

[ActiveDir] AD through a firewall

Hello all, Environment - Mixed mode Windows 2000 and 2003 domain controllers. One empty root and 8 child domains. Most domains have 3-5 DCs for redundancy and DR. One domain has 25 DCs for their branch offices, but they are not behind any firewalls. Two of the domains are behind separate inte

RE: [ActiveDir] FW: KDC Errors--Help

Yep.  Seen it.  If you're not finding it with LDP, you may just have the search criteria wrong.    When you search, it should be starting from the root of the domain should have a filter of something like:   (serviceprincipalname=MSSQLSvc/ourserver.ourdomain.org:1523)   That should return all

RE: [ActiveDir] groups vs attributes

Title: Message Right.  Some do. But once they go that route, you almost have to question why they just didn't integrate with the Active Directory authentication mechanisms in the first place.  I would guess it has more to do with trying to be interoperable with multiple directory stores, but

[ActiveDir] FW: KDC Errors--Help

  Running Windows 2000 AD with SP 3.  Since October 9th we have been getting event errors   Source: KDC Event 11 There are multiple accounts with name MSSQLSvc/ourserver.ourdomain.org:1523 of type 10. This error has been happening on just one of our domain controllers.  I installed setsp

RE: [ActiveDir] groups vs attributes

Title: Message Some LDAP 'consumers' get around these problems by first searching the directory for the user to get their current full DN, and then doing a bind with that.  Of course, that means that you need to search on something that you know to be globally unique, like samAccountName.  A

Re: [ActiveDir] Setting Logon Hours

some resources: HOW TO: Limit User Logon Time in a Domain in Windows 2000 http://support.microsoft.com/default.aspx?scid=kb;en-us;318714#10 How do I run commands on my domain controller for every user? (see section for: net user username /times) http://www.jsiinc.com/SUBJ/tip4600/rh4646.htm Copying

[ActiveDir] New tree in an existing forest Weirdness!

Please some one help ME LLL   Today I tried to DCPROMO a New domain tree into an existing forest. It DCPROMO’s alright, but I am having difficulty with DNS! – at the dcpromo stage I asked it to install and configure DNS for the new domain tree and it said it did, but I cant find a

RE: [ActiveDir] groups vs attributes

Any thought of using ADAM as the authentication source for these applications? That gives you a lot more flexibility for how you authenticate the users and gives you the ability to make changes to the schema without effecting your AD implementation. If you go that route I would suggest using LDAP o

RE: [ActiveDir] groups vs attributes

Title: Re: [ActiveDir] groups vs attributes Anytime you use LDAP binding you create two problems: 1) Active Directory was designed to let users be moved around when needed.  It happens as a matter of course and will often break LDAP applications that rely on LDAP bind.  When the RDN changes,

RE: [ActiveDir] groups vs attributes

Title: Message David, see Gil's post.  That's what I had in mind but he articulates the idea better than I was going to I'm sure ;)   Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David ASent: Tuesday, October 19, 2004 11:55 AMTo: [EMAIL PROTECTED]Subject: R

RE: [ActiveDir] groups vs attributes

A very clean way to manage access rights for apps is to create new extended access rights objects in the Extended-Rights container that represent the different categories of access to your app, then create an object that represents the application in the CN=Services container, and create object-

RE: [ActiveDir] groups vs attributes

Title: Message Al - could you elaborate on the comment "why aren't they using Active Directory security again?" ?  When I read Mark's question I assumed (maybe incorrectly) that these were apps on external systems that simply used AD as an LDAP server, and made access-control decisions based

RE: [ActiveDir] Digital Sign Communications

What is the difference between the "IP Security Policies in Active Directory" within the Computer Configuration of a GPO, under Windows Settings | Security Settings to the items listed under Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options, specifica

[ActiveDir] Setting Logon Hours

Is there a way to set logon hours in the user profiles using GPOs? If not how do I go about changing the bulk of my users in one go? Or am I going to be stuck going into each profile to make the changes? David D. Lee Computer Resource Specialist II Office of Undergraduate Admissions [EMAIL PROTE

RE: [ActiveDir] groups vs attributes

I guess they've indexed their attribute? Either way, it shouldn't be any faster than querying group membership. The only danger I see with the custom attribute approach is that it could be the thin end of the wedge. The more applications that use this approach the more custom attributes you w

RE: [ActiveDir] groups vs attributes

Title: Re: [ActiveDir] groups vs attributes Two other questions on why it might be “slower” to enumerate the members of a universal group. Since UGs are kept by GCs, are your developers doing a query in a site with a GC? Are all of your DCs also GCs?   From: [EMAIL PROTECTED] [mai

RE: [ActiveDir] groups vs attributes

Title: groups vs attributes Sorry, I didn’t word that very well. You’re right, Lou, that is what they do. I guess their main point is that querying an attribute that we create for the purpose seems faster than when they check the group membership. I don’t know how valid that is…  

RE: [ActiveDir] groups vs attributes

Title: Re: [ActiveDir] groups vs attributes I’m not following Rick and Al on the security factor. Why would using the attribute method be less secure, assuming we control who can populate the attribute, the same as we control who can add members to a group? Maybe I’m missing the point thoug

[ActiveDir] RIS computer account OU placement

I'm having trouble finding any accurate matches by googling so I thought I'd throw it out here in the mailing list to see what others may have done.   What I'm trying to do is to create a completely unattended install with 2 seperate machine images.   Specifically, I want the standard flat

RE: [ActiveDir] groups vs attributes

Title: groups vs attributes I may be missing something in the reading, but why not just query AD based on the username and determine if that user object is a member of the group in question instead of returning a list of all users for a given group? Another possibility (one you may well ha

RE: [ActiveDir] Shadow Copy

assuming you're talking about Shadow Copy Restore feature: - how many changes do your users make per day and how many versions of the documents do you want to keep? => this will determine the space you should calculate for each volume. Add 105 MB, which is what the feature requires for itself. -

[ActiveDir] Information Bar in IE 6 after SP 2 Install

I have noticed a Information Bar in IE 6 that got installed when I put SP2 on my laptop. I find this bar to be very annoying and can't figure out how to stop it. Everytime I am downloading a file from one of our internal intranets I have this bar come up, I then have to click download file, which

[ActiveDir] Digital Sign Communications

Working with the GPMC from a Windows XP machine running SP2, when looking at the GPO's, how would you go about configuring Digital Sign Communications and where do you set the Required, Secure or Client settings for this? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System

Re: [ActiveDir] groups vs attributes

Title: Re: [ActiveDir] groups vs attributes >From a Dev standpoint using attributes and requiring schema extensions is undeniably sexier.  And you would be extending the schema eventually – possibly for every application that you deploy.  There are only so many attributes to use for this sort

RE: [ActiveDir] groups vs attributes

Title: groups vs attributes Personally, I think they should have a look at why their queries take longer than they want.  Likely they are checking the memberof attribute to find out what the group membership is, right?   I think they could use an attribute, but I think that's not guaranteed

[ActiveDir] groups vs attributes

Title: groups vs attributes As our developers (as well as our 3rd party vendors) continue to create apps that leverage AD, the question comes up frequently – which is a better solution…to search AD for a group membership, or for the value of a given attribute, when validating a user’s access

RE: [ActiveDir] Shadow Copy

For those that aren't aware of it... http://www.microsoft.com/windowsserver2003/technologies/activedirectory/W2K3ActDirFastRec.mspx Using the new Microsoft Windows Server 2003 services of Volume Shadow Copy Service and Virtual Disk Service, it is now possible to recover failed Microsoft Activ

RE: [ActiveDir] Shadow Copy

Is there any formula for figuring out how much hard drive space you will need ? Also which is better, Raid 5 or mirror sets for Shadow Copy? Debbie Ellis Systems Administrator Viasat, Inc. 4356 Communications Drive Norcross, GA 30093 678-924-2591 -Original Message- From: Robert Mezzo

RE: [ActiveDir] NT-style Policies During AD Migration

the server-side policies should still apply. Can you give a more concrete example? /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Walker Sent: Monday, October 18, 2004 5:32 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] NT-style Policies Du

RE: [ActiveDir] Shadow Copy

Volume Shadow Copy Services (VSS) is a great technology which can be useful in many ways. Your Backup-SW may already be using this technology to do the system-state backups without you knowing it (e.g. even NTbackup leverages VSS). You're likely talking about using the Shadow Copy Restore Feature

Re: [ActiveDir] Symantec Corporate edition 8.1 and active directory

SAV requires Netbios for resolution, do these machines have netbios turned off or did resolution change when they were put into the domain?   Steve - Original Message - From: David Lee To: [EMAIL PROTECTED] Sent: Monday, October 18, 2004 12:13 PM Subject: [Active