Re: [ActiveDir] OT: pushing user info into Outlook

When you install office you could apply an mst file in wich you can define this.. Have a look at the Custom Installation Wizard on screen 18 here I have entered: username : %Username% Exchange: EXCH01.Domain.local Now Everytime A new user logs on he connects to the correct mail server without

[ActiveDir] Terminal server licenses

Hi folks, Can anyone verify that under Windows 2003 TS server, even Windows XP clients need to purchase a TS license? I was under the impression that Windows XP clients did not need to purchase the TS license, but what do you know, they showed up in my temporary license tab in TS Licensing

[ActiveDir] AD startup scripts problem

I have tried everything I know but I just cannot make a script run at computer start up. I have successfully got it working on a user basis at logon but assigning it to a computer is just not working. Here is what I have done, please can someone let me know if I have I missed something complete

Re: [ActiveDir] Terminal server licenses

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1   George; Check out http://www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx ~  /Terminal Server CAL Changes/ /In the past, the TS CAL requirement was waived if the device accessing the terminal server was running the same

Re: [ActiveDir] AD startup scripts problem

Schedule the job as the SYSTEM account and see if it works. If not, then it is a network rights issue... -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On Fri, 28 Jan 2005 13:07:23 +, Mark Abbiss <[EMAIL PROTECTED]> wrote: > I have tried everything I know but I j

RE: [ActiveDir] Terminal server licenses

Yes, the licensing has changed. In 2003 Terminal Services, you need a CAL for every user or device (depending on the model you choose). The 'unlimited pool' we had in 2000 for 2000/XP clients is no more. Details here: http://www.microsoft.com/windowsserver2003/howtobuy/licensing/ts2003.mspx  

RE: [ActiveDir] AD startup scripts problem

Is this running as part as the system? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Abbiss Sent: Friday, January 28, 2005 8:07 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD startup scripts problem I have tried everything I know but I

RE: [ActiveDir] AD startup scripts problem

Maybe it is a typo but I don't see a share name After that, I recommend doing a network trace while the system is starting up to see the actual things being done. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Abbiss Sent: Friday, Ja

RE: [ActiveDir] AD startup scripts problem

Does it work if you run it with the individual user account logon and not GPO? Z.V. On Fri, 28 Jan 2005 13:07:23 +, Mark Abbiss <[EMAIL PROTECTED]> wrote: > I have tried everything I know but I just cannot make a script run at > computer start up. I have successfully got it working on a u

Re: [ActiveDir] AD startup scripts problem

If it is a script that is supposed to run as the machine starts up, how can I schedule it ? Original Message Follows From: ASB <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] AD startup scripts problem Date: Fri, 28 Jan

Re: [ActiveDir] AD startup scripts problem

yes, if I log on once the machine has booted, I can "manually" run the exact same command that is in the batch file and it works. The command I put in my email was purely for demonstration, the share is their in reality and the computer has full rights to access it. List info : http://www.act

RE: [ActiveDir] AD startup scripts problem

I have VB script that works great in my AD environment. I run it from GPO. Z.V. Original Message Follows From: ASB <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] AD startup scripts problem Date: Fri, 28 Jan 2005 08:1

RE: [ActiveDir] AD startup scripts problem

You say: "Made sure that the new group had full rights on the new share and "output" directory." Rights are twofold. Have you verified that the appropriate Security group has a minimum of Read and Execute >Security< permissions? Rocky __

Re: [ActiveDir] AD startup scripts problem

Hi Mark... I believe it's running at system level on startup, and i believe system has no network rights. John "Mark Abbiss" <[EMAIL PROTECTED

RE: [ActiveDir] AD startup scripts problem

Full control is there for the share and the directories for the security group the computer is in. [Scratches head again] Original Message Follows From: "Rocky Habeeb" <[EMAIL PROTECTED]> Reply-To: ActiveDir@mail.activedir.org To: Subject: RE: [ActiveDir] AD startup scripts problem Date:

Re: [ActiveDir] How can a local user account be affected by a policy

Sorry if I missed it, didn't see a reply to this? http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q293655 John "Cothern Jeff D. Team EITC

Re: [ActiveDir] AD startup scripts problem

The scheduling is for testing purposes. Testing it as a user won't give you the same data, but testing as SYSTEM will. Such testing is explained here: http://www.ultratech-llc.com/KB/?File=Scheduler.TXT look under "TROUBLESHOOTING" -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultrat

Re: [ActiveDir] AD startup scripts problem

I think this is it in a nutshell. When I put everything locally on the machine the script ran and created the report. As you say, I have no network connectivity when in the startup phase. Or is there a workaround ? Thanks for all the input Original Message Follows From: <[EMAIL PROTECTED]

RE: [ActiveDir] AD startup scripts problem

That is incorrect. Starting with Windows 2000 [1] computers are security principals like normal users and can access network resources through their machine account. This is why you now have LocalService, NetworkService, and LocalSystem for running services. If you haven't read it, I highly rec

RE: [ActiveDir] AD startup scripts problem

Two words... Network trace. See exactly what is happening, guessing from symptoms isn't good. If you have a security issue, you will see an access denied in the trace. Also if you didn't see my previous post, your command line didn't have a share name, you had \\servername\application when it

[ActiveDir] Startup scripts in AD

I have tried everything I know but I just cannot make a script run at computer start up. I have successfully got it working on a user basis at logon but assigning it to a computer is just not working. Here is what I have done, please can someone let me know if I have I missed something completely

RE: [ActiveDir] Startup scripts in AD

Maybe this article may help you http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/op timize/startw2k.mspx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark Sent: Freitag, 28. Januar 2005 13:25 To: ActiveDir@mail.activedir.or

[ActiveDir] OT:exchange frontend

I remeber this being spoken of before but I can't seem to find the thread, so my apologies in advance. my question is- are there any security issues with allowing outlook web access directly to your exchange server as opposed to using a front end server? we currently use a exchange2k front end

RE: [ActiveDir] OT:exchange frontend

IMHO, same risk is taken in regards to being hacked. As for operational availability risk, a FE server serves two purposes in my opinion: it allows you to hide the mail store for the user thereby allowing higher scalability and it also buffers the mail flow if deployed for the SMTP as well. Tha

[ActiveDir] VB Script

I have a VB script that queries the Domain Admins group for memebership, but when I run it, it fails to extract all memebers, 1 user n specific, any ideas?   Thank you   strComputer = "." Set objGroup = GetObject("LDAP://cn=Domain Admins,ou=Groups,ou=Firm,dc=xyx,dc=corp") For each objMember

RE: [ActiveDir] OT:exchange frontend

I agree with Al that the same risk is taken, however the impact of a hack is not necessarily the same. I'd much rather lose a frontend OWA/SMTP box than a mailbox server; at least I'd keep internal messaging functional. Either way, having a proxy server between Exchange and the internet is a good

Re: [ActiveDir] AD startup scripts problem

I *think* that you do actually have network access at the point that computer startup scripts run. However, you'll have a security issue because the local system account doesn't have access to your sever share. You could add each machine account to that share. If one of your computers is nam

[ActiveDir] Restricting applications

Hi,     I'm not sure if this is even possible but I saw something saying it should in an article the other day but it gave no specifics.    What we are looking to do is give users access to CDROM/Floppy/USB Drives but want the ability to prevent installing or even running applications fro

RE: [ActiveDir] Restricting applications

If you can reliably know the drive letters of these removeable devices then you can use Software Restriction Policy path rules to prevent execution of any code from a given path. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Allan ReynoldsSent: Friday, January 28, 2005 11:

RE: [ActiveDir] OT:exchange frontend

I found this in the book Microsoft Exchange Server 2003 24seven by Jim McBee(with Barry Gerber)on page 794: Frontend VersionBackend Version Result interface Ex 5.5 owa ex2003 ex5.5 owa Ex2003 owa Ex 5.5 not

RE: [ActiveDir] VB Script

Hi Ertug,   Have a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318180 Not sure if this may be applicable in your case.   Cheers, William From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ertug Gurhan Sent: 28 January 2005 15:43 To: ActiveDir@

RE: [ActiveDir] Restricting applications

Simple way is to restrict any installation by the users. this is easy to do via GP -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darren Mar-Elia Sent: 28 January 2005 11:08 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Restricting applications

[ActiveDir] Office deployment using GPO errors

Hi   Not sure if this is off topic (hope not).   We currently use Office 2003 and have done for a while.  Over about the last two weeks we have had a growing problem.  When a user tries to start an office application they get an error saying that office is not installed for this user and

RE: [ActiveDir] OT:exchange frontend

You can't even *install* e2k3 in a forest if there are e2k front-end servers. The topic of allowing OWA via the internet has been debated many times on the exchange mailing list. There has never been consensus, however the following suggestions have been made: 1. Use an ISA server in a DMZ (This

RE: [ActiveDir] AD startup scripts problem

Correct me if I'm wrong, but doesn't the Local System account have full control of the entire boot operation? And isn't it responsible to process the complete range of operations including network authentication and domain based GPO processing? And if not who is? And if so, doesn't that mean >it

RE: [ActiveDir] AD startup scripts problem

the local computer's system account does process the script but here it looks like it doesnt have permissions to read the script on the 'servers' share From: [EMAIL PROTECTED] on behalf of Rocky Habeeb Sent: Fri 28/01/2005 16:26 To: ActiveDir@mail.activedir.org S

RE: [ActiveDir] OT: pushing user info into Outlook

We did this when we set up exchange and, trying to forsee problems, instead of putting in the "real" server name we put in an alias (ie the server was called tconwl2; we gave it a DNS alias of "mail"). This worked well. We've now replaced the Exchange server and pointed the mail alias to it. For e

RE: [ActiveDir] AD startup scripts problem

Title: RE: [ActiveDir] AD startup scripts problem In my testing, the startup script runs in the context of LocalSystem unless it has to go off-box (i.e. to connect to a network share) in which case it impersonates the machine account to get access to that share. So as long as the machine acco

RE: [ActiveDir] Slow data migration

Title: Slow data migration Hi,   We found it. It had something to do with name resolution...   We have two servers I installed to migrate data from novell to windows. Those servers have the standard MS client and protocols with aditionally the novell client. When I installed the servers I es

RE: [ActiveDir] AD startup scripts problem

Title: RE: [ActiveDir] AD startup scripts problem Put it in SYSVOL   RH ___   -Original Message-From: Robert Rutherford [mailto:[EMAIL PROTECTED]On Behalf Of Robert RutherfordSent: Friday, January 28, 2005 11:31 AMTo: ActiveDir@mail.active

[ActiveDir] alternative to ms-DS-Bind-Proxy in W2K3 AD ?

Hello all,   In ADAM there is a nice feature, called “bind redirects”, which is implemented using ms-DS-Bind-Proxy auxiliary class. Now it appears that in AD there is no alternative for something like this. What I would like to do is, given 2 AD forests (resource forest where hosts resi

[ActiveDir] listing all email addresses with adfind

Title: listing all email addresses with adfind I want to come up with a list of all the smtp email addresses our GC knows about, regardless of the different classes of objects. E.g. there would be email addresses for users, public folders, etc. How could I form a query to return all of these

RE: [ActiveDir] listing all email addresses with adfind

Title: listing all email addresses with adfind adfind -gc -b -f "proxyaddresses=smtp:*" proxyaddresses   Here is a little script I wrote that might help some: http://blogs.brnets.com/michael/archive/2004/12/30/275.aspx   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer

RE: [ActiveDir] VB Script

By any chance is domain admins the primary group of the user who is absent? If so, this is by design. Primary group membership i snot maintained like normal group membership, it is held in a specific attribute of the user, not the groups.     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROT

[ActiveDir] FTP Server In or Out

Hello:   Is it crazy to place a publicly accessible FTP server 1) inside the firewall and 2) on a domain? We want to control domain users’ access to certain directories as well as partners connecting from the outside. Only one directory would be available to the world and then as read onl

RE: [ActiveDir] FTP Server In or Out

I don't think I would do it but it isn't entirely crazy. I assume you are reverse proxying 20/21 to the server?   The main thing I see wrong would be if someone knows one of your internal userids and assuming you have a lockout policy, she could do a D.O.S. on that user by sending bad passwo

RE: [ActiveDir] listing all email addresses with adfind

Title: listing all email addresses with adfind Assuming you just want email addresses I might sweeten that a little more by   adfind -gc -b -f "proxyaddresses=smtp:*" proxyaddresses | grep -i smtp     With the newest version of adfind (V1.26.00), internal consumption only right now, this c

RE: [ActiveDir] listing all email addresses with adfind

There are Windows ports of awk and sed, as well as native implementations of uniq and sort. :-) SFU 3.5 from Microsoft or http://unxutils.sourceforge.net or WinGNU32 all come to mind. From: [EMAIL PROTECTED] on behalf of joe

RE: [ActiveDir] FTP Server In or Out

That sounds miserable. If I put it outside the firewall and out of the domain, does that mean that I’d need to setup individual local accounts on the ftp server? The idea was to set up certain folders that only a specific business client and certain in-house staff would have access to. We w

RE: [ActiveDir] FTP Server In or Out

Title: Message Do you have a DMZ you can put the FTP server into? This would allow the low security "Outside" interface to reach the medium security DMZ interface and the DMZ interface could then validate usernames via LDAP (AD) to the high security "Inside" interface, right?  -Ori

RE: [ActiveDir] alternative to ms-DS-Bind-Proxy in W2K3 AD ?

We actually do have this in AD, sorta. :) The point of bind redirection is allowing a simple bind to work in such a manner. If you’re open to other sorts of binds, this works in ADAM w/o this mechanism. In AD, the same logic applies…..use a secure bind, and this will work just fine.   Th

RE: [ActiveDir] alternative to ms-DS-Bind-Proxy in W2K3 AD ?

Hi Eric,   Guess what google has come up with  ? http://blogs.msdn.com/efleis/archive/2004/10/06/238850.aspx  J   Second paragraph from the bottom is exactly my scenario, so looks like I’m stuck with another directory. Will probably end up with OpenLDAP to make our Unix geeks happy,