‘Run logon script synchronously’
should take care of this setting, as it will load startup scripts first before
the explorer shell.
Check out the settings under Computer
config\Admin templates\System\Scripts\
But if its considered as a virus, try
creating a batch file which calls th
Hi Freddy
I have deployed limitlogin which depends on a Visual Basic Script on logon and logoff.
I don't think it could be considered a virus but certainly some of the users view it in this way!
Some versions of Norton antivirus block scripts by default (or ask the user) as do most personal firew
Hi Peter,
Haven’t really heard that antivirus
is blocking login scripts…
Whats inside the login script anyway? Is
it considered as a virus?
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Windows Administrator (ADSM/NT Security)
Spherion Technology G
Thanks Guido/Jorge
As far as I know I should be fine with doing that as there shouldn't be
any custom permissions set (I hope).
But in any case, is that the recommended way of 'UNDO-ing' the
adminsdholder restriction? Or is there a better way?...
Thank you and have a splendid day!
Kind Regards
Hi
I have 550,000 objects under Filelinks Container (rubbish caused by
DLT), and was trying to clean them up using the kb below
http://support.microsoft.com/?id=312403
While running the script in background (10,000 object every 2 hours)
some of my domain controllers stopped replicating, due to li
The script I posted last week will do pretty much precisely that ... it's
enclosed as is the original post.
Since a solution hasn't manifested itself to date, I got intrigued and tried
to put this together in a simple and relatively fast shell script ... which
I've enclosed as a text file (if mem
http://blogs.brnets.com/michael/archive/2004/12/30/275.aspx
Just changing strDomainDN should give you what you want--for detection.
Scripting removal is easy--adding the intelligence to decide WHICH to
remove is not easy and very company dependent.
-Original Message-
From: [EMAIL PROTEC
I have a multi domain Win2k forest.
My problem is I'm getting a lot of duplicate email accounts on GC's(I guess the
other EA's didn't pay close attention) and thus bounced emails.
Is there anyway I can have a script remove/detect the dupe addys?
Also, I moved/deleted ou's and this has not been r
Hi Guido,
Can you share some info on the "Agreed that the process would be slightly
differnet for a "live environemnt with many other DNS records data in it".
I'm trying to figure out what you mean with this.
Regards
Jorge
-Original Message-
From: [EMAIL PROTECTED]
To: ActiveDir@mail.act
If I don't have user email addresses setup in AD (on
all user profiles/account) can I setup Exchange to pull the account name and
then add the domain information to it to create the email address automatically
for users?
Thanks,
Brenda
Here is the scenario.
An AD domain of about 1000 users and computers distributed among over 60 offices.
Some users are in the local administrators group of their workstations.
The reasons are varied but included
a) Some program didn't function without elevated priveleges.
b) The user wanted to in
LOL ... I had oodles of free time waiting for a ridiculously delayed call to
take place.
Re: the test environment, I'd agree that your suggestion would indeed work
with such a limited number of DCs but I find myself asking the question
"what exactly is the test forest for?" ... a) to learn how to
hey Dean - I see you're on a DNS trip today ;-)) 10 posts on this
thread by Dean - must be a record...
aren't we forgetting that this is a test-environment? I'd just blow
away the child's DNS subzone on in the root DC's DNS config and then
create a delegation for the child.test.com zone for the
I can confirm what Jorge expects below - yes, all explicit permissions
are removed and then the default from whatever is defined in the schema
is set.
You can script the resetting of permissions back to the default using
the DSACLS.exe or ACLDiag.exe tools (I can't remember if only one of
them or
neither is better or worse: it's important to correctly
adjust the LdapDisplayName of the Secretary and the labeledURI
attributes in the schema (as added by E2k during setup) so as not to conflict
with the new additions of the Win2003 schema, which also adds (the RFC
compliant version) of th
My take is that you two are talking about the same general topic. Dean
is stating that yes you can delegate but this does not automagically
move the RRs from one server to another (or from the parent zone to the
child). The process of splitting an existing zone into two
(parent/child) is a manual
Enjoy!
GUI and CLI tool from Microsoft to enable
Access-based Enumeration.
http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en
Francis
Please ... please, no apologies are necessary ...
Delegation is used in precisely the manner you've outlined, it's only the
automated nature of the admin. tools and the process to delegate/distribute
the automated content that I'm questioning. I'd agree to a point that such
a mechanism may well b
But, correct me if I'm wrong here, why on earth wouldn't you be allowed to
delegate zones to their respective dns servers?
That makes no sense.
I'm on sp4 now and running ad intergrated dns and ALL zones are delegated to
their respective child dns servers.
I've been running like this for 2 + year
I have no such option on either Windows Server 2003 or 2000 SP4. This
facility may have been removed from later SPacks of 2K and from 2K3. Even
so, and I am basing this on memory alone (or the lack thereof in this case),
that mechanism did not create the zone on the target DNS server (and
therefo
Hi,
In a MIXED mode root domain the Enterprise Admins group and the Schema
Admins group are GLOBAL SECURITY GROUPS as in a mixed mode domain you can
not use UNIVERSAL SECURITY GROUPS. When you change de domain functional
level (or domain mode in w2k) those groups will be converted to UNIVERSAL
SEC
If you don't have custom permissions that you need how
about dsacls with the /s or /t options?
/S
Restore the security on the object to the default
for
that object class as defined in AD Schema.
/T
Restore the security on the tree of object
I go to the root DC/DNS server and in that zone is a child domain folder. I
right click the folder and click "delegate" and browse or type in the ip of the
child DC running dns and all is golden.
The child domain folder then becomes grayed in the root dns zone and when you
click on it, you get t
Hi,
I just copied the text below from another thread I responded to yesterday.
See MS-KBQ325379 "How to Upgrade Windows 2000 Domain Controllers to Windows
Server 2003" (http://support.microsoft.com/?id=325379) for all the details
you need to know about upgrading w2k to w2k3.
If you are consideri
That would indeed be a nice capability but I'm afraid it doesn't do that
(today at least). For arguments sake I tried your approach, was unable to
browse to the child DC (likely due to the fact that the forest is still
converging) and received the following error when I tried to delegate the
child
Just curios.. Why don't you run FrorestPrep from test.com Domain?
On 4/19/05, Manjeet Singh <[EMAIL PROTECTED]> wrote:
>
>
>
> Hi,
>
>
> I have Install a new Root domain controller "test.com"
> Install a child domain controller in it "child.test.com"
> Install a member server in child do
You misunderstand, I didn't mention a separate namespace (nor did you for
that matter), I said a distributed namespace. In addition, you don't need
to change the _msdcs.'s scope to that of the forestDNSzones
app. NC, that's its default.
As I understand it, the poster's goal is to distribute the
Within our domain
{native 2003} perhaps a third of our users need to have there security reset toa
default value.
Right now we open
each user in ADUC, open security / Advanced / Check the "Inherent from
parent..." and hit the default button. This allows our "helpdesk" folks (who are
membe
If only one record exists, you have encountered the known-bug I mentioned
earlier. To resolve this issue, temporarily configure the forest root DNS
zone to allow both secure and insecure update, on the child DC, ensure its
preferred resolver still points to the root DC, run a command shell and
ent
What do you mean by "its own DNS"? If you are talking about a separate
DNS from your root Domain, Dean is absolutely right.
Santhosh Sivarajan
MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+
Houston, TX
On 4/19/05, Manjeet Singh <[EMAIL PROTECTED]> wrote:
> My child domain is already config
I wasn't taking about a "separate" name space. Child.test.com is a
child zone in test.com zone. In Window 2003, you can change the scope
of _msdcs.test.com to forest wide. Then all the child domain will
receive a local copy of _msdcs.test.com.
Santhosh
On 4/19/05, Dean Wells <[EMAIL PROTECTE
Hi,
I have Install a new Root
domain controller “test.com”
Install a child domain controller
in it “child.test.com”
Install a member server in
child domain “ps.child.test.com”
Now I want to install Exchange
server in my PS member server. The problem is
Log into your local computer as the Local Administrator. Assuming the
remote workstation has a Local Admin account with the same name, it will
let you in as Manjeet descrbed.
Dave
David J. Perdue
-
Hi,
I'm just looking to upgrade our domain controllers from 2k to
2k3. I actually have a 2k with exchange 2k that need to be upgraded to
2k3 and Exchange 2k3.
Should I upgrade the exchange system before doing the DCs?
Anyone have any docs with pros and cons? What is better or would ca
My child domain is already configured and working fine.
The only thing I want to have child its own DNS, instead of resolving
from the root DC.
I have manually install the DNS service on my child domain controller
through add/remove programs.
Now I am looking for the best way how to configure th
Hi,
Yes, your summary is absolutely correct. No I did not create any
structure manually; all were created automatically during first DC
promotion.
Now when I see the A host record under child.test.com, there is only one
record 'same as parent'.
Thanks,
Manjeet
-Original Message-
From: [
i don't understand the problem.
a child domain was created and the domain is not delegated but a subdomain of
the root domain.
Right now the root dns is authoritive for the root and child domain.
why can't this person just delegate authority from the root dns/dc to the child
dns/dc?
just right
That's also my understanding of his objective, that being the case, your
original recommendation will not achieve that goal.
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of S
Thanks
all. That's what I thought.
-Original Message-From: Gilbert, Daniel L Mr
ANOSC/FCBS [mailto:[EMAIL PROTECTED]Sent:
Tuesday, April 19, 2005 10:53 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Group
Policy
I always thought
password policies at t
Thank you,
Your reassurance is making this a little easier
for me to proceed. asa far as the exchange issue would i be better off
running the preps from the exchange 2003 cd ? I though i read the running from
the e2k3 cd was better ?
jeff
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
It will only affect the local password policy of
the workstations that are in that OU. It has not affect on the domain
password settings. It will only change the local password
requirements. There is only one password policy per domain.
- Original Message -
From:
Christi
No it won't, Windows DNS simply doesn't work that way. The child DC/DNS
server WOULD receive the _msdcs. zone through its enrollment in
the forestDNSzones app. NC but would NOT resolve against itself and would
not distribute the namespace in the manner that is being requested.
--
Dean Wells
MSEte
I think Majeet is looking for a local DNS server for child.test.com
zone. Then he can point all the local computers to the appropriate
local DNS servers.
Santhosh Sivarajan
MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+
Houston, TX
On 4/19/05, Dean Wells <[EMAIL PROTECTED]> wrote:
>
> I'
Also refer to KB Articles/links on setting up DNS to Support AD:
http://support.microsoft.com/?kbid=237675
http://support.microsoft.com/?kbid=260371
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologie
s/activedirectory/plan/bpaddsgn.mspx#EGAA
Cheers
Paresh
-Original Mess
I always thought password policies at the
OU, will only affect the local accounts on computers.
Dan
-Original Message-
From: Christine Allen
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 19, 2005 7:41
AM
To: 'ActiveDir@mail.activedir.org'
Subject: [ActiveDir] Group Policy
Even though you can change the policy, it won't affect the actual password policy that you specified on the domain
level. Your thought is right.
-Oliver
runIT AG
Zuerichstrasse 98
8600 Duebendorf
Switzerland
On Tue, 19 Apr 2005 10:40:56 -0400
Christine Allen <[EMAIL PROTECTED]> wrote:
Can someon
It
affects the use of local machine account passwords, i.e. - those accounts in the
SAM of the domain member.
--Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christine
AllenSent: Tuesday, Ap
Are you trying to install and configure DNS on a child Domain
Controller? If it is Active Directory Integrated, install DNS service
on a Windows 2003 machine and perform DCPROMO. It will automatically
populate all the zone information to this new Domain Controller.
HTH
Santhosh
Santhosh Sivaraj
I'm working on the premise that at present all DCs and members resolve
against a single DNS server running on the DC in the forest root that was
created during the promotion of the very first DC. You've since promoted a
new DC and created a child domain named child.test.com. This DC also
resolv
Can someone tell me
the affects of changing the following GPO Setting at the OU
level:
Computer
Configuration\windows settings\security settings\password
policies\
I thought you could
not force password changes at the ou level?
-Christine
Christine N. AllenSystems EngineerBMC HealthNet
Hi,
Has any one worked on Remote.exe of windows2003 resource kit...any inputs
pls.
Regards,
<>
I got the hotfix from MS, will this Hotfix allow me to have more then
512 characters?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Hines
Sent: Tuesday, April 19, 2005 9:27 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Sign On Message
I think there's something wrong with this box.
everytime i try to connect either via computer mangement,unc to admin$ share,or
even GPMC, i get access denied or i get prompted for a username/password.
when i enter a domain admin account, it just keeps prompting me for a password
over and over.
fi
Hi,
I am using windows 2003 standard edition.
This might be the requirement when you have distributed domain model.
Say Root and child domain are in separate remote location. So reduce the
traffic I need to have separate DNS on my child domain controller.
So do I configure DNS on preinstall Chil
Hi,
Did anyone deploy the remote quarantine service provided by Windows
2003 resource kit for scanning the remote machines connecting to corporate
network ?
Pavan.
-Original Message-
From: Dean Wells [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 19, 2005 7:24 PM
To: Send - AD m
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Tuesday, April 19, 2005 7:24 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Installing DNS in Child Domain
Windows offers no automated solution for this type of restructuring, the
p
Yes, you can start the services remotely.
1. Login on server or any other XP machine with administrator
2. My computer > right click > manage
3. Right click computer management in manage windows and point to
connect to another computer.
4. Give the destination computer XP machine name on which u w
Windows offers no automated solution for this type of restructuring, the
premise being that any organization with a need for a more distributed DNS
infrastructure needs 1) the technical staffing sufficient to create it and
2) same said staffing to support it.
Before making any recommendations as t
Kern, Tom wrote:
Is there anyway to remotely connect to a winxp pc when it does not have file
and print services started?
I need to connect to this pc and start the service.
You can use RDP if this service is enabled
--
Tomasz Onyszko [MVP]
[EMAIL PROTECTED]
http://www.w2k.pl
List info : http://
Is there anyway to remotely connect to a winxp pc when it does not have file
and print services started?
I need to connect to this pc and start the service.
thanks
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-ar
Here is a hotfix KB on it
823146 Windows 2000 Clients Do Not Correctly Display Logon Banners That Are
http://support.microsoft.com/?id=823146
- Original Message -
From: "Salandra, Justin A." <[EMAIL PROTECTED]>
To:
Sent: Monday, April 18, 2005 5:15 PM
Subject: RE: [ActiveDir] Sign On
Hi,
I have installed a root domain controller "test.com".
Then I have installed a child domain controller: child.test.com" with
primary DNS as test.com. So a zone child.test.com automatically added in
my test.com DNS.
I want to install a separate DNS for child domain, and want to set child
as pr
(1) I expect the default permissions to REPLACE all existing permissions,
because otherwise the DEFAULT buttonb would be meaningless
(2) The DEFAULT button reads the security descriptor in the schema for that
particular object and places that onto the object and it enables the "allow
inherit from
Brenda,
Try using the Exchange
Deployment Tools (on the E2K3 CD) to perform some checks to see what the tools
say about your configuration
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brenda
CaseySent: dinsdag 19 april 2005 0:00To:
ActiveDir@mail.activedir.orgSub
64 matches
Mail list logo
