At.exe will always reqire admin rights, but normal user account can always schedule task using, Task Scheduler..
So use command line utility schtasks.exe, it should be present on all XP box, don't know about win2K..
just see the help...
schtasks.exe /create /?
On 10/6/05, Harding, Devon [EMAIL
Sorry, if i was not clear.
Problem occurs on same DC,
i.e. say, I change the value of maxpwdage in DDGPO and go to adsiedit.msc andlook forthe value reflected on Domain object, it doesn't !
Then if I change the value at attribute level using adsiedit, this value once set using adsiedit doesn't
I
wondered that too and checked with Robert whosent my query on to a chap
named Jan Liikamaa. He said:
Unfortunately our product does
not handle different account lockout policies. But I agree that it would be very nice
to be able to specify different set of account lockout
rules.
No I didn't unfortunately. The fact of the matter is I went away for a
break and when I got back it worked. Perfectly. I know that it wasn't to do
with the length of the user access token as tokensz showed me that I was
nowhere near the limit, there were no errors relating to Group Membership on
I've looked at using Virtual Server for small sites and it makes sense
to me. The only drawback is that all your eggs are in one basket - lose
the host and you lose everything. The same's true for patching as
you'll need downtime on all of the guest machines when the host is
updated.
One
Not being flippant at all E-mail is so coarse sometimes. I just
wanted to make sure we are all on the same page. There seems to be much
controversy, even on the Microsoft site as to whats supported and what
is not.
David Chianese
-Original Message-
From: [EMAIL PROTECTED]
I would like a better way of making bulk
changes to AD. There seems to be caveats with every scripting method. Also some
more advanced management like maybe a way to create new users and automatically
e-mail their superior based on an attribute in the user account with the new
account
Mark,
How many users to site are you talking about in the no local DC
scenario. 10, 20..50 ?
Cheers
Mylo
[EMAIL PROTECTED] wrote:
I've looked at using Virtual Server for small sites and it makes sense
to me. The only drawback is that all your eggs are in one basket - lose
the host and you
We had a pretty inefficient model for small site deployment, so we
recently revamped it to the one mentioned below. So far, the DC-less
sites have been quite small, no more than 10 users. However, I'd be
comfortable letting that go up as far as 100 or so users - but we do
have very good WAN
Brett knows the difference between Jet Blue and Jet Red too :)
Rich
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, October 06, 2005 9:24 PM
To: 'Send - AD mailing list'
Subject: RE: [ActiveDir] Question on Replication Topology
I
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
I've looked at using Virtual Server for small sites and it
makes sense to me. The only drawback is that all your eggs
are in one basket - lose the host and you lose everything.
Id like create a policy that ONLY
runs on workstations that are members from a specific domain. Would I have to
use both querys?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir
Sent: Thursday, October 06, 2005
11:16 PM
To:
Well it didnt work.heres
the script:
strComputer = .
strNewCmd = C:\PROGRA~1\INTERN~1\iexplore.exe -new
http://www.domain.com
Set objWMIService =
GetObject(winmgmts:{impersonationLevel=impersonate}!\\
strComputer \root\cimv2)
Set colScheduledTasks =
No. Combine them :)
Select * from
Win32_ComputerSystem WHERE DomainRole = VALUE And Domain =
"contoso.com"
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding,
DevonSent: Friday, October 07, 2005 6:23 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] WMI
no I never set that up
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony
MurraySent: Thursday, October 06, 2005 4:06 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] dSDIAG /TEST:DNS
ERRORS
Do you maybe have the "DC Locator DNS records not
registered by the
Do it all the time, never had a problem.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, October 06, 2005 7:52 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Active Directory wish list
You have never used TS Manager to
Title: Message
Hi,
I am trying to write a script to monitor the new
software installation on windows XP Prof system. The objective is to
receive a email notification from the system once a new software is installed on
the system. Is it possible to do this ?
Pavan Hotha
This message
Title: Schema Updates
I just did this last week to install Cisco Unity and I
still had to enable schema updates in Windows 2003 even though the user was in
Schema Admins. I was under the same impression as Travis, but after enabling
updating in the registry it worked fine.
From: [EMAIL
Has anyone used
recreateDefPol.exe to reset the default domain policy in a windows 2000 domain.
And if so are there any gotchas to look out for?
Thanks
Mike
Michael P. Williams Information Technology Carlyle Van Lines (660) 747-8128 X
3816 [EMAIL PROTECTED] www.carlylevanlines.com
Title: Message
If the application is installed as an MSI package, you can track
it. If not, WMI will not help as WMI only surfaces MSI installed
applications
Leverage the Win32_Product WMI class in a WQL query such
as:
Select * From __InstanceCreationEvent Within 10 Where
TargetInstance
Title: Message
From the software installer itself or from
the machine when it detects a new value in ARP or something like that?
:m:dsm:cci:mvp
marcusoh.blogspot.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pavan Hotha
Sent: Friday, October 07, 2005
Title: Schema Updates
Upgraded to 2003 or fresh install?
:m:dsm:cci:mvp marcusoh.blogspot.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tim Vander Kooi
Sent: Friday, October 07, 2005
10:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Title: Schema Updates
Upgraded.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Friday, October 07, 2005 9:38
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
Schema Updates
Upgraded to 2003 or
fresh install?
:m:dsm:cci:mvp
Yes I had to resort to it once in our lab when someone did something
rather lame to sysvol. It worked as advertised, I reset the policies to
their original values and all was OK after that. I don't recall any
gotchas.
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Congratulations on only using Windows Server 2003 SP1. That is when they
fixed that deficiency. I originally bugged it back in the early days of W2K.
Alternatively, it could be every time you have done a reconnect, you are
using the same ID that you are trying to reconnect to. Not for instance,
Error messages? Do you get anything? Do you know for sure
the script is running?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding,
DevonSent: Friday, October 07, 2005 9:28 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO Permissions
with .vbs
Well it
How do you enable auditing for public folders in exchange 2000?
Do you just set diagnostic logging for Public Folder, General to medium or should you do it through NT SACL's on the public folder store?
I guess you can't just audit one folder?
I want to audit the deletion of public folders.
Probably. Never said it was fool-proof but only that it addresses a
small part of the total picture. I will let my cohorts speak to the
specifics to the process if they choose. Ideally, your admin and
security model would prevent any un-authorized changes but the 8th and
9th layer sometimes
If I put this in the Logon Scripts, it
runs but just for local administrators. I need this to run for ALL users.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 07, 2005
11:08 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
I'll put in a plug for more centralized deployment then the traditional
branch office deployment. This is something that should go in your risk
assessment along with the security concerns that Gil mentioned.
One of our agencies (2500 users) went from a 14 DC deployment with DC's
in the major
There's a difference?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Friday, October 07, 2005 9:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
Brett knows the difference between Jet
Is it running interactively first?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
joeSent: Friday, October 07, 2005 8:08 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] GPO Permissions
with .vbs
Error messages? Do you get anything? Do you know for sure
the
Title: Message
Another solution I'm just thinking about is to leverage the
registry property provider to expose the registry hive containing the list of
Add/Remove Programs in WMI.
See http://msdn.microsoft.com/library/default.asp?url="">
#pragma
namespace(".\\ROOT\\CIMV2")
[dynamic:
I tested AT from a batch file in the
startup script, it scheduled fine
AT 12:30 notepad.exe
Created a job.
I did not try it from a vbs
Rich
---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr
Yeah, we were talking startup scripts though. You aren't
going to get it to run for non-admins unless you use something that elevates the
permissions temporarily to run it. Startup scripts should run it fine though
because they run as localsystem. So what are the issues you see with running
Title: Message
Thanks
Alain,
Following is the mof code compiled to get a mail on
software installation.
#pragma namespace (".\\root\\subscription")// for Windows 2000 use #pragma namespace
(".\\root\\cimv2")
instance of __EventFilter as
$FILTER{ Name =
Yeah, one's red and one's blue. Color monitors are great ;o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 07, 2005 10:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
There's
I tested several scenarios:
1) batch file in startup
script in GPO with non-privileged user logging on job appeared in AT.
2) Your script in startup
script in GPO with non-privileged user logging on job appeared in AT.
3) Your script in logon
script in GPO with non-privileged user
It is suprisingno one has responded to this with the
"pat" answer... this is describing MIIS and the workflowpiece they
havebuilt into it and theidea being that AD is simply a store. MIIS
supplies the business logic such as triggers and dynamic updates, etc. I don't
necessarily agree with
Ask Brett :P
C
From: [EMAIL PROTECTED] on behalf of joe
Sent: Fri 10/7/2005 5:08 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
There's a difference?
-Original Message-
From: [EMAIL PROTECTED]
One is an airline.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 07, 2005 8:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Question on Replication Topology
There's a difference?
-Original Message-
Title: Adding local admin rights to non english native os?
Hi all,
Usually net localgroup administrators xxx /add would work fine on computer startup gpo - but how about on non english native oses? Would this work as well?
Thank you and have a splendid day!
Kind Regards,
Freddy
I've seen 500 and 1000 user sites with no DC. They were on the end of decent network links, but nothing outrageuous. To determine if you really need a DC at a remote location I would sit down and look at the stability of your network link and its current utilization. Then spend some time thinking
Yeah, apparently they upgraded the Access engine a bit that AD used to run
on in w2000, and now they gave it a different name.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent:
Random comments:
"I personally would like to see more logic and
triggers, etc in AD as well..."
[Darren] So what you'd really like is SQL Server, which
has all that :-)
"Possibly MS could make it so that SQL backend could be as smooth
to use as ESE is in the backend of AD (how much work
Since this is a startup script, is it safe
to say I can use only the Domain Computers for applying or do I
need to add the user as well?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn
Sent: Friday, October 07, 2005
12:11 PM
To:
Title: Adding local admin rights to non english native os?
You would need to know the local name of the administrators
group. You could get that by using some sid to name funciton like sidtoname
[1] to resolve S-1-5-32-544.
joe
[1] http://www.joeware.net/win/free/tools/sidtoname.htm
Btw, where are you seeing that the job is
scheduled? When I logon as a non-privileged user and click Start, Run
Tasks, there are no jobs scheduled. When I run at.exe from a command
prompt, I get access denied. What are your parameters for
the GPO? (Security settings, Enforced etc)
YA, it will run that way, as startup time script run under LOCALSYSTEM account, which has admin control over machine.
On 10/7/05, Rich Milburn [EMAIL PROTECTED] wrote:
I tested AT from a batch file in the
startup script, it scheduled fine…
AT 12:30 "notepad.exe"
Created a
Interestingly enough, joe, it was a posting that you made
in November of 2002 in microsoft.public.win2000.active_directory, that led me to
this:
http://msdn.microsoft.com/library/en-us/sdo/sdo/changing_dial_in_settings.asp
I fixed a couple of bugs, added a couple more attributes,
and
This is when your high school language classes come in handy. You will need
to know what administrators translates to in the target language. For
example, in German, it's administratoren, so your code will look like this:
net localgroup administratoren blah blah blah
HTH
Sincerely,
Dèjì
Hi Freddy
No it won't.
You have to use the translated name. Here in Spain it is
net localgroup administradores xxx/add.
Saludos
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
I can speak from experience that going
from trying to avoid scripting and always answering no, I certainly am
NOT a programmer to learning _vbscript_ and now looking at full-blown VB
(thank you MSDN for VS2005! J), it opens a whole new world of things I had no idea you could do,
and I was
This is specific to opening the internet explorer with higher
privileges... (nothing to do with script runing at logon or startup)
If I knew, that this scheduled job runs under Admin account
I can elevate my privileges to local admin, instantly,
once the website is opened, I have to just
quick question-
if i already installed an msi based app via some other means(like Tivoli)and then i want to redploy this app via a computer node gpo in AD for any pc's which still didn't get it via the other means, will the pc's that already have it try to install it again?
thanks
Care to elaborate on what you mean by defeated? Are you suggesting that gpo's
can be overridden by a local user w/o admin rights?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, October 06, 2005 7:28 PM
To:
If the MSI product code for that app is not the same
between the GP-deployed package and the Tivoli one, then I believe it will try
to uninstall/reinstall the app to bring it under GP management. At least, the
last time I tried it that was the behavior I saw. If these are XP machines, you
How would I use schtask to assign to more
than one computer. It seems like that may be our only option.
I cant believe its that difficult
to get a popup of IE on ALL users desktop at a specific time.
-Devon
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
If you try to install an msi app silently
and it is already installed, it silently aborts no repair, no
reinstall, no uninstall.
---
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field
It should.. they would try and re-install
if you assigned the app to a computer. If you publish to a user or group of
users though, your users may be able to avoid the re-install by selecting the
app if they still needed it. Or ask you users to respond to an email if they dont
have the app
all my machines are win2k.
the msi is the same. its the Tivoli endpoint agent which allows software distrb via Tivoli that i want to deploy via gpo.
same verison. exact same product.
thanks
On 10/7/05, Darren Mar-Elia [EMAIL PROTECTED] wrote:
If the MSI product code for that app is not the same
I was assuming an identical msi in both
cases and installing with /i, it should silently abort. If the msi has changed
(i.e. been repackaged/rebuilt) there are other possibilities. If the package
code is the same and you run it interactively, you should get the uninstall
reinstall repair
If its the same MSI, they
shouldn't. In reality, sometimes they do
Thanks,Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Friday, October 07, 2005 3:30 PMTo:
activedirectorySubject: [ActiveDir] software
Ever since Exchange 2000 the saying has been that if you
want to be an Exchange administratoryou need to be a programmer. It
really hasn't been much different with AD.
Ed Crowley MCSE+Internet MVPFreelance E-Mail
PhilosopherProtecting the world from PSTs and Bricked
Backups!
From: [EMAIL
Picture an inverted cone (or funnel). As you start from the bottom of your
career, it helps to broaden your knowledge. This is at the point where you
try as many options as possible in order to better position your
marketability. This is where you learn as many OSes as you can so that you
can
What is Administrators in Latin?
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, October 07, 2005 11:29 AM
To:
I can not confirm with GPO. But if using SMS, the app will not be reinstalled
IF the msi package is the same. Unless you specifically ask it to reinstall.
I imagine the behavior will be the same via GPO.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
Title: Schema Updates
Yep, same here. I think upgraded
scenarios have this.
:m:dsm:cci:mvp
marcusoh.blogspot.com
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi
Sent: Friday, October 07, 2005
10:57 AM
To: ActiveDir@mail.activedir.org
Subject:
Powerus Tripus Maximus ?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: Friday, October 07, 2005 2:03 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non english native os?
What is
dministratorsay :)
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL
In Spanish and in Portuguese it is administrador.
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ed Crowley [MVP]
Sent: Friday, October 07, 2005 2:03 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non
Think about nested groups and primary group membership. Some of joe's
discussions of primary group membership are in the archives and should
lead you where you want to go.
...one of Diane's 'cohorts' :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
According to the pig latin site it's really administratorway.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Friday, October 07, 2005 3:10 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non
First of all... just wanted to say thanks very much to everyone who's
responded. It's great to get the different perspectives and it's a
constant learning experience... so thanks again :-)
I'm off on holiday for a week, off to warmer climes, so who knows what's
changed by the time I get
Windows Synder [yes that's her name] and Frank somethingorother
the Threat Modeling book
or
Dana Epp's ramblings at the Sanctuary: High Level Network Threat Modeling:
http://silverstr.ufies.org/blog/archives/000851.html
Office Development, Security, Randomness... : Guerrilla Threat
Hello to all,
I am running project server 2000 on a windows 2000 server
box. Recently users started getting the below error message. I have
checked authentication and it is set to use Integrated Windows
Auth
I have also tried to start and restart the services but no
luck.
You
Google Groups : microsoft.public.project.pro_and_server:
Thanks Susan,
Looks like I've got some reading to do :-)
Regards,
Mylo
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Windows Synder [yes that's her name] and Frank somethingorother
the Threat Modeling book
or
Dana Epp's ramblings at the Sanctuary: High Level Network Threat
2002? I think the statute of limitations is only 2 years on
my posts. ;o)
Glad it helped, I honestly do not recall that page at all.
I do remember that there is an Active X control for handling the TS stuff
though.
Glad my previous self was more helpful than my current
self. ;o)
From:
Oh I just chased back through this thread... You want to
fire up IE, I didn't catch that before, I didn't look that close at the specific
process you wanted fire, just that you wanted to fire a process. You should
still be able to do this with a startup script with AT as long as you specify
You have to look at what the scripts and GPOs are actually doing in the
background. For instance, gpo simply looks at the LDAP membership of a
group, ditto many of the WMI scripts out there that monitor group
membership. Not all members will be listed there. Unless those items fire at
a moment
Better make that Powerum Tripum Maximum or else Laura might get on your
about only representing the masculine gender. :o)
I knew 3 years of Latin would eventually come in useful. ;o)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Title: Schema Updates
Was it maybe the app itself disallowing the update? Did you
try to just modify the schema to see if it would work? Say change the rangeupper
of cn or something like that and then change it back. Something
innocuous.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
That's a good point about plonking stuff in AD a case of once a good
thing comes along everyone wants to climb aboard. I remember doing
ZENworks stuff with Novell where all the application configuration
information for software distribution was shunted into
NDS/E-Directory... all that
This should be a piece of
cake to do with a .net app. It's got an easy option to hide from the taskbar, so
you don't have to call the Win32 API to do that (not that its hard...), it has a
couple of timer classes, and it has a Process class you can use to kick off a
process. Sounds like a
In 9 years of Spanish, I didn't learn Administrator in Spanish.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 07, 2005 9:02 PM
To: ActiveDir@mail.activedir.org
Joe,
I actually thought you were referring to the somewhat hidden primaryGroupID
issue in your previous response.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow
I am.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, October 07, 2005 10:20 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Modifying Domain Admins Administrators Group
Joe,
I actually thought you were
Now that I have a nice steak from Texas Roadhouse in my
belly I can think straight. :o)
Assuming the perl script is called
timedfire.pl
my
$d1="10/7/2005";my $t1="23:04";my $cmd="c:\\progra~1\\intern~1\\iexplore.exe -new
www.joeware.net";
my
($mon,$day,$year)=split(/\//,$d1);my
Call my method crude and archaic...but I have a box that just runs
scripts...all day...nothing else. One of them is to do a simple dump of the
domain, enterprise, and schema admins group once every 30 seconds or
something and diff it against the previous run. If there's a difference I
get an
90 matches
Mail list logo