I don't think, there is a problem with processing precedence.
I have problem that, there is no easy way to revert to stage where that setting was not configured at all.
Did u enforce the domain policy and check the settings in "Internet Options" Problem is when you enforce it, domain policy wil
You can change this through a custom group policy object. Put this into an
ADM file:
CLASS MACHINE
CATEGORY !!Browserconfig
POLICY !!DisableMaintainServerList
EXPLAIN !!DisableMaintainServerList
KEYNAME
"SYSTEM\CurrentContr
Hi Kevin,
Not sure but is the DC a server 2003? If
so can you use the GP Mgr to simulate the policies on this server? May there is
a hint why it doesn’t work out. As so far everything seems to be OK.
Cheers,
Katrin Wilhelm (MCSA)
CVGT Employment & Training Specialists
Australia
These are ESE (the database engine under DHCP) events.
Did you reACL anything like the root of the volume or the Windows
directory?
Anti-virus software installed, that is scanning that directory?
Are these events persistent, or sporadic?
Cheers,
BrettSh [msft]
On Thu, 3 Nov 2005, Ravi Dogra
Hi All,
I am getting some Dhcp Errors kindly suggest what could be the
possible reason for that...
tcpsvcs (656) An attempt to delete the file
"C:\WINDOWS\System32\dhcp\backup\old\new" failed with system error 5
(0x0005): "Access is denied. ". The delete file operation will
fail with error -
This belongs to windows 2000/xp client machine.
Also please update me on how ideally NTP works in a domain.
Thanks
Ravi
List info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org
I have already pushed a policy for disabling browser service on all my
desktops. I have windows 2003 server as my DC and windows 2000 and XP
as my clients. now how is it possible for a xp or 2k machine to
override server 2k3 browser master.
Please suggest what should be done to resolve the issue.
Ok, I tested this myself. I think what is happening is that
RSOP is reporting incorrectly, rather than there being something broken in
policy processing precedence. For example, I set up the scenario you described
below and ran GP Results from GPMC on the user logging into my test client and
I think this may be an IIS feature as does
IIS not create a user token which is cached the first time a user uses the
system and has a default TTL of 15 minutes?
So I think you have to reduce your IIS
token caching timeout. This is of the top of my head so and if I also recall it
only a
Darren,
Try this,
create one GPO at domain level, and one at OU level,
configure the proxy settings at both levels.
now, according to GPO processing rules, OU level GPO should win.
Now, go ahead remove the proxy settings from domain level GPO.
In this case also OU level GPO should win.
But you
FWIW we used to manage NT computer accounts with "an oldcmpNT" writen
in PERL using Win32::AdminMisc;Win32::NetAdmin; and Win32::Lanman. There
are numerous variants of such things floating around but this should get
you started-
http://www.roth.net/perl/scripts/scripts.asp?WSClean.pl
There's also
Does anyone have any other suggestions
about my DC logon problems?
Kevin Papula
IT Manager
Kandersteg, Inc.
(717) 730-9815 x10
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katrin Wilhelm
Sent: Thursday, October 27, 2005
6:58 PM
To: ActiveDir@mail.active
Kamlesh-
I'm not sure I understand what you're saying about "Not
Configured". If I check "Automatically Detect configuration settings" in IE
Maintenance policy, then that box is checked for all users that process the
policy. If you uncheck that box, the box is unchecked for the user the next
You know, there are some settings like, "automatically detect
configuration settings" under IE maintenance and some certificate
enrollment settings etc.
Which once configured, can't be made "not - configured" as you can do with other settings.
This values are either disable or enable, there is n
Did you get the BSOD analyzed to determine the root cause?
Fire up the debugging tools?
Bahta Nathaniel V Contractor NASIC/SCNA wrote:
RH,
[1] Aric pointed out what had happened to me in another environment, on
another network, during another time period, that issue was not taking place
in this
RH,
[1] Aric pointed out what had happened to me in another environment, on
another network, during another time period, that issue was not taking place
in this environment. There was no issue in this environment of adding
objects.
[2] Most of the documentation I reviewed told me that if more th
They are not setting the Must Change Password at Next Login
box. Thanks
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Phil
RenoufSent: Wednesday, November 02, 2005 8:51 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] OWA after
resetting password
I am wondering
Guys,
I'm sorry. I'm just not following this. Please answer these questions if
possible;
[1] Nathaniel replicated the root domain to a new DC. Yet the DC in
question held (at least) the SM and IM roles and probably all others as he
could not add objects as Aric B pointed out. So ... where ar
I am wondering that since this is a helpdesk password reset, are the helpdesk personel checking the Must Change Password at Next Login box. If that is checked then the user won't be able to log into OWA until they change their password themselves.
Phil
On 11/2/05, Peter Johnson <[EMAIL PROTECTE
I thought about the ALTOOLS and that button you are talking about.
However my testing seems to show that this is actually the user's site,
not the site where the user last changed their password which would be
from within OWA (Exchange site) which is different from the user's.
Unless I missed som
http://iase.disa.mil/stigs/stig/Active-Directory-STIG-V1R01.pdf
This Active Directory (AD) Security Technical Implementation Guide
(STIG) provides security
configuration guidance for the implementation of Active Directory on
Microsoft Windows
servers deployed within the Department of Defense (D
Are there any other DCs in the root domain??
Russ
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bahta Nathaniel
V Contractor NASIC/SCNA
Sent: Tuesday, November 01, 2005 9:50 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Crashed Root DC HELP!
NT4 doesn't allow to query with a filter. You
enumerate and filter yourself. The way you would have to do it with getuserinfo
is to get a list of all computers in the domain (net view) and then ask for info
on each one and parse out the password age. You may be able to do a query like
thing
I'm assuming this difference in behavior is due to the fact that an OWA
login is not an interactive login through LSASS. A possible solution is
to get your hands on the ALTOOLS download from Microsoft. One of the
tools in this set is the additional info dll. It allows you to reset the
password on a
Thanks, the AvoidPdcOnWan is not on in our environment and there is no
firewall between the sites. I am waiting to hear from someone that knows
OWA internals, to see if what we see is the case and if there is
anything that can be done about it.
Thanks
-Original Message-
From: [EMAIL PROT
Title: Exposing new attributes via AD users and computers
I'm testing the addition of two new attributes into the AD schema. [cost code and desk location]
I'm happy with the process to add the attributes, add them to the User class and add indexes etc etc.
I'm unsure whether these new att
Hey all,
Thanks for all of your suggestions. I ended up just doing a rebuild and
replicate during the night. The statement about the RID master is probably
correct, although I cannot remember since it was in 2001. I guess the lesson
learned here is that Hardware Troubleshooting done by the h
I'm not an expert on OWA, but as you mentioned in the first part of your
message the DC performs the check against the PDC to see if the password
has been changed. So long as OWA is using a DC to authenticate a user,
which I'm assuming it does, then the DC will handle the PDC check
invisibly.
Th
This is all in an Exchange 2003 and AD 2003 environment.
I wonder if I have this right?. When the help desk resets a password in
ADUC, that password change is made against the DC that the tool is
connected to and the PDC Emulator. If a user logs on to the network the
authenticating DC checks the
Hello Nathaniel,
What about the last known good bootoption (might work if you experience the
bsod before logon)?
Any other possibilities like save boot?
If one of these work you can try to find the failing device, and get rid of
the driver / whatever it needs to get it working again.
What about ch
30 matches
Mail list logo
