Probably for now-- just remember to turn it back on when you upgrade to Vista
:-)
-Original message-
From: "Rimmerman, Russ" [EMAIL PROTECTED]
Date: Wed, 9 Aug 2006 22:18:23 -0400
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Computer bootup speeds
>
> We aren't using Windo
The DNS suffix of the active connection definitely plays a role in determining
which Firewall profile is in use, if that's what you're referring to.
Darren
-Original message-
From: "Rimmerman, Russ" [EMAIL PROTECTED]
Date: Wed, 9 Aug 2006 22:23:43 -0400
To: ActiveDir@mail.activedir.org
Misconfigured scopes.
Laura
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Rimmerman, Russ
> Sent: Wednesday, August 09, 2006 10:24 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Computer bootup speeds
>
>
> Here's a though
Here's a thought -
Our DHCP is assigning the DNS domain name (015) of our old NT4 domain
still, not the name of our new AD domain. Would that cause this?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Wednesday, August 09, 2006 5
We aren't using Windows Firewall, we're using the firewall that comes
with our desktop antivirus solution. So I guess we're OK turning off
NLA (via GPO)?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Wednesday, August 09, 2006 5:2
No but a recursive program to do this would be an easy thing to
write.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Jerry Welch
Sent: Wednesday, August 09, 2006 6:50 PM
To: ActiveDir@mail.act
Does anyone have, or know of, a utility program that
will provide a breakout of object counts in AD in each container, with a
rollup so that each container shows all of the containers below it
?
Joe ?
Thanks,
Jerry
Jerry Welch
CPS Systems
US/Canada: 888-666-0277
International: +1 703 827 09
Yes, good point Susan. NLA is used to let Windows know that a network
connection state has changed. So if you're using Windows Firewall and have
both domain and standard profiles, by disabling NLA, you prevent that state
change from notifying the firewall that it may need to switch from one
profile
That's a new one on me. Its kind of ironic because in
Vista, the NLA service replaces ICMP slow link detection for GP
processing...
Darren
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
RussSent: Wednesday, August 09, 2006 2:14 PMTo:
ActiveDir@mail.activedir.o
I wouldn't disable that but put it on manual. We've found that on rare
occasion we've had to enable NLA to get the XP sp2 firewall to
consistently know that the machine was domain joined and thus use the
domain profile.
Test first.
Rimmerman, Russ wrote:
Well I think we figured it out. If we
This is all good... Using the right logonserver, DNS
is responding well.
It's the darn Network Awareness service causing it.
We aren't using ICS or Windows Firewall so I suppose we can disable it
safely.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andrew
CaceSent: W
Well I think we figured it out. If we disable the
"Network Location Awareness (NLA)" service, it cuts the time down by about
90%. I guess we'll disable this service via a GPO, cuz it looks like we
don't need it anyway.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Condr
Have you performed the usual gpresult, modelling,
etc?
Anything in the event logs?
Is this a new policy or new machines (to
the domain), or both in fact?
Cheers
Rob
Robert
Rutherford
QuoStar
Solutions Limited
The Enterprise
There's lot of reasons for slow boot up, as folks have
indicated. Enabling userenv logging and observing the time stamps will give you
a clue as to whether its related to user profiles or group policy. Also, as per
the network issues, check out http://support.microsoft.com/default.aspx?scid=k
Be careful using “set L”.
That command echoes an environmental variable that is set at boot and doesn’t
change after that. It should suffice in this situation. A much better way to
determine which DC a computer is currently authenticating against is
nltest.exe. “nltest /sc_query:domain_
Several things might prevent that, including security
filters that are denying access to the GPO from the machines, network timing
issues (esp. if its only machine GPOs that are causing the problem). I would use
GPMC to run a GP Results Wizard against the machine and just verify that the
GPO
If by
"loading", you mean applying the settings, yes, there are things in AD/GP that
would affect workstation application of policies, including ACLs on the
policies, OU structures, use of blocking and application of loopback
processing.
Laura
From: [EMAIL PROTECTED]
[mailto:[E
I have a few machines that will not load
the machine GP. I’m pretty sure that it’s an issue with the
workstations but just to cover butt, is there any thing that on the GP or AD
that would prevent the GP from loading?
Antonio
Confidentiality Notice: The information contained in th
Actually, you want to select them all and choose "Remove Exchange Attributes" from the "Exchange Tasks" menu
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/
I've seen something
similar in the past due to network issues. Specifically Spanning Tree
Protocol and/or link speed autosense on both the computer NIC and the switch
port it is connected to.
Scott
Klassen
i came across this:http://msexchangeteam.com/archive/2006/03/22/422799.aspxwhich points me to a hotfix.otherwise, when i enable 'associate external account' instead of a user getting an NDR about delivery refused the message is sent and delivered to the local store without an NDR.
How can i still g
There are several ways you could do it, but the easiest is
probably on the Exchange General tab in ADUC > Delivery Restrictions >
Message Restrictions -- click "Only from:" and don't add any
addresses.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
HBooGzSent: Wednesday, A
To be more accurate….change their smtp address to a bunch of
gibberish.
From: Kennedy, Jim
Sent: Wednesday, August 09, 2006 3:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Remove their external smtp address and then set the
Remove their external smtp address and then set the send to
permissions in the account to just me. Then disable the account.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of HBooGz
Sent: Wednesday, August 09, 2006 3:35 PM
To: ActiveDir@mail.act
I’d also
verify what server my machines are authenticating to using “Set L”
from a command prompt and making sure they are hitting the correct ones. Sounds
like the IP range may not be defined in Sites and Services.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
We have been fighting this for some time across the enterprise. DNS
appears to be fine everywhere yet the problem persists on XP systems.
The only solution we have found, which we are rolling out now, is to
disable XP's Fast Logon Optimization. In Group Policy it is Computer
Configuration\Administr
Hey All -How do you disable an AD account and deny mail delivery. There are some users that are disabled but when i send an email to their smtp address i don't get a sys admin error, it appears to send it to the respective store.
how do you all disable an AD account,not remove, and prevent it from
I had this happen once and for the life of me could not
figure it out. It was happening to computers pointed to one router in particular
as they're default gateway. It was one of 3 of our Gateway routers so I swapped
DHCP settings to a different one and they all started working like they shou
Alex Alborzfard wrote:
We have a HP printer/scanner that we want to setup for emailing scanned
documents.
Management wants to ensure only domain users with email addresses can do
this.
There is an option for setting up LDAP gateway, where you can set user
name & password up.
It’s asking f
First thing I would check is the DNS
settings on the client. Are they pointing at a valid DNS server, and is it
responding?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Wednesday, August 09, 2006
1:44 PM
To: ActiveDir@mail.activedir.org
S
Most times consulting when I see slow login times its dew to DNS miss
configuration issues. Are your computers pointing to your internal DNS
servers or an external DNS? If they point to an external it will take
about 5 min before it times out and looks inside.
Matt
-Original Message
We have a HP printer/scanner that we want
to setup for emailing scanned documents.
Management wants to ensure only domain
users with email addresses can do this.
There is an option for setting up LDAP
gateway, where you can set user name & password up.
It’s asking for LDAP logonname. I
No, just local.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Wednesday, August 09, 2006 1:37
PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir]
Computer bootup speeds
Do you have roaming profiles?
Andrew Fidel
"Rimmerman, Russ"
Do you have roaming profiles?
Andrew Fidel
"Rimmerman, Russ"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
08/09/2006 02:29 PM
Please respond to
ActiveDir@mail.activedir.org
To
cc
Subject
[ActiveDir] Computer bootup
speeds
Is there any easy way to determine why it's
Is there any easy way to determine why it's taking so long for PCs in
our AD to boot up? It sits at applying settings for quite awhile, so
I'm thinking it may have something to do with GPOs, but most computers
only have 2 or 3 GPOs applied to them. I wouldn't think the GPOs would
take that long
In a all borg network (XP,2k3 even 2k) disabling LMhash breaks nothing.
For those with mixed networks.. test... you may have devices, OS that
need lmhash (NT,98). Kill them off as soon as you can as it's weakening
the security posture of your network.. and even the guy who has THE blog
on defen
By using a high ASCII character from
table 1 in http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/03osinstl.mspx
Andrew Fidel
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
08/09/2006 11:52 AM
Please respond to
ActiveDir@mail.activedir.org
To
cc
Subject
RE
Title: Message
I think you might mean the storing of LM
hashes for compatibility with extremely old operating systems. When using LM
Hash your password at most will consist of 14 characters, while that’s a
good length, the worst part is it is broken up into two 7 character strings. (At
le
Title: Message
It seems that Cain & Able development
has picked up greatly since LC5 was discontinued and seems to offer all the
features of LC5 and more.
Check out the list of network security tools that the creator of NMAP has
developed. Cain & Able is #9.
http://sectools.org/
Title: Message
Uh, I am the IT security department for a number of my
clients.
Yes, complex passwords were used. Here are a few it
cracked, just as samples:
F0ur.Sc0r3
grVnBEqRo*&2Yb
@[EMAIL PROTECTED]@cK
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Title: Message
Lophcrack was purchased by Symantec and is
now sold as an enterprise security product. It's called LC5, I believe,
but has recently been discontinued (after symantec stopped selling it to people
outside of North America) and support runs out at the end of the year.
Which is
Title: Message
With the assistance, support and ratification from your IT
Security department, of course :)
Do you use complex passwords in the below
scenario?
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B.
SmithSent: 09 August 2006 16:25To:
ActiveDir@m
"...but it can be disabled on a
per-account basis so any admin type accounts should probably have it turned
off. "
how is this done please? I know how it can be done at
the domain level, but not per user.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTE
And as lm configuration #6 from http://www.antsight.com/zsl/rainbowcrack/
shows it's trivial to crack ANY reasonable windows password with length
<14 characters unless lmhashes are turned off!(lm hashes are not stored
for passwords longer than 14 characters). Unfortunately if you have to
support d
Title: Message
I took the time to generate the 64 GB tables with the full
US-ASCII character set (I spread it out over a couple of dozen servers and it
only took about a week) last year.
I ran it last week against one of my environments. It
cracked 1,628 passwords out of 1,629 total account
http://www.elcomsoft.com/ppa.html
Password auditor
McCann, Danny wrote:
Hi
Haven't used it, but one of my colleagues swears it's too good. :) Try
Rainbow Tables.
Cheers
Danny
-Original Message-
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of
John the Ripper
McCann, Danny wrote:
Hi
Haven't used it, but one of my colleagues swears it's too good. :) Try
Rainbow Tables.
Cheers
Danny
-Original Message-
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of
*Rimmerman, Russ
*Sent:* 20 Mar
Security bulletin 06-040.. out yesterday.
Put it on a test priority folks.
http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx
John Strongosky wrote:
06-040?? What is this?
john
*From:* [EMAIL PROTECTED]
Title: Message
Hi
Haven't used it, but one of my colleagues swears it's too good.
:) Try Rainbow Tables.
Cheers
Danny
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Rimmerman, RussSent: 20 March 2006
21:38To: ActiveDir@mail.active
06-040?? What is this?
john
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]Sent: Tuesday, August 08, 2006 5:17
PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir]
FMSO roles split, patch question.
The main thing it to t
I've not tested this (just hashed it up as I read your post, so there's
probably going to be some syntax errors, etc. --please test first).
But here's a quick and dirty vbscript that should change all uppercase
accounts to lowercase.
set oConn=createObject("ADODB.Connection")
set oComm=creat
51 matches
Mail list logo
