!
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
Sign-up for M-Tech's winter training sessions:
P-Synch: January 8--12, 2007 || ID-Synch: January 15--19
Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
Sign-up for M-Tech's winter training sessions:
P-Synch: January 8--12, 2007 || ID-Synch: January 15--19, 2007
To register, please visit: http://mtechIT.com
to these might help track down your problem.. :-)
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
Sign-up for M-Tech's winter training sessions:
P-Synch
AD or ADAM.
Do you have a sense of how many LDAP binds / authentications per second a
typical Win2k3 server can handle? (order of magnitude stuff...)
Cheers,
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
,
and an archive one for the 10M historical records.
Would you recommend ADAM? With how many DCs if so? (the web apps would
likely be hosted at a single site).
Perhaps full-fledged AD? How many DCs?
Thanks!
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http
here integrated TAM (Tivoli Access Manager -- IBM's WebSSO)
with ADAM? Any pointers or horror stories we should know about?
Cheers,
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
Visit M-Tech at the Gartner Identity and Access Management Summit:
http://www.gartner.com/2_events/conferences/iam1_section.jsp
November 29 -- December 1; Las Vegas; Booth D
disconnected.
Bottom line: this method is pretty simple, doesn't require any special
software running on the PC, and limits the impact of a theft or compromise
of the user's workstation.
Good luck,
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http
header, and/or can be flagged fairly reliably with a regular expression.
(e.g., grep -i out.*of.*office should catch 90% or more of them)
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
On Mon, 25 Sep 2006, Derek Harris wrote
firewalls, etc. That's getting a bit far outside of
this list's topic, and starting to sound a bit too much like advertising,
though. Continue offline please?
Cheers,
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
,
and avoid what others do well - local and prompt hardware support.
Just my random thoughts. I haven't really put much effort into it, Susan. :)
Maybe random, but insightful. :-)
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
List
Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
On Fri, 1 Sep 2006, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
While you guys are skinning that cat (or is it buttering it?) let me
throw out the var/vap world of admin passwords... You have a bunch of
managed clients... you have employees
to having a bunch of well-known admin passwords out there.
There are products to do this (and yes, we make one too).
Cheers,
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
On Thu, 31 Aug 2006, Bahta, Nathaniel V CTR USAF NASIC
Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
On Fri, 25 Aug 2006, Akomolafe, Deji wrote:
Depends on what the agent is supposed to be doing, whether or not it's been
proven stable or crappy, and whether or not your administrative/security
philosophy allows such agent to be deployed on DCs
no longer needed to avoid unnecessary cost from charge to
their cost center.
Regards,
Ai Chung
On 8/21/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Thanks, Joe.
I tend to agree regarding standard names, no random driver letters,
etc. (which you could probably already infer from my initial e
that disk
space for new work?
What happened in this scenario when you worked at that Fortune-5 where
you used to (still do?) work?
Cheers,
-- Idan
-- Forwarded message --
Date: Fri, 18 Aug 2006 21:00:58 -0400
From: joe [EMAIL PROTECTED]
Reply-To: ActiveDir@mail.activedir.org
Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
For more information on M-Tech's Regulatory Compliance Solution visit:
http://mtechIT.com/compliance
) or to speak to another administrator
and be personally recognized.
Good luck!
--
Idan Shoham
Chief Technology Officer
M-Tech Information Technology, Inc.
[EMAIL PROTECTED]
http://mtechIT.com
For more information on M-Tech's
in how the RPC communication works in sp1 and isa 2004 and checlpoint firewalls rpc filter need to be updated.Original Message From: [EMAIL PROTECTED] Date: 09/03/2006 15:13 To: ActiveDir@mail.activedir.org Subj: [ActiveDir] Issue creating forest trusts
Hello all,
I'm running
they are also known as reparse points and ris uses them for the single instance
store
Original Message
From: [EMAIL PROTECTED]
Date: 06/03/2006 11:15
To: ActiveDir@mail.activedir.org
Subj: RE: [ActiveDir] SYSVOL and Junction Points
The same question was asked at an MS seminar I
HelpThe consultancy I work for took on a job to provide support during the split of three companies (one divison) from a large group. There were a number oflimitations placed on us. No access to their network or machines before the move and do all the sites at the same time. The comms for the
Hi All,
I have a question about whether GPOs get applied in a situation where
domain trust is used..
Assume AD domain DA trusts DB. There is a user U1 defined in DB.
U1 belongs to a group G1 on DB. A particular GPO applies to G1 in DB.
Now when user U1 signs into domain DA, using trust, does
of the DA
domain.
Phil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Monday, September 13, 2004 2:02 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] GPOs through trust?
Idan-
It makes part sense, but in general, yes, Group
Hi guys,
I was just having an interesting chat with one of our customers, and he
raised a very good question.. :-)
They are a global organization, and consequently have thousands of
printers, in hundreds of locations. Today, there is just a flat namespace
(I think it's just built into AD) to
Hi Mark,
Sarbanes-Oxley (or SOX for short) requires lots of things, all of them nice
and vague. :-)
Among them are effective internal controls. While it is mostly
concerned with financial data, of course that data is stored in databases,
accessed by applications, on operating systems, mediated
. If you later need to know what machines
a user is signing in from, just read their file in that share.
E-mail me at [EMAIL PROTECTED] if you want a copy.
Cheers,
-- Idan
On Sun, 6 Jun 2004, AD wrote:
We are doing it using logon scripts. Using vbscript and WMI you can get
anything you want
in the Microsoft shirts! :O)
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
_
From: [EMAIL PROTECTED
Hi Mark,
If all you want is to provide your mac users with adequate advance warning
of password expiry (e.g., by e-mail or by launching a web browser to a
suitable URL at an appropriate time, from an OSX login shell script), and
help them to change passwords on AD and elsewhere from a web
possible).
-
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sieber R., DP ITS,
FII, DD
Sent: Friday, March 19, 2004 12:44 AM
:+49 (351) 4567 762
Fax: +49 (351) 4567 709
eMail:mailto:[EMAIL PROTECTED]
web: http://dp-itsolutions.de
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir
Nick,
Not sure what's up in your environment, but here's one possible reason:
Mobile users frequently don't get this, because they are not actually
performing a domain authentication (i.e., they make RAS or VPN connections,
check their mail, etc., but don't actually sign their workstation into
Hi Cory,
I don't think you can setup a user that can create other users (e.g.,
new user == NU1), but not be able to set that user's password or group
memberships. The creating user would own the new user object ... so
would presumably have some privileges to it.
To do this, you have to go
David,
Can anyone enlighten me about the account option store passord using
reversible encryption ? As I understand it, some kinds of clients and
some kinds of remote access solutions that use CHAP require that this
option be enabled. Just the sound of it makes me uncomfortable.
You've got
Hi Joe,
Your point about users being expired while the synchronization /
policy enforcement service is inaccessible is quite relevant, I think.
Our default approach is to allow password changes to proceed on the DC,
with just the Win2K policy, but without the central policy also being
applied, in
with my
capabilities with the OS in regards to this specific issue since it is
actually heavily documented and the documentation is right so someone CAN
actually do something.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Oliver Marshall
Sent
Try setting the two users' passwords to the same value (i.e., the user who
successfully logs in, and the one who can't).
If the one that didn't work starts to -- then there is an incompatibility
between password policies. The Cisco product might be truncating, lopping
off special characters or
Brent,
I don't think it's a good idea to store reversibly encrypted passwords
in AD, especially since they get replicated to DCs which you not be able
to physically secure.
However, you can use the password filter DLL to intercept password changes,
and dynamically store the new passwords away
then allow you to clear that same flag and you now have a password
with a password age of 0 days and fully ready to go.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erick Christian
Sent: Wednesday, August 13, 2003 1:17 PM
To: [EMAIL
passwords the user has elsewhere (e.g., on other domains, other
kinds of systems, etc.).
I hope this helps!
Best regards,
-- Idan (http://psynch.com/)
On Tue, 5 Aug 2003 [EMAIL PROTECTED] wrote:
Does anyone know if Microsoft provides provisions for doing dictionary
lookups
can't disable at all
is the Ctrl+Alt+Del
combo which then brings up task manager, but of those I do want to allow Log
off and shutdown.
Everything else is locked down.
Ernesto
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 10
40 matches
Mail list logo
