Title: Message
Firstly, thanks for all the excellent responses to my time question
yesterday. Should have it all sorted by ther end of the day.
In the
meantine, another little conundrum has reared its ugly head. We have 2
workstations that are located in a remote office. They are connecting
Title: Message
Jorge,
I checked the mapping and the subnet is mapped to the correct site (the local
German half of the domain).
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Jorge de Almeida PintoSent: Thursday, April 14,
2005 1:25
Title: Message
By
checking the firewall traffic we could see that traffic in the VPN tunnel was
trying to reach destinations outside their allowed range. The servers they were
trying to reach are the FSMO role holders. The roles are split over 2 servers
and communication was attempted to
I was recently handed a new hardware clock to install into our domain. As the
device needs to be placed in an area with good radio reception I decided to
install it onto a PC. Our server farm is located in a secure bunker with no
reception at all.
I know the usual time sync model is for DC's
] [mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: Wednesday, April 13, 2005 4:15 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Time synchronisation in a W2K domain
I was recently handed a new hardware clock to install into our domain. As the
device needs to be placed
We are in the process of rolling out XP SP2 in our environment and I am
beginning to mess around a bit with the GPO settings for SP2, specifically the
firewall.
We have a mixture of laptop and desktop users, the desktops are no problem as
we disable the firewall on all of them as the corporate
with SP2 when it is deployed?
Deji
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: Friday, March 11, 2005 7:10 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Blocking SP2 rollout
My apologies for posting this here but I am
My apologies for posting this here but I am not get clear answers from other
places I have asked this question.
As you no doubt know, MS are forcing an XP SP2 rollout as of 12th April this
year. We have SUS in our environment and have downloaded the SP2 package but
set the not approved flag.
Title: Message
Please, does anyone know of a quick way to
find the number of users in a particular security and/or distribution group in
AD and perhaps export the list ?
Many
thanks
Title: Message
Many
thanks, excellent help.
I hope
I am not pushingmy luckby asking for another brainstorm on how I can
do a simple check for how many members are found both in GROUP1 and GROUP2.
These are quite large groups (1000 members) and I cannot do it by visual
checking
Thanks
Title: Message
How
can I do a network trace whilst the computer is booting up ? When I have logged
on as normal user the share and files are fully accessible. I looked at my
bootup log (userenv.log) and can see that the GPO is called. But I just don't
know what could prevent my startup
Title: Message
Just
to follow up on this problem, I would like to clarify my current situation
:
I have
now determined the script is actually running during startup. The problem
however remains that I am not able to run the executable from the network share
location. Everything works fine
I have tried everything I know but I just cannot make a script run at
computer start up. I have successfully got it working on a user basis at
logon but assigning it to a computer is just not working.
Here is what I have done, please can someone let me know if I have I
missed something
I am having a real problem getting my head round setting the log on
locally policy for a group of computers.
What I am hoping to achieve is the ability to allow different groups of
sub-administrators the rights to log on locally to the servers they are
responsible for.
Currently, log on locally
. That would allow them to modify not only the log on
locally but also other things that will help them on their duties.
Gabriel Zabal
MCSE 2003
-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de Abbiss, Mark
Enviado el: Lunes, 24 de Enero de 2005 03:22 p.m.
Para
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: Monday, January 24, 2005 4:05 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Controlling log on locally in an AD domain
Unfortunately, we have already imposed an OU structure which
group, not the admin group. This
_machine GPO_ will then ensure that the user-rights defined for a
specific _user group_ is getting applied to the servers.
/Guido
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: Monday, January 24, 2005 5:07
Title: Message
Please could someone
recommend a good list where I can post a user profile/terminal
servicesrelated question. I have been hunting around for a while for the
answer without success.
Many
thanks
FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/
On Wed, 15 Dec 2004 11:08:43 +0100, Abbiss, Mark [EMAIL PROTECTED]
wrote:
Please, can anyone tell me how I can search through my GPO's to see if
a specific policy has been enabled and which GPO is controlling it ?
Many
back to a previous version?
If you have to recover your domain/forest, how do you plan to re-create your
GPOs and all their settings, OU links and security filters etc?
neil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: 15 December
Title: Message
Please, can anyone
tell me how I can search through my GPO's to see if a specific policy has been
enabled and which GPO is controlling it ?
Many
thanks
Title: Message
Many
thanks for the information and pointers. Having read them, can someone then tell
me if I have got this correct.
If I
copy the latest ADM files to one of my DC's (In my case my local site DC, which
has no FSMO roles) and then create a new GPO and assign it to an OU,
Title: Message
Just
wanted to say thanks for all the help. I have now successfully configured
GPto control the new XP SP2 roll-out. Hopefully the Boss will be
pleased.
Cheers
again for the pointers and comments.
Mark
-Original Message-From: Darren Mar-Elia
[mailto:[EMAIL
Title: Message
I have been
searching around for a clear and definitive explanation of how to replicate
updated ADM files around my Windows 2003 domain.
I an currently
trying to update my ADM files to the latest version so that I can support a
roll-out of Windows XP SP2. However, I cannot
software what are
you using?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: 06 October 2004 13:54
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Re-logging on to AD Domain
I am hoping your collective genius might be able to suggest
] Logging on to a Domain Controller
~
I would like to give a group of our 2nd level administrators the ability to
log on to all Domain Controllers. ~
Because?
-ASB
- Original Message -
From: Abbiss, Mark [EMAIL PROTECTED]
Date
:[EMAIL PROTECTED] On Behalf Of Abbiss, Mark
Sent: Tuesday, September 14, 2004 9:00 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Logging on to a Domain Controller
Is it really important why ? I just want to know how it might be done. I am
weird like that.
Thanks for any other tips anyone might
Title: Message
I am
going round in circles and am now completely confused !
I
would like to give a group of our 2nd level administrators the ability to log on
to all Domain Controllers. I have applied a group policy to the "Domain
Controllers " OU whichsets the "Computer configuration -
Please can anyone confirm of deny that the followuing scenario is possible :
A user has both a desktop and a laptop.
GPO settings define proxy settings used by IE. They also prevent the user
from changing proxy settings in IE (the connection tab is hidden).
When the user logs on to the desktop
Title: Message
Fastlane. We used it here and it was excellent. Excellent support as
well. They have a suite of tools to handle all parts of the
migration.
http://www.quest.com/migration/
-Original Message-From: Ellis, Debbie
[mailto:[EMAIL PROTECTED] Sent: Freitag, 14.
I live in Munich...about an hour and
a half away. Maybe I can get some info for you.
-Original Message-
From: Oliver Marshall
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003
9:51 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] [OT] Really
off-topic!
Sorry for the
Title: Message
Please can anyone tell me if it is possible to make
aconnection to a network sharewhen a server has been booted up into
theDirectory Services Restore Mode ?
I was planning to place my system state backup file on
a network share. This is obviously a waste of time if I cant get
I have nudged this issue in an earlier post but would like to ask again for
confirmation from the collective genius contained in this list.
Do all DC's in a domain HAVE to have a direct connection to the FSMO role
holding machines or is there a way of proxying these roles ?
What are some of the
I hope I am not labouring this point but can I ask. Does anyone know if the
ability to use GPO MMC snap-in is dependent on connectivity to the FSMO
holding DC's ?
Using the AD Users and Computers snap-in on my troublesome DC, I have just
tried to look at the GPO's for the domain. I am however
, MCSA, MCT
Microsoft MVP - Active Directory
LAN Administration - Windows 2000
West Corporation
[EMAIL PROTECTED]
-Original Message-
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]
Sent: Monday, October 20, 2003 4:58 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] FSMO role holding DC's
I
Title: Message
Probably a dumb question but here goes.
We
have recently installed a new DC into our domain to manage an increasing number
of machines located in a DMZ.The domain itself is spread across two
locations Germany and France. The new DC has open connectivity to
theDC'sthat are
Title: Message
Can
anyone tell me where i might find a good maillist for SUS
problems.
I want
to know how to install it on a DC. My problem is that the built in acounts found
on non DC servers "IUSR" and "IWAM" are not available on a DC (not having local
users and groups)
So how
do I
SO OT :-)
-Original Message-From:
Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 15.
Oktober 2003 17:10To:
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] OT: SUS on a
W2K DC
http://www.susserver.com/
-Original Message-From: Abbiss, Mark
[mailto:[EMAIL
Title: Message
Forget
MOM..Net IQ costs and arm and a leg and needs hours of extra consulting to get
your out-of-the-box installation doing what you want it to
do.
We
evaluated both MOM and Net IQ as well as RoboMon (www.itheon.co.uk) and went for the latter.
EXCELLENT support, second to
Title: Message
ps.
Itheon have another prodcut eQ wehich will monitor multi platform set
ups.
-Original Message-From: Chris Flesher
[mailto:[EMAIL PROTECTED] Sent: Donnerstag, 9. Oktober 2003
16:13To: [EMAIL PROTECTED]Subject:
[ActiveDir] OT: NetIQ or MOM
We're
- MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message-From: Abbiss, Mark
[mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003
10:22 AMTo: '[EMAIL PROTECTED]'Subject: RE:
[ActiveDir] OT: NetIQ or MOM
Forget MOM..Net IQ costs
Title: Message
I
really couldnt say. The support team in the US will be different. I have just
had nothing but incredible support from the UK team. Patience of saints
:-)
-Original Message-From: Chris Flesher
[mailto:[EMAIL PROTECTED] Sent: Donnerstag, 9. Oktober 2003
-
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 25, 2003 4:37 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Incredibly slow log on
Just wondering if anyone else has encountered this problem.
We have just installed a small external office with some new
clients
Just wondering if anyone else has encountered this problem.
We have just installed a small external office with some new clients. They
authenticate with the AD across a 512Mb fixed line. There are the usual
encryption/firewall devices between the two sites.
When logging on in the office with an
Title: Message
Please
can anyone recommend a good utility (not xcacls) that will help me add
additional security permissons to a directory structure on one of our W2K
servers. I want the existing ACL info to remain but want to append another
set.
Many
thanks,
Mark
it.
Something like Hyena might also do the trick, too.
Roger
--
Roger D. Seielstad
- MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
-Original Message-From: Abbiss, Mark
[mailto:[EMAIL PROTECTED] Sent
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 8:25 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Editing
. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 9:33 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Editing directory permissions
I used this syntax
there
is one available here on the microsoft site
http://www.microsoft.com/WINDOWSXP/pro/techinfo/productdoc/prwo_gpss.xls
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]Sent: Mittwoch, 6. August 2003
15:00To: [EMAIL PROTECTED]Subject: RE:
[ActiveDir]
Does anyone know if it is possible (and if so how and where) to change the
priority with which object attribute data is replicated throughout an AD ?
For example, when we create new users and include a profile path for
Terminal Services it can take 20 minutes longer to replicate than other data
URGENT: Please can someone help
I am trying to sort out a vbs script we use when logging on to our AD domain
(tenuous connection I know !)
I have to take a string and trim the beginning and end
eg. C:\Temp\file.bat /DUMP has to be trimmed to Temp\File.bat /DUMP
Can anyone give me a quick and
Title: Message
Please
can someone tell me how I find which OU an object is in please. I can "find" the
object using the find option on the AD UandC snap in but then there is no info
which OU the little rascal is in.
I have
a group which someone moved accidently and I need to move it back
I really hope someone can help me understand !!
This is my quandry.
I have a W2K server which is to be used as a printer server. We have a mixed
client base and so I would like use the support for installing additional
drivers to allow clients to point and print as the documentation calls it.
I dont
seem to have much luck with my posts to this list...have I upset anyone ? have I
been blacklisted for some reason ? Do I smell bad ?
Tosupport my post regarding changing the Pre-Windows 2000 name of a
members server I found this in the Microsoft
documentation
Dear
All,
I know
it can be done (because I have read it in the Microsoft documentation) but I can
find where to do it. Please could someone let me know how I can change the
pre-windows 2000 name for a computer !
Many
thanks,
Mark Abbiss
EADS Headquarters 81663 Muenchen Deutschland
Title: Message
Please
can anyone tell me where I can find a list of the SCSI controllers that are
automatically detected and supported during a W2K installation. I don't mean the
ones found on the hardware Compatibility List.
Many
thanks,
Mark Abbiss
EADS Headquarters 81663 Muenchen
Is ADMT v2.0 also able to clean up the SID history once everything has been
successfully migrated from the old NT world ?
Thanks,
Mark Abbiss
-Original Message-
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: Freitag, 31. Januar 2003 10:51
To: [EMAIL PROTECTED]
Subject: Re:
Dear All,
We are about to embark on a phased migration of our users from NT to W2K. We
have a useful little program (SecureCopy) that is excellent at moving files,
folders, permissions etc into the new domain but would now like to find a
method, other than doing it by hand, to modify the path to
Have a look at Fastlane Migrator...awesome but a bit pricey
Mark Abbiss
EADS Headquarters
81663 Muenchen
Deutschland
Phone : +49 (0)89 607-34776
Email:[EMAIL PROTECTED]
-Original Message-
From: Mulder, Joeri (NL - Amsterdam) [mailto:[EMAIL PROTECTED]]
Sent: Donnerstag, 16. Januar 2003
Hi,
Please can anyone help.
I have created an unattended setup for W2K servers and am working on the
post setup. To complete many of the steps in the post configuration the
server must be in the domain. I have set autologon to logon once after the
first reboot, however the logon is always
Check out eQ by Heroix (www.heroix.com) Bloody good product, bloody
excellent support and a fraction of the prce of its bloated competitiors.
Mark Abbiss
-Original Message-
From: Roger Seielstad [mailto:roger.seielstad;inovis.com]
Sent: Montag, 11. November 2002 15:01
To: '[EMAIL
Dear All,
I am trying to demote a DC using dcpromo and the operation keeps failing. I
am being asked for a account with Enterprise Admin privilages in the
forest, which the account I am using has. But I keep receiving the following
error message.
The attempt to configure the machine account
Dear All,
I am planning to use GPO's to control a number of XP clients in a W2K AD
setup. Currently we have no GPO's, other than the default domain policy. I
have imported the .ADM files from XP into a W2K DC and want to use the
Computer Configuration\Administrative Templates\System Restore
Depending on how deep you want to get into monitoring and how complex your
network is, a good product is RoboMon by Heroix.
Can do what you need and a whole lot morewe are just about to install it
here after comapring it with NetIQ and MOM
Mark
-Ursprüngliche Nachricht-
Von: Al
We have been trying for almost a year now to link 2 sites !!! the POLITICS
are the killer. Just wait until you get to who has the FSMO
roleschildren, children.
good luck and make sure you have a reservation for a berakdown sometime
early in the New Year.
Mark
-Ursprüngliche
How can I locate the registry key that corresponds to any setting I have
changed via the Group Policy MMC ?
For example, if I use the GPO MMC to set the value of Computer
Configuration\Windows Settings\Security Settings\Local Policies\Security
Option - Network Security: Force logoff when logon
Title: Terminal Services and Auto Logon
I have
beensuccessfully configuringLocal Group Policy on a W2K standalone
PC for some time. The machine is in a public location and we have locked it down
so that no-one can mess with the setup and can only access a couple of
applications. The only
I must be missing something obvious !!
I am setting up a small test environment and have hit a problem.
I have completed a basic vanilla install of W2K Server on one machine and
promoted it to a domain controller. In the process, I called the new domain
W2KTEST.CORP. I have configured nothing
ipconfig /registerdns or just reboot)?
3) If the first server is not registering correctly ensure things such as
'Append domain name to Suffix' is selected in the TCP/IP properties or that
Dynamic DNS is enabled on the DNS Server.
Cheers
David
-Original Message-
From: Abbiss, Mark
Does anyone have any strong recommendations for a good Windows 2K server
monitoring/management tool ? We are ideally looking for something that can
monitor a range of running services and server availability and take
remedial action if anything goes wrong (restart server or service) and
notify
. I've really liked Appmanager where
we used it at my last job.
-Original Message-
From: Abbiss, Mark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 10, 2002 8:53 AM
To: '[EMAIL PROTECTED]'
Subject: AW: [ActiveDir] Server availability/monitoring/management tools
Thanks, looking
Please can anyone point me to some online documents that discuss recommended
settings for Group Policy on W2K/XP, particularly Local Policies\Security
Options.
Many of the settings are not exactly clear in their meaning and I would like
to find some information about each of the options and the
Just run the ADMINPAK.MSI you find on the W2K Server cd on the workstation
to install the management snap-ins
Mark Abbiss
EADS Headquarters
81663 Muenchen
Deutschland
Phone : +49 (0)89 607-34776
Email:[EMAIL PROTECTED]
-Original Message-
From: Mike Tonazzi [mailto:[EMAIL PROTECTED]]
Problem with software installation using Group Policy objects
I am doing some testing of software distribution using GPO´s with no
success.
Other areas of the GP are successfully being applied but the software
packages are not being installed at login. Here is what I have tried
Scenario 1 -
nt: Montag, 30. Juli 2001
11:11To: '[EMAIL PROTECTED]'Subject:
[ActiveDir] RE: [ActiveDir] General wondering..
Experimentation is more important than knowledge.
-Original Message-----From: Abbiss, Mark
[mailto:[EMAIL PROTECTED]]Sent: 30 July 2001
09:19To: '[EMAI
Dear
List,
When
reading the posts on this list, it is common to see a registry tweak offered as
a possible solution. What I want to know is..how on Earth do you find these
keys ?!?! Where are they documented ? For example, how would I stumble across
the key "DontDisplayLastUserName"
Dear List,
I have been reading some confusing information about processor support in
Windows 2000 Server but the articles have no dates, so I cannot see which
information is the most recent.
My concern is that I have read Windows 2000 will only support 4 processors
when upgrading from an NT 4.0
Please can someone confirm for me please that it is only possible to move to
a native mode Windows 2000 environment once all servers and clients have
been migrated/upgraded to Windows 2000.
Or is a Native mode possible once all the older NT PDC's and BDC's have been
migrated, leaving some member
I understand that the Sysprep utility resets various security settings but I
cannot find a definitive list of the settings that are affected.
(http://www.jsiinc.com/subf/tip2500/rh2528.htm)
Has anyone else encountered this feature of Sysprep and have a link to
more information about what exactly
Thanks to everyone who offered help and advice.
In the end the vital piece of missing advice was plug the network card of
your 'to-be-installed' domain controller, into some other network device
such as a hub or another pc´s network card. After I did that the
instalation of AD worked fine and
Dear List,
Can anyone briefly summarize or perhaps recommend a white paper, that
outlines the differences in functionality between a Win2000 Professional
client that connects to a Native mode or a Mixed mode Win2000 network ?!
What I am trying to understand is if the client will have to be
81 matches
Mail list logo