Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, May 21, 2005 2:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] "Sticky" group membership - Solved
Dean,
Would you be as kind as to elaborate on the other iss
ply policy (may have long-since been resolved ...
haven't checked)
That's all I can think of ... hope it proves useful!
Dean
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Oh, Jorge! Please stop! We can barely get joe's head through most doors as
it is now He REALLY doesn't need another cheerleader!
;op
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: Tuesday, May 24, 2005 9:40 AM
To:
You just made joe's head bigger...
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, May 27, 2005 8:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] lastlogontimestamp-
I'll yield on this and stand cor
But, my experiments have shown that though you might be able to get rid of
WINS for Exchange purposes, the Office team hasn't quite grown past its use.
Outlook (including 2003) has a bit of a hard time finding its mailbox if
WINS is not active (or, at least an LMHosts file in place).
Rick
-O
" For instance... If you connect to a resource via IP, kerberos will not be
used, instead passthrough NTLM will be used."
joe, I'm not sure that I know the reason for this. Can you help? (Book
versions appreciated! :o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PRO
its the construction of the ticket.
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, June 03, 2005 8:13 AM
To: ActiveDir@mail.activedir.org
Sub
, that does
all of this well – and integrates the pieces to provide a complete
end-to-end solution.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone
"you think you have enough DC's"
Probably would depend on the remote vs. local campus environment, I suppose!
:o)
Company that I was just with had over 100, but we had high demand for
redundancy in over 50 remote sites supporting anywhere from 200 to ~1200
production users at each site. Given th
NetPro is focused on Directory Services - and in this case, AD. It's the
primary thing that it does. MOM, on the other hand can be configured to be
focused on AD, but the depth and breadth, IMHO, is not as good as NetPro.
MOM is great for a overall view of lots of Microsoft (and non-MS if you wa
I've seen exactly the same when an Infrastructure Master was missing. Check
all FSMO owners to be sure that they really DO exist. To do this, it's best
to run
DCDIAG /v /test:KnowsOfRoleHolders
You will need to run this in each domain for the domain FSMO roles, but it
will query the doma
will run the test against every DC in the Forest.
Might be good to make sure every DC is seeing the same thing as all others.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
> Sent: Sunday, June 05, 2005 19:24
>
There is no dependency between IPSec and the LDAP/S function. That being
said, is there any reason that you NEED to disable IPSec? I'd leave it
running - but that's just me.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Monday, J
fresh install, not an upgrade. Any ideas on how to load W2K3 into
c:\winnt from the start?
Thanks,
Nate
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, June 05, 2005 10:35 PM
To: ActiveDir@mail.activedir.org
Subjec
input.
Yes I'd like to disable services that do not need to run on DC in order to
reduce open ports :-), and i do not need Ipsec service for my DC BUT only
LDAPs.
Regards,
Yann
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Rick Kingslan
Envo
Ravi,
Though your thought process is likely correct for your environment, I think
that the math is off just a magnitude:
55GB * 5% = 275MB
So, rather than being ~1MB per hour over a 24 hr. period, it's closer to
12MB per hour over the same 24 hr. period.
You know your infrastructure - the magni
f - if it will be months before I need a service, it is going to be
off. Anyway, it is pretty easy to turn this stuff back on again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Monday, June 06, 2005 12:21 PM
To: ActiveDir@mail
joe,
Toss a command line out there for this. Some might be interested in how you
collected this - now that we kno what flags we're looking for!
Thx!
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Monday, June 06, 2005 11:53 PM
To: Activ
previous OS in the GUI setup mode, but this is to be made
for a fresh install, not an upgrade. Any ideas on how to load W2K3 into
c:\winnt from the start?
Thanks,
Nate
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, June 05,
EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday, June 07, 2005 2:33 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Q about Site Link Bridging
joe,
Toss a command line out there for this. Some might be interested in how you
collected this - now t
My first guess is that all auditing is shut off. Something has to be turned
on to audit - otherwise nothing will be posted to the Sec Log.
If this is on the DCs, check the Default Domain Controller Policy. If this
is Member Servers, look Default Domain Policy, OU GPO where Member exists,
or the
ing writing the first version of it about 2
weeks after I loaded my first domain controller back in like 1999/2000. I
got sick of doing windiff of two manual dumps right quick.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Tuesday,
Thanks, Mark. I, too, would believe that AD will be in the initial betas,
but that all remains to be seen.
Glad to see that things are moving along with the next iteration.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Wednesday
When you
say ‘Disk Encryption”, are you referring to EFS (Encrypted file
system)?
If so –
which disk is encrypted, and is your account a recovery agent? Finally,
which OS?
Honestly –
I don’t know of anything that would prevent a system configured with the
basic information that you pro
As Phil states, this can be done. However, some of these characters are in
there for good reason (such as the '/' as an escape character for the ',')
and I would seriously suggest setting up a complete test environment to test
out your proposed changes before you run a script against your producti
In fact, yes it will, Russ.
Looking back at the thread, I don't see any discussion about HOW these users
came to have the admincount attribute set to 1. Do you have a root cause?
The reason that I ask is because I've dealt with this before when someone
(who I never caught) added a group to a Pro
The type of server is going to be of great importance. If you are planning
to do this with a Domain Controller - just don't. It's not worth the
trouble, and is technically not a sound practice.
If you are talking about a member server, are you thinking of imaging just
the base build and then app
r.org
Subject: RE: [ActiveDir] Security permissions on user object
OK this is odd, I changed admincount to 0 and an hour later it was
changed back to 1. How frustrating. What gives?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Wedn
Outlook .pst files have a problem with corruption at >2GB. Mailbox size -
how big is the store? :0)
We had one lady who saved every report, every e-mail, I mean EVERYTHING,
since the day she started. Her e-mail box on the Exchange server was (might
still be - not my problem anymore) approx. 30GB
ROTLMAO! I share your pain, Brian.
Yeah Gotta love those 'Send to ALL' DLs - and the obvious misuse of
same.
"Black bronco in the north parking lot, second level - your lights are on"
Ummm, which city/site? I only have 50 of them. And, I'm guessing the
sender knows where he/she is.
joe,
Yeah, you
had to know it was coming – Rick’s $.02 worth.
Remember
what we both were relieved of our positions for? Oh, that’s right –
I didn’t tell you about me! Suffice it to say I took one for my
team because upper management was trying to get things done that were wrong,
tech
Funny I asked that about, oh, 4 days ago. I didn't get an answer.
Maybe you carry enough weight, Jorge! ;o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida
Pinto
Sent: Friday, June 10, 2005 3:38 PM
To: 'John Singler '; '[EMAIL
John,
You're still not asking the question that has been asked at least twice:
What groups is the problem accounts a MEMBER OF?
You might have answered this in a manner that doesn't register with me - are
you saying that this user is a member of Domain Users and nothing else?
Ric
Hmmm. let me think about that.
NO!
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Windows Security (Affiliate)
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com
sample leftovers that came back from the dining
room was kicked out of the "group" that gave access to the food on
the dishes and from that point on only saw dishes that had been scraped.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
canned for the exact same sort of thing.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, June 10, 2005 11:30
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] mstsc
/console switch for non admins
joe,
Yeah, you
had to know it
he exact same sort of thing.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Rick Kingslan
Sent: Friday, June 10, 2005 11:30
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] mstsc
/console switch for non admins
joe,
Yeah, you
had to know it was
I understand the reason for your request. And, it's admirable that you want
to insightfully inform your user base.
However, looking for live virus or Trojans is not the way to do it. If one
wants to show how things can go horribly wrong, controlled environment or
not, this is likely a good start
Yep. Have used it for application and web services load balancing. Also
have used the Cisco CSS.
As long as your Engineer knows the traffic to look for, the destinations,
and if it is to be statefull or stateless - then it will work.
Obviously, the LDAP on 389 is not the only thing to take into
arm,
soapy water for at least 60 seconds when finished... Etc.
Joe Pochedley
A computer terminal is not some clunky old television
with a typewriter in front of it. It is an interface
where the mind and body can connect with the universe
and move bits of it about. -Douglas Adams
-Original Mess
hen discussing these sort of
things. This would make the discussion more "real world"
like.
/Guido
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Samstag, 11. Juni 2005 05:30
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Title: Using AD Sizer
See inline below…..
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark
Sent: Monday, June 13, 2005 12:11
PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Using AD
Sizer
I’m
trying to run through the Microsoft-p
Though I know that there will be as many opinions as people on this list as
to the subject, my preference is from Microsoft themselves. They have
developed a very comprehensive Security Configuration guide which includes
templates that mimic the best practices from the guide, as well as other job
OK. We now have the Dean and joe version of what is happening. I'm good
with it.
So, why is Tom's LastKnownParent blank? Now I'm interested.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 14, 2005 9:58 PM
To: ActiveDi
Title: LDAP performance
Nice machine name….. descriptive, to be sure.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 14, 2005 8:04
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP
performance
From port 42217?
joe said:
“I am a bit tired and a little high from sniffing tile adhesive”
And, then later emoted:
“state how to make it performant without listing by name every other
mailbox server by full”
Looking at the first statement, and the
LACK OF COMPLETENESS to the second, I think the f
Maybe they need an 8-way, or more than 2GB of RAM for the database that runs
on it.
Honestly, though - this has gotten way off the point. He's running MySQL,
and doesn't look like he's going to change just because we thought MSSQL is
a better fit. Or not
Rick
-Original Message-
Fro
eiros
Former CIS instructor
San Jose City College
---
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan
Sent: Wednesday, June 15, 2005 4:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Passwords
Yes – you’re correct in that you can set this on a per OU
basis with GPO. As Jorge points out, make sure that you are complying by
the processing rules of the GPO list so that your settings are not reverted by
another GPO inherited to that OU.
Rick
From:
[EMAIL PROTECTED] [
Guy,
Though it might seem trivial, it's not really easy in any way. If you're
not in mixed-mode, or have child domains - forget it (IIRC). You've passed
the last bastion of 'easy' in a hard process.
The way to do this, and not have tons of lingering issues is to demote all
other DCs back to mem
hope his
manager will give him time off to recuperate ( I rather have the time off
then a small bonus any day ).
Peace,
Jose :-)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan
Sent:
láfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Thu 6/16/2
Tom,
I think what Ravi
is saying that this is a client side issue, and given the information on this
event – he’s likely as right as anyone else is going to be, given
the information. The problem with the 20159 event is that anytime anyone
disconnects, a 20159 can be generated. So, it
Heh…. I see that Dean has
already answered this, so I’m most interested to see what the “Wizard
of the Shell Script” has come up with….
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Saturday, June 18, 2005 6:00
PM
To: ActiveDir@mai
TECTED] On Behalf Of Rick Kingslan
Sent: Sunday, June 19, 2005 1:23
PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] FW: Batch
Script Fun
Heh…. I see that Dean has
already answered this, so I’m most interested to see what the
“Wizard of the Shell Script” has come up with….
Rick
Fully agreeing with what ~Eric and Nazim states, another way to do this and
lessen the security risk SLIGHTLY is to feed the password in as a parameter
OF the startup script, rather than as part of the script in the first place.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMA
Could we get some more detail on that? I've used Hyena, but I'm not sure
how to use that in a scripted fashion.
Thanks!
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Haaker, Chris
Sent: Monday, June 20, 2005 11:57 AM
To: ActiveDir@mail.activedir.
However, this solves part of the problem, yes? Seems that this won't
prevent the closing of Windows Explorer windows... But, I could be wrong -
I haven't tried it. :-)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Tuesd
Yep - what assist do you need, or what information related to it?
Happy to help
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose
Sent: Tuesday, June 21, 2005 6:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT] Fil
Andrew,
Really interesting problem that you're experiencing here. I can't say that
I have seen this, but I would say in my experience I've worked with a few
multi-tree and multi-forest scenarios. Both the multi-tree and forest would
naturally use a different DNS namespace for each tree or forest
27;s in.
I thought it might be similar to how the default for unqualified hostname
resolution in windows is to "Append parent suffixes of the primary DNS
suffix". So if the trusted domain doesn't happen to be in parent suffix it
never looks there. But that's just a guess
Nathan,
Typically, the change of IP address, subnet, default gateway and associated
DNS entries will take care of most of what you need.
However, there is one more thing that needs to be done. Pull up a command
prompt on the DC that you've re-IPed, and type this at the prompt (in its
entirety:
Justin,
My experience with this is simple: Sometimes, trusts fail. And, then the
existing elements no longer work. It sucks, but it's true. You can reset
and verify, you can NETDOM it to death - it's physically there, but no trust
is home.
As long as your WINS entries, DNS and/or LMHOSTS file
still no good. No errors in the event logs to
post, I get the following message when I try to choose a name or group
from the domain
The specified domain either does not exist or cannot be contacted.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
ears back. test
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan
Sent: Wednesday, June 22, 2005 8:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir][OT] File copy with security intact
Yep - what assist do you need, or what info
Yeah Those are fun, huh Mark? ;o)
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Thursday, June 23, 2005 6:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Cannot Contact Domain over External Trust
I had an is
Charlie,
Can you post the rest of the USERENV log? There should be some more lines
after the:
USERENV(e8.8338) 17:04:15:113 GetDeletedGPOList: Finished.
For all intents and purposes, the call CheckForGPOsToRemove does exactly
what it says. They next line enumerates the GPOs that need to be rem
**
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
> Sent: Thursday, June 23, 2005 6:17 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Group policy question
>
> Charlie,
I initially started looking at this from one viewpoint, and then I began to
think about slow link detection.
You've taken traces to determine the size... What is the return message
from ICMP when this large packet is detected by the PIX? Or, does the PIX
just discard it?
If the PIX is discard
Title: Advertising RPC services - best practices
Neil,
What are
you trying to restrict? Access to the App, access via RPC, or access via AD?
I can help, but the scope is pretty big at this point.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Ne
ok at a Cisco Pix config.
guide didn't show it where I would have expected it, either in the
access list commands or in the icmp command.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, June 24, 2005 8:23 AM
To: Ac
Tool from Sysinternal at Winternals
http://www.sysinternals.com/Utilities/TcpView.html
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A.
Sent: Friday, June 24, 2005 11:27 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [Active
Wow! They do that at your company, too? And here I thought *I* was the
ONLY one with a non-communicative, dysfunctional network engineering group.
Huh. Well, that ruins all of my 'these are the worst EVER network folks'
excuses. You've just matched me!
;o)
Rick
-Original Message-
Fr
IIRC, the trusts are defined and stored as GUIDs. So, determining the GUIDs
are going to make it much easier to determine where the information is
stored. Let me poke around a bit.
As I mentioned yesterday - things are a bit frantic right now, so I might
not get to it today. But, soon the rush
Noah,
I suspect
that you’re missing a root certificate. Review your process of
creating and importing the certificate into the certificate store to ensure
that you, in fact, did have and use the proper Root CA, and
that it’s in the correct store.
Ironically,
(and I know that this is
uot; The usage of an
intermediate certificate thus provides an added level of security as the
Certification Authority (CA) does not need to issue certificates directly from
its CA root certificate.
From: Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 25, 2005 1
Yes, I do. But, his question had nothing to do with "Is it right or not?"
I count on joe to totally over-react to such things!
:op
But, just for the record, I don't condone in any way the overuse or the
mismanagement of advanced privileges and rights for convenience in any way,
shape or form.
I
Yep - it *IS* very cool. Guido showed us this during a Pre-Conference
session at this year's Directory Expert's conference.
However, I should note that even though there were many requests, Guido
flatly REFUSED to give away free copies to all attendees.
Guido is not very generous[1] ;o)
Ri
In all honesty, just because it's in a KB does not make it less confusing or
misleading. There are many procedures and policies that make no sense at
all - they just haven't been changed, clarified or deleted.
I'd suggest that everyone just take a deep breath.
Rick
-Original Message-
Fr
quent visitor to the
list with this change of job.
Also - please don't post replies to the list. Send them to me directly.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Friday, July 01, 2005 12:52 PM
To: ActiveDir@mail.
Mike,
I agree with what you are saying, that from a best practices standpoint, one
SHOULD eventually remove the old CNAMEs.
However, the point of this discussion seems to be centered around what will
or will not cause problems with replication. Old CNAMEs pointing to
deprecated DC GUIDs is not g
Tom,
Minimal mode would be Mixed. Operations that you might attempt that aren't
supported in your current mode will fail. e.g. Trying to use DSADD to
create a Universal Group in a mixed mode domain.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
gt; can learn things here that you won't find anywhere else. We have a ton of
> well known authors, Microsoft employees from
> PSS(ROSS/CPR/Other)/MCS/Dev(AD/JET)/Enterprise Computing, some of the top
> consultants in the industry, programmers, admins (from the smallest to the
> la
Tom - you do not have to have Win2k3 DCs to use the DS commands.
However, I think there are a lot more reasons to run Win2k3 than just being
able to use the DS commands.
I trust that wasn't your only decision criteria. I would hope that the
Security improvements, the reliability, the performance
Or a Windows XP against Win2k.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Saturday, July 02, 2005 2:48 PM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Ds commands
exec
Jenn,
New to me, I have to admit. I haven't seen that behavior - nor have I
specifically tested for it, either. I might be able to look into it a bit
further, if I can find a suitable external.
Now, when you say EMC, are you saying like a SAN or a NAS head? Or,
something not mentioned?
Rick
Steve,
As someone who knows quite a bit about AD and LDAP, but am just now getting
my arms around the Exchange juggernaut (there is s much more to know
than I even imagined I am awed by Exchange Guru's much like I'm
sure that they are awed by us) I'd wonder if this could be written as
However, seeing joe's reply - go with his suggestion. He's got a better
instinct for this stuff than I do. But, strangely he's not an Exchange whiz
kid either funny, that.
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ric
The ADSizer is still the 'first shot, best guess' tool for the newer
technologist working with AD. Given 3 - 6 mos. of experience with AD, one
should be able to determine for themselves what 'Best Practices' for their
given environment should be.
The basic problem with the ADSizer, as I see it, i
How about: (and maybe not in this order)
1) Install a test environment - test patches before implementation
2) Patch half after compatibility and performance, then patch the others
within 48 hrs. (less, if you're feeling comfortable or the patch is of a
very critical and high risk category)
3) Get
ing. I was just recently promoted
to server administrator of about 30 servers. What would be the easiest
way to make sure a patch doesn't interfere with Exchange, SQL, IIS, etc?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: T
No, not really. Up to the close date for inclusion INTO a SP (and there are
LOTS of factors that affect what does and doesn't make the SP) will be in
the SP.
If we assume that the close date for a given SP is D\M\, and the SP is
SPx, then any patch released after the date is either post SPx, o
untain
Sent: Tuesday, July 05, 2005 6:11 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Windows 2003 Shadow Copy
We are using an AX100 EMC external device.
Thanks
Jenn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
I would strongly advise against doing this. If there is nothing available
that can proxy the incoming requests, then the solution needs to be
re-engineered with Security in mind.
Given your industry, HIPPA is very, very clear on matters of accidental
disclosure when reasonable measures could have
Antonio,
At the time that you decide to introduce Windows Server 2003 DCs into an
existing Windows 2000 domain /forest, there is the initial requirement to
upgrade the schema.
You must run adprep /forestprep and domainprep to be able to support the
inclusion of a 2003 DC.
However, running forest
Dean,
My process
(and I highly suspect that Brain’s will be the same) is that I have a
base MEMBER SERVER image of Standard and Enterprise
under our VLK (well, this would all be past tense now, I guess…). I
deploy the base image of the selected version out to a system, then add feature
D] On Behalf Of Rick Kingslan
Sent: Saturday, July 09, 2005
11:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Sysprep
Win2k3 Servers...maybe a DC?
Dean,
My
process (and I highly suspect that Brain’s will be the same) is that I
have a base MEMBER SERVER image of Standard and Enter
Title: [ActiveDir] DFS Client for Mac and UNIX
At the
level in which you WANT to CHANGE the permissions, is the check box to inherit
checked or not? If it is – uncheck it, copy or remove – then add
or modify ACL / ACE as needed.
However,
Dan brings up a good point – are you trying to do
With Remote Desktop, you are going to take over the machine (in the case of
XP) kicking off any logged on person in the act of taking over the machine.
Your access is the same as the credentials in which you login as.
With Remote Access, you need to receive an invitation and the user is not
kicked
min connects to their
box.
RA doesn't seem to make this as simple as vnc does, i guess.
I still wonder how as an admin you can be denied RA access to a box or need
permission. is it a local system thing?
thanks for all your help and sorry to bore you with my issues.
-Original Message-
F
301 - 400 of 1153 matches
Mail list logo