Jeff,
You could try looking at BrndLog.TXT under C:\Documents and
Settings\xx\Application Data\Microsoft\Internet Explorer (x is the
username)
It gives a detailed log of the IE processing and might give you a hint of
what is happening.
Alan Cuthbertson
Policy Management Softwar
Hi Charlie,
If it is a user registry setting (other than Binary) there should be no
problem with a custom ADM template.
Can you explain what registry key it is and exactly what is not working?
Alan Cuthbertson
- Original Message -
From: "Charlie Kaiser" <[EMAIL PROTECTED]>
To:
Sent: S
a, Johnny" <[EMAIL PROTECTED]>
wrote:
>
> I mean, if I use the check box to "user must change password at next
logon"
> our users whose only way into the domain is OWA will not prompt them to
change
> their password... Unless I am missing something.
>
> Thanks
&g
Johnny,
We do exactly what you suggest, change the password and set the "user must
change password at next logon" and they are able to change it, even within
the "password cannot be changed period".
What do you mean by "that would effectively lock out the OWA only users"?
Alan Cuthbertson
P
Hi Peter,
It could be NetBiosName that I am looking for. I tried it on my domain, but
it had no value. However that could be because my domain was not built pre
Windows 2000. I will try it on the offending domain and see what it returns.
Alan C
- Original Message -
From: "Peter Jessop"
Title: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Hi Michael,
Thanks for the response, But it isn't quite what I
want. The code you give gives the NetBios name of the
logged on user. I am trying to find the NetBios name
for another domain.
I have tried enumerating all machines on the doma
Title: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
Hi,
I have a requirement to determine the machines
that are currently online for a particular domain. I use the Net View
command and give it a domain name such as:
Net View /Domain:DomName
Since I know the Fully qualified Domain
name A
Douglas,
The key is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
DisablePasswordChange =1.
Further Information is available from
http://support.microsoft.com/?id=154501
Alan Cuthbertson
- Original Message -
From: "SysPro Support" <[EM
Douglas,
There are some registry settings that turn of password changes on the
machine. This means that since the machine password is always the same you
can simply reinstate the image and it will still be part of the domain. Not
sure of the keys though, will check at work today.
When we first in
AD expert and i'm sure joe or al or gil or any of the
other much much more knowledgable people will jump in and correct the hell out
of me.
i apologize if i've confused you
more. thanks-Original Message-From: SysPro Support
[mailto:[EMAIL PROTECTED]Sent: Thursday, May 19,
Tom,
This is not the way I thought it worked (but I may have misread what you are
saying or I may just be wrong!)
I thought that if Loop back processing was active on the machine as Replace,
when the user logged on, they received the policies as if they were members
of the Machine OU.
If Loop ba
Hi Jeff,
Can't think of anything immediately. When you say
" Its saying security filter" are you
getting that from the UserEnv log, or somewhere
else?
I always find it useful to activate full logging
and then read the UserEnv.Log in %windir%\debug\usermode to find out what is happening (
Justin,
I would agree... it should all work. One way of debugging this is to look at
the article here. http://www.jsiinc.com/SUBH/tip3700/rh3799.htm
It explains how to enable logging and creates a log that shows everything
that is happening as the policies are applied in the machine. It's a bit
m
Hi Steve,
What sort of Registry keys do you mean? When
you say "under local Policy, a mess of registry settings are listed" do you mean
"Under the registry key \Machine\Software\Policy" or are you somehow looking at
the registry keys that are being applied via Local Policy. If the latter, h
Does anyone know of some software that formats
UserEnv.Log into an intelligent format?
Alternatively, does anyone know of documentation on
how it is formatted, so I can write my own program? (I would even post it
back here for general use!)
I have spent a lot of time crawling through this
I am interested in the comment that OU's are a better way to manage Policies
than using group based filtering. Is this for performance reasons,
management reasons or safety reasons?
I could see a very small improvement in performance, using OU's is a little
easier to see what is going on and it is
These things are notoriously tricky, cos there are so many things to go
wrong.
have you check in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group
Policy\History to check that the policy is actually being applied?
Alan Cuthbertson
Policy Management Software:- http://www.sysproso
Title: Cross forest policies - boxes in Win2k domain, users in win2k3 single domain forest
Hi Stephen,
LoopBack processing should do the trick. Basically
it says "Apply the policies using the user's Group membership as if he was a
member of the OU that the Citrix server belongs to". You can
, one for each policy applying IE settings. This shows the policies
and the order they apply which may give you a hint.
Also, you can get into a mess if you apply policies both via the IE
extension and via the ADM extension
Alan C
- Original Message -
From: "SysPro Support&quo
David,
>From your description I can't see any problem, but these things are often
more complex than you think. Maybe another policy is inadvertently setting
it. I have just started marketing a program for interrogating Policy
configurations and it should tell you exactly what is going on.
Feel fr
I think you can go in to Local Group policy on the
machine and set it. However, if the machine is on the domain, you will need to
take steps to ensure the global policy doesn't override it (e.g. make the
machine a member of a group and then make the group No Apply for the Domain
policy)
I
Anders,
We market a product call PolMan that will produce a
report of all settings that are enabled within your AD Policy. It provides a
list of all entries with columns for the Policy name, the extension type, key
name etc.
We also market a nice little ADM Template editor.
Feel free to
Robert,
As a general rule, replacing ADM templates can be a problem if you already
have some policies set since you can get left with "orphan" entries.
You can see this effect by setting a policy, then removing the ADM file. it
looks like the policy is no longer set. If you then add the ADM templ
23 matches
Mail list logo
