MDSF

Forum Replies Created

Viewing 29 posts - 1 through 29 (of 29 total)
  • Author
    Posts
  • Avatar
    MDSF
    Member
    in reply to: File Replication #377441

    Re: File Replication

    Ossian;256795 wrote:
    @techmatrix
    Among other “problems” we have had here are people posting masked URLs to malware etc, hence we prefer (actually require) unmasked URLs so people can see where they are linking to

    Since all that is required is a copy/paste, there should be no problem doing so.

    Yes, I understand. Thanks for the suggestion, I will follow it.

    Thank you

    Avatar
    MDSF
    Member
    Avatar
    MDSF
    Member

    Re: How to publish certain application to certain user in terminal server environment

    Albertwt;256779 wrote:
    ok, so how do I package or put the installation file ?
    do I install the application first on the terminal server or configure it in the GPO ?

    You should go for GPMC. For the case you are in, set up one group policy, All Users, for all of the users connecting to the Terminal Server, and App1, for users getting the first application and so on. You can make your applications used by the only those users whom you will permit.

    Read the complete details here:
    http://www.windowsecurity.com/articles/windows-terminal-services-run-single-application.html

    Follow the articles which talks about the same scenario.
    Update community, for further help.

    Thank you

    Avatar
    MDSF
    Member
    in reply to: SMS Notifications #377438

    Re: SMS Notifications

    If you disable MWI on a UM mailbox policy, MWI will be disabled for all UM-enabled users who are associated with the UM mailbox policy. Thus, disabling MWI can disable MWI for all UM-enabled users associated with a single or multiple UM dial plans or a single or multiple UM mailbox policies. If you enable or disable MWI on a UM mailbox, you can affect large groups of UM-enabled users in your Exchange organization.

    Avatar
    MDSF
    Member
    in reply to: Permission to run a software #377437

    Re: Permission to run a software

    ususim;256578 wrote:
    Hi guys,

    I installed a software on a laptop, the software needs administrator privilege to use, but the problem is i don’t want to grant the administrator privilege to the user due to security concern. Is there other way to come around this?

    The message is “You must be a member of the Administrator group to configure xxx applications.”

    Thanks in advance.

    You can do one thing, assign administrative rights to user for only one application.
    program files> application>right click>properties>security> select user and give the required permissions.

    Hope it helps you.

    Thank you

    Avatar
    MDSF
    Member
    in reply to: File Replication #377436

    Re: File Replication

    ghowey;256658 wrote:
    Hi, I need some advice or recommended best practice for file replication. I manage two sites under one domain permanently connected via VPN, let’s call them “Site A” and “Site B”. Both of these sites have File Servers, let’s call them “File Server A” and “File Server B”. Domain Controller are in place at both sites. These locations are geographically close to each other and frequently users may be at either site. I wish to implement a GPO to redirect each user’s documents to a file server. If they are at “Site A” I want to redirect “My Documents” to “Site A File Server”. If they are at “Site B” I want to redirect “My Documents” to “Site B File Server”. I can then implement DFS Replication to synchronize redirected “My Documents” folders so they will be updated across the domain. Implementation of redirected “My Documents” to associated File Server is my problem. It is very easy to redirect “My Documents”. I do not see how to redirect to the site related file server. Any help or advice would be appreciated.
    Thanks, Greg Howey.

    I am giving you a step by step guide for this redirection process. Apply this at both the ends. Read and follow carefully. It is a pdf document.

    Hope it helps you.
    Update again.

    Thank you

    Avatar
    MDSF
    Member
    in reply to: Permission to run a software #377435

    Re: Permission to run a software

    ususim;256578 wrote:
    Hi guys,

    I installed a software on a laptop, the software needs administrator privilege to use, but the problem is i don’t want to grant the administrator privilege to the user due to security concern. Is there other way to come around this?

    The message is “You must be a member of the Administrator group to configure xxx applications.”

    Thanks in advance.

    This is a bit tricky now. Giving admin privileges for only one application, will work in this case. Microsoft does not allow such scenarios but using some third party tool it can be done. I am not sure about any tool but I could go ahead and talk to my development team if it can be done with [MOD EDIT] STOP ADVERTISING YOUR BLOODY SOFTWARE [/MOD EDIT]. Hold on for some time on this. I will get back to you soon.

    Thank you

    Avatar
    MDSF
    Member
    in reply to: Password reset app #377434

    Re: Password reset app

    Humannetwork;256036 wrote:
    Greetings team,

    I’m looking for an AD web base AP to allow my remote delegate user to reset or unlock or disable other AD users.
    is there a app you can recommend?

    thanks,
    HN

    I don’t know about the scripts, but, LADSS does the same work. It is a web application and it allows users to reset passwords, unlock accounts, unlock accounts/reset passwords for coworkers, etc. It is a big feature list product. Also it can be customized according to your needs. [MOD EDIT]Links Deleted[/MOD EDIT]
    Hope it helps you.
    Do update us again.
    Thank you
    Anil

    Avatar
    MDSF
    Member

    Re: How do I export users from message restrictions in AD ?

    Yankz23;256562 wrote:
    Hi,

    What Id like to know is if there is a way for me to export users in the Exchange General tab from the Message Restrictions field from an account in AD?

    I attached a screenshot and circled the field I need exported.

    This is in Exchange Server 2007.

    Thanks in advance.

    The attribute that contains the information you want is “authOrig”. If you use CSVDE in a command line like:

    csvde -s -f export.txt -l “authOrig”

    You’ll get an output file where you can search for the DL name and have the information you want.
    Hope it helps you.

    Do update us again.

    Thank you
    Anil

    Avatar
    MDSF
    Member
    in reply to: JPG not showing in Forwarded Mail #377432

    Re: JPG not showing in Forwarded Mail

    swapneel;252463 wrote:
    Hi,

    We are using MS-Exchange 2003.

    Our User using mail via web access only. Whenever we received any mail with containing JPG file it Shows in mail; when we forward this mail to anyone in our group it blocks the JPG file and shows CROSS marks on files.

    Are you using GFI mail essentials?

    Update us.

    Thank you

    Avatar
    MDSF
    Member
    in reply to: Are SBS2000 Cals available anywhere? #377431

    Re: Are SBS2000 Cals available anywhere?

    You can do one thing. You can use one more SBS as a CAl within the limit of 25 and with that additional server you can use the increased CALs. I hopr you got my point. Moreover, note that SBS CALs cover access to all servers in the SBS domain _up to_ the version of SBS. They do not cover access to later version servers.
    So, SBS08 CALs cover access to anything up to, and including, Windows Server 08 (non R2).
    SBS11 CALs would cover 08R2 servers.
    SBS00 CALs _never_ covered access to Server03. (AFAICR, there may have been an exception I have forgotten)

    mugjw1;253751 wrote:
    1st Post here. I’ve been on the forum before and have found countless solutions to issues I’ve had in the past. Suffice it to say, this forum has been wonderful to me over the years.

    Here’s my issue.

    I have an older SBS2000 server with 25 cals. I cannot upgrade it since it is running software that requires it to remain in the sbs2000 environment. I need to add more Cals, but everywhere I turn is a dead end. Interested in hearing if anyone has a work around for acquiring and installing addition client add packs for sbs2000 server.

    Thank you in advance.

    Avatar
    MDSF
    Member
    in reply to: problem with authentication #377430

    Re: problem with authentication

    See the delegation of you domain all the way from the root-servers.
    The problem can be becouse for every domain controller in Your domain DNS A record is created. This is becouse some processes (like GPO) are getting access to
    some resources (for example SYSVOL) using domain name (ex.
    \domainSYSVOL… )

    Avatar
    MDSF
    Member
    in reply to: Active Directory and OpenLDAP Synchronization #377429

    Re: Active Directory and OpenLDAP Synchronization

    verve13;246881 wrote:
    Hi Anil,

    Thanks for your reply and sorry for my late response.
    Can you suggest any third party tools i can use for this sync. Thanks

    What are the specifications?

    Refer the article it may help you out.

    http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-server-2003-r2-revisited/

    Also visit the article:

    http://support.novell.com/techcenter/articles/ana20001201.html

    Thank you
    Anil

    Avatar
    MDSF
    Member

    Re: Error while creating new user on DC via Active directory on Server 2003

    yllnelaj;246819 wrote:
    heya,
    looks like netdom /fix has fixed the problem thanks soo much for your great help mate :)

    M glad your issue is resolved

    Anil

    Avatar
    MDSF
    Member
    in reply to: Re-sync old Domain controller #377427

    Re: Re-sync old Domain controller

    ITLondon;246711 wrote:
    HI,

    Windows 2003.

    Could someone please remind me how to sync a domain controller that went off-line for a couple of months in our remote office (office was shut down, now it’s open again).

    Tried repadmin but it returns DsRplicaSync Failed – the target principal name isi ncorrect.

    Assume the DNS is also out of date.

    Local server here:

    Nslookup is not returning an IP for the remote server. I can ping it fine if I add an entry in the host file.

    On the remote server, nslookup works fine (I can look servers based here)

    thanks for your help

    Hi all,
    Follow the commands:

    Disable the Kerberos Key Distribution Center service (KDC). To do so:

    1. Click Start, point to Programs, click Administrative Tools, and then click Services.
    2. Double-click KDC, set the startup type to Disabled, and then restart the computer.

    After the computer restarts, use the Netdom utility to reset the secure channels between these DC’s and the PDC Emulator operations master
    role holder. To do so, run the following command from the domain controllers other than the PDC Emulator operations master role holder:
    netdom resetpwd /server:server_name /userd:domain_nameadministrator /passwordd:administrator_password
    Hope it works now.
    Thank you
    Anil

    Avatar
    MDSF
    Member

    Re: Error while creating new user on DC via Active directory on Server 2003

    yllnelaj;246804 wrote:
    Hi all,

    Ive got a problem with my Win Server2003 that works as a DC. When i try to create a new user i get thiss error ill attach a printscreen in a link so you can see it:

    serverdcerror.jpg

    I believe you should try rebooting.
    If the problem persists I would recommend you to try the following commands
    netdom query FSMO to make sure the fsmo roles transferred as expected.
    you can run:
    netdom /fix may fix any minor problems

    Hope it works.
    Thank you
    Anil

    Avatar
    MDSF
    Member
    in reply to: Locked out users #377425

    Re: Locked out users

    Hi,

    Refer to the article:

    http://support.microsoft.com/kb/947226

    here your event id is:4740

    Thank you
    Anil

    Avatar
    MDSF
    Member

    Re: Check how many users a DC has authenticated (split from hijacked thread)

    Hi,

    If you want to see no. of logged on users on a particular DC, you can of course search the event viewer for the logon events.
    You can use scripts for such a thing. You may also have a look at LimitLogin even if you don’t want to limit logins.
    There’s no direct way to get that info, and the clients do NOT maintain a
    constant and dynamic connection to a DC. The client is authenticated to a
    given DC, receives the ticket and that’s it.
    One more thing you can do, session query on a server (such as a DC). This does not mean the corresponding user authenticated to the DC, only that they have a session (maybe they opened a file). Also, sessions can seem to START and END as sessions time out, but this is the best you can do.
    Furthermore, you can refer to the article for AD information:

    http://activedirectoryreporting.blogspot.com/

    Thank you
    Anil

    Avatar
    MDSF
    Member
    in reply to: Active Directory and OpenLDAP Synchronization #377423

    Re: Active Directory and OpenLDAP Synchronization

    Hi,

    OpenLDAP does not have any such mechanism for AD synchronization. Both have replication mechanisms, but they are incompatible.

    This can be done using any third party tool.

    Thank you
    Anil

    Avatar
    MDSF
    Member
    in reply to: Upgrade NT domain to 2008 R2 #377422

    Re: Upgrade NT domain to 2008 R2

    Hi,

    Refer the article:

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19188#Instructions

    Thank you
    Anil

    Avatar
    MDSF
    Member
    in reply to: Event log deleting (custom) #377421

    Re: Event log deleting (custom)

    Hi all,

    That is what can be done. You need to set the filters for the events you want to see. If you don’t want the logs to be saved you can just view them and leave. As the events are generated from the windows softwares, you cannot delete them. You can start, stop the events and can set the time to view the event.

    Thank you
    Anil

    Avatar
    MDSF
    Member
    in reply to: Active Directory Auditing #377420

    Re: Active Directory Auditing

    Active Directory audit logs can show you who made changes to what object attributes, but the events do not display the old and new values. For example, the audit log can show that Joe modified his favorite drink attribute in the directory, but it cannot show his previous favorite drinks or what the attribute was after he changed.
    [MOD EDIT] plagiarised from http://technet.microsoft.com/en-us/library/cc731607(WS.10).aspx[/MOD EDIT]
    Since your company size is 2000, its better to use some third party software.

    Avatar
    MDSF
    Member
    in reply to: Time Synchornization #377419

    Re: Time Synchornization

    Clients not synchronized with servers can occur if the Windows Time service has been stopped manually. To resolve this issue, start the Windows Time service.

    To start the Windows Time service:

    1. Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
    2. Type net start w32time, and then press ENTER.
    Avatar
    MDSF
    Member
    in reply to: Can I export x509 certificate dates from AD? #377418

    Re: Can I export x509 certificate dates from AD?

    To export the CA certificate on the Active Directory server, follow these steps:

    1. Log on as either a member of the local Administrator security group for stand-alone computers or a member of the Domain Administrator security group for computers that are connected to the domain.
    2. Install the certificate authority (CA) on the Windows Server, which will install the server certificate on the Active Directory server. To do so, follow these steps:

    a. Click*Start -> Administrative Tools -> Certificate Authority*to open the CA Microsoft Management Console (MMC) GUI.
    b. Highlight the CA machine and right-click to select*Properties*for the CA.
    c. From*General*menu, click*View Certificate.
    d. Select the*Details*view, and click the*Copy to File…*button on the lower right corner of the window.
    e. Use the Certificate Export Wizard to save the CA certificate in a file.
    Note:
    You can save the CA certificate in either DER Encoded Binary X-509 format or Based-64 Encoded X-509 format.
    3. To verify that SSL is enabled on the Active Directory server (Windows 2000 or Windows 2003), follow these steps:

    a. Ensure that Windows 2000 Support Tools (Windows Support Tools on Windows 2003) is installed on the Active Directory machine. Thesuptools.msi*setup program is located in the*SupportTools*directory on your Windows CD.
    b. Select one of the following:
    For Windows 2000 systems, select*Start*->*Windows 2000 Support Tools -> Tools -> Active Directory Administration Tooland start the*ldp*tool.
    For Windows 2003 systems, select*Start*->*Windows Support Tools -> Tools -> Command Prompt*and start the*ldp*tool.
    c. From the ldp window, select*Connection*->*Connect*and supply the host name and port number (636).

    [MOD EDIT]Plagiarised from http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.itame.doc_5.1%2Fam51_webinstall313.htm [/MOD EDIT]
    If the above information is not much useful, you can visit the link :
    http://wiki.powergui.org/index.php/Export-QADCertificate

    Avatar
    MDSF
    Member
    in reply to: I need to let a user edit AD #377417

    Re: I need to let a user edit AD

    You can make changes in the exchange through ACL (access control list).
    You can easily modify the limitations of any account.

    Avatar
    MDSF
    Member
    in reply to: access denied when adding computer to domain #377416

    Re: access denied when adding computer to domain

    It might be because the client uses a Lightweight Directory Access Protocol (LDAP) server or domain controller that has not yet replicated the account deletion, but does not have correct permissions to modify the account that still exists.

    To work around this behavior, use any of the following methods:

    • Use a different computer name.
    • Wait for Active Directory replication to occur, or force replication to occur by using the following command: repadmin /sync DomainDNtarget DSA GUID._msdcs source DSA GUID /force
    • Use a domain administrator account for the join process.
    Avatar
    MDSF
    Member
    in reply to: AD results for users #377415

    Re: AD results for users

    Well, you can easily search for people in your organization by name, job title, department, or any other employee attribute you could think of. But there’s a certain drawback to the results as there isn’t a friendly GUI for you to customize how the information is displayed. Instead you’ll have to edit the XSL if you’d like to change the formatting of the data. You can also include other employee attributes in the results by defining which columns in the user profile database to display such as Mobile Phone numbers.

    To customize the People Search Results:

    1. Search for a user so you can use that search result as a reference.

    2. Go to Site Actions > Edit Page

    3. Modify the People Search Core Results

    4. Under the “Results Query Options” section, there is a field called “Selected Columns.” Click into this field and then click on the “…” that appears next to it.

    5. In the Text Entry box that pops up you’ll be able to include new columns based on the columns you can reference from the user profile database. For example if you wanted to include a person’s mobile phone you’ll want to include

    6. Now you’ll be able to edit the XSL to display the phone number using something like this:

    Mobile Phone:

    Avatar
    MDSF
    Member
    in reply to: Exchange Database Recovery Errors #377414

    Re: Exchange Database Recovery Errors

    any resolution to this issue?

    Avatar
    MDSF
    Member
    in reply to: XP Pro an SP1 #218483

    :lol:

    I got it to work, no worries, you can lock this topic. Didn’t know Microsoft was so friendly these days

    The only reason I was actually looking to install SP1 was because my HD is 250 GB and it shows up as 127 GB, but with SP1 it shows up fine :)

Viewing 29 posts - 1 through 29 (of 29 total)