pjhutch

Forum Replies Created

Viewing 30 posts - 31 through 60 (of 137 total)
  • Author
    Posts
  • Avatar
    pjhutch
    Member
    in reply to: enterprise ca option is grey #312755

    Re: enterprise ca option is grey

    The server must be a member of a Active Directory domain to set up a Enterprise CA otherwise it will have to be a different level CA.

    Avatar
    pjhutch
    Member
    in reply to: Demote DC with OCS 2007 #312754

    Re: Demote DC with OCS 2007

    The admin tools and console are available as a seperate install, so when you demote the server you can still use the tools as before.

    Avatar
    pjhutch
    Member
    in reply to: Domain ug to 2k8r2 gone a little wrong. #312753

    Re: Domain ug to 2k8r2 gone a little wrong.

    A few things to check/modify:

    1. Turn off the Firewall (enabled by default on W2k8 r2)
    2. Turn off User Account Control (see User Accounts section in Control Panel).
    3. Turn on Network discovery, file sharing in the Network Centre

    Avatar
    pjhutch
    Member
    in reply to: Restore Active Directory from Tapes #312752

    Re: Restore Active Directory from Tapes

    I windows 2008 or later, you do not restore just the system state, you normally restore the entire system drive to get it back.

    I Windows 2003 you would normally reinstall Windows and then restore the system state.

    Avatar
    pjhutch
    Member
    in reply to: how to allow install Application??? #312751

    Re: how to allow install Application???

    To install applications:

    a) Your account must be a member of local administrators account. By default, ‘administrator’ is the local admin (or if a home machine, the first account created). Domain Admins are also by default members of local admins in a domain.

    b) Right click the setup.exe program and select ‘Run as’ or ‘Run as administrator’ and enter the username and password of the local admin account

    Avatar
    pjhutch
    Member
    in reply to: 2000 dc —> 2008 dc???? #312750

    Re: 2000 dc —> 2008 dc????

    Yes, if you keeping the same DNS name and Domain name then rights will be the same as before.

    As for the FSMO roles, you can transfer them using the AD management consoles:
    AD Users and Computers – PDC, Infrastructure, RID master
    AD Schema – schema master role
    AD Trusts and domain – Domain naming role

    You can also use the NTDSUtil tool from the command line to transfer roles.

    Avatar
    pjhutch
    Member
    in reply to: Deploy Windows 7 with WDS #312749

    Re: Deploy Windows 7 with WDS

    Yes, you will need one and probably volume licenses for Windows AND Office.

    If they are used on company premises, you can also get a KMS server to look after licenses automatically.

    Avatar
    pjhutch
    Member
    in reply to: Linux Domain to new WinServer03 Domain?? #312748

    Re: Linux Domain to new WinServer03 Domain??

    1. CLients will be able to login to their existing PC with cached credentials, although they will not be able to login to a PC they have not logged in before and will not be able to change passwords.

    2. Once the Windows 2003 domain is built you will need to re-add the PCs to the new domain and setup all the user accounts from scratch (or import them from a CSV file using CSVDE tool).

    3. After accounts are set up you need to get user’s to login with their new Win 2003 accounts and make sure they have access to any resources they require.
    Also, their old windows profile may need copying across to new account as well.

    Avatar
    pjhutch
    Member
    in reply to: Multi Domain Setup #312747

    Re: Multi Domain Setup

    No, you do not need to set up a new forest unless your company has changed name or something.

    A Second DC is fine by just running DCPromo on a new server and give it time to replicate data across (48 hrs is usually enough).

    Avatar
    pjhutch
    Member
    in reply to: Migrating from Windows 2003 to 2008 #312746

    Re: Migrating from Windows 2003 to 2008

    You do not mention if the migration is to new hardware or back to the same hardware?
    You will need a fourth server, so that you can swing applications and services to that server so that you can swing them back to the rebuild server.

    1. For the DC, all you need to do is run DCPromot.exe and allow it to replicate. Also move the GC and FSMO roles across. I would give it 48 hours to fully replicate before wiping the original.

    2. For Exchange you need all roles (mailbox, owa etc) set up on a second server, then move mailboxes, public folders and system folders across before you can decomission the original (uninstall).

    Exchange 2003 will NOT work on Windows 2008 x64, it will only work on a 32 bit OS, unless you upgrade to Exchange 2007!

    3. SQL is more straight forward. Backup the database and logs. Install SQL on new server, restore database back and setup users and permissions agains and any SQL jobs.

    4. WSUS can work just fine as it is.

    Avatar
    pjhutch
    Member
    in reply to: legal grounds for AD Schema modification #312745

    Re: legal grounds for AD Schema modification

    Yes, you do need to have your own ODI number for custom classes and attributes for AD.

    A unqiue ODI is requirement to prevent your ODI from conflicting with other ODI by other companies esp. if you plan on selling the solution outside of your organisation as schema changes cannot be removed.

    If youe ODI conflicts with another ODI and messes up their AD domain, then I would consider it to be the purchases rights to damages as they would have to restore their AD from scratch – not a thrilling prospect for any organisation.

    Getting an ODI is free of charge and only takes a couples of days to complete. I got mine from http://www.iana.org. They call them PEN numbers (Private Enterprise number).

    Avatar
    pjhutch
    Member
    in reply to: Problem downloading Word attachments #312744

    Re: Problem downloading Word attachments

    You need to remove all references to the .doc, .xls, .ppt and the .docx, .xlsx file types from registry so that you can save them to disk.

    Use a tool called FileTypesMan from http://www.nirsoft.net/utils/file_types_manager.html to make it easy to remove them.

    Avatar
    pjhutch
    Member
    in reply to: reinstall/repair exchange on sbs2003 r2 #312743

    Re: reinstall/repair exchange on sbs2003 r2

    Deleting transaction logs is usually NOT a good idea as it makes it harder to get them back into a clean state and you will likely loose recent email.

    To repair databases use the ESEUTIL /R log or ESEUTIL /P dbname.edb tool.

    Avatar
    pjhutch
    Member

    Re: Push Printer using the Printer Management in Win2008 R2 64 bit

    You can remove old printer connections from the registry:

    HKLMSoftwareMicrosoftWindows NTCurrentVersionPrintPrinters

    using a local Administrator account.

    Avatar
    pjhutch
    Member

    Re: Help required for SMTP Server Installation on Win 2008 R2 Standard Edition

    It depends what SMTP is for. I would consider locking it down. Turn off Anonymous connections and / or restrict access by IP address so it cannot be used for malicious purposes.

    Avatar
    pjhutch
    Member
    in reply to: Win 7 in domain, local admin #312740

    Re: Win 7 in domain, local admin

    Yes, I would create a new account and make it a member of the local Administrators group. Give a non-standard name so its hard to guess and use a complex password (Mixed case letter, and at least one digit and symbol).

    Avatar
    pjhutch
    Member
    in reply to: Language support in windows 7 #312739

    Re: Language support in windows 7

    Open the file in Notepad and then try changing the font to a Hebrew fornt via Format, Fonts menu.

    Avatar
    pjhutch
    Member

    Re: event viewer empty for some logs (file replication service, forwardedevents)

    FRS should be enabled on the DCs so that it can replicate the SYSVOL DFS share to other DC servers. It is also used when configuring a user Distributed File Share (DFS).

    For Forwarded Events, you need to configure computer:
    http://technet.microsoft.com/en-us/library/cc748890.aspx

    Avatar
    pjhutch
    Member
    in reply to: Adding domain user to local administrator group #312737

    Re: Adding domain user to local administrator group

    You may have a GRoup Policy that is applying ‘Restricted Groups’ which may be overwriting local settings. Check with the administrator of the OU that the user is located in and see if you need either adding to the Group Policy or a domain group that the user needs to be a member of to get local rights.

    Avatar
    pjhutch
    Member
    in reply to: Restore Active Directory database problem #312736

    Re: Restore Active Directory database problem

    There is no need to do a non-authoritative restore, you just needed to do an authoritative restore and use ntdsutil to state which part of the domain you need restoring, then that bit of the tree is ‘authoritative’ and should NOT be overwritten.

    Avatar
    pjhutch
    Member

    Re: edit disabled: how do I edit the Default Domain Controllers Policy??

    MAke sure that you are either a Domain Admin or Enterprise Admin and a member of the GRoup Policy Editor group (or whatever the name is) to edit it.

    Avatar
    pjhutch
    Member
    in reply to: Windows 7 …a Netbeui problem! #312734

    Re: Windows 7 …a Netbeui problem!

    Maybe you are going to from the wrong angle. Maybe you should replace the aging CNC machine with a new one.

    Or maybe have one Windows XP machine with Netbeui AND TCPIP installed, then other machines in the office can talk to the XP machine (you can use Remote Desktop or VNC onto it) and leave it just to talk to the CNC machine….

    Avatar
    pjhutch
    Member
    in reply to: Cannot install net 3.5 framework on vista #312733

    Re: Cannot install net 3.5 framework on vista

    Try the solution in this thread:
    http://social.answers.microsoft.com/Forums/en-US/w7programs/thread/a817cbf7-77b0-4b75-978c-ede598573ec1/

    Avatar
    pjhutch
    Member
    in reply to: Win 7 Will Not Network With WinXP #312732

    Re: Win 7 Will Not Network With WinXP

    Check that the firewall is not enabled on the Windows 7 PCs or make sure that your LANs are trusted on the Win7 machine (both IPv4 and IPv6 networks).

    Avatar
    pjhutch
    Member
    in reply to: Missing Files when I logged in. #312731

    Re: Missing Files when I logged in.

    Three things could have happened.

    a) You have logged in with a different account.
    b) You have logged in and been given a temporary profile (it will tell you this when you logged in).
    c) Your existing profile is missing or it has been corrupted and been given a completely new profile.

    Logout of your account. Login with an Administrator account (diff. from your own) and look in C:Users. Check to see if your account profile is still listed or it may have created a second profile e.g. name.domain or name.computername.

    Backup the profile(s) to another location e.g. C:Backup and remove the old profile from c:users. Login again as yourself and you will get a new profile. Copy data and settings from AppData that your require from the old profile in c:backup.

    Avatar
    pjhutch
    Member
    in reply to: Restore registy from DOS #312730

    Re: Restore registy from DOS

    Windows does make a backup of the registry in a folder called c:Windowsrepair (or windowssystem32repair).

    You can then copy the SOFTWARE, SYSTEM and possibly SECURITY registry hives back to the c:windowssystem32config folder.

    Although this is not necessarily a recommended approach. Best way is to regularly backup the System State and restore that back, to restore registry.

    Avatar
    pjhutch
    Member
    in reply to: Sysprep with XP Image on HP #312729

    Re: Sysprep with XP Image on HP

    On Windows XP, when you extract Sysprep from the Deploy.cab file, you also get a setup manager program which you can create a Sysprep.ini which you can configure your sysprep image, you may also include the Windows XP key so new PCs deployed with the image get it automatically.

    Avatar
    pjhutch
    Member
    in reply to: prevent Workgroup client get ip address from DHcp #312728

    Re: prevent Workgroup client get ip address from DHcp

    THere are three ways:

    1. You can disconnect the workstation from the network completely.

    2. You can give the workstation a static ip address via its tcpip properties.

    3. You can ‘Reserve’ an IP address in DHCP so that it always gets the same address and not a dynamic address.

    Avatar
    pjhutch
    Member
    in reply to: public folder contents won’t migrate to new server #312727

    Re: public folder contents won’t migrate to new server

    In Exchange 2003 System Manager, make sure that the new Exchange 2007 security groups have permissions to read/write the public folders on the Exchange 2003 server (see the Security tab), as they may not be set by default.

    Also, I sometimes find it easy to force replication by selecting each folder, right click and tell it to replicate items from say 10000 days ago so to include all items.

    Avatar
    pjhutch
    Member
    in reply to: Certificate #312726

    Re: Certificate

    You will need to configure the internal/external site names on the CAS server to match the name on the certificate for the errors to disappear:

    See this article:
    http://www.amset.info/exchange/singlenamessl.asp

Viewing 30 posts - 31 through 60 (of 137 total)