spinmind

Forum Replies Created

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • Avatar
    spinmind
    Member
    in reply to: User Must Change Password at Next Logon Access Denied #378521

    Re: User Must Change Password at Next Logon Access Denied

    Sure. Basically, the following permissions were granted to the service account being used on the target OU:

    Create User Objects (This object and all descendant objects)
    Read/Write All Properties (Descendant User objects)
    Reset Password (Descendant User objects)

    What I found was that granting the Read/Write All Properties, or more specifically the Read/Write pwdLastSet permission, would not work unless the Reset Password permission was granted as well.

    In my case, I used Read/Write All Properties because I was setting various other attributes during the account creation process. However, if you are just looking to script the unchecking of the User Must Change Password at Next Logon or attempting to delegate that ability, you would simply need to grant the following permissions:

    Read/Write pwdLastSet(Descendant User objects)
    Reset Password (Descendant User objects)

    In addition, I believe this should work fine in a 2008 domain. However, in a 2003 domain I read a Microsoft Knowledge Base article that stated you may need to modify the DSSEC.DAT file to delegate the pwdLastSet right. See link below.

    http://support.microsoft.com/kb/296999

    Avatar
    spinmind
    Member
    in reply to: User Must Change Password at Next Logon Access Denied #378520

    Re: User Must Change Password at Next Logon Access Denied

    I got a tip from someone on the permissions aspect and it helped to resolve the issue. Thanks all.

    Avatar
    spinmind
    Member
    in reply to: VBS GPO Logon Script Not Executing Properly #378519

    Re: VBS GPO Logon Script Not Executing Properly

    Thanks again for all your help Rems. I’ve been out of the office for a few days, but I will give this a try now that I’m back. Your help has been greatly appreciated!!

    Avatar
    spinmind
    Member
    in reply to: VBS GPO Logon Script Not Executing Properly #378518

    Re: VBS GPO Logon Script Not Executing Properly

    Thanks again for the help and all the info you provided Rems. Scripts appear to be working very well. Only issue I ran into was that after throwing a couple jobs in the virtual queue, the logoff script does not appear to be able to delete the port, which is not a major issue as the jobs still get cleared and printer gets removed. I get an error message stating “Object doesn’t support this property or method: ‘objPort.delete’ ” From doing a little research it looked like that may not have been a valid method of removing that port, even though I see it mentioned in some other scripts. Curious if you ran into this as well? Again, thanks!! :-D

    Avatar
    spinmind
    Member
    in reply to: VBS GPO Logon Script Not Executing Properly #378517

    Re: VBS GPO Logon Script Not Executing Properly

    Rems, I checked the computer setting you mentioned and already have it set in the computer GPO applied to my test machines. I am now currently testing your scripts via the user GPO and they appear to be working as expected. Thanks so much for your assistance! Was there anything you noticed that may have been causing the issue via my original scripts? I noticed you tweaked the scripts to do the same thing, but a little differently. I am just curious if there is something inherently wrong with the way I attempted to implement it? Again, thanks so much. I really appreciate your assistance! :-D

    Avatar
    spinmind
    Member
    in reply to: VBS GPO Logon Script Not Executing Properly #378516

    Re: VBS GPO Logon Script Not Executing Properly

    Hi Rems. The users in question are local admins, but locked down through GPOs. I am almost wondering if there is a setting that is locking down the user experience preventing this action from occurring. That is the current theory I am investigating. Thanks for the reply.

    Avatar
    spinmind
    Member
    in reply to: VBS GPO Logon Script Not Executing Properly #378515

    Re: VBS GPO Logon Script Not Executing Properly

    Hi Scott. Thank you for the reply. This is truly baffling me as from everything I can tell, it should work. It is indeed set up as a user logon and logoff script and linked to the OU that the user accounts reside in. Also, as I stated before, the script is running because the echo statements I placed as a test each come up on logon. However, the port or printer never gets created. Also, if the printer is already setup prior to logging in, the logon script will successfully set the default printer as expected. And the thing that kills me most is that if i just run the scripts manually, everything works perfect.

    Avatar
    spinmind
    Member
    in reply to: Install Exch2003 on Windows 2000 Domain #251226

    Re: Install Exch2003 on Windows 2000 Domain

    You are absolutely right! I knew what you suggested from the very beginning, still I preferred not to do any changes on the 2000 domain servers.

    That’s why I tried to find some other way to have access to the AD schema data.

    Do you have a more clear view of the situation now?

    Thanks again :D

    Avatar
    spinmind
    Member
    in reply to: Install Exch2003 on Windows 2000 Domain #251225

    Re: Install Exch2003 on Windows 2000 Domain

    As a matter of fact I didn’t. I will try and get back – hopefully with good news!

    Thank you very much :)
    8)

Viewing 9 posts - 1 through 9 (of 9 total)