GPO to remove lock workstation option

Tutorials Win: Microsoft Windows Forum

- Previous
  - 1
    - LimitLogin 1.0 Installation Problems Hello I am currently trying to install LimitLogin 1.0 from Microsoft on a test domain. The installation went smoothly and both IIS and AD .msi both ran without any errors. My current problem is that no information seems to be sent from the client to the AD database. I have come to this conclusion because when examining a test user via the AD console. Tt states that no login information was found for the test user. Even though I have personally log in as this user. I have made sure that the login logoff scripts are ran whenever the test user is log into a computer. I am suspecting that something is stopping the data from going from the client to the server. But I have no clue where the problem truly lies. Has anyone ever experience this problem or knows how to solve it? I have the following IIS settings set up. But I do not know if these are the correct settings. IIS settings WSLimtLogin IIS Server is set to read write and directory browsing I have Enable Anonymous access I have checked the Integrated windows authentication Tag: GPO to remove lock workstation option Tag: 128410
  - 2
    - adaminstall.exe answer file Can I add my own LDF to the adaminstall.exe answer file? I tried but the installation just quits. Tag: GPO to remove lock workstation option Tag: 128403
  - 3
    - DHCP Hello techies, My DC is the only DHCP in our subnet and we have 2 gateways to connect to the data centre.My idea is to utilize both the links(2 gateways)...loadabalance them or rather utilize both the links... If my DHCP can give half the PC's the gateway as the first and the other half pc's the second gateway....It would be great! 2 gateways and one subnet...is there a way to do it?Scripting? Tools?anything?? Is there any way to do that with Windows 2003 DHCP server? Thanks in advance for any help... cheers Tag: GPO to remove lock workstation option Tag: 128402
  - 4
    - Old computer name showing in group membership I recently renamed a server, lets just say from ServerA to ServerB. This server was a member of some local groups on another comptuer, lets call this WorkstationA. It was also a member of some groups in AD. Now all the groups in AD currently show the server with the new name "ServerB". Howerver the local group membership on WorkstationA still shows "ServerA". When I try to remove "ServerA" it lets me delete it just fine, I click Add, type in "ServerB" and it finds it ok, I then see it in the list. But as soon as I click Apply, it changes the name back to "ServerA" Does anyone know why this is happening and how to fix it? DNS shows everything is correct, group membership in AD is all correct. It's only this one workstation which keeps showing the old computer name. Thanks Tag: GPO to remove lock workstation option Tag: 128400
  - 5
    - authentication with password hash only (.net) Is there any way to authenticate against AD with a user name and password hash (MD5) only? The code provided below authenticates with a password, but unfortunately I only have the hash (it's provided by a connecting system). Thanks in advance. private bool ActiveDirectoryAuthenticate(string userName, string password, string domain) { bool isAuthentic = false; try { DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password); object nativeObject = entry.NativeObject; isAuthentic = true; } catch (DirectoryServicesCOMException) { } catch { } return isAuthentic; } Tag: GPO to remove lock workstation option Tag: 128397
  - 6
    - Changing replication partners mess I was formerly a single site, single domain, using 5 Windows 2000 DCs. For a couple of reasons, I'm placing Windows 2003 R2 DCs at my two remote sites (we'll call them REMOTE1 and REMOTE2). Both are connected back to main site (we'll call it MAIN) by 100MB microwave links (hub and spoke, if you will). I created two new sites, and associated the correct subnets to them, but I think I made a mistake by leaving the default site link with all three sites in them. The auto generated replication that took place was fine for REMOTE1 - it found a partner on a DC at MAIN. But REMOTE2 created a link to REMOTE1. Besides the extra hop and traffic on the microwave, problem is, since my physical connections are hub and spoke, if the microwave to REMOTE1 goes down, so does replication to REMOTE2. I tried manually creating replication partners the way I thought they should be (DC at REMOTE1 to DC at MAIN, DC at REMOTE2 to another DC at MAIN), but it doesn't appear as though the DCs at the remotes are picking up on the changes. And if I try to replicate manually, I get this error: The following error occurred during the attempt to synchronize the domain controllers: The naming context is in the process of being removed or is not replicated from the specified server. Then I got to thinking about the site links. If I had two site links, one with MAIN and REMOTE1 and the other with MAIN and REMOTE2, the auto generated replication partners probably would have come out fine, right? So I've done that...two site links now, each with two sites as above...but I still need to fix the above error. Should I just DCPROMO down the two DCs at the remote sites, delete the links I manually made, and because I have two site links properly defined everything should be okay? Thanks in advance, Bruce Tag: GPO to remove lock workstation option Tag: 128390
  - 7
    - Home Folder Creation Is there away to create a homefolder using the display name instead of %username%. We have student account that are going to be numbers and we would like to have the display name as the home folder for easier lookup on the server folders. Is there a variable I can use instead of %username%? Thanks Ed Tag: GPO to remove lock workstation option Tag: 128389
  - 8
    - PDC down - Strange Behaviour I have 2 domain controllers. Dc1 has PDC Emulator, RID Master and Infrastructure. Dc2 has the Schema Master and Domain Naming Master roles. yesterday for some reason Dc1 went down. We lost our internet connectivity as a result - for some reason ISA 2004 was not able to use DC2 and maintain internet connectivity. Also I was not able to connect to any for the servers via RDP - I just got the error that the domain is not available. However Dc2 is up and running? Is this normal behaviour? thanks Tag: GPO to remove lock workstation option Tag: 128387
  - 9
    - NTDS KCC 1265 Can anyone help me figure out how to get rid of this event? It shows up every 15 minutes on each of 4 DC's in their respective sites. Win2K Server, 1 forest, 3 domains, 5 sites. The main hq site is unaffected. The problem is with the 4 remote sites connected by 256K links. They are all in the forest root domain. Star topology. The connectivity is fine between the sites. Any help is most sincerely appreciated. Event Type: Warning Event Source: NTDS KCC Event Category: (1) Event ID: 1265 Date: 5/9/2008 Time: 8:44:48 AM User: N/A Computer: SERVER02 Description: The attempt to establish a replication link with parameters Partition: DC="domain02 CNF:1294ba43-29dc-4b36-992c-b90ce93a0112",DC=local Source DSA DN: CN=NTDS Settings,CN=SERVER04,CN=Servers,CN=Site,CN=Sites,CN=Configuration,DC=domain01,DC=local Source DSA Address: 85913531-194c-4049-b02f-27c8dc6712d6._msdcs.domain01.local Inter-site Transport (if any): CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain01,DC=local failed with the following status: The file pointer cannot be set on the specified device or file. The record data is the status code. This operation will be retried. Data: 0000: 84 00 00 00 ?... Tag: GPO to remove lock workstation option Tag: 128385
  - 10
    - Log into Active Direoctory with DOS? I am not sure if this can be done. Can you actually use a bootable network floppy to log into a domain? I can get an IP address, and I can actually map a drive using a local username and password on a Member Server, but I can't seem to log into the Active Directory Domain. Now i am thinking- is it even possible w/ Dos? Tag: GPO to remove lock workstation option Tag: 128381
  - 11
    - Local Group Membership Removed - Restricted Groups Hi We have an issue where by a very small percentage of clients (no more than 30 out of 40,000) are having members removed from their local groups. We control most of the group members locally on these clients via restricted groups in a single GPO. We can see "policy change" and " account management" events on these clients that show the members being removed but we don't know by what. We do currently have a typo in the restricted groups of this GPO introduced by a migration table typo. This typo maps a service account (just a local user account on the client) as if its a local group on the client. This generates a Eventid1202 but can be explained I've seen this article, that refers to a AD object that has been removed being refereced in the resticted group causing a problem but can't actually get my head round whether its relavent. http://support.microsoft.com/kb/320099/en-us Can anyone suggest a way of captured whats actually removing these group members, bearing in mind that its only happening on a very small number of clients. We already have the event tracking the removal just don't know by what Craig ps, the clients do eventually fix themselves which Im assuming is after the 16hours security settings refresh Tag: GPO to remove lock workstation option Tag: 128372
  - 12
    - Cannot able to create child domain I am trying to create child domain to a exiting domin i am getting below error the operation failed because Active directory could not create object CN=schild,CN=Partions,CN=Configaration,DC=cmttest,DC=com,check the event log for posible system errors. The FSMO roles ownership could be verified because its directory partitions has not replicated successfully with utlist one replication partner. And event log Details. Internal error: An active directory error has occured Addtional data error value decimal -1073741823 error id 3000e54 Please help me to slove this problem Tag: GPO to remove lock workstation option Tag: 128368
  - 13
    - AD Domain Trust is unsafe! Hi. We are facing a situation with a particular subsidiary company. We have a sort of a resource Forest with a centralized Sharepoint Server. We requested each subsidiary to create a one-way AD trust with the resource forest in order to authenticate their users on the site. All but one subsidiary is giving us problems. Mostly because they semi-outsource many aspects of their IT operations including security; and the oursourcing company is worried about any breaches that it might be accountable for. The main concern it seems is with opening the RPC ports; but all we need is for them to open up one of their domain controllers to the resource forest DCs and some servers and apply a registry setting that fixes the AD RPC port. Still, they won't budge and instead had us implement ADFS. We have implemented ADFS ok and they can authenticate, but we are having issues with ADFS and MOSS user profiles. And I would like them to get onboard with the AD Trust. In their recent response, they claim: 1- ADFS is the world wide accepted method for connecting companies to exchange information over the Internet. ** But we have a private link that doesn't go through the Internet and is protected by firewalls! 2-They calim their security policy does not allow using AD trust becuse is it not safe and can facilitate the hacking of their data?!! 3-They also claim that Microsoft recommended we standardize on ADFS for authenticating all of our subsidiaries instead of AD trust!! (I will have to investigate with the local MS reps) So, my question is, if we are all companies under the same umbrella and a reasonable amount of trust/security policies can be agreed on, then would an AD Trust (one-way at that!!) be considered that un-safe? Tag: GPO to remove lock workstation option Tag: 128366
  - 14
    - How to list which users have been authenticated to a specified DC ? Hello, I would like to know how can we list which users have been authenticated to a specified DC please ? Is there any command that will do that ? I am not talking about an echo %logonserver% command as this is more for a client point of view. I would like to know that from the DC itself. Thank you -- Pascal Tag: GPO to remove lock workstation option Tag: 128365
  - 15
    - Query - Export Enabled / Disabled and Created Date I am using Active Directory Users and Computers. I've created a Query to show all of my users. I would like to export Name, enabled / disabled and the date the user object was created. The name is fine. * Disabled shows as a red x, but I would like to show it as a column so I can export it. * Is there a way to add a column for the date the user was created? Tag: GPO to remove lock workstation option Tag: 128356
  - 16
    - Sessions listing shows connected computers as IP address, not mach Windows Server 2003 native Domain and all users are XP SP2. Users having difficulties sporadically accessing file servers and roaming profiles getting corrupted. When checking sessions via Computer Management on File server containing roaming profiles, listing identifies connected computers with IP address, not with machine name. Is this normal? Is the server having difficulties translating IP addresses to machine name? Tag: GPO to remove lock workstation option Tag: 128354
  - 17
    - USN Rollback Event ID 2103 Hi, We had a USN rollback on one of our main DC (called DC1)( only two DCs into our Active Directory). Problems started to occure with the login process, adding new users and link to exchange mailboxes. We had to removed the DC2 from the AD and kept the DC1 as the only DC of our Active Directory. Now that I have only one domain controller and everytime I reboot that server, a Event ID 2103 comes up. ( The Active directory database has been restored using an ussupported procedure. Active Directory will be unable to log on users while this condition persist. As a result the Net logon service as paused.) Except that error everything is fine, no more problems with my users. Now my question: Can I fix that error now that I have only one DC with USN rollback? tx -- Serge Lavictoire Networking Consultant Tag: GPO to remove lock workstation option Tag: 128351
  - 18
    - GPO defned Interactive Logon message truncated Hi all, I am facing a strange behavior which I think is a sort of bug. I have a interactive logon legal notice which has one line in French and another one in English. It appears that each line shows the first 512character and truncated after. But all together is more than 512 char... Also in the GPMC, the text shows properly. 633 chars + 539 chars of each line. Editing the GPO itself does not show the proper lenght at first but it does show everything if I actually add or modify a char. Does anyone know of any fix for that? Tag: GPO to remove lock workstation option Tag: 128349
  - 19
    - Changing user name yields inconsistent results with folder redirec Hi, I am having an issue with redirected folders after changing user names. Here's the history: We created folders using â??home foldersâ??, as follows: \\server\users\office\joe_cool Then we manually created the â??My Documentsâ?? folder as follows: \\server\users\office\Joe_cool\My Documents After the first logon/logoff, the â??My Documentsâ?? folder name changes to the user nameâ??s docs: \\server\users\office\Joe_Cool\Joe_Coolâ??s Documents Then we use a group policy to redirect the My Documents to the following path: \\server\users\office\%username%\My Documents That has worked great, for years. Now we are changing the user names to the format â??joe1234â??. After logon/logoff with the changed name, some of the userâ??s â??My Documents are changing to the following format: \\server\users\office\joe_cool\joe1234â??s documents While others remain as: \\server\users\office\joe_cool\joe_coolâ??s Documents This is happening with users that are in the same OU and have the same NTFS permissions on their home folders. In most cases it doesnâ??t matter but in one case the user was locked out of his â??My Documentsâ?? folder because of an issue with the path. Can you think of any reason why we are getting different results although we are doing the same thing with every user? -- bb Tag: GPO to remove lock workstation option Tag: 128346
  - 20
    - 2003 Forest Trust Issues - Please Help Dear All, We have two native Windows 2003 Forests with a two way non-transitive trust configured between them. Certainly functionality especially within AD isn't available i.e we cannot add groups/users from Domain A to Domain B or vica-versa. The only exception is local groups we can add users or groups from Domain A and Domain B to the other. But this functionality isn't available for global or universal groups which would enable us to effectively share resources between both organisations. DCDIAG's result in the Outbound Secure Channels test failing. There was an issue with time synchronisation between the two forests an approximate four minute difference. This has now been addressed but upon rerunning the DCDIAG the exact same errors occur. I believe it could be DNS related, even though we have secondary zones for Domain A in Domain B and vica-verca. Can anyone advise? Below are the errors we receive in a DCDIAG: Could not Check secure channel from DC1 Domain A to Domain B Win32 Error 1355 Could not Query Trusted Domain :Win32 Error 2 Any help or advice is greatly received. Regards, Darren Tag: GPO to remove lock workstation option Tag: 128341
  - 21
    - Password complexity policy Hello: I have a Windows 2003 domain with multiple domain controllers. What is the best approach to configure the password complexity and replicate the policy to the domain controllers? I am a novice to Active Directory. Thanks, Mark Tag: GPO to remove lock workstation option Tag: 128338
  - 22
    - Administrator Account Locking Out Hi Everyone, We have found a developing problem in our mixed mode environment of Windows 2003 Servers and Windows 2000 servers. On both of my Windows 2000 servers, I can watch using the ALTools from Microsoft, specifically the lockout status tool, the Administrator account count up and lock out every few minutes. This does not seem to affect performance of any of my system dramatically, but I'm concerned why it is doing this. I have looked in both the event logs, turned on netlogon logging, etc. but can find no reason for it. Can someone point me in the correct direction for finding a log that will show me where the source of the attempted login is coming from? Then I can possibly troubleshoot the cause... Thanks in advance, Ken Tag: GPO to remove lock workstation option Tag: 128325
  - 23
    - Domain DC Time I thought that all computers on a Domaain were supposed to sync up with their DC as their primary NTP server. Why is it that when i run net time /querysntp i get this then: The current SNTP value is: time.windows.com ; shouldnt it be the ip or hostname of my DC? Tag: GPO to remove lock workstation option Tag: 128321
  - 24
    - windows 2000 gp & vista Hi, Is it possible to use windows 2000 server group policy to deploy a software on windows vista? I did add an msi packeg to gp, when we log to win XP sp2 the software start to install, but when log to our windows vista, nothing heppend. Thanks, Shahin Tag: GPO to remove lock workstation option Tag: 128314
  - 25
    - DNS is Causing real Problems please help..! Dear all I think my issue is dns related as no permission changes have changed on sysvol etc. Network is running really slow. Getting the standard errors on workstations 1097 (Windows cannot find the machine account, No authority could be contacted for authentication. .) 1030 (Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine) 1054 (Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. . Group Policy processing aborted. ) have 3 DCs in total (one is 2000svr) the 2 Win 2003 DCs act as DNS servers. when logged on as a std user, i can ping the domain name, the servers by FQDN, access the sysvol folders by \\DC_servername\sysvol and \\domainname\sysvol RSOP.msc (ComputerConfiguration) however returns the error ----------------------------------------------------------- Group Policy Infrastructure failed due to the error listed below. No authority could be contacted for authentication. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. can anyone please help..! kr Paul.. -- PaulK ------------------------------------------------------------------------ PaulK's Profile: http://forums.techarena.in/member.php?userid=48567 View this thread: http://forums.techarena.in/showthread.php?t=964016 http://forums.techarena.in Tag: GPO to remove lock workstation option Tag: 128313
- Next
  - 1
    - Which FSMO role is critical Hi, I just want to know, in a production environment which FSMO role will cause more critical issue immediately if it is down Regards RANG Tag: GPO to remove lock workstation option Tag: 128311
  - 2
    - creating trust relationship with only DC=Domain Hi. this company has just bought out another company, i now need to create a trust relationship between the two companys, ours is DC=domain1,DC=com the other companys domain is DC=domain2 my question is will the trust relationship work with a domain without the .extension. if not how can i set up the trust. They are both WIN2K3 Domains Thanks Tag: GPO to remove lock workstation option Tag: 128310
  - 3
    - Sysvol missing on 2nd DC Greetings, After running a netdiag on my second domain controller, i seem to be missing the sysvol volume on it, and also the dns test is faling as well. how could this happen? do i have to demote dc2 and then re-promote it? Tag: GPO to remove lock workstation option Tag: 128293
  - 4
    - There are currently no logon servers available This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C8B096.4B4E8840 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable heres what happend, i have 2 Win 2K3 DC's both of which are running dns. = Dc-01 went down and i couldnt logon to the domain with Dc-02 because it = said "there are currently no logon servers available". Should this have = NOT happend since DC-02 is using its IP as the primary dns server, and = it should've been able to authenticate to itself. Heres what was in the = event log: The Security System detected an authentication error for the server = LDAP/dc-02. The failure code from authentication protocol Kerberos was = "There are currently no logon servers available to service the logon = request. dc-01 - ip. 192.168.1.2 < uses it's IP as the primary DNS server dc-02 - ip. 192.168.1.3 < uses it's IP as the primary DNS server, and = uses dc-01's ip as the secondary dns server ------=_NextPart_000_0006_01C8B096.4B4E8840 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.6000.16608" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV><FONT face=3DArial size=3D2>heres what happend, i have 2 Win 2K3 = DC's both of=20 which are running dns. Dc-01 went down and i couldnt logon to the domain = with=20 Dc-02 because it said "there are currently no logon servers available". = Should=20 this have NOT happend since DC-02 is using its IP as the primary dns = server, and=20 it should've been able to authenticate to itself. Heres what was in the = event=20 log:</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>The Security System detected an = authentication=20 error for the server LDAP/dc-02. The failure code from authentication = protocol=20 Kerberos was "There are currently no logon servers available to service = the=20 logon request.</FONT></DIV> <DIV> <P><FONT face=3DArial size=3D2>dc-01 - ip. 192.168.1.2 < uses it's IP = as the=20 primary DNS server</FONT></P></DIV> <DIV><FONT face=3DArial size=3D2>dc-02 - ip. 192.168.1.3 < uses it's = IP as the=20 primary DNS server, and uses dc-01's ip as the secondary dns = server</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML> ------=_NextPart_000_0006_01C8B096.4B4E8840-- Tag: GPO to remove lock workstation option Tag: 128284
  - 5
    - Active Directory interoperability with other systems. Hi, I am not too much familiar with Active Directory capabilities, my question is: 1. Is it possible to configure Active Directory in a trigger like mode where if a new user is created AD would add this info into a csv file or SQL Server table, or if a user was deleted from AD it would also export this info somehow. We would like to use this info in other systems and to build that kind of automation. 2.If this is not possible are there any built-in tools in AD that could be scheduled to run automatically to export certain fields for all the users in AD into a csv file or Sql Server Table Please let me know if my questions are not clear, essentially I am looking for automated solution where other systems would be synchronized with AD info when users are added/deleted from AD, so other systems would be aware of that. Thank you, Vadim Tag: GPO to remove lock workstation option Tag: 128276
  - 6
    - Duplicate name on network, but cannot find object I have a Netware server with CIFS running called "WTWGRAPHICS2." It's not connected to the Windows 2003 AD. I would like to remove this computer and replace it with a windows box, also called "WTWGRAPHICS2." However, I get the error message "You were not connected to the network because a duplicate name exists on the network." I searched AD U&C, DNS and WINS,and hosts file for mention of WTWGRAPHICS2, but I can't find anything. Any ideas appreciated. Jim Tag: GPO to remove lock workstation option Tag: 128275
  - 7
    - Find easy what you need for windows(98, ME, xp, vista) If you need some tools for windows or you have a problem, this is the right spot ... http://microsoft-windows-tips.blogspot.com/ Tag: GPO to remove lock workstation option Tag: 128271
  - 8
    - Moving File Server Into New Domain Good Afternoon Everyone, Iâ??m going through a domain migration and Iâ??ve done users, workstations, Exchange, and now its time for the file servers. I have a trust between Domain OLD and Domain NEW. For the file servers Iâ??ve replicated user permissions on each folder so that any folder with an entry for dOLD\user now also has an entry for dNEW\user. This has worked great but since my goal is to retire Domain OLD I want to move the file sever into the new domain. My question is this: If I move the file server from Domain OLD to Domain NEW will my permission erase? TIA, Ray Tag: GPO to remove lock workstation option Tag: 128268
  - 9
    - dcgpofix doesn't work Hi All- I have a corrupted domain gpo and so i ran dcgpofix as a method of disaster recovery (i don't have a backup - that's a different story). I ran the following command: dcgpofix /ignoreschema /target:domain I get an error that says the following: Unable to read EFS certificate from registry.pol Does anyone have any ideas on what to do next? I'm seeing that the domain policy is no longer being applied to any of the computers in the domain. Thanks. Tag: GPO to remove lock workstation option Tag: 128260
  - 10
    - Quesiton on Group Policy Loopback Processing Hi all, I am new to GPOs and I have a problem with Group Policy Loopback Processing. I am dealing with two OUs, one called LAB101 (which only has computer accounts in it) and one called STAFF (which houses all of my users). For the STAFF OU I added a GPO called "STAFF GPO" but I have not configured anything in it. For the LAB101 OU I added a GPO called "LAB101 GPO". In the LAB101 GPO I enabled Group Policy Loopback Processing (mode = replace). I did this because I want a User logon script to run whenever a user logs into the machine. So, I also added a logon script in the user configuration of the LAB101 GPO. However, when I log into a LAB101 machine, the script never runs. Am I missing a step? Any help is appreciated, thanks. Tag: GPO to remove lock workstation option Tag: 128257
  - 11
    - Accounts randomly loosing membership to a group in DL's security Hi, We have a Windows 2003 shop. We have two servers where one user looses his membership to a Security Group that we have setup under DLs Security. Why is this happening? The PC's in question are different operating systems (2000 and Vista) so I highly doubt that that has anything to do with it. Both servers are 2003 Standard R2. Thoughts? Thank you. -Rachel Tag: GPO to remove lock workstation option Tag: 128255
  - 12
    - Dfs problem Hi all, I have 2 domain controllers in my network (hq.company.srh, fsv.company.srh) . Operations master role (RID,PDC,Infrastructure) belongs to only one domain controller-hq.company.srh. I am creating a DFS root on hq.company.srh something like company. I can log in to the domain using my domain account from a computer which is not a domain computer without problems but when I try to enter the directory of DFS I get an error saying "Configuration information cannot be read from the domain controller either because the machine is unavailable or access has been denied" Normally if I wrote \\company.srh to open up the dfs root. Instead of hq.company.srh comes up fsv.company.srh. I have tried to create dfs root on fsv.company.srh. I can log on from the client computer with no problems What do you think the problem is? Thank you. Tag: GPO to remove lock workstation option Tag: 128254
  - 13
    - DHCP dynamically updating internal DNS servers instead of authoritative? Hi there. Say you have a domain: domain.com which is out there on the Internet doing its thing, et cetera but you also use that domain internally for your active directory (which is probably not ideal). Domain.com is hosted on your cluster of authoritative nameservers and has records related to your online presence such as MX records, A records for your website and other public services, et cetera. Lets say that you're running DHCP/DNS in your active directory and you would like new registrations to only be added to the 'local' version of domain.com and not the Internet version of domain.com, I realize that the DHCP server (and perhaps windows in general) sends dynamic updates to the authoritative nameservers, but I would rather not for reasons of security through obscurity publish our internal DNS to the Internet. I realize the right way to do this would've probably been to use a subdomain such as internal.domain.com or corp.domain.com but this was all established 10 years ago. So the question is, is it possible to have the DHCP server send updates to the local DNS servers rather than the actual authoritative DNS servers? thanks, Andy Tag: GPO to remove lock workstation option Tag: 128247
  - 14
    - GPO Queston Hi all, I have a batch script that I need to run that sets the default printer, it contains the following line: rundll32 printui.dll,PrintUIEntry /y /n "115 Lab 4200" My thinking is that I would make an OU for the Room 115 lab and put all of the machines in that lab in the OU. I then made a GPO for that OU and added the script to User Configuration -> logon Scripts, hoping it would execute this script along with the logon script set in the properties of the users. However, it does not. What am I doing wrong? Any help is appreciated, thanks. Tag: GPO to remove lock workstation option Tag: 128246
  - 15
    - script for disabling accounts i have created app. 1200 users with default password and some of them have logged rest of them have not just logged in since 1 month. I have created a list which users have not logged in with a lastlogon script. I want a script or any key information about how to i write a script to disable which i give the usernames. Thanks Tag: GPO to remove lock workstation option Tag: 128244
  - 16
    - Password policy expiration Win2003 sp2 domain. Is there a way to setup a password expiration prompt for a specific set of users who are remote and do not always login? Or does default domain policy make this a useless option? thnx -- la Tag: GPO to remove lock workstation option Tag: 128242
  - 17
    - Connectivity problems between child member-server and root domain controllers Hi Support I have a forest with one root domain (root.local) and a child domain (child.root.local) in a single AD forest. The root domain and the child domain are seperated by a ISA server 2006 firewall. I have open for communikation between all of the domains controller in the root and the child domain. All of the domain controllere in both domains are Global Catalog servere. Everything is working fine, replication, DNS, GC without any errors. The root domain controllers hosts the root DNS zone (root.local) The child domain controllers hosts the child DNS zone (child.root.local) I have forwarders on the child domain controllers DNS works fine Replication Works fine My issue is: When I am on a member server i the child domain and want to assign NTFS permissions on a folder, the dialog boxes hangs for a long period of time. (Could be any member server in the child domain) I have looket at the ISA server logs and can see that this child member sever tries to access the root domain controllere while it hangs. I first to connect to the rootdcs using "PING", "Microsoft CIFS" and last "Session" If i open PING and CIFS in the firewall between the child member server and the root domain controllers it works fine, but i dont not want that communikation to occur. The communication must be so that the child member-servers only communicate with the child domain controllers. I have specific sites defined for the ROOT domain and the CHILD domain Hope you have som good idears so we can this fixed Best regards Jesper vedholm Systemtech A/S Tag: GPO to remove lock workstation option Tag: 128241
  - 18
    - Endpoint mapper error when joining a computer to domain We are getting endpoint mapper error when trying to join domain. in the netsetup log we are getting the following: 05/07 07:32:49 NetpChangeMachineName: from 'D630CLONE' to 'A24929' using 'OURDOMAIN\itsetup' [0x2] 05/07 07:32:49 NetpDsGetDcName: trying to find DC in domain 'OURDOMAIN', flags: 0x1020 05/07 07:32:49 NetpDsGetDcName: found DC '\\DC1' in the specified domain 05/07 07:32:49 NetpChangeMachineName: status of connecting to dc '\\DC1': 0x0 05/07 07:32:49 NetpGetLsaPrimaryDomain: status: 0x0 05/07 07:32:49 NetpManageMachineAccountWithSid: status of NetUserSetInfo on '\\DC1' for 'D630CLONE$': 0x0 05/07 07:32:49 NetpGetLsaPrimaryDomain: status: 0x0 05/07 07:32:49 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: OURDOMAIN.com 05/07 07:33:11 NetpGetComputerObjectDn: Unable to bind to DS on '\\DC1': 0x6d9 05/07 07:33:11 NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6d9 05/07 07:33:11 ldap_unbind status: 0x0 05/07 07:33:11 NetpChangeMachineName: status of setting DnsHostName and SPN: 0x6d9 ANY hints or suggestions? I verified that the WF/ICS is turned off on this particular DC. We do not get the endpoint mapper problem every time we join the domain but it is frequent enough to rule out a random error. thanks, James Tag: GPO to remove lock workstation option Tag: 128240
  - 19
    - AD system state backup on Windows 2008, disk size increasing Hello everyone, I've been working lately with Windows Server 2008 RTM version, and I promoted one server (virtual machine) as a DC. After having some obstacles configuring the AD system state backup I finally completed and I had a schedule backup running periodically. That backup storage is made on a seconday disk on the DC, but I found out that the system state backup catalog it's getting real big in a few weeks, meaning that the VM disk is increasing as well (over 25gb right now). Is there any way that I can have more control about that? Like accessing the system state catalog and removing old system state backups? Basically I don't want to get to the point where I have virtual disks over 200gb :) Thanks! -- augusto alvarez | it pro | southworks http://staff.southworks.net/aalvarez Tag: GPO to remove lock workstation option Tag: 128236
  - 20
    - MAC and AD Dear guru, Is it possible to do so? 1) Can the MAC join our Windows 2003 Native mode AD? 2) Use AD users to login the MAC? 3) Enforce group policy to our MAC (password, lock screen)? 4) Use Integrated Login to Sharepoint through Safari browser? Do I need additional software to do all these functions? thanks Huang Tag: GPO to remove lock workstation option Tag: 128233
  - 21
    - 2 Domains 1 Forest and Fire wall hi ive made a quick pic to help describe what i'm trying to acomplish. http://cisco.truedeviant.com/ad.jpg the fire wall will only allow the two domain contrrolers to talk to each other and this can not be modifided. sites and services are set up ok ad are the trusts the issue that am haveing is is when i logon to the clinet machine that is a member of Domain B and try to logon to Domain A i can see in wireshark that the client is trying to talk to the Domain A domain controller but is failing due to the fire wall. with out enableing routeing and or tunneling on Domains A domain controller is there any way i can get the client to talk to domain B and get domain B to authenticated the Domain A users and alow the user to logon. cheers Yale Tag: GPO to remove lock workstation option Tag: 128232
  - 22
    - User accounts disabled automatically by administrator?! Hi, Recently I have faced a strange problem in active directory. Some specified user accounts disabled automatically by administrator. I feared domain administrator password leaked so I changed the password and restrict AD accessibility to only domain administrators , but problem still remains. Anybody knows about it? Thanks in anticipation Bijan Tag: GPO to remove lock workstation option Tag: 128224
  - 23
    - GPO question after using rendom.exe I=92m renaming a domain, which is managed by two W2K3 R2 domain controllers, with the rendom utility. In Microsoft=92s step by step guide to renaming a domain, it says to enter this command: gpfixup /olddns:oas.local /newdns:oas-backup.local /oldnb:oas / newnb:oas-backup 2>&1 >gpfixup.log This command fails and the resulting popup window has this error message: =93The procedure entry point CryptUnprotectMemory could not be located in the dynamic link library CRYPT32.dll=94 Also, this is probably related but when I try to run gpmc.msc, I experience the following trouble: There is a problem when clicking on either the domain controller policy or the domain policy. In fact, a window is displayed asking to change the current domain controller. On this form there is a combobox, which is greyed out, and it says, =93look in this domain=94. And the domain reflected in the un-editable control is =93oas.local=94 =96 which is the old domain!!! Any attempts to select any of the four radio buttons (the domain control which is the PDC emulator, any domain controller, and available domain controller running Windows 2003, or specifying a domain controller) fails. Just about everything worked using rendom =96 except for being able to access the GPO for the domain and the domain controllers. Any suggestions on how to get the gpfixup command or the gpmc.msc working is greatly appreciated. Thanks! Tag: GPO to remove lock workstation option Tag: 128223
  - 24
    - Problem with domain name I struggled with this one and finally figured it out but I want to understand what is going on with this network. Single DC on the network. When I looked at all of the domain members under computer properties, the domain name only reads "local". I also looked under the active directory on the server and the computer properties of the server and it was listed as "local". I assumed that someone prior to me had set this up as a single level DNS domain name. So I tried to add a member with "local" as the domain name and it continued to fail. So eventually I noticed that if I browsed the network on a workstation that was already part of the domain the domain name was actually "DOMAIN". So I tried to add the member with this name and it worked. But it still displays as simply "local" when viewed under computer properties, under active directory on the DC, etc. Why is the FQDN not showing. I expect it to be displayed as "DOMAIN.local"?? Is there a group policy setting that hides this part of the domain name. All is working fine I just wanted to understand why this is happening? Tag: GPO to remove lock workstation option Tag: 128220
  - 25
    - Importing a W2k3 Domain Controller into VMWare Stage Manager I've imported a w2k3 dc into vmware's stage manager beta 1.0. server is in a fenced network. I had previously shut down the server (vm) then imported into stage manager. I receive error attempting to open ADUC: "naming information cannot be located because: the specified domain either does not exist or could not be contacted. contact your sys admin to verify that your domain is properly configured and is currently online." any suggestions appreciated. Tag: GPO to remove lock workstation option Tag: 128213

What GPO will hide, remove or grey out the option "lock computer" when users
do ctrl+alt+del?

thanks.

Re: GPO to remove lock workstation option by Marcin

Marcin
Fri May 09 17:38:14 PDT 2008

Remove Lock Computer under User Configuration\Administrative
Templates\System\Ctrl+Alt+Del Options...

hth
Marcin

Top