Restrict Anonymous settings

Tutorials Win: Microsoft Windows Forum

- Previous
  - 1
    - change password by command line Hi everybody, My 1st time on this Forum so ... I'm searching a way to update the password field in the properties of each MA's on my MIIS Server. ... I changed the password of the account used by MIIS to connect active directory and i would like to update that info in MIIS without doing it manually. Can you help? Shopsoy Tag: Restrict Anonymous settings Tag: 176600
  - 2
    - Windows cannot access the file gpt.ini for GPO I am getting below event ID 1000 in my application every few second. Can anyone guide me how to troubleshoot this problem and find out the root caused. I had verify the permission and all match to microsoft requirement. Please Help Sources: UserEvn Event ID:1000 User: NT AUTHORITY\SYSTEM Category:none Windows cannot access the file gpt.ini for GPO The file must be present at the location <>. (). Group Policy processing aborted. Windows cannot query for the list of Group Policy objects . A message that describes the reason for this was previously logged by this policy engine. \ Tag: Restrict Anonymous settings Tag: 176589
  - 3
    - procedure required for complete active directory restore to a hello guys, I have an AD domain I need to restore to a previous state, this is the infrastructure: 1 DC 2K3 Std Ed SP2 all FSMO roles and GC 1 DC 2K3 Std Ed SP2 GC Other member servers... I have a valid backup taken only a few hours back. I need to do authoritative restore so that all objects are rolled back to the previous state. I know I need to: first, reboot DC 1 into AD restore mode and run a normal (not authoritative) restore second, use ntdsutil and execute restore database (authoritative restore) But I've never performed this before, and I know there's something to do with regard to the sysvol objects. I've looked everywhere in the internet but all examples refer to restoring just an object, not the entire directory. Does anyone have a bullet proof, step by step procedure, to perform a complete restore of an active directory domain to a previous state ? Anybody can help ? It would be much appreciated! Thanks and Regards, ZZ Tag: Restrict Anonymous settings Tag: 176587
  - 4
    - sysvol not replicating to dc in another site Situation: Site1: DC1 DC2 Site2: DC3 NO dns trouble. Replication of the Active directory is working without any problem. When I add a user on DC3 it's replicated to DC1 en DC2 and the other way arround. The only problem is that replication of the sysvol share isn't working (anymore) I don't know since when it stopped working.. but my group policies don't sync anymore from site 1 to site 2 and visa versa. I get NO errors in my logfiles on all servers.. The only errors I can find are in the winnt\debug directory: Errors: <SndCsMain: 2612: 874: S0: 16:01:12> ++ ERROR - EXCEPTION (000006be) : WStatus: RPC_S_CALL_FAILED <SndCsMain: 2612: 875: S0: 16:01:12> :SR: Cmd 014e2470, CxtG f295c5b4, WS RPC_S_CALL_FAILED, To FMGEXACT01.int.foreignmedia.com Len: (1204) [SndFail - rpc exception] <SndCsMain: 2612: 895: S0: 16:01:12> :SR: Cmd 014e2470, CxtG f295c5b4, WS RPC_S_CALL_FAILED, To FMGEXACT01.int.foreignmedia.com Len: (1204) [SndFail - Send Penalty] <RcsForceUnjoin: 2128: 2945: S0: 16:01:12> :X: ***** UNJOINED DOMAIN SYSTEM VOLUME (SYSVOL SHARE)\FMGPINK01\FMGPINK01 -> FOREIGNMEDIA\FMGEXACT01$ RemoteCxt <RcsCheckCxtionCommon: 2652: 966: S1: 16:01:12> ++ WARN - RcsUnJoinCxtion: wrong unjoin guid for 014e5e68 <RcsCheckCxtionCommon: 2652: 966: S1: 16:01:12> ++ WARN - RcsUnJoinCxtion: wrong unjoin guid for 014e0300 <RcsCheckCxtionCommon: 2652: 966: S1: 16:01:12> ++ WARN - RcsUnJoinCxtion: wrong unjoin guid for 014ecfb8 <RcsCheckCxtionCommon: 2652: 966: S1: 16:01:12> ++ WARN - RcsUnJoinCxtion: wrong unjoin guid for 0023c950 <RcsCheckCxtionCommon: 2652: 966: S1: 16:01:12> ++ WARN - RcsUnJoinCxtion: wrong unjoin guid for 014eaae8 <FrsDsFindComputer: 1848: 8717: S2: 16:01:15> :DS: Computer FQDN is cn=fmgpink01,ou=domain controllers,dc=int,dc=foreignmedia,dc=com <FrsDsFindComputer: 1848: 8723: S2: 16:01:15> :DS: Computer's dns name is fmgpink01.int.foreignmedia.com <FrsDsFindComputer: 1848: 8737: S2: 16:01:15> :DS: Settings reference is cn=ntds settings,cn=fmgpink01,cn=servers,cn=drachten,cn=sites,cn=configuration,dc=int,dc=foreignmedia,dc=com <FrsHashCalcString: 1848: 4777: S0: 16:01:15> Name = S-1-5-21-3206282357-3970063792-383977586-1000 <FrsHashCalcString: 1848: 4777: S0: 16:01:15> Name = S-1-5-21-3206282357-3970063792-383977586-1000 <FrsHashCalcString: 1848: 4777: S0: 16:01:15> Name = S-1-5-21-3206282357-3970063792-383977586-1103 <FrsHashCalcString: 1848: 4777: S0: 16:01:15> Name = S-1-5-21-3206282357-3970063792-383977586-1103 Tag: Restrict Anonymous settings Tag: 176578
  - 5
    - Non-Authoritative restore on W2K8 Confused on this one. Why can't I do a non-authoritative restore by stopping AD DS as opposed to having to reboot and use DSRM (I haven't tried this but the article doesn't provide the option)? According to the article link this is the only way to go and this makes no sense to me and seems that AD DS as a service should be allowed to do this and would be beneficial because of it. Anyone have a definitive answer? I will find time to try in the future, but I am curious to know. http://technet2.microsoft.com/windowsserver2008/en/library/510b106b-e7fb-42a5-bcb2-0c3278a5d73e1033.mspx?mfr=true -- Paul Bergson MVP - Directory Services MCT, MCSE, MCSA, Security+, BS CSci 2003, 2000 (Early Achiever), NT http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. Tag: Restrict Anonymous settings Tag: 176573
  - 6
    - Windows 2000 Server Replication Problem Hi, I am having windows server 2000 Replication problem as follows Hq server and Two branch offices Both brach offices are not replication to my hq server In my Brach office servers every 15 min i am getting event id 1311 and 1566 I am able to ping from and to all the servers using FQDN names I ran dcdiag on my hq server i am getting the following error [1] FRS can not correctly resolve the DNS name SOUTHSRV01.test.com from this computer. [2] FRS is not running on SOUTHSRV01.test.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. [1] FRS can not correctly resolve the DNS name NORTHSVR01.test.com from this computer. [2] FRS is not running on NORTHSVR01.test.com. [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. Servers SOUTHSRV01.test.com,NORTHSVR01.test.com are my brach offices when i checked all the DNS setting and FQDN seems to be fine I really need expert help on this and what otherthings i can look for problem root cause Thanks for your help Tag: Restrict Anonymous settings Tag: 176560
  - 7
    - Need a little help please..... I have the Windows 2000 Server Administrator's Companion (Microsoft Press), but it's not been very helpful (or I have been very dense). I have been tasked with caring for an ancient Windows 2000 Server and the users on its small domain. What I need to do is have a user desktop that is set up with applications, printers, desktop links, favorites, etc. (everything they need to do their job) and restrict them from changing those things, installing applications, getting to the control panel, running unauthorized apps, etc. It is for a location that cannot seem to get its workers to stop installing crap on the local PCs and they want it locked down. (I said just fire the people that don't listen and your problem is solved....but that is not the path they have chosen.) Are there any resources that may be helpful to me in this (more helpful than the MS tome that I can't seem to figure out)? jim Tag: Restrict Anonymous settings Tag: 176558
  - 8
    - Trying to create mandatory profiles.... I want to control the user desktops (not allow them to install stuff or hose up the desktop for the next user) and I am trying to create mandatory profiles on a Windows 2000 Server. The Windows 2000 Server Administrator's Companion (Microsoft Press), on page 276, says to... "1. Create a user account with a descriptive name.... This is just a blank account that you'll use to create a template for the customized configuration. 2. Log on using the template account and create the desktop settings you want, including applications, shortcuts, apperance, network connections, printers, and so forth. 3. Log off the template account. Windows 2000 creates a user profile on the system root drive in the Documents And Settings folder. .... 4. Log on using an administrator account. Open Active Directory Users and Computers, and find the account for which you want to assign the customized roaming profile." I'll stop here....because I can't get passed step #2. When I log off the server as Administrator and try to log in as my template user, I get a "Logon Message" that says "The local plicy of this system does not permit you to logon interactively." So I logged back in as Administrator, and added the user to the Local Security Settings>User Rights Assignment>Log On Locally policy setting. I also checked that Users group was checked there. I tried logging in locally as Template again and got the same message. What am I doing wrong? jim Tag: Restrict Anonymous settings Tag: 176556
  - 9
    - Adding users to sub OU using Script I am using Windows Server 2003 as Domain Controller and i want to add users using vb script. my LDAP path is "LDAP://OU=Student,DC=in,DC=dt,DC=com") this create the users only in the Student OU but i want to create users in the Session which is Sub OU of the Student. Cand any body help me. Thanks in Advance Tag: Restrict Anonymous settings Tag: 176552
  - 10
    - Tracking down account lockouts From a domain controller, is there a way to see which workstation incorrect logins/account lockouts are coming from? Everything I can find says you have to go to the workstation to identify what is generating the incorrect logins. I don't care so much at this point what is generating them, I need to identify the workstation they are coming from. Thanks Jason Tag: Restrict Anonymous settings Tag: 176534
  - 11
    - Migrating active directory and exchange I need to find the least painless way to migrate active directory with about 20,000 users and an Exchange server to a new set of servers at a new location. What's the best way to do this? I need to test the procedure before the actual move? Thank you! :) Tag: Restrict Anonymous settings Tag: 176523
  - 12
    - Windows 2008 Authors Folks- I'm working on Windows 20008 Active Directory book, and I was wondering if anyone here is interested to participate in the project as contributor. Please consider that your name will be published as Contributor. All you have to do is to write four or five chapters in next 10 weeks. Please let me know if you are interested to proceed. This project has already been approved by the publisher. The TOC has been approved. I'll also provide you a sample chapter, authors kit and other tools to start working on this project. If you are interested then please send me your: 1. Resume 2. Prior Writing experience 3. Links to any published articles Thanks, Tariq: tariq.azad @ rogers.com Tag: Restrict Anonymous settings Tag: 176521
  - 13
    - time to demote a dc on a site hello i have 2 dc on my first site (the main site) , and one who hold all the roles, i have a other site, where i have a other DC this site is connected to my main site with a global vpn 1Mo/s i already demote Dc but on the same site, so my two questions are 1) what is the exactly process of the demote operation (can i have a process paper) - does it contact the server who hold a special role ...etc ... 2) how many time could it take for the DC on my 2nd site to be demote, or how can i calculate it because i have user who are connected to my main site with TSE, and they must be connected all the time between 8H to 12H and 13 to 17 H thanks nt Tag: Restrict Anonymous settings Tag: 176513
  - 14
    - Active problem To all, Having some interesting things happening on a 2000 dc. 1. system state backup fails with "active directory reported an error" that is with Ntbackup. The tivoli client reports a problem on sys state at ntds. 2. An online defrag has not run successfully since 2/8 on 2/8 the following events were reported in the log Event Type: Error Event Source: NTDS ISAM Event Category: Logging/Recovery Event ID: 203 Date: 2/8/2008 Time: 1:00:59 AM User: N/A Computer: SAMPGHSBL021 Description: NTDS (352) The database engine has stopped the backup with error -1022. Event Type: Error Event Source: NTDS ISAM Event Category: Performance Event ID: 0 Date: 2/8/2008 Time: 1:00:59 AM User: N/A Computer: SAMPGHSBL021 Description: NTDS (352) Unexpected Win32 error: 0x20 Event Type: Error Event Source: NTDS ISAM Event Category: Performance Event ID: 0 Date: 2/8/2008 Time: 1:00:59 AM User: N/A Computer: SAMPGHSBL021 Description: NTDS (352) Unexpected Win32 error: 0x3E6 Besides the backup and online defrag I cannot seem to find any other issue. AD is working, from all appearances and there are no other log entries showing for what I would expect is a corrupt AD. Any ideas on this would be very helpful Tag: Restrict Anonymous settings Tag: 176512
  - 15
    - Account lock out frequently A domain user account always lock out almost everyday! Other domain user accounts do have this problem. What could be the possible cause of it? Tag: Restrict Anonymous settings Tag: 176508
  - 16
    - FYI: Information about using Last Logon Information in Windows Server 2008 and Windows Vista This is a multi-part message in MIME format. ------=_NextPart_000_003F_01C86C45.4EAC5840 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable http://blogs.dirteam.com/blogs/jorge/archive/2008/02/11/showing-last-logo= n-info-at-logon-in-windows-server-2008.aspx Enjoy! --=20 Cheers,=20 (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx -------------------------------------------------------------------------= ----------------- * How to ask a question --> http://support.microsoft.com/?id=3D555375 -------------------------------------------------------------------------= ----------------- * This posting is provided "AS IS" with no warranties and confers no = rights!=20 * Always test before implementing! -------------------------------------------------------------------------= ----------------- ################################################# ################################################# -------------------------------------------------------------------------= ----------------- ------=_NextPart_000_003F_01C86C45.4EAC5840 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.6001.17128" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DVerdana size=3D2><A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/archive/2008/02/11/showing-l= ast-logon-info-at-logon-in-windows-server-2008.aspx">http://blogs.dirteam= .com/blogs/jorge/archive/2008/02/11/showing-last-logon-info-at-logon-in-w= indows-server-2008.aspx</A></FONT></DIV> <DIV><FONT face=3DVerdana size=3D2></FONT> </DIV> <DIV><FONT face=3DVerdana size=3D2>Enjoy!</FONT></DIV><FONT = face=3DVerdana size=3D2> <DIV><BR>-- <BR><BR>Cheers, <BR>(HOPEFULLY THIS INFORMATION HELPS = YOU!)</DIV> <DIV> </DIV> <DIV># Jorge de Almeida Pinto # MVP Windows Server - Directory = Services</DIV> <DIV> </DIV> <DIV>BLOG (WEB-BASED)--> <A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/default.aspx">http://blogs.d= irteam.com/blogs/jorge/default.aspx</A><BR>BLOG=20 (RSS-FEEDS)--> <A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/rss.aspx">http://blogs.dirte= am.com/blogs/jorge/rss.aspx</A><BR>--------------------------------------= ----------------------------------------------------<BR>*=20 How to ask a question --> <A=20 href=3D"http://support.microsoft.com/?id=3D555375">http://support.microso= ft.com/?id=3D555375</A><BR>----------------------------------------------= --------------------------------------------<BR>*=20 This posting is provided "AS IS" with no warranties and confers no = rights! <BR>*=20 Always test before=20 implementing!<BR>--------------------------------------------------------= ----------------------------------<BR>###################################= ##############<BR>#################################################<BR>--= -------------------------------------------------------------------------= ---------------</FONT></DIV></BODY></HTML> ------=_NextPart_000_003F_01C86C45.4EAC5840-- Tag: Restrict Anonymous settings Tag: 176505
  - 17
    - AD Query Over time I have saved several queries to the AD users and computers, saved queries container. They all worked fine until we implemented Novell identity manager to syncronize users across directories. Since then, the queries which return servers or workstations has worked fine. However queries which return users or groups now return nothing. Anyone have any ideas as to a permission or attribute change which would cause this? Thanks... Tag: Restrict Anonymous settings Tag: 176501
  - 18
    - Replace Volume that AD is on I have a 2003 SP 1 DC with all the FSMO Roles on it. I need to replace a volume on this server that hosts the AD folders. If I do a backup to tape, then replace the volume and then do a restore, will replication be okay or will I need to do anything special? Thanks, Jim Tag: Restrict Anonymous settings Tag: 176488
  - 19
    - DCPROMO Virtual Server I am trying to get a Virtual test network setup with a copy of our active directory. What would be the best way to do this? I was thinking I could create a Virtual Server on our live network, run DCPROMO on it to promote it to a DC, make a copy of the virtual server image file (to be used for testing), then run DCPROMO again on it to demote it. I would then take the copy of the virtual server image and set it up on the test network. Does this sound like a ok/safe way of doing this? Tag: Restrict Anonymous settings Tag: 176486
  - 20
    - LDAP Query I want to make a LDAP Query in Windows 2000 based Active Directory to get a list of people who logs to a certain workstation an dthe total number. How do i do this? -- Ansy Tag: Restrict Anonymous settings Tag: 176480
  - 21
    - Exchange 2003 installation In Windows 2000 active directory Exchange 5.5 was running fine. Now Exchange5.5 made offline and not available now. When I try to install Exchange 2003 in this Active directory it is now allowing me to install. Can anybody throw light on this issue? Best Regards, Sathya Tag: Restrict Anonymous settings Tag: 176478
  - 22
    - Domain member I have an AD account solely for the purpose of joining workstations as a domain member. What are the rights to be granted to this account? Tag: Restrict Anonymous settings Tag: 176475
  - 23
    - Trusted domains Hello! Can i make a trusted domains without merging tree when the 1st domain is main.domain.com and the 2nd domain is test.main.domain.com? I.e. can exists main.domain.com and test.main.domain.com like a different domains but with trusts between? P.S. I'm not trust admins from the main domain and didn't want give them whole rights on my test.main.domain.com. Thanks! Tag: Restrict Anonymous settings Tag: 176473
  - 24
    - Missing schema attributes in ADSIEdit I am trying to update my Windows 2000 Server domain (with Exchange 2000) to Windows Server 2003. To do so, I must apply the inetorgpersonfix.ldf file before upgrading to avoid mangling some AD attributes that were created when we installed Exchange 2000 years ago. See: http://support.microsoft.com/default.aspx?scid=kb;en-us;314649 The problem I'm having is that the fix won't run because it says the AD directory object it's trying to upodate is not found. Upon looking into the issue using ADSIEdit, it looks like I'm missing entries related to my schema. Under ADSI Edit I have no Schema or Configuration entries for my domain, just the Domain entry, and it's not showing up on the other domain controller either. This example pic shows what I'm missing: http://www.petri.co.il/forums/attachment.php?attachmentid=129&d=1121999118 I only have the Domain section. Any idea how to fix this? I saw a "Reload Schema" option but I'm hesitant to use it before I know exactly what it does. Thanks. Tag: Restrict Anonymous settings Tag: 176470
  - 25
    - Re: RADIUS WiFi Security, Folder Re-Direction, Sync., Offline Folders? I inherited a SOHO setup with a W2K Server Small Business, a W2K3 Server, and a handful of PC's (WinXP Pro, SP2). I installed a new WiFi router (Linksys w/VPN, RADIUS, etc. support), and a new switch (Linksys). I setup this router as the gateway and DNS1. I also re-installed the O/S's on the 2 servers and setup the W2K3 Server as the DC and DNS2. The new domain name is different than before (now, web/email hosting is off site). On the W2K3 Server, I started to re-create user names and logins in Active Directory. The PC's are still looking for the "old" servers for "My Documents" synchronization, anti-virus updates, etc. How do I fix the synchronization issue (new A-V software is going to be installed)? Also, how do I setup Active Directory to do RADIUS for the WiFi router, and what settings must I copy to the router (I can change the encryption and authentication in the router, but both router and DC have to agree)? One last thing... How do I setup standard user account settings (everything from wallpaper to permissions)? Thanks a bunch! F3 <>< Tag: Restrict Anonymous settings Tag: 176465
- Next
  - 1
    - Re: RADIUS WiFi Security, Folder Re-Direction, Sync., Offline Folders? I inherited a SOHO setup with a W2K Server Small Business, a W2K3 Server, and a handful of PC's. I installed a new WiFi router (Linksys w/VPN, RADIUS, etc. support), and a new switch (Linksys). I setup this router as the gateway and DNS1. I also re-installed the O/S's on the 2 servers and setup the W2K3 Server as the DC and DNS2. The new domain name is different than before (now, web/email hosting is off site). On the W2K3 Server, I started to re-create user names and logins in Active Directory. The PC's are still looking for the "old" servers for "My Documents" synchronization, anti-virus updates, etc. How do I fix the synchronization issue (new A-V software is going to be installed)? Also, how do I setup Active Directory to do RADIUS for the WiFi router, and what settings must I copy to the router (I can change the encryption and authentication in the router, but both router and DC have to agree)? Thanks a bunch! F3 <>< Tag: Restrict Anonymous settings Tag: 176464
  - 2
    - Possible to trust domains in separate forests in 2000? We have 2 domains - each one in it's own forest. Is it possible with Windows 2000 to create a trust between them, or is this only allowed in 2003? We are looking to combine our 2 domains and are just now going through the long list of avoidable pitfalls. thank you in advance. Tag: Restrict Anonymous settings Tag: 176458
  - 3
    - Logon Script registry check how to? We have a custom key set in the registry of our XP client machines to differentiate our image build versions. We would like to be able to check that this key (or variants of, depending on build number) exists when a users logs on to the domain (to be sure they are using current builds or even actual internal images). Can this be done via a simple logon script where it would check the presence for one of the defined variable in the client registry (ie: "\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\S ession Manager\Environment")? If the variable is not present it would be logged to a .txt file. I imagine this wouldn't be too difficult but my scripting skills are simply not up to the job...appreciate any feedback. Tag: Restrict Anonymous settings Tag: 176456
  - 4
    - crashed DC1 server Hi, Murphy rules again. An old Windows 2003 server was the first DC in the AD. It was schema master, etc. The new server arrived this week but... the old one quit yesterday with a repeated STOP 0x0000007B error. I cannot get it back up, I cannot even access the disks using a tool like BartPE. There is a Windows 2003 DC2 server in the same domain that I want to give all FSMO's. Doing that it rather straight forward as far as I know, but... I still need to delete the crashed DC1 from the domain. Which KB describes all the steps? I cannot find it? Bonno Bloksma Tag: Restrict Anonymous settings Tag: 176454
  - 5
    - Domain Administrator Lockout Hi, I see in system even log SAM database error messages saying that Account Can't be locked, due to resource error Event ID:12294, and that account is domain\administrator That means something or someone is trying to logon to domain as administrator but failing. (also can't lock the account, because I disabled). How I find from what IP or workstation these attempt being made? Event log doesn't mention Thanks MC Tag: Restrict Anonymous settings Tag: 176451
  - 6
    - Group nesting troubles Hi folks, I'm having a bit a problem with some group nesting issues and I hope some of you might be able to point out the errors of me ways. Please see the problem below: A user cannot access a folder on a file server. This folder has NTFS modify access permission set for "Group C". The user is a member of "Group A" which is nested in "Group B" which is in turn nested in "Group C". Folder Resource -> Group C -> Group B -> Group A -> User Native mode 2003 domain Group A (Universal Distribution) Group B (Universal Security Group) Group C (Universal Security Group) If the user is added directly to the folder resource he can access the folder so I am wondering if this a nesting issue (access token limitation) or an issue with Security/Distribution? Very much appreciate any help or pointers. Thank you. Tag: Restrict Anonymous settings Tag: 176449
  - 7
    - retiring the 1st DC in the domain I am running a 2000 domain, all servers run Win2k /SP4. I would like to retire the 1st domain server and use the server at a small remote site which is not part of the domain. As I write this, this machine currently runs all 5 FSMO roles. My qustion is, how shoudl I transfer these? Are there any problems even if the transfer is succesful? Any suggestion in general? Regards, Tag: Restrict Anonymous settings Tag: 176445
  - 8
    - domain users can not change printer page layout hi, i am using widows 2003 server as domain controller i want that the users should not change the page layout of the printer when they send a page for printing. i want that all the users should print the page only in A4 type. i want to restrict users to print only A4 page format print. can any body help me. thanks. Tag: Restrict Anonymous settings Tag: 176440
  - 9
    - Using old machine to upgrade from NT to 2k then move FSMOs all to I have to upgrade the network at my school. I have been having problems with tests of CDs to upgrade with my HP Poliant servers. I am wondering if i can use one of my workstations (at least 1.8GHz CPUs) to install NT on as a BDC then upgrade to PDC...then upgrade to 2k. I know this isn't great since the machine is older. Could I do this just to upgrade the database to A.D. then run DCPROMO on my 2k member servers and then transfer all the FSMO roles off the old workstation. Thanks for any advise. Tag: Restrict Anonymous settings Tag: 176438
  - 10
    - naming information cannot be located because Hello to all Pro Naming Information cannot be located because: the specified domain either does not exist or could not be contacted. Scenario: Problem with Windows 2000 Advanced Server failed to boot up, then force it to boot i use F8 then goto Last good known configuration and it boot up. But the Problem is when I click on "Active Directory Users and Computers" it displays "Naming Information cannot be..." error but when i click on "Connect to Domain Controller..." and put the server.domain_name.local it can connect to domain. Another problem occur when i want to share my folder for example then add permission to it will display the "Object Picker cannot open because no locations from which objects could be found." therefore i cannot open the Active Directory Users. Pls. help God bless Tag: Restrict Anonymous settings Tag: 176436
  - 11
    - Deleted Accounts(E-mail Exchange) HELP!!! We are currently sitting in a Mixed Mode Environment. Between a WinNT Domain and Win2K Active Directory. We have Multiple WinNT Domain. In Active Directory Management, under Users I noticed there was alot of User Accounts that all had a -1 after them. So I highlighted all these accounts and deleted them. When I did this, it apparently wiped out all the e-mail accounts on the other NT Domains out there. Somehow, these accounts with the -1 were associated to e-mail accounts on the other NT Domains. Can anyone explain why? And since this account is deleted, it looks like the e-mail account is deleted as well. Is the e-mail account gone as well, or is there a way to restore it?? Any help would be appreicated. Tag: Restrict Anonymous settings Tag: 176424
  - 12
    - testing authoritative restore of objects in a windows 2003 SP2 domain Hi guys, I need to test the authoritative restore of a couple of objects in a 2k3 SP2 domain. I have two questions: If I have 3 servers: server1: All FSMO roles (GC too) server2: GC server3: GC Is it ok to perform the authoritative restore on server1 ? Is it ok to just shutdown the other two domain controllers while doing the restore procedure and turn them on once the restore is completed ? Will they automatically replicate with the primary domain controller and get the new (or old,,,depending on how you see it ;-)) objects according to standard AD replications ? Also, does the restore procedure restores exchange attributes, in the event the restore also includes a mailbox enabled user ? Thank you so much in advance for your answer. Have a nice day, zz Tag: Restrict Anonymous settings Tag: 176414
  - 13
    - Unable to login from Pre Windows 2000 PCs I have a Domain for which I have created one additional DC. I still have some win9x PCs which login to this domain for resource utilization. All of a sudden they started to get "The username Or Passwword you have typed is incorrect or logon to domain is denied" error. Where as I tried login with the same user and password from WinXPP pcs there they were successfull. I installed ADSClient also but for no avail. ADC is running web services also. Then I tried restarting the ADC then only the Win9x PC were able to login. Can anybody throw some light on why this happened. Cheers, Sudhi... Tag: Restrict Anonymous settings Tag: 176410
  - 14
    - Remote Reboot Registry Keys I am looking for the Rebote Reboot Registry keys but am having no luck in locating them. I need these because I have added Guest and Interactive to the users list and need to copy this to all my other stations remotely. Any one with a suggestion is greatly appreciated. Thanks James Tag: Restrict Anonymous settings Tag: 176409
  - 15
    - problem in xp One day i insert a chip(monthly) cd and i got some alerts through kaspersky anti virus that some exe files are executing then i quarantine .. From that time onwords my account hass been logged off and asking for password eventhough i dont have password,.. i entered ok with out any password then logged in and logged off... even if i got this problem with adminstrtor as user name .. anybody helpme please!!!! Tag: Restrict Anonymous settings Tag: 176408
  - 16
    - login Scripts not running I have an OU that caintain another OU beneath it. The aprent OU is called WSUS and the lowere OU is called W2K. W2K contains all W2K workstations and WSUS contains the WinXP workstations. I have an GPO on each. WSUS contains the settings for Windows update as well as a login script to enable automatic updates and start the service becuase the services are stoped and disabled. W2K runs a login script to correct DSRT issues. Both login scripts are computer policies. The strange thing is everythingr uns fine on the XP cleints. For the W2K clients who are not at the main site where the script is located in the netlogon directory on the main DC it appears the script is not running. Shouldn't the GPO flow down to the W2K direcotry. Is there any reason why the script to start automatic updates wouldn't apply to cleints at a different site. Any help would be most appreciated. Tag: Restrict Anonymous settings Tag: 176389
  - 17
    - Configure NTP server/clients with no internet connections All, I have a newtwork with several w2k servers and winXp clients. I have no internet connection. I have recently been having time issues on my network. Time is not syncn'ing up with my NTP time server anymore.. And i think i messed it up.. I want to have ServerA host my NTP time source using the CMOS battery on the server, and all the XP clients point to ServerA for their NTP time provider. How do i configure this properly? Is there a GOOD KB article on how to setup disconnected (no internet) networks with a proper NTP time source? TIA Drum on .. .. . . . Tag: Restrict Anonymous settings Tag: 176388
  - 18
    - Set UNIX Attributes by Command line Hello there'a way or a script (by command line) to set UNIX Attributes (nis Domain, uid, ecc.) in active dictory? Tanks to all Tag: Restrict Anonymous settings Tag: 176387
  - 19
    - AD User & Inherited Permissions I have a Domain Admin User object that is behaving strangely. It is located in the root of the domain object. When I go into the security tab and then select the advanced button, I notice the the inherited permission check box is not selected. So I selected it and clicked Apply and OK. A Couple hours latter the box is unchecked. I then manually checked the box on all of our DC's within about 2 minutes time. Within an hour or two the box was unchecked again. I need this Domain Admin to receive the Inherited permissions. Where do I go from here? Jim Tag: Restrict Anonymous settings Tag: 176382
  - 20
    - Rename Domain Controller DC Hi Pros, I been trying to rename the current DC, from WORLDGROUPC to WORLDGROUPC by using Netdom. WORLDGROUP is the old DC with Windows NT 4.0 and WORLDGROUPC is Windows server 2003 we are going to replace the Old server to the new one, therefore, we need to change the NEW server(WORLDGROUPC) to the name of the OLD server(WORLDGROUP). the thing is, I have disconnected the NEW DC from the network when i tried rename it, so that it won't crashes with the OLD DC (which is still running) in the network. so, now the DC (WORLDGROUPC) is standalone, doesn't connect to any network, and i want to change the DC name to WORLDGROUP but in the command Prompt: >netdom computername WORLDGROUPC /add WORLDGROUP When i enter this, it prompt up error: RPC Server is unavailable. please help me to solve this problem, thanks in advance -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forums.aspx/windows-2000-active-directory/200801/1 Tag: Restrict Anonymous settings Tag: 176380
  - 21
    - Active directory replication schedule Hello, can someone explane to me what the differents are between replication schedules? I mean when i open sites and services I see one schedule on the NTDS settings of the site (NTDS site setting), drill down on that site i see a schedule on the replication partner server settings, and I can see a schedule on the site links. I cant exacly tell what the different is can anybody tell me? Thanks, Eric Tag: Restrict Anonymous settings Tag: 176369
  - 22
    - Grant ntfs permission on domain computer to WORKGROUPComp\User How can I grant ntfs permission on domain computer to WORKGROUPComp \User? 1. Computer CompA is a member of Domain DomA 2. Computer CompB is standalone workgroup machine 3. There is TCP/IP connection, routing and DNS resolution between CompA and CompB 4. I need to grant the CompA\SomeUser the permission on some folder of CompB What is the correct method to perform this? Thanks in advance, Dmitry Tag: Restrict Anonymous settings Tag: 176368
  - 23
    - Practice Test Search Engine, It will be your best web site | http://exams.googletoad.com http://exams.googletoad.com Just write your exam number or general phrase (70-227,642-642,cisco,oracle,microsoft,hp,juniper etc.) and hit the search button. Choose your dump (actualtests,pass4sure) , click detail page and click download button. If you have any request just fill the form on the site.. Enjoy.. Tag: Restrict Anonymous settings Tag: 176367
  - 24
    - IWAM and IUSR Accounts I'm fairly clueless as to why these accounts are needed. I see the explanation in the account properties, but my question is, does every server in the domain need to have one of these user accounts? Tag: Restrict Anonymous settings Tag: 176364
  - 25
    - Delegatoin w/ Protocol transition in a Windows 2000 native domain Hi, Some background information first. I have a root domain "rootdom.com" and two child domains "c1.rootdom.com" and "c2.rootdom.com". In the c1 domain I have an IIS 6 with an ASP.net application on it that's running forms-based authentication as well as an Exchange 2003 frontend server running integrated authentication (integrated authentication is the only box checked). The ASP.NET application needs delegated access to the exchange frontend-server by means impersonating the user who's logged in with forms authentication and querying webdav with the user's credentials. What I've done so far: 1. Created a domain user in the "rootdom.com"-domain called "DelegationUser". This account is trusted for delegation. I don't have the "Delegation" tab you get in a 2003-native domain since I'm running 2000-native on all domains. 2. Created service principal names for the "DelegationUser" user the service principal names are: "aspnetserver" and "aspnetserver.c1.rootdom.com" 3. Assigned "DelegationUser" to the ApplicationPool that's running the ASP.NET application which included adding delegationuser to the IIS_WPG group and granting the user the "Act as part of the operating system" privelege on the ASP.NET server. 4. Turned off impersonation on the ASP.NET application 5. Used programmatic impersonation in the ASP.NET application where I create a "new WindowsIdentity(UPN_OF_USER_I_WANT_TO_IMPERSONATE).Impersonate()" 6. While impersonating I query the Exchange 2003-frontend server with webdav. 7. End impersonation and revert to the application pool user which runs the ASP.NEt application Step 6 fails with a 401-error code while steps 1-5 seem to work just fine. I've even checked the identity of the current thread while impersonating, and I can see that it is in fact the user that I'm impersonating. However, the identity is not being delegated to the exchange 2003 server. Things I've tried my self: 1. Trusting the computer accounts for the ASP.NET server and the Exchange 2003 frontend server for delegation. However, this didn't make any difference. 2. Looking in the IIS log "C:\Windows\System32\LogFiles" on the Exchange 2003 server. Doing this I can see that the IIS is reading my webdav queries as anonymous requests. This leads me to believe that it's reverting to NTLM which isn't delegatable. 3. Looking in the event log of the c1.rootdom.com DC and I've seen no failure audits. I presume that this is the DC that should be issuing tickets for the aspnetserver? I know the above scenario works with constrained delegation, since I've done it in a 2003-native domain set up. But it SHOULD work in a 2000-native domain as well. Any help? Tag: Restrict Anonymous settings Tag: 176359

In reading this article http://support.microsoft.com/kb/890161, it suggests
changing restrict anymous setting to a 1 or 2. Am I correct in thinking that
if I change the setting to 2, the 1 NT pc we have will not be able to
authenticate to the domain? Also, I had a root forest domain and then a child
domain. Will this break any trust relationships bewteen the 2? All users
logon to the child domain for authentication. I read somewhere that I
shouldn't set the DCs to 2. Any insights?

Thanks
Deb H

Top