What alternatives are there to ActiveDirectory to administer a large number of computers?
- by Zubair
I would like to know what the different options are or if ActiveDirectory is the only choice.
Search Results
Search found 18506 results on 741 pages for 'active desktop'.
Page 137/741 | < Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144 | Next Page >
-
-
Archive Manager, SQL 2005 and MaxTokenSize high CPU
- by Tim Alexander
So, I posted this question a few days ago: Impact of increasing the MaxTokenSize for Kerberos Tickets Since then the thought was to test our settings on two member servers, one with IIS and one without. I setup two GPOs to configure the MaxTokenSize reg setting to 48000 and MaxFieldLength/MaxRequestBytes to 64200 (based on MS KB2020943, these are set at 4/3 * T + 200). The member server seemed to work ok (a devalued tape backup server). The IIS server however has had some strange repercussions. The IIS Sserver host Quest Software Archive Manager (AM) 4.5 that communicates with SQL Server 2005 Enterprise on Server 2003 R2. After the changes all looked good until the SQL Server hit 100% CPU. I have removed the GPOS, removed the reg values and even replaced them with defaults (12000 for token size and can't remember the other one but was in a blog post about the issue in my other post). No change. Bouncing the IIS Server stops the high CPU and a colleague has looked at the SQL server and it is definitely the AM connection taking up the time/work on the SQL server. I haven't changed the reg values on the SQL server or the DCs but am reluctant to do so without understanding why this has happened. I am guessing its to do with the overriding auth and group issue we have but I am not seeing Kerberos errors in either event log. Has anyone seen something similar or does anyone have some tips? Was definitely blindsided by the Kerberos issue and am swimming against the tide to keep things functioning.Read the article
-
AFP AD ACL permissions issues with external drive
- by AlanGBaker
Mac OS X Server 10.4.11 connected to an AD domain system serving AFP shares to Mac OS X 10.5.8. If I create a share on the the internal RAID of the server with an ACL that allows RW to all ("Domain Users"), then it works, but a share created identically on the external RAID appliance (Drobo v2) doesn't. When the share from the Drobo is mounted, it shows no sign that it has any ACLs associated with it: neither in the Finder (Get Info), nor when checked via the terminal with "ls -lae". The Drobo does show that the ACLs exist when I ssh into the server and check it there, but when the clients mount that share, they just... ...disappear. Any thoughts?Read the article
-
In ADUC MMC, Advanced View, how to get Attribute Editor tab on the result of a Find?
- by geoffc
In Win2008 MS added a new Tab on objects in ADUC. Called Attribute Editor it is like Novell Console One's Other tab, or an arbitrary LDAP editor view, or an ADSI Edit style view. Basically it shows all allowed attributes for the object class, and allows you to edit according to your permissions. You need to enable Advanced Options in the View menu before it shows up. This is great, however it only shows up when you browse the directory tree and select an object. If you use the Find tool and open an object Attribute Editor is not shown. How annoying! Especially if your domain has more than 2000 users in a single container, then you almost must use Find to get to an object. Is there any way to make the Attribute Editor tab show up after using Find to open an object?Read the article
-
Send mail from a distribution group's email address
- by Campo
A user has send permission on a distro group on a WINDOWS SERVER 2003 domain. I am the admin. When either of us sends email using the distribution group's email adress we get a non delivery report Your message did not reach some or all of the intended recipients. Subject: TEST Sent: 4/19/2010 4:46 PM The following recipient(s) cannot be reached: [email protected] on 4/19/2010 4:46 PM You do not have permission to send to this recipient. For assistance, contact your system administrator. MSEXCH:MSExchangeIS:/DC=local/DC=DOMAIN:SERVERNAME Thanks, JCRead the article
-
Logon Failure: the target account name is incorrect after making a ghost image of a server
- by cop1152
I recently replaced a failing SCSI drive in a Windows 2000 server with an IDE drive. I made an image of the SCSI drive and Ghosted it. The purpose of the machine was to give out DHCP at one location and host a couple of files. When I restarted the machine with the new drive, DHCP appears to be working fine, but I cannot get to any of the shares. Instead, I get the following message when attempting to navigate using Explorer. Logon Failure: the target account name is incorrect It appears that this machine is not communicating with the main domain controller. Changes to user accounts (performed on the domain controller) are not replicated on this machine.Read the article
-
finger for Windows
- by tearman
Ok probably a bit of an odd question, but is there a way to enable "finger" like functionality on a Windows network? we'd basically like the ability to find out where a user is logged in on a network and possibly which users are logged onto a workstation if possible. We're currently on AD2003 functional level, with the intent of going to AD2008 very soon, so compatibility in that arena is preferable.Read the article
-
Grant permission for specific other AD users to unlock/log out user from PC
- by Simon Needham
What I'm looking to do is permission a Windows PC (ideally XP but if a later OS version is required so be it) so that a select group of users can unlock the machine, logging the current user out. This something that a Local Admin for the machine would be able to do from a locked screen, however, I'd like to avoid granting Local Admin rights to this group of users if I can. The background here is that this machine is 80% used by one person but is treated as a 'shared machine' on days that the primary user is not around. It's usefull that everybody using the machine can carry on using their own accounts with all the personalisations they are used to. I'd also like to void logging the primary user out every night. No one else in the firm has to put up with that and she does use the machine herself most of the time.Read the article
-
Gotomeeting MSI needs elevated privs?
- by DrZaiusApeLord
Typically I can deploy MSIs with no issue, but the Gotomeeting one refuses to install. SCE lists it as pending and AD just attempts to install it, gives up, and never tries again. When I tried running it by double-clicking its icon, it told me "needs to run with elevated privs." I don't see how I can get AD or SCE to run it with these higher privs. I can run it by using an elevated command prompt and running msiexec from there. The MSI is the one labeled "GoToMeeting MSI Installer (ZIP)" from here: http://support.citrixonline.com/GoToMeeting/search?search=msi Any ideas? I run an environment where the users are non-admins and would love to be able to upgrade this centrally.Read the article
-
Grant relay to servers based on AD security group membership
- by john
We're moving our relay from an Exchange 2003 server to an Exchange 2010 server. I was hoping the "Grant or deny relay permissions to specific users or groups" option would still be available in some form, but I can't find out how to do it. I've read up on recieve connectors and so far I can't get it to work. I have edited the security on the Recieve Connector to allow the following extended rights to the group and added computer accounts to that group: Accept Routing Headers Bypass Anti-spam Submit to Server Accept any Sender Accept any Recipient Then I suddenly realised while testing... How would the receive connector resolve the permission to a particular AD object, maybe a reverse DNS lookup? What I'd like to know is if what I'm trying to achieve is possible, and how it would be possible. I would rather not revert to an IP-based list as this is not as manageable, and I'm trying to avoid creating static IPs/reservations for a number of workstations that would otherwise not need them.Read the article
-
What linux is easy to attach to a windows domain.
- by Arthur Ulfeldt
for a development test bed I need to attach ANY linux machiene to a test AD Domain and do single sign on through it. Is there a Linux Distro that is easy to connect to AD?Read the article
-
Clone roaming Appdata in two places
- by blsub6
I have my users appdata (roaming) stored on a external server in the location that they're normally in. I have some users that are in two locations equally. This provides a problem when someone tries to open up Firefox on a computer in a location other than where their appdata is stored, it takes forever. Is there a way that I can clone the redirected appdata (roaming) folder to two locations and have the folder redirection look for appdata (roaming) based on the location that the user is at?Read the article
-
can't add sharepoint users from trusted domain
- by user22215
I have a very strange problem with our Sharepoint 2007 implementation. I went in today to grant access to a user and was greeted with "The user does not exist or is not unique." Let me start off by saying that this user is not on our domain we have a 2 way trust connecting to one of our subsidiaries. I can see the users in the people pick but can't add them into Sharepoint. This problem flared up after we had some trust issues last two days ago. So I must ask has anyone came across this error and if so what steps did you take to resolve it? This link further highlights my problem: http://social.technet.microsoft.com/forums/en-US/sharepointgeneral/thread/41265a91-191c-4952-9c8c-1e0129b9fd3aRead the article
-
Multi screen RDP in Windows 8.1 Enterprise
- by bgs264
I have just flattened my machine and installed Windows 8.1 Enterprise Edition. I have used the Hyper-V to create a virtual machine for my Software Development stuff, on my VM I have also installed Windows 8.1 Enterprise Edition. I want to have two screen support when using this VM (not using /span) Both the Hyper-V viewer and Remote Desktop give me a tickbox to "Use all my monitors for the remote session". However even with it ticked (and even when I tried the /multimon switch on the command line), I only get a single screen. Am I missing something - this should be supported in Enterprise edition, right? Is there some extra config I need to do on the RDP host? Forgive me if it's an obvious question, I'm more a developer and just stumbling through ;-) Cheers! BenRead the article
-
Windows 8 cannot connect remotely to Windows Server 2012
- by raza naqvi
I have installed Windows Server 2012 and then configured remote applications. At first it was working fine and I could be able to connect remotely and run remote applications from Windows 8 clients. But after few days the following error occurred: Remote Desktop Connection This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator. However I still can connect from Windows 7 without any problem. Only Windows 8 has a problem and cannot connect remotely. Neither remote apps nor RDP is working.Read the article
-
Multiple Domains on an Exchange Server
- by William
When I create a new user in exchange, it asks me to provide the User Logon Name. There is a dropdown box that supposedly allows you to select a domain for the user's login. What is this referring to? How can I make it so that I can create users with different domains in their user logon name? p.s. I am very aware of 'Accepted Domains' in Exchange allowing one user to have several email addresses in different domains. I am just curious how I can modify the user's Logon name specifically.Read the article
-
pam auth via winbind, howto map primary group for users?
- by dr gonzo
I have unix users authenticating to an PDC (via winbind) and want to have the primary group of those users a local unix group (e.g. www-data). users have the group "domain users" with gid 10006 (as the gid winbind mapping) idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes winbind nested groups = yes but want that the primary group is 33 for all users (www-data) how to achieve that?Read the article
-
Domain Trust 2008 to 2003
- by nick3216
I'm having trouble setting up the trust relationship between a Windows Server 2003 and a Windows Server 2008 AD. Domain a is Windows Server 2003 Forest functional level. Domain b is a Windows Server 2008 Forest functional level. I can set up the incoming side of the trust relationship on domain "a" so that it trusts domain "b". Try as I might on domain "b" I can't set up the outgoing side of the trust relationship to domain "a". The GUI interface gives an unhelpful 'The request is not supported'. I'm not sure netdom is being more or less helpful as it refers me to FilterSIDs netdom trust /add b /uo:b\admin /po:* /d:a /ud:a\admin /pd:* /oneside:trusting To improve the security of this external trust, security identifier (SID) filtering is enabled, however, if users have been migrated to the trusted domain and their SID histories have been preserved, you may choose to turn off this feature. For more information about SID filtering and how to turn it off, see the help for netdom trust /FilterSids or see Help and Support. The request is not supported. The command failed to complete succesfully. I say 'less helpful' because Windows Server 2008 doesn't support the /FilterSIDs option. How can we force creation of this trust? Edit: Just to clarify I've checked that the [Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options] "Network access: Allow anonymous SID/Name translation” is enabled on both sides of the trust as per http://social.technet.microsoft.com/Forums/en/winserverDS/thread/cc61fc25-3569-4413-bbfd-92390eb31118Read the article
-
Which Version Control Systems support LDAP/AD users and groups
- by Jason Irwin
Does anyone know which of the big players (if any) support LDAP/AD users and groups for authentication AND database permissions? Specifically, I'm wondering if SVN, GIT, Mercurial etc. will allow users to login/connect based on AD permissions and also allow granular permissions to be applied to folders within the VC database based on groups within AD. So far my research has not shown this to be possible....Read the article
-
Powershell - how to set multiple action on get-aduser "dataset"
- by Patrick Pellegrino
I'm trying to run a script that modify password for multiple AD user accounts, enable the accounts and force a password change at next logon. I use this code but that's not work : Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local" | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassord" -Force) | Enable-ADAccount | Set-ADUSER -ChangePasswordAtLogon $true If I run the Get-ADuser line with ONLY one of the other line that's run fine ex : Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local" | Enable-ADAccount Where I'm wrong ? I'm new to PowerShell probably I'm misunderstanding something.Read the article
-
Windows VPN for remote site connection drawbacks
- by Damo
I'm looking for some thoughts on a particular way of setting up a estate of machines. We have a requirement to install machines into unmanned, remote locations. These machines will auto login and perform tasks controlled from a central server. In order to manage patching, AV, updates etc I want these machines to be joined to a dedicated domain for this estate. Some of the locations will only have 3G connectivity (via other hardware), others will be located on customer premises in internal networks. The central server (of ours) and the Domain Controller will be on a public WAN. I see two ways of facilitating this. Install a router at each location and have a site to site VPN between the remove device and the data centre where the servers are location Have the remote machine dial up and authenticate via a Windows VPN connection to the DC via RAS Option one is more costly to setup and has a higher operational cost. It also offers better diagnostics if the remote PC goes down. Option two works well but is solely dependent on the VPN connection been made before any communication can be made to the remote machine. In a simple test, I can got a Windows 7 machine to dial a VPN prior to authentication to a domain, then automatically login to the machine using domain credentials. If the VPN connection drops, it redials. I can also create a timed task to auto connect every hour in case of other issues. I'd like to know, why (if at all) is operating a remote network of devices which are located in various out of band locations in this way a bad idea? Consider 300-400 remote machines all at different sites. I'd rather have 400 VPN connections to a 2008 server than 400 routers, however I'd like to know other opinions on this.Read the article
-
EFS Remote Encryption
- by Apoulet
We have been trying to setup EFS across our domain. Unfortunately Reading/Writing file over network share does not work, we get an "Access Denied" error. Another worrying fact is that I managed to get it working for 1 machine but no other would work. The machines are all Windows 2008R2, running as VM under ESXi host. According to: http://technet.microsoft.com/en-us/library/bb457116.aspx#EHAA We setup the involved machine to be trusted for delegation The user are not restricted and can be trusted for delegation. The users have logged-in on both side and can read/write encrypted files without issues locally. I enabled Kerberos logging in the registry and this is the relevant logs that I get on the machine that has the encrypted files. In order for all certificate that the user possess (Only Key Name changes): Event ID 5058: Audit Success, "Other System Events" Key file operation. Subject: Security ID: {MyDOMAIN}\{MyID} Account Name: {MyID} Account Domain: {MyDOMAIN} Logon ID: 0xbXXXXXXX Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: Not Available. Key Name: {CE885431-9B4F-47C2-8415-2D766B999999} Key Type: User key. Key File Operation Information: File Path: C:\Users\{MyID}\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4585646465656-260371901-2912106767-1207\66099999999991e891f187e791277da03d_dfe9ecd8-31c4-4b0f-9b57-6fd3cab90760 Operation: Read persisted key from file. Return Code: 0x0[/code] Event ID 5061: Audit Faillure, "System Intergrity" [code]Cryptographic operation. Subject: Security ID: {MyDOMAIN}\{MyID} Account Name: {MyID} Account Domain: {MyDOMAIN} Logon ID: 0xbXXXXXXX Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {CE885431-9B4F-47C2-8415-2D766B999999} Key Type: User key. Cryptographic Operation: Operation: Open Key. Return Code: 0x8009000b Could this be related to this error from the CryptAcquireContext function NTE_BAD_KEY_STATE 0x8009000BL The user password has changed since the private keys were encrypted. The problem is that the users I using at the moment can not change their password.Read the article
-
Firewall GPO not applying despite being enumerated by gpresult
- by jshin47
I have a need to open up the admin$ share on all of my domain's client PC's and I am trying to do so using group policy. I defined computer policy for Windows Firewall with Advanced Security in a policy object linked to the appropriate container and added the appropriate rules. However, they are not being applied! I feel like I have tried all of the obvious steps: I've checked gpresult and the resulting set of policy is the way that I would expect it to look. I've gpupdate /force and gpupdate /sync on a few client computers, but no matter what I do they don't seem to respond to my changes. I know that other computer policies in the GPO are being applied so it is strange that these are not. I have also disabled exceptions on clients in the firewall GPO, but that doesn't seem to be applying either. Here is a screenshot of the firewall.cpl from a client: Basically, although other options in the same GPO ARE applied for computer policy, the firewall settings seem to be ignored.Read the article
-
Remote access not working without connected monitor
- by winSharp93
I am trying to configure a Windows Server 2008 as a Home Server for my personal use (mainly for storing documents, hosting source-control, etc.). The "server" consists of an Intel Atom 2700DC board and an Intel SSD. Configuring remote access to the server, I am confronted with a very strange problem: As long as a monitor is connected to my server, remote access works without any problems. However, when no monitor is connected at boot-time, remote access simply won't work (I keep getting errors when trying to connect that the remote server was not found or that remote access is disabled). Windows definitely boots when no monitor is connected as I receive a message asking me whether to enter safe mode when booting after powering the server down by plugging the power cord. When I plug in a monitor after boot, it stays turned off and remote desktop connections still fail. Do you have any ideas about what I could try?Read the article
-
Squid on Linux Windows Pass through authentication
- by beakersoft
We are setting up a new proxy based on squid on an ubuntu server, and would like to have pass through authentication work for the Windows/Internet Explorer client. We have put the line into the squid.conf for squid_ldap_auth, but this prompts for a username and password in internet explorer. It does work ok once the user puts it in. Whats the 'best' (standard) way of using pass through authentication? Cheers LukeRead the article
