Search Results

Search found 6976 results on 280 pages for 'active'.

Page 60/280 | < Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >

  • Minimum rights to access the whole Users directory on another computer

    - by philipthegreat
    What is the minimum rights required to access the Users directory on another computer via an admin share? I have a batch file that writes some information to a few other computers using a path of \\%COMPUTERNAME%\c$\Users\%USERNAME%\AppData\Roaming. The batch files run under an unprivileged user (part of Domain Users only). How do I set appropriate rights so that service account can access the AppData\Roaming folder for every user on another computer? I'd like to give rights lower than Local Admin, which I know will work. Things I've attempted: As Domain Admin, attempted to give Modify rights to the C:\Users\ directory on the local computer. Error: Access Denied. Set the service account as Local Admin on the other computer. This works, but is against IT policy where I work. I'd like to accomplish this with rights lower than Local Admin. Any suggestions?

    Read the article

  • Run 2008 R2 Service under 2000 Domain Account

    - by NoDisassemble
    I'm trying to get a service to run under a domain account. When I try to add the account, I get the error The account name is invalid or does not exist, or the password is invalid for the account name specified I know the account exists and the password is correct. I am also having trouble adding it manually to the "Log on as a service" setting, I get the error An extended error has occured. Failed to save Local Policy Database After a day of research I'm starting to suspect it has to do with it being a 2008 R2 server trying to use a 2000 domain account. I've tried to change the LAN Manager authentication level and the Minimum session security looks okay per my Google digging. I'm not sure what else I can do?

    Read the article

  • Access Control issue

    - by user160605
    Ok this is stumping me mainly because of the lack of experience I have with access control. I have two folders I need to keep away from users. Payroll and Banking. I went into security and took away all the users. I made a new group called access granted and added it to both folders. I then gave full control to the group. I then added a few days to this group. I tested with partial success. I can only get into some folders and subfolders/files. I made sure I clicked on the option for all subfolders. This is my layout C:(folder) -- permissions granted to admin,access (full control) when I look at the problem files/folders no one has any permissions I don't even see the group or admin. what am I doing wrong. Thanks

    Read the article

  • PowerShell - Finding all of users' group memberships and kicking it out of them

    - by NirPes
    as title says, I have to find all the groups that the user is a member of, and deleting its membership from all of them. I've tried this: get-adgroup -filter * | where {(Get-ADGroupMember $_ | foreach {$_.PrimarySmtpAdress}) -contains "[email protected]"} but it doesnt return anything (although THERE ARE some items that have to be returned) as for the deletion I found no way to do it, could someone give me an example of a code that does this? Im talking about security groups.

    Read the article

  • Distinguished name of Configuration in AD is tampered?

    - by Natan Abolafya
    A user of our product came out with a problem which was caused by the DN of Configuration object in AD. We had a rather static lookup method to find Configuration object, thus it failed. Let's say the domain name of AD is foo.bar.example.com. Therefore, the expected DN of configuration should be CN=Configuration,DC=foo,DC=bar,DC=example,DC=com, right? But somehow, this user's DN of configuration has one value missing: CN=Configuration,DC=bar,DC=example,DC=com. Do you know how can we reproduce this issue (or is it commonly implemented?)?

    Read the article

  • Sudo asks for password twice with LDAP authentication

    - by Gnudiff
    I have Ubuntu 8.04 LTS machine and Windows 2003 AD domain. I have succesfully set up that I can log in with domain username and password, using domain prefix, like "domain+username". Upon login to machine it all works first try, however, for some reason when I try to sudo my logged in user, it asks for the password twice every time when I try sudo. It accepts the password after 2nd time, but not the first time. Once or twice I might think I just keep entering wrong pass the first time, but this is what happens always, any ideas of what's wrong? pam.conf is empty pam.d/sudo only includes common-auth & common-account, and common-auth is: auth sufficient pam_unix.so nullok_secure auth sufficient pam_winbind.so auth requisite pam_deny.so auth required pam_permit.so

    Read the article

  • Windows server 2003SP2 as LDAP replica master for Mac OSX 10.6

    - by FrancoR
    Hello there, we have a single domain controller with Windows 2003 with few child. All the users are in the main DC. We have already created a connection from AD to Mac Xserve 10.6 and can read all the users, but: 1. If the DC goes down (or the net), Mac lose all the users, so no file access, no emails, no nothing. 2. the users are in read only. Mac admin cannot reset password, change attribute and so on. What we need is a stable environment where both AD admins and LDAP admins can manage the users; if one server goes offline the users of the other server should work (email, shared folders) just fine. Thanks in advance P.S. we already tried to connect the MacOSX to Windows LDAP, instead of AD, but we're unable to do it: MacOSX requires DNS IP (gotcha), user admin and password (ok) and a root LDAP password we're unable to find any reference of it in Windows 2003.

    Read the article

  • Is it possible to remotely login to one domain from another (there is a trust created between them)

    - by Joe
    Two AD server representing a domain each in one forest. There is a 2-way Forest-wide trust created between them, but users of one domain cannot remotely login to a machine in another domain. But a share is accessbile from another domain, confirming that the trust is created. Can users remotely login from one domain to another domain? If so, how? Testing environment very simple: W2k3 server (AD server) : Domain : XYZ.com Machines : xp,vista users : u1,u2 w2k8 server (AD server) : Domain : ABC.com users : u3,u4 Connect remotely to xp machine (RDP). use user credential of u1/u2. - able to connect use user credential of u3/u4. - not able to connect

    Read the article

  • What are possible results/side effects if replication between DC's in a Windows domain is unable to occur?

    - by hydroparadise
    There's plenty of administration literature out there how to properly manage Windows servers. But in dealing with real life, things don't always occur like you want them to. In Microsoft's Windows Server 2003 Administrator's Companion, out of 1400+ pages, theres only one page that I could find when it comes up setting up additional domain controlers. They make it sound seemless and don't reveal a whole lot on what happens if "peer" DC's are unable to replicate. Down to the specific issue at hand, we had a DC go down about a month ago due to a bad RAID controller. There was nothing critical that waranted imediate attention, so bringing it back up got put on the back burner. A month later, we get the DC back up and running and everyting seemed ok. The next day, nobody is able to logon complaining that the "user does not exist" or "unable to establish a trust relationship". Knowing that I had just put the downed DC back on the network, I immediately took it back off the network and had everybody restart the workstations. After that, exchange was fine, shares became available, and everybody was able to log in. After doing some event log swimming, it would appear that everything started due to replication issues on the SYSVOL. I've read where you can force replication, but that would mean putting it back on the network. I am afraid to put the DC back on the network in fear that something else could go wrong. So, what other issues could one expect to run into where two DC's are unreplicated for over a month?

    Read the article

  • Add users in Windows machine without AD

    - by guillem
    I have several development machines where I am the administrator. We are using AD in my organization but is maintained by and offshore IT group any request takes a long time. We are currently granting access to developers on development machines manually so it's a bit annoying to maintain although at least it's fast. We have also a lot of external consultants that need to use those machines for some time. Is there any tool or method to maintain a set of users synced on those machines without the need add them to an AD group?

    Read the article

  • When one DC crashes, TFS 2012 stops working

    - by blizz
    We have two Windows 2008 domain controllers. We installed the second DC only a few months ago. We also have a TFS 2012 server on the network. Today, when the older DC crashed, TFS stopped working completely. Local users received messages such as "You are not authorized to access ServerName\Collection". Remote users received messages such as "The server was used in your last session, but it might be offline or unreachable". So my question is, why did TFS not use the second, newer DC instead of just crashing along with the first DC?

    Read the article

  • Group Policy for Setting Passwords: Server 2003 Domain

    - by user1236435
    In my 2003 domain, I am being requested to set a password policy to require passwords to expire every 4 months, and also require users to change their password on their next login, due to a security issue. In my domain, my OU's are setup by location, then drilled down to city, then the users and computers are in separate sub-domains. My question is, how do I set this up for my domain? Will I need to set the policy up for loop back? Can I configure this for just a specific OU? Any suggestions on how to move forward? Any advise is much appreciated, and thanks in advance!

    Read the article

  • Unable to mount cifs in redhat 6

    - by user3734522
    I am relatively new to Linux, and I am trying to mount a CIFS filesystem from an openfiler instance I have on my network in Red Hat. The openfiler instance is authenticating using AD. I am able to connect using samba: smbclient '\\10.25.214.26\cluster_storage.cluster.Cluster' -U [DOMAIN]+[USERNAME] Enter DOMAIN+USERNAME's password: Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.5.6] smb: \> When I attempt to mount on boot via fstab, I am told that the line is bad during startup. mount -t cifs -o username=[DOMAIN]+[USERNAME], password=[my password], domain=[domain.edu] '\\10.25.214.26\cluster_storage.cluster.Cluster' /mnt/scratch Any help would be greatly appreciated.

    Read the article

  • IIS 7 with PHP in Domain with Windows Authentication

    - by Michal Saiyan Hajdony
    I have Windows Server 2008 R2 x64b installed with IIS 7, PHP 5.5. This server is added to domain exampledomain , so I have win authentication enabled and all others disabled. I left the two default providers NTLM and negotiate, I granted IIS_IUSRS read access to wwwroot. So far it has worked for me only as I am added to the Administrators group which has read/write access to wwwroot folder. Yet, when someone else is trying to connect, he gets a credentials window and when he puts the domain name and password he cannot get access to the page. The issue is solved when I add read permission to "Domain users" - then all works fine. BUT. My issue is that if one opens windows explorer and types \\servername\wwwroot one can see the files and read them. I have never configured IIS before so I know I miss some really important thing. How can I solve the file visibility problem?

    Read the article

  • Adding addresses to ActiveDirectory with Thunderbird

    - by Fa3ien
    We use a Windows 2003 server and XP stations. The server's LDAP is working ok, as I am able to retrieve the addresses it contains with Thunderbird. I'd like to be able to ADD an address to the server's book (the address of a new contact that freshly wrote me, for example) directly from Thunderbird, but that doesn't seem possible. What can I do ?

    Read the article

  • Introducing a Windows Domain Controller into an all mac-client network

    - by Anon
    A company is about to hire me to be their I.T. Admin. (They currently have no Admin). In the interview, they stated one of the things they want me to do is put in a MS Domain Controller. The thing is, they are a graphic design company with about 100 Mac Clients and maybe 5 Windows Clients. So other than login-credentials and network shares, what is the benefit of this? Should I just tell them to use the OSX equivalent of AD? How hard is it to learn whatever OSX's AD is?

    Read the article

  • Windows 2012 Master & Ubuntu Bind 9 Slave & SOA

    - by RecentCoin
    I'm kinda like the maid... I don't do Windows. But thanks to new things we're implementing, I'm now attempting replicating a single zone from our AD cluster. We had this working just fine but someone had to "adjust" it. That broke the replication completely. We've gotten that restarted but now a different DC is showing as the SOA. Does it matter which of the domain controllers is listed as the SOA? The contents of the zone file appear to be correct. Part of me says "Good enough. Leave it be." but the rest of me doesn't want a 3AM phone call. So does anyone know if it matters which DC is listed as the SOA?

    Read the article

  • How to clean up orphaned SID's in ACEs in AD?

    - by geoffc
    As a follow up to my question Do backlinks clear in AD for deleted users I have another related but different question. Since I am informed in the answers there that a deleted object's SID (Group or User, so assigning rights to group only minimizes the issue, and does not fix it) will remain within ACEs they have been assigned, leaving them orphaned. Lotus Domino, which has similar issues with back references, has an adminp process to clean up such orphaned references. Is there a similar process in AD that would allow you to clean up such orphaned SIDs floating around your domain?

    Read the article

  • how do I list Distribution Group (List) and their members inside of an OU using AD or exchange 2010

    - by wraak
    our entire domain has thousands of distribution groups, while i can use the script referenced here: How to get a list of all Distribution Lists and their Members in Exchange 2007? to pull all distribution groups and their members, it would be too hard to filter through all results. I particularilly need to pull either a. (preferred) all groups (both distribution and security) and their members inside of an OU (this particular OU contains over 100 hundred groups) or b. all groups and members matching a name starting with exampl* dsquery | dsget looks like could almost serve that purpose however when i did: dsquery group "OU=my-department,DC=blah,DC=blahblah,DC=com" -name * | dsget group -members (-expand) c:\my-department.txt it displays only the members without showing which group they belong to. The output I need should have: group name, members and potentially expanded sub-groups. i am still researching on how to get this done, seems like i can somehow make the above referenced script to search only inside of an OU, but i am not very familiar with powershell. any help would be appreciated, thank you.

    Read the article

  • Do I really need to reboot for AD changes to be applied?

    - by stimms
    Every time I request a permission change the IT group at my company instructs me to wait 20 minutes and reboot the computer. I cannot believe that in this day and age you still need to reboot the computer to clear whatever cache stores the permissions locally. It feels like something out of the NT 4 days. Do you actually still need to reboot the computer? Is a logout/login sufficient? Is there still a long time(20 minutes) for the changes to propagate through the AD tree?

    Read the article

  • Automatically make user local administrator on their computer through GPO?

    - by Grant
    In our AD 2003 domain each user gets local admin permissions on their computer. Everyone else can login with their domain account as normal user. Right now this means going to the desktop and manually adding the user as a local administrator. Is there any way to automate this process through logon scripts or GPOs? I have found ways to use a gpo to make everyone who logs in to a computer a local admin, but really only want to give it to the primary user (or in some cases users) of the computer. I've also seen methods that required adding a group for each computer...but really dont want to clutter AD like that. I do have a list mapping each user to each computer name. If it matters the desktops are a mix of xp and win7.

    Read the article

  • Domain in a hosted environment

    - by cpgascho
    We have an application we host in a third party data center for our clients. We have multiple clients running the same application on several racks of servers. Most of our clients require that our servers be SAS70 compliant. Currently each server has it's own set of users and security settings that need to be configured. We are creating scripts to do this, but what would be the risks/advantages of joining all the servers to the domain for User Management and Group policy for enforcing security settings? The rational of some is that if the DC is hacked the whole network would be compromised where as if one stand alone hosted server is hacked everything else should be safe.

    Read the article

  • Lastlogon - Should it sync accross all domain controlers

    - by EKS
    Im using LastLogon attribute to check when a user account last was used, but i see the value seems to be updated on each DC when a user logs in via that DC. And its NOT synced across the different domain controlers. So my question is: Is this how this attribute should work? Or is it something wrong in our domain?

    Read the article

  • can't enable share on clients in my network

    - by nahman
    i installed on my subnet a win 2003 server as the domain controller, with dhcp and dns options too. the clients, win xp pro and and win 2003 server. in my clients when i log in via the domain, i don't have the option to share folders in the netwrok! i want to share folders this way: right lcick on the fodler Properties Sharing Share how can i make it appear? (if i log in to the computer as the administrator i do have this option) p.s. please be specific for how to enable it, thanks a lot :) nahman.

    Read the article

< Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >