Search Results

Search found 45505 results on 1821 pages for 'change directory'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 79/1821 | < Previous Page | 75 76 77 78 79 80 81 82 83 84 85 86  | Next Page >

  • AD reset user passwords for a security group

    - by Nathan C
    I'm not quite sure if this is possible or not, but I need to force a certain security group's users to have their passwords expire so they'll be forced to change them on next login. The reason for this is because I applied a FGPP (password policy) to this particular group in order to enforce strong passwords. Well, many users have really weak passwords and they won't be changed unless they're forced. Is there a way to do this without forcing everyone to a single password?

    Read the article

  • Laptops on Windows Domain sometimes have problems accessing internet when off-site

    - by FSUScoot
    Hi all-- We've had this problem for a long time. When users travel, sometimes they can't get internet access from a wired or wireless connection. Here are a couple examples: 1) A user goes to a hotel and tries to access the wireless in their room. They can connect to the access point. They open a web browser and they can't get re-directed to the hotel's login page. Because they can't log in, there's no internet access. 2) A user goes to another laboratory/university and tries to access the wired network. They connect, link is fine, PC gets IP from DHCP but no internet access. There's no login page to be re-directed to. It should just "work". What I've found is that it's a DNS issue. Because the computer is on a Windows Domain, it seems it MUST use our DNS servers. Even if you connect to an outside network and do an ipconfig /all, it looks like everything is ok. It'll even show their DNS servers listed in the config. The computer just won't use the other network's DNS server. I found a reg key that keeps our DNS servers listed and it seems that they take priority every time: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient All the values under that key are for our AD domain. NameServer and Searchlist never change. What I've found is if the user edits the NameServer string and puts the DNS server of the network they're on, everything works just fine. They get re-directed to the hotel's correct login page or their internet access starts working. It's only a problem if the network they're on blocks outside DNS or a hotel that uses an internal name in their front page redirection that only their DNS server knows about, i.e., not public. If the re-direct page starts with an IP, like 10.10.10.10, it'll work just fine. Obviously this isn't a fix for everyone. Most of my users are pretty knowledgeable so it’s easy for me to walk them through or send them a .reg file that they can edit and run. This problem isn't limited to Windows 7. It was like this with XP as well. It's not hardware related. The problem exists on both wired and wireless, Intel or Broadcom, laptops or desktops. Anyone else have this problem? Is there a GPO I can change that I missed? Got a good work-around for this? Thanks for any help!

    Read the article

  • CertificateServicesClient-CredentialRoaming error 1005

    - by PVitt
    We have a Microsoft Team Foundation Server (Single Server Installation, i.e. Microsoft SQL Server 2008, Microsoft Windows SharePonint Services 3.0) installed on a Windows Server 2008 machine. The TFS works fine, but there are error events logged frequently: Log Name: Application Source: Microsoft-Windows-CertificateServicesClient-CredentialRoaming Event ID: 1005 Level: Error Description: Certificate Services Client: Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.) The problem is clear (the error message is quite precise) but I don't have a clue how to fix it! Where has the access to be granted? What permissions have to be set?

    Read the article

  • Get-ADGroupMember returns nothing while being completed successfully

    - by Volodymyr
    I've tried to list all of the members of one of the groups in AD, but nothing is returned, although the command is completed successfully. It neither works with group DN specified, instead of sAMAccountName. Get-ADGroupMember "sAMAccountName" -Recursive | select name See output below: The following message appears if one views Members from dsa.msc --------------------------- Active Directory Domain Services --------------------------- Some of the object names cannot be shown in their user-friendly form. This can happen if the object is from an external domain and that domain is not available to translate the object's name. --------------------------- OK --------------------------- Can this be a reason for powershell not returning results? Any thoughts? UPD: this doesn't seem to be permissions issue, since dsquery does return group members.

    Read the article

  • Windows Server 2008 R2 LDAPS

    - by Chad Moran
    I have a Server 2008 R2 server with ADDS installed. I'm trying to configure HP's ILO utility to connect to it over SSL. I installed the Active Directory Certificate Service, after doing so I'm still not able to connect to LDAP over SSL. I checked the event log and it's showing warnings with Event ID 36886 saying that there aren't default credentials yet. I'm not too sure why this is happening. I haven't done anything with ADCS other than installing the service do I need to create a certificate for the server?

    Read the article

  • Reset UAC on a folder after permitting access

    - by Roel Vlemmings
    When I access a folder in Program Files I get a UAC prompt confirming with me that I want to permit access to it. I say "yes" and get permanent access. My question is: how do I reset this folder so that it prompts me again. The reason I ask is that I am testing a .NET program I wrote that deals with directory access permissions and I need to test it with the UAC protection on. But now that I have permitted access manually, I can't figure out how to turn the UAC protection back on to retest my program.

    Read the article

  • Massive Network Upgrade

    - by Cliff Racer
    I find myself tasked with organizing an upgrade of our entire Active Directory from server 2003 to 2008. We run a few AD dependant services such as Exchange 2007 SQL Server 2008 SharePoint 2007 All of which we are looking to bring up to date as well with their most recent versions. The original AD was a little bit of a mess (the exchange upgrade from 2003 left some stuff in the AD database that I make references to servers that no longer exist for example). Here is what I want to accomplish Migrate the domain from our 2003 to a NEW clean 2008r2 domain Upgrade from Sharepoint 2007 to 2010 Upgrade Exchange from 2007 to 2010 My question is, in what order do we do things? Can I do a domain upgrade and simply migrate exchange after? On their own, these objectives are complicated enough, orchestrating them in our company while minimizing downtime is making my head spin. I have done a lot of the research on how to do them individually but I am having trouble figuring out how to do them all in concert.

    Read the article

  • Can you authenticate into SSAS with AD LDS (ADAM) accounts?

    - by Jaxidian
    I'm very new to AD LDS and experienced but not qualified with SSAS, so my apologies for my ignorances with these. We have a couple implementations where we expose SSAS via an HTTPS proxy (msmdpump.dll) and currently we have a temporary domain setup handling this (where our end-users have a second account+creds to manage because of this = non-ideal). I want to move us towards a more permanent solution which I'm thinking of moving all authentication to AD LDS for our web apps, SSAS, and others. However, SSAS is where I'm concerned about this. I know SSAS requires Windows Authentication and to play nicely, and that this ultimately means Active Directory will be involved. Is there a way to get this done with AD LDS instead of having to use a full AD DS implementation? If so, how? (Note: My question over at StackOverflow had a suggestion that I post this question here on ServerFault instead. My apologies if I'm not asking in the right forum.)

    Read the article

  • Windows Service and Group Policy unable to access network share on Win2008 Domain

    - by Terence Johnson
    I have one computer on my domain that has suddenly stopped receiving software updates via group policy. Domain logins still work, and group policy on the machine is still being updated, so it knows that there are new packages to install and where to look for them, but every time it tries to install a package, it throws a 1622 error (location not found). Logged in users can reach the same network shares, and every other computer on network is installing the packages. Further investigation found that other services running as "System" on the problematic computer are also unable to authenticate to network shares. How do I diagnose/fix this computer's account in Active Directory? The computer account exists, and is a member of "Domain Computers" - or is there something else I should be looking at?

    Read the article

  • Windows server 2008 issue

    - by Matt Fitz
    We have 2 domains “pdc1” and “devkc” both are windows 2000 Active Directory domains with a 2-way trust relationship in place., has been this way for years. All of our developer machines are joined to the “devkc” domain but the users log into there accounts on the “pdc1” domain. This all works fine with Windows XP, 2000 and 2003 server. However with Windows Server 2008 the users can only log into the “devkc” domain that the machine is joined to, they can not log into the “pdc1” domain. The following error results: "The security database on this server does not have a computer account for this workstation trust relationship” Any ideas would be greatly appreaciated Thanks Matt Fitz

    Read the article

  • lsass.exe memory leak on windows 2003 server

    - by thelsdj
    In the past month or so I noticed that lsass.exe has started to leak memory, getting to 500MB+ of ram in under a week after reboot. Before this I had never noticed it using any significant amount of memory compared to other processes on the system. This is happening on 2 identical servers, neither of which has anything to do with Active Directory. Maybe a recent Windows Update has caused this? Any thoughts on things to check? As a side question is there some way to recycle the memory usage of lsass.exe without rebooting? Edit: Here is what I'm seeing in Process Monitor, there are thousands of registry open/query/close a minute from lsass.exe. How can I track down what is triggering these?

    Read the article

  • Using net group to add users to a AD group

    - by numone
    Hi, I'm trying to add users to the an Active Directory group using net group. We use Domain Local groups for everything. When I go to run the command net group "group name" "username" /add /domain it returns "The group name could not be found. More help is available by typing NET HELPMSG 2220." If I create a Global group and try to add them it works without issues. I would rather not re-do all of our groups just to be able to use this to add people to a group. Any thoughts/suggestions?

    Read the article

  • How to handle external and internal DNS on windows 2012

    - by ThePopcorn
    I'm trying to setup an Active Directory network on Server 2012 R2, and want AD's DNS to only be used internally (Ex: domain-controller.company.com) as well as some records that need both internal and external accessibility (Ex: mail.company.com) that use internal IP's on the internal network and finally some records that only need external access. The only solutions i have been able to think of, or look up are to either use a sub domain that handles all internal records, and use the plain company.com domain for all external records. These both seem to mean i have to manage two DNS servers separately. Is either of these the best ways or am i messing up somewhere?

    Read the article

  • Best practice for authenticating DMZ against AD in LAN

    - by Sergei
    We have few customer facing servers in DMZ that also have user accounts , all accounts are in shadow password file. I am trying to consolidate user logons and thinking about letting LAN users to authenticate against Active Directory.Services needing authentication are Apache, Proftpd and ssh. After consulting security team I have setup authentication DMZ that has LDAPS proxy that in turn contacts another LDAPS proxy (proxy2) in LAN and this one passes authentication info via LDAP (as LDAP bind) to AD controller.Second LDAP proxy only needed because AD server refuses speak TLS with our secure LDAP implemetation. This works for Apache using appropriate module.At a later stage I may try to move customer accounts from servers to LDAP proxy so they are not scattered around servers. For SSH I joined proxy2 to Windows domain so users can logon using their windows credentials.Then I created ssh keys and copied them to DMZ servers using ssh-copy, to enable passwordless logon once users are authenticated. Is this a good way to implement this kind of SSO?Did I miss any security issues here or maybe there is a better way ofachieving my goal?

    Read the article

  • Tools for retrieving and modifying multi-value attributes in Microsoft ActiveDirectory

    - by Justin
    Most attributes in MSAD are single-valued and pose no problem. I am familiar with the dsquery user -samid jdoe | dsmod -webpg "http://some.url/" method. However, some attributes are multi-valued, such as telephone number and webpage. These values can be managed through the Active Directory Users & Computers Microsoft Console (dsa.msc) via the dialogue shown by clicking on the "Other..." button, but I'd really rather script the modifications. It seems to me that dsmod & dsget do not support multi-value retrieval and editing; only the first value of the set seems to be accesible. Am I correct? If I am not correct, I would appreciate a syntax example. If I am correct, would you please recommend an alternative scriptable tool that can handle multi-value attributes? The more "official and supported" the tool, the better.

    Read the article

  • How to fix? => Your system administrator does not allow the user of saved credentials to log on to the remote computer

    - by Pure.Krome
    At our office, any of our Windows 7 Clients get this error message when we try and RDP to a remote W2K8 Server outside of the office :- Your system administrator does not allow the user of saved credentials to log on to the remote computer XXX because its identity is not fully verified. Please enter new credentials A quick google search leads to some posts they all suggest I edit group policy, etc. I'm under the impression, that the common fix for this, is to follow those instructions -per Windows7 machine-. Ack :( Is there anyway I can do something via our office Active Directory .. which auto updates all Windows 7 clients in the office LAN?

    Read the article

  • Windows 2008 R2 File Sharing - 'Access denied' if groups are specified in ACL

    - by John Smith
    I am trying to move our old Windows 2003 File Server to Windows 2008 R2. What I have noticed, however, is that the entries for groups in the ACL are being ignored. For example, a user is part of a group in active directory. If I create a folder and enable full access for this group, then share this folder (and define sharing permissions for this group), users in that group do not get access to that folder. If I make an entry in the ACL for the user itself, it works perfectly. These even applies to my domain administrator account - If I create a folder and give full control to the local administrators group / domain administrators group, and I physically log on to the server, I still do not get access - I need to explicitly define my name to proceed. I am not sure what the problem is, tried looking it up in Google to no avail Any assistance will be greatly appreciated

    Read the article

  • GPO best practices : Security-Group Filtering Versus OU

    - by Olivier Rochaix
    Good afternoon everyone, I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU. Do you think it is a good practice or should I stick to OU ? We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups. The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU. Thanks for your advices, Olivier

    Read the article

  • When i log on then i get annyoing cmd windows in windows7

    - by user191542
    I am using windows 7 on my office PC and that is linked with Active directory. I dont't know what happend if installed something few days ago many small softwares. I don't know if there was some virus or something but anti virus didn't tell anything. Now when i log ion then i keep getting many cmd screen opening and closing and i can't do anything. If i switch user and log with my admin acount then it also happens again witha dmin account. Now when again if i go back to old screen by switching user. then annoying cmd windows are not there. i want to know how can i fix that I managed to get print screen of that

    Read the article

  • Default permissions for courier imap folders

    - by JoeCoder
    I'm using courier imap. When a mail client creates a new folder, it's created on the filesystem with 640 permission. I need it to be writable by the group, or 660. I currently have /etc/courier/imapd IMAP_UMASK=007, but that's not enough. I'm not sure what else to try. Any ideas? I'm using ubuntu server 12.04. EDIT: I added a 50pt bounty to this. For an acceptable answer, I need a way to make it work from a package in a standard repo. If I download source and compile it myself, it won't be automatically kept up to date with security fixes. If I don't find a better answer, I'll add code to the admin script to call another sudo approved script to chmod -R the whole directory before every change. But this is kind of hack-ish.

    Read the article

  • Remote desktop to particular server tries to send print job

    - by Jerry Dodge
    We have a domain network with about 30 computers and an active directory on Windows Server SBS 2003 32bit. Whenever I connect to this server from my Windows 7 Pro 32bit client, it automatically attempts to send some sort of print job. It fails to print however and the printer never seems to receive the job. I have been seeing this happen on every computer which connects to this particular server. It seems to send these print jobs repeatedly, and to different printers, if more than one are installed. As soon as I cancel one print job, it starts another, repeats a few times and finally stops. What could be going on here? PS - I originally thought this was related to MS OneNote but this turns out to happen on computers which do not have OneNote.

    Read the article

  • Should I install an AV product on my domain controller?

    - by mhud
    Should I run a server-specific antivirus, regular antivirus, or no antivirus at all on my servers, particularly my Domain Controllers? Here's some background about why I'm asking this question: I've never questioned that antivirus software should be running on all windows machines, period. Lately I've had some obscure Active Directory related issues that I have tracked down to antivirus software running on our domain controllers. The specific issue was that Symantec Endpoint Protection was running on all domain controllers. Occasionally, our Exchange server triggered a false-positive in Symantec's "Network Threat Protection" on each DC in sequence. After exhausting access to all DCs, Exchange began refusing requests, presumably because it could not communicate with any Global Catalog servers or perform any authentication. Outages would last about ten minutes at a time, and would occur once every few days. It took a long time to isolate the problem because it was not easily reproducible and generally investigation was done after the issue resolved itself.

    Read the article

  • Should websites live in /var/ or /usr/ according to recommended usage?

    - by nbolton
    According to a guide on the Linux directory structure, /usr/ is for application files, and /var/ is for files that change (I assume this means "files that belong to the applications"). Is this correct? If this is the case then I'm a little torn between using either. A website is an application (if it's dynamic, so to speak), but in other cases it is just a collection of files used by Apache. The default www dir lives in /var/www/, so should we follow suit by using /var/websites/ (or something similar), or choose /usr/websites/ since they could be applications? This is a very trivial question, but it's bugging me nonetheless. For our case, I'm leaning toward /usr/web or something like that, since our websites are all applications. Update: This is for our company websites; it's not a shared hosting server, so we don't need to worry about separating them in /home/ or anything like that.

    Read the article

  • Linux - How to control Winbind Authentication cache timeout

    - by cybervedaa
    I have configured my linux machines (running CentOS 5.2) to authenticate against a Windows server running Active Directory. I have even enabled winbind offline logon. Everything works as expected, however I'm also looking to impose a TTL for the winbind authentication cache. So far all I found was the below snippet from the samba documentation winbind cache time (G) This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again. **This does not apply to authentication requests**, these are always evaluated in real time unless the winbind offline logon option has been enabled. Default: winbind cache time = 300 Clearly the winbind cache time parameter does not control the cache TTL for authentication requests. Is there any other way I can implement a cache timeout for winbind authentication requests? Thank you

    Read the article

  • Authenticating Linux users against AD without Likewise Open

    - by Graeme Donaldson
    Has anyone got their Linux systems authenticating against Active Directory without using Likewise Open? We are close to implementing Likewise Open, but first we need to rename roughly 70 of 110 Linux servers so that their hostnames are not longer than 15 characters. This is required because Likewise Open actually joins the Linux computer to the domain, and it fails to do so if the hostname is too long due to some legacy NetBIOS naming limitation. Is there a way to authenticate via AD, using only LDAP perhaps? What are the advantages/disadvantages over doing it like that vs just using Likewise?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 75 76 77 78 79 80 81 82 83 84 85 86  | Next Page >