Search Results

Search found 20796 results on 832 pages for 'active window'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 102/832 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

  • Powershell - how to set multiple action on get-aduser "dataset"

    - by Patrick Pellegrino
    I'm trying to run a script that modify password for multiple AD user accounts, enable the accounts and force a password change at next logon. I use this code but that's not work : Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local" | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassord" -Force) | Enable-ADAccount | Set-ADUSER -ChangePasswordAtLogon $true If I run the Get-ADuser line with ONLY one of the other line that's run fine ex : Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local" | Enable-ADAccount Where I'm wrong ? I'm new to PowerShell probably I'm misunderstanding something.

    Read the article

  • Windows VPN for remote site connection drawbacks

    - by Damo
    I'm looking for some thoughts on a particular way of setting up a estate of machines. We have a requirement to install machines into unmanned, remote locations. These machines will auto login and perform tasks controlled from a central server. In order to manage patching, AV, updates etc I want these machines to be joined to a dedicated domain for this estate. Some of the locations will only have 3G connectivity (via other hardware), others will be located on customer premises in internal networks. The central server (of ours) and the Domain Controller will be on a public WAN. I see two ways of facilitating this. Install a router at each location and have a site to site VPN between the remove device and the data centre where the servers are location Have the remote machine dial up and authenticate via a Windows VPN connection to the DC via RAS Option one is more costly to setup and has a higher operational cost. It also offers better diagnostics if the remote PC goes down. Option two works well but is solely dependent on the VPN connection been made before any communication can be made to the remote machine. In a simple test, I can got a Windows 7 machine to dial a VPN prior to authentication to a domain, then automatically login to the machine using domain credentials. If the VPN connection drops, it redials. I can also create a timed task to auto connect every hour in case of other issues. I'd like to know, why (if at all) is operating a remote network of devices which are located in various out of band locations in this way a bad idea? Consider 300-400 remote machines all at different sites. I'd rather have 400 VPN connections to a 2008 server than 400 routers, however I'd like to know other opinions on this.

    Read the article

  • Grant permission for specific other AD users to unlock/log out user from PC

    - by Simon Needham
    What I'm looking to do is permission a Windows PC (ideally XP but if a later OS version is required so be it) so that a select group of users can unlock the machine, logging the current user out. This something that a Local Admin for the machine would be able to do from a locked screen, however, I'd like to avoid granting Local Admin rights to this group of users if I can. The background here is that this machine is 80% used by one person but is treated as a 'shared machine' on days that the primary user is not around. It's usefull that everybody using the machine can carry on using their own accounts with all the personalisations they are used to. I'd also like to void logging the primary user out every night. No one else in the firm has to put up with that and she does use the machine herself most of the time.

    Read the article

  • Archive Manager, SQL 2005 and MaxTokenSize high CPU

    - by Tim Alexander
    So, I posted this question a few days ago: Impact of increasing the MaxTokenSize for Kerberos Tickets Since then the thought was to test our settings on two member servers, one with IIS and one without. I setup two GPOs to configure the MaxTokenSize reg setting to 48000 and MaxFieldLength/MaxRequestBytes to 64200 (based on MS KB2020943, these are set at 4/3 * T + 200). The member server seemed to work ok (a devalued tape backup server). The IIS server however has had some strange repercussions. The IIS Sserver host Quest Software Archive Manager (AM) 4.5 that communicates with SQL Server 2005 Enterprise on Server 2003 R2. After the changes all looked good until the SQL Server hit 100% CPU. I have removed the GPOS, removed the reg values and even replaced them with defaults (12000 for token size and can't remember the other one but was in a blog post about the issue in my other post). No change. Bouncing the IIS Server stops the high CPU and a colleague has looked at the SQL server and it is definitely the AM connection taking up the time/work on the SQL server. I haven't changed the reg values on the SQL server or the DCs but am reluctant to do so without understanding why this has happened. I am guessing its to do with the overriding auth and group issue we have but I am not seeing Kerberos errors in either event log. Has anyone seen something similar or does anyone have some tips? Was definitely blindsided by the Kerberos issue and am swimming against the tide to keep things functioning.

    Read the article

  • Account to read AD, join machine to domain, delete computer accounts and move computers to OUs

    - by Ben
    I want to create an account that will perform the following: Join computers to a domain (not restricted to 10, like a normal user) Check for computer accounts in AD Delete computers from AD Move computers between OUs I don't want to allow it to do anything else, so don't want a domain admin account. Can anyone guide me in the right direction in terms of permissions? Not sure if I should be using delegation of control wizard? Cheers, Ben

    Read the article

  • Cannot authenticate a domain user with SQL Server 2008

    - by Sambo
    I'm new to setting up Domains so I might be missing something simple here... I've installed SQL Server 2008 on a Windows Server 2008 R2 box and I have another WS2008 R2 box acting as the domain controller. I've joined the SQL server to the domain and it seems to be behaving itself fine. I can ping the DC by name and IP address. I created a domain user 'SPSQLAdmin' that I want to use for database access with SharePoint but I can't seem to log on to SQL with this user. SQL complains, saying that the user belongs to an untrusted domain. I've configured the DC to delegate control for any service to the SQL Server but it doesn't improve the situation. What should I try next? Thanks in advance.

    Read the article

  • Logon Failure: the target account name is incorrect after making a ghost image of a server

    - by cop1152
    I recently replaced a failing SCSI drive in a Windows 2000 server with an IDE drive. I made an image of the SCSI drive and Ghosted it. The purpose of the machine was to give out DHCP at one location and host a couple of files. When I restarted the machine with the new drive, DHCP appears to be working fine, but I cannot get to any of the shares. Instead, I get the following message when attempting to navigate using Explorer. Logon Failure: the target account name is incorrect It appears that this machine is not communicating with the main domain controller. Changes to user accounts (performed on the domain controller) are not replicated on this machine.

    Read the article

  • Effective Permissions displays incorrect information

    - by Konrads
    I have a security mystery :) Effective permissions tab shows that a few sampled users (IT ops) have any and all rights (all boxes are ticked). The permissions show that Local Administrators group has full access and some business users have too of which the sampled users are not members of. Local Administrators group has some AD IT Ops related groups of which the sampled users, again, appear not be members. The sampled users are not members of Domain Administrators either. I've tried tracing backwards (from permissions to user) and forwards (user to permission) and could not find anything. At this point, there are three options: I've missed something and they are members of some groups. There's another way of getting full permissions. Effective Permissions are horribly wrong. Is there a way to retrieve the decision logic of Effective Permissions? Any hints, tips, ideas? UPDATE: The winning answer is number 3 - Effective Permissions are horribly wrong. When comparing outputs as ran from the server logged on as admin and when running it as a regular user from remote computer show different results: All boxes (FULL) access and on server - None. Actually testing the access, of course, denies access.

    Read the article

  • Automatically taken out of AD domain

    - by Mattias
    Hi Guys, arrived to work this morning just to find that I couldn't log on to my computer. As it turned out my computer had been "unjoined" from our domain. I am positive that I didn't "unjoin" manually yesterday before I closed the computer down. Have anyone experienced this behavior before and is it even possible? Or should I start getting nervous about anyone playing around on the serverside? I'm running my domaincontroller on a Windows2003 server and the client computer that got "unjoined" is a Windows 7 Ultimate.

    Read the article

  • finger for Windows

    - by tearman
    Ok probably a bit of an odd question, but is there a way to enable "finger" like functionality on a Windows network? we'd basically like the ability to find out where a user is logged in on a network and possibly which users are logged onto a workstation if possible. We're currently on AD2003 functional level, with the intent of going to AD2008 very soon, so compatibility in that arena is preferable.

    Read the article

  • Recommended service account setup for MS SQL Server 2005/2008

    - by boxerbucks
    We have a number of MS SQL servers in our environment running either SQL Server 2005 standard/enterprise or SQL server 2008 enterprise. Currently the SQL services are running as local service or network service and the MS recommended best practice is to run as a domain account which is what we are trying to move towards. Is the best practice with regards to domain accounts to have a separate domain account per service per server? So if we have 4 SQL services we want to run per server and we have 50 servers, we would create 50 * 4 = 200 accounts in AD? This seems excessive to me and I was wondering if anyone has any real experience with this type of setup and it's management.

    Read the article

  • Joining new DC to AD - DNS name does not exist

    - by Andrew Connell
    I had a DC fail on me recently and trying to add a new one to my domain, although I'm sensing I might have other issues in my domain. I'm a dev at heart and know just enough about AD to be dangerous so looking for some assistance. My working DC is RIVERCITY-DC12. I'm trying to promote RIVERCITY-DC14 as a DC to the RIVERCITY domain, but when I run DCPROMO, at the NETWORK CREDENTIALS step where I point to the name of the domain (rivercity.local), I get "An AD DC for the domain rivercity.local cannot be contacted" and in the details see "The error was DNS name does not exist" Looking at RIVERCITY-DC12, I can see DNS is working, I've been able to query it from other machines in my domain, and no errors are reported in the DNS category within the Event Viewer. When I checked the FMSO roles, it shows RIVERCITY-DC12 is the machine for all listed roles. Not sure what I should do next or how to troubleshoot/investigate after searching around for a solution... ideas? Environment: Domain: rivercity (rivercity.local) Forest functional level: Windows 2000 (I'm more than happy to raise this) Windows Server 2008 All servers are Windows Server 2008 R2 SP1 (fully patched)

    Read the article

  • Multiple Domains on an Exchange Server

    - by William
    When I create a new user in exchange, it asks me to provide the User Logon Name. There is a dropdown box that supposedly allows you to select a domain for the user's login. What is this referring to? How can I make it so that I can create users with different domains in their user logon name? p.s. I am very aware of 'Accepted Domains' in Exchange allowing one user to have several email addresses in different domains. I am just curious how I can modify the user's Logon name specifically.

    Read the article

  • Send mail from a distrobution groups email adress

    - by Campo
    A user has send permission on a distro group on a WINDOWS SERVER 2003 domain. I am the admin. When either of us send email using the distrobution groups email adress we get a non delivery report Your message did not reach some or all of the intended recipients. Subject: TEST Sent: 4/19/2010 4:46 PM The following recipient(s) cannot be reached: [email protected] on 4/19/2010 4:46 PM You do not have permission to send to this recipient. For assistance, contact your system administrator. MSEXCH:MSExchangeIS:/DC=local/DC=DOMAIN:SERVERNAME Thanks, JC

    Read the article

  • Internet explorer rejects cookies in kerberos protected intranet sites

    - by remix_tj
    I'm trying to build an intranet site using joomla. The webserver is using HTTP Kerberos authentication with mod_kerb_auth. Everything works fine, the users get authenticated and so on. But if i try to login to the administrator panel i can't because IE does not accept the needed cookies. No such problem with firefox. The intranet site is called "intranet_new" and is hosted by webintranet04, under the directory /var/www/vhosts/joomla/intranet_new/. I have my virtualhost for intranet_new containing this: <Location /> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms PROV.TV.LOCAL Krb5KeyTab /etc/apache2/HTTP.keytab require valid-user </Location> The same is for webintranet04 virtualhost, which is the default pointing to /var/www and contains: <Location /vhosts/joomla/> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms PROV.TV.LOCAL Krb5KeyTab /etc/apache2/HTTP.keytab require valid-user </Location> the very strange problem i have is that if i open http:// webintranet04/vhosts/joomla/intranet_new/administrator IE allows me to login, accepting cookie. If i open http:// intranet_new/administrator, instead, i loop on the login page. Last, intranet_new is a CNAME record of webintranet04. This is only an IE problem. I need: - the admin interface to work with IE - the "kerberized" zone to accept cookie, because i am deploying other programs requiring cookies.

    Read the article

  • Allow Windows Domain users Local Admin rights on subset of Domain Computers

    - by growse
    I'm a bit new to AD management, so would appreciate some help in what may be a very simple task. I've got a domain that manages a bunch of different servers, and I want to grant local administrative rights to some domain users to some of the servers (the development webservers). I appreciate the group concept, so I imagine I would have to create a group containing the users in question another group containing the computers to grant them access to. What's the best way of going about this?

    Read the article

  • Gotomeeting MSI needs elevated privs?

    - by DrZaiusApeLord
    Typically I can deploy MSIs with no issue, but the Gotomeeting one refuses to install. SCE lists it as pending and AD just attempts to install it, gives up, and never tries again. When I tried running it by double-clicking its icon, it told me "needs to run with elevated privs." I don't see how I can get AD or SCE to run it with these higher privs. I can run it by using an elevated command prompt and running msiexec from there. The MSI is the one labeled "GoToMeeting MSI Installer (ZIP)" from here: http://support.citrixonline.com/GoToMeeting/search?search=msi Any ideas? I run an environment where the users are non-admins and would love to be able to upgrade this centrally.

    Read the article

  • Squid on Linux Windows Pass through authentication

    - by beakersoft
    We are setting up a new proxy based on squid on an ubuntu server, and would like to have pass through authentication work for the Windows/Internet Explorer client. We have put the line into the squid.conf for squid_ldap_auth, but this prompts for a username and password in internet explorer. It does work ok once the user puts it in. Whats the 'best' (standard) way of using pass through authentication? Cheers Luke

    Read the article

  • Why does Windows share permissions change file permissions?

    - by Andrew Rump
    When you create a (file system) share (on windows 2008R2) with access for specific users does it changes the access rights to the files to match the access rights to the share? We just killed our intranet web site when sharing the INetPub folder (to a few specified users). It removed the file access rights for authenticated users, i.e., the user could not log in using single signon (using IE & AD)! Could someone please tell me why it behaves like this? We now have to reapply the access right every time we change the users in the share killing the site in the process every time!

    Read the article

  • Error when adding to the domain : the specified server cannot perform the requested operation

    - by James
    When we add computers to the domain in Windows 7, we get the error: Changing the Primary Domain DNS name of this computer to "" failed. The name will remain "domain.com". The error was: The specified server cannot perform the requested operation. This happens on multiple computers and retrying yields the same result. Despite the error, the computer is still able to login to the domain ok. The DCs are windows 2003. Has anyone found a way to get rid of this error? Any help is appreciated.

    Read the article

  • What's the meaning of logging in as "[email protected]:something"

    - by Harvey Kwok
    My Windows 2008 R2 machine is joined to a domain. In the logon screen, if I type in "[email protected]:something" as the username, I can still logon properly, what's the meaning of ":something" appended at the end? I can even see the current user is displayed as "[email protected]:something" in the switch user screen. Is it a feature in Windows? Or is it just a bug? If it is a feature, what's the difference between logging in as "[email protected]" and logging in as "[email protected]:something"? Note that I tried different combinations like "mydomain\username:something" and "mydomain.com:something\username". None of them work except "[email protected]:something".

    Read the article

  • netlogon errors

    - by rorr
    I have two instances of mssql 2005 and am using CA XOSoft replication. The master is a failover cluster and the replica is a standalone server. They are all running Server 2003 sp2 x64. Same patch levels on all servers. This setup has worked great for several months until we recently restricted the RPC ports on both nodes of the master(5000 - 6000 using rpccfg.exe). We have to implement egress filtering, thus the limiting of the ports. We began receiving login errors for sql windows authentication and NETLOGON Event ID: 5719: This computer was not able to set up a secure session with a domain controller in domain due to the following: Not enough storage is available to process this command. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. We also see group policies failing to update and cluster file shares go offline at the same time. The RPC ports were set back to default when we started seeing these problems and the servers rebooted, but the problems persist. The domain controllers are not showing any errors. Running dcdiag and netdiag shows everything is fine. We have noticed that the XOSoft service ws_rep.exe is using a lot of handles(8 - 9k), about the same number that sqlserver is using. As soon as xosoft replication is stopped the login errors cease and everything functions correctly. I have opened a ticket with CA for XOSoft, but I'm not sure that the problem is actually xosoft, but that it is the one bringing the problem to light. I'm looking for tips on debugging RPC problems. Specifically on limiting the ports and then reverting the changes.

    Read the article

  • GPO Startup Script can't modify HKU Registry?

    - by pepoluan
    I've been scratching my head with my current problem. You see, I have this Startup Script that I pushed via GPO. Problem is, although the script starts alright (I see the event it created when starting in the event log), it always fails when trying to enumerate and/or modify registry settings under HKU. If I login as administrator and execute the script manually, it works! If I startup a Command Prompt as SYSTEM (using the "at" workaround) and execute the script manually, it also works! If I reboot... the script always fails. Can anyone shed a light on my problem? Additional information: This script injects some registry values for the Local Administrator (i.e., S-1-5-21-etc etc etc-500), so I'm not sure that it's doable via GPP, not to mention that since nearly all the workstations in my domain are still using XP, so no guarantee of GPP support.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >