Search Results

Search found 28288 results on 1132 pages for 'home directory'.

Page 126/1132 | < Previous Page | 122 123 124 125 126 127 128 129 130 131 132 133 | Next Page >

How to Setup Sharepoint Extranet to authenticate against a dmz AD

- by Satish

I have a web app which is extended to extranet for our clients to access. We have setup a different AD server and domain for dmz and clients have to be authenticated against that domain. I'm little confused about the setup especially what all web.config files I have to update. Do I have to update the web.config file for Central admin site and the extended web app. According to this blog I need to do update both, but as soon as I make the changes in the web.config for central admin, central admin site stops working. Here is what I added to the central admin web.config file between /Sharepoint and system.web I have this <connectionStrings> <add name="DMZConnectionString" connectionString= "LDAP://dmz.xxx.com:389/OU=Clients,DC=dmz,DC=xxx,DC=com "/> Between system.web and securityPolicy <membership defaultProvider=”DMZADProvider“> <providers> <add name="DMZADProvider" connectionStringName="DMZConnectionString" connectionUsername="DMZ\ldapUser" connectionPassword="Password" enableSearchMethods="true" attributeMapUsername="userPrincipalName" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> I know the connectionusername and password works becuase I use the same in SSP for importing profiles. Any idea what might be causing the error?

Read the article
Printer monitor software across multiple workstations (AD integrated)

- by HannesFostie

I was asked to see if there is any kind of (free) software that allows multiple people in an office that use the same printer to see what jobs have finished recently, which are queued and which is printing. Main reason is that sometimes multiple people have the same task where they need to print some kind of form, and they are unsure whether or not their colleague has already printed the file. Because the printer is AD integrated, they only see a short message when printing, but they do not see a proper printer queue. A simple tray icon/tool would be perfect, no real graphical user interface is required. If this turns out to be too hard to find, I will attempt to write a simple application or script for the job, but since this is a low priority job I decided to ask here first before I start messing around with scripting which isn't my forte. Thanks

Read the article
Must I have Exchange to use Blackberry Enterprise Server Express?

- by John Spaz

In the past I've setup BES (not express) for a company that just wanted their users on the corporate network, they didn't care for email or any other enterprise feature, they just wanted to push a policy that the phones internet should be routed through the corporate network. I want to setup BES Express now for a customer that also just wants the phones on his network but wherever I look, it says that BES Express requires Exchange. Is there a way to install BES Express without Exchange and without a AD Domain? Basically what the customer wants to accomplish is to be able to filter and log the internet access on the phones.

Read the article
Is it possible to configure simultaneous authentication against 2 different AD domains by IIS 7?

- by just3ws

Basically, I need to be able to attempt to authenticate against two different AD domains from IIS. I'd like to be able to automatically query both AD's and whichever comes back with an authentication wins. The users are completely separate and will only exist in their respective domain. IIS | | /-------------\ | | ------ ------ AD1 AD2 JoeU AmyU JillU JohnU So, if IIS requests to authenticate JoeU it will query both domains. JoeU will be found in AD1 so we can ignore whatever response comes back from AD2. Is this even possible using stock IIS 7? Is there a middleware or something to allow this type of configuration on IIS 7? Would this be a job for some kind of middleware sitting between IIS and the AD domains?

Read the article
Reset local Certificate Revocation List (CRL) manual

- by Sasha

How can I reset local CRL (in OS local cash) in Windows OS (XP, Windows 7) manual? We need to reset local CRL because otherwise the OS will use local CRL until "next update" period. As described in "Manually publish the CRL": Clients that have a cached copy of the previously-published CRL or delta CRL will continue using it until its validity period has expired, even though a new CRL has been published. Manually publishing a CRL does not affect cached copies of CRLs that are still valid; it only makes a new CRL available for systems that do not have a valid CRL.

Read the article
Resolve another domain from current AD domain

- by faulty

We have 2 AD domain setup in our office. First is the primary domain for our office and exchange. The 2nd one is for development use to simulate production environment of our clients. Both domain are hosted on Windows 2008 R2 Enterprise. We, the development team has no access to the office domain other than login and email purpose. DNS is running on PDC of both domain. Both domain does not use public domain name. Now, our machines are joined to the development domain and we use outlook to access our office's exchange. We've added DNS entries for both the domain. From time to time we are having problem resolving our office domain (i.e. during outlook login), which we need to edit our NIC's DNS to have only DNS server from our office and then flush DNS. After that switch back once it's able to resolve. Is there a permanent solution for this scenario like specifying that the office domain be resolve with another DNS server when requested from the development domain? Thanks

Read the article
RSH between servers not working

- by churnd

I have two servers: one CentOS 5.8 & one Solaris 10. Both are joined to my workplace AD domain via PBIS-Open. A user will log into the linux server & run an application which issues commands over RSH to the solaris server. Some commands are also run on the linux server, so both are needed. Due to the application these servers are being used for (proprietary GE software), the software on the linux server needs to be able to issue rsh commands to the solaris server on behalf of the user (the user just runs a script & the rest is automatic). However, rsh is not working for the domain users. It does work for a local user, so I believe I have the necessary trust settings between the two servers correct. However, I can rlogin as a domain user from the linux server to the solaris server. SSH works too (how I wish I could use it). Some relevant info: via rlogin: [user@linux~]$ rlogin solaris connect to address 192.168.1.2 port 543: Connection refused Trying krb4 rlogin... connect to address 192.168.1.2 port 543: Connection refused trying normal rlogin (/usr/bin/rlogin) Sun Microsystems Inc. SunOS 5.10 Generic January 2005 solaris% via rsh: [user@linux ~]$ rsh solaris ls connect to address 192.168.1.2 port 544: Connection refused Trying krb4 rsh... connect to address 192.168.1.2 port 544: Connection refused trying normal rsh (/usr/bin/rsh) permission denied. [user@linux ~]$ relevant snippet from /etc/pam.conf on solaris: # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_lsass.so set_default_repository rlogin auth requisite pam_lsass.so smartcard_prompt try_first_pass rlogin auth requisite pam_authtok_get.so.1 try_first_pass rlogin auth sufficient pam_lsass.so try_first_pass rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth required pam_krb5.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 # # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 krsh auth required pam_krb5.so.1 # I have not really seen anything useful in either system log that seem to be directly related to the failed login attempt. I've tail -f'd /var/adm/messages on solaris & /var/log/messages on linux during the failed attempts & nothing shows up. Maybe I need to be doing something else?

Read the article
IIS6 Permissions

- by Gordon Carpenter-Thompson

We have a set of IIS6 Jakarta/ASP.NET applications (implemented as virtual directories) on a machine without a domain. The directories all exist under the default website. We need to setup the permissions so that certain users can access only specific applications yet others users can access several of the applications. The way it's been setup previously has been to explicitly deny access to the users for every application except the ones that they are allowed to see. The problem is that the list of applications changes fairly often (for demos etc) and it's been known for the developers to forget to deny the old users access to the new applications which leads to security problems. This is all quite unmaintainable. Does anybody have any advice on this? Surely I can't be the only person to find this all a bit of a mess? Thanks

Read the article
Exchange 2010 domainprep messing up mailbox permissions on existing Exchange 2003 server

- by tearman

So our environment is basically we have an Exchange 2003 server, and we're attempting to move to Exchange 2010 gradually, and move to new hardware while we're at it. So our first step was obviously to get Exchange 2010 installed on the new box. However, after running the domainprep steps listed in http://technet.microsoft.com/en-us/library/bb125224.aspx (including PrepareLegacyExchangePermissions) our mailbox permissions get messed up. Normally, we have an AD security group for Exchange Administrators that allows anyone in that group to view all folders inside any user's mailbox. However, now, this functionality is gone and our Exchange Admins can't access anyone's mailboxes. We'd like to get this functionality back if we could. Thanks

Read the article
Share Exchange/Outlook calendars between two different domains

- by Jon

Can this be done? Two organisations, complete separate domains and exchange servers. Do I need a AD trust? Can data be shared over HTTP or does it require a VPN connection? One Org will have an Exchange 2010 server, the other 2007.

Read the article
Strange permission errors with Windows Server 2008

- by Spirit

I just don't know a better way to describe my issue that is driving me nuts. I am trying to establish a test domain with virtual machines on a box that has Win7 with VMwware workstation installed. The purpouse with this domain will be so that we can try and test different situations before they go into the production network. I build a VM with WinSrv2008R2 and I am using that VM as a template to make other servers for the domain by making clones of it. Now I raise a DC with one clone and a member server with another clone - I add the server to the domain. I am following a standard procedure as always (it is not my first domain). Then I make an admin account and I am adding the admin to be a member of the Domain and Enterprise Admins group. That admin is admin with full priviledges on the DC.. no problem there. But on the other server has ... somewhat half the privileges and I cant log in via RDP. I tryed with another account. Same issues. For example (with half the privileges): I can't open the Even Viewer if I go via Start - Administrative Tools - Event Viewer. But I can open the Even Viewer via the server manager. You can notice this on the image below. I mean WTF??? I am going crazy, I haven't experienced anything similar in my three years of expertise. I already lost 3 days troubleshooting this. Could this be related with the cloning? Perhaps if I make fresh installs of WinSrv2008 there won't be any problems? I've had raised test domains as VMs on other occasions before, and there weren't any problems then. This is VMware Workstation 8. I've made clones before, on Workstation 7 it didn't had any problems. Anyone has any ideas? UPDATE: This is the info from the event log when I try to access via RDP: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: pat.coleman Account Domain: lab Failure Information: Failure Reason: Domain sid inconsistent. Status: 0xc000006d Sub Status: 0xc000019b

Read the article
Powershell BitLocker Recovery Key

- by TheNoobofNoobs

I'm trying to get a list of all computers that have a bit locker recovery key (or information for that matter) populated in their respective fields in AD. I am unable to even start on a script as I don't know where to begin. I did find this online but it doesn't appear to be working. foreach($comp in get-adcomputer -filter *) { get-adobject -filter 'objectclass -eq "msFVE-RecoveryInformation"' - searchbase $comp.distinguishedname -properties msfve-recoverypassword,whencreated | sort whencreated | select msfve-recoverypassword -last 1 } Export-Csv "FilePath.csv" Any ideas as to how I can go about this. Running Windows 7, Powershell 3.0, Windows Server 2008 R2.

Read the article
NTFS Permission Structure to allow Traversal but no Modification except in Leaf Nodes?

- by pepoluan

Assume there's this folder structure: D:\ --+-- Acctg --+-- Payable | +-- Receivable | +-- Fin --+-- Inv | +-- Tax | +-- Treas | +-- Mrktg --+-- Ads +-- Promo Users are not allowed to change the structure, but they are free to create & delete files & folders in the leaf nodes (i.e., the rightmost folders). AGDLP principle said that I should assign permissions on the above folders to DL-Groups. Let's say I have a G-Group of users, G-Accounting-Payable, containing users that have access to the D:\Acctg\Payable folder. The way I see it, I have two strategies: - Strategy 1 Create three DL-Groups and assign them permissions: DL-D-Acctg_T -- allowed traversal of D:\Acctg folder DL-D-Acctg-Pay_LF -- allowed listing of D:\Acctg\Payable folder contents DL-D-Acctg-Pay__RW -- allowed full permissions to the contents of D:\Acctg\Payable folder Add G-Accounting-Payable as member to all the above DL-Groups - Strategy 2 Create just one DL-Group DL-D-Acctg-Pay__RW, and assign it the proper permissions for each level of the folder. Then, add G-Accounting-Payable as member to that DL-Group. - Which strategy is the Recommended Best Practice, and why?

Read the article
How do I apply WinHTTP proxy settings domain-wide?

- by Oliver Salzburg

We're already configuring Internet Explorer proxy settings through group policy and it works great. Sadly, I've recently run into multiple issues where those settings are ignored by certain services. I realized that these service have one thing in common. They use WinHTTP, which has its own proxy settings. Now I'm asking myself how to apply those across the whole domain. I realize that I could create a logon script and simply run netsh winhttp import proxy source=ie, but, from experience I know that these settings require a reboot to take effect. So this wouldn't help me at all in a logon script. So, how can I do it?

Read the article
Multi-Domain Root Administrator

- by Brent Pabst

We have a new domain structure we are planning on rolling out in the next few months. Essentially there is a single top level and forest domain controller "mydomain.lan" and two children "us.mydomain.lan" and "pl.mydomain.lan". We want to configure an administrator account or two at the top level domain that then has full administrator permissions on the sub domains. By default the top level administrator cannot access or login to machines on the sub-domains. Running W2K8R2. Ideas?

Read the article
Any issues with computer on one domain in a separate forest and user account in another domain/forest?

- by TheCleaner

I have a few of my sites with a trust relationship among two different forests with a single domain in each AD forest. I'll skip all the politics and details that don't matter and just ask the question: Will having a machine with a computer account in one domain and their user account in another cause any issues? (besides GPO behavior that would need to be understood such as their computer getting a GPO applied from the computer's domain, and their user account getting a GPO applied from their user domain)

Read the article
Dsquery nested groups

- by Doctor Trout

Hi there, How would I write a dsquery to get a list of all the members of a d-list, expanding any nested groups to get the members of those groups? I've written this: dsquery * -filter "(&(memberOf=cn=...))" -r -limit 0 -attr CUSTOMFIELD sAMAccountName displayName > export.txt but returns nested d-lists and I want to expand these. I then tried this: dsquery group -samid "NAME | dsget group -members -expand > export.txt But this just lists the OU of each member and I want to get the Account Name and a custom field returned. Is there any way, either of chosing which fields to return from dsget or to epxand dsquery to show nested group membership? Thanks.

Read the article
Determine logged on user on Windows computer from Linux

- by Justin

How can I determine who is logged on to a remote Windows XP computer from Linux? I do not have administrator access on the domain or on the remote computer. I can do it from a separate Windows computer using PsLoggedOn -L \\computer from PsTools I've tried using nmblookup -A remotecomputer, but I only see entries for the computer and the domain, not a <03> entry for the user. I've also tried running PsLoggedOn under wine; I get an error: Connecting to Registry of \\computer.company.com... fixme:reg:RegConnectRegistryW Connect to L"computer.company.com" is not supported. I started looking into winexe, but it looks like I would need administrative rights on the remote computer to get it working.

Read the article
Explain to a Jr. SysAdmin what happens when a PC joins a Windows 2008 Domain

- by Nimmy Lebby

An ideal answer would at least include: Critical configuration of the PC before it could join How the PC finds the Domain servers What happens when the PC cannot find any domain servers What connections are made from the PC to the domain How the AD records the connection How the PC drops the connection/AD monitors for stale connections Difference in this process between Windows 2008 R2 and previous versions of Windows Server That is all I could think of for now but I'm sure, as answers come in, I'll think of more.

Read the article
unable to join domain using virtualbox

- by FreshPrinceOfSO

I'm in the process of setting up a VM environment for a MS certification exam (70-462). Following the training kit's instructions, I've set up a domain controller (DC) and two members (SQL-A, SQL-B) thus far. I can't figure out why I can't join the domain. DC IPv4 Address . . . : 10.10.10.10(Preferred) Subnet Mask. . . . : 255.0.0.0 DNS Servers. . . . : ::1 127.0.0.1 SQL-A IPv4 Address . . . : 10.10.10.20(Preferred) Subnet Mask. . . . : 255.0.0.0 DNS Servers. . . . : 10.10.10.10 SQL-B IPv4 Address . . . : 10.10.10.30(Preferred) Subnet Mask. . . . : 255.0.0.0 DNS Servers. . . . : 10.10.10.10 I've read how to do networking between virtual machines in virtualbox and the documentation. After trying various network adapter configurations, I can't get them to communicate in order to have the two members join the domain. When I ping from .30 to .10, I get: ping 10.10.10.10 Pinging 10.10.10.10 with 32 bytes of data: Reply from 10.10.10.20: Destination host unreachable. Reply from 10.10.10.20: Destination host unreachable. Reply from 10.10.10.20: Destination host unreachable. Reply from 10.10.10.20: Destination host unreachable. Trying to join the domain: netdom join SQL-A /domain:contso.com The specified domain either does not exist or could not be contacted. The command failed to complete successfully. Within VirtualBox, I've tried the following combinations for network adapter: Attached to - Promiscuous Mode ------------------------------- NAT Bridged Adapter - Deny Bridged Adapter - Allow VMs Bridged Adapter - Allow All Internal Network - Deny Internal Network - Allow VMs Internal Network - Allow All Host-only Adapter - Deny Host-only Adapter - Allow VMs Host-only Adapter - Allow All Edit ipconfig /all of DC ipconfig /all of SQL-A

Read the article
Mystery "users" email group

- by dangowans

This morning, our entire company received a spam message sent to [email protected], where "ourdomain.on.ca" is our actual domain. There is a distinguished name that this could correspond to: CN=Users,DC=ourdomain,DC=on,DC=ca Looking at the attributes though, there is no mail, no proxyAddresses, no signs that there is a mailbox configured there. I did some LDAP queries, searching for: (proxyAddresses=smtp:[email protected]) ([email protected]) But am not seeing any records. (I also search for known email addresses to ensure the tree was being searched properly.) We are running Exchange 2003. Is there another place to look for group email addresses? Is it possible that the distinguished name is being automatically translated to an email address?

Read the article
Cannot Login to SBS 2008

- by Ryan Holt

Hi All, I'm hoping someone has an answer for me... I installed a new Microsoft SBS 2008 server last week and everything appeared to be working normally. I went to reboot the server yesterday to finish the install for Microsoft Windows Installer 4.5 and upon reboot could no longer login to the server via either RDP or local console. The error message I get states that there are no logon servers available to service the logon request. I'm able to login to the server fine via Safe Mode with Networking but cannot login via a normal method. The server is currently at SP1. I attempted to install SP2 inside of safe mode after enabling the installation services via a registry edit but the install failed and rolled back after 2 or 3 hours. It appears that one of the services is not starting for some reason. I believe it's LSASS but can't actually login to see the active services during a normal boot. Does anyone have any suggestions?

Read the article
The session setup from the computer <computerName> failed to authenticate.

- by TheCodeMonk

Every once in a while, I get a client PC that won't be able to log into the domain. This morning it was telling us that the trust relationship between the pc and the domain failed. I checked the event logs on the primary domain controller and I see this for 2 PCs (the one that had the problem and one that can log in today). The session setup from the computer failed to authenticate. The name(s) of the account(s) referenced in the security database is . The following error occurred: Access is denied. I know how to fix this, by rejoining the PC to the domain... But why does this happen and how can I prevent it so I don't have to keep rejoining PCs to the domain?

Read the article
How to find the computer name a user logged on to

- by V. Romanov

Hi guys Is there a tool or script or some other way of knowing what computer name a specific user is currently logged on to? Or even was logged on to? Say the user "HRDrone" is working on his machine whose hostname is "HRStation01". I, sitting at my sysadmin desk, only know that the username is "HRDrone". Any way i can find out that he is logged on to "HRStation01" without asking the user? AD event viewer? anything? Thanks!

Read the article
Using PowerShell, in Active Direcotry, how would I change all the DNS A records that have a given IP to a new IP?

- by djsumdog

We've been moving data centers and I have a lot of old records that were not correctly but in DNS as CNAME records, but A records that have a direct IP (e.g. 192.168.100.n) and they're all moving to a new subnet (10.19.100.n). I just need to write a powershell script to change all those records. I found this site: http://www.indented.co.uk/index.php/2008/12/30/administering-microsoft-dns-in-powershell/ and from it I made this simple script: $dnsServer = "meldc2" $scope = New-Object Management.ManagementScope("\\$dnsServer\root\MicrosoftDNS") $path = New-Object Management.ManagementPath("MicrosoftDNS_Zone") $options = New-Object Management.ObjectGetOptions($Null,[System.TimeSpan]::MaxValue, $True) $ZoneClass= New-Object Management.ManagementClass($scope,$path,$options) $Zones = Get-WMIObject -Computer $dnsServer -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_Zone" $Zones | Get-Member foreach($Z in $Zones) { $Z | Select-Object Name,DsIntegrated,ZoneType,Reverse,Data } but that only gets me a listing of root zones. I don't understand how to iterate over all the entries in each of the zones. Also, all the examples I've seen involve adding new zones, but there aren't any examples I can find on modifying existing A records.

Read the article

< Previous Page | 122 123 124 125 126 127 128 129 130 131 132 133 | Next Page >