adamt

Firstly - if you are deploying/publishing software packages via GPO - you might well want a different policy for laptops. For example - an app which requires always-on connectivity to your server might not be appropriate for laptops. More likely - there's specific apps you want to have installed on laptops, but not on desktops. 3rd party VPN clients, for example. The other thing you need to bear in mind with laptop policies is that laptops move AD sites, whereas desktops (broadly speaking) don't. Anything which points to a specific server at a specific site might be worth changing for laptops, so maybe it looks for a DFS share? If laptops are to be used in other networks that you don't control - proxy settings delivered by GPO might not be appropriate for them. Although I always tend to have a high level of auditing on any workstation, auditing is especially important on laptops. If one comes to you with a problem, you want to be able to see who's been logging on and with which privs. Some users are sneaky - they get admin on their machines, mess them up a bit, remove themselves from the admins group and claim to the helpdesk that it "just went like that by itself". Hmmm.... sure. It installed Office 2007 Beta 2 all by itself, did it? Let me see.... there's logon events here showing you logging on with various admin privs....

I can sort of see where he's coming from. He's one of those guys who probably wouldn't dream of editing the registry, an INI file or god forbid a metabase. Maybe he's tried nLite, without knowing what he's doing, and been frustrated at not getting the results he expected. Reminds me of a famous quotation: On two occasions I have been asked, "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.

If this isn't too stupid a question - but what defrag services is the built-in defrag engine missing? I can think of - Defragmenting the pagefile. But you can get sysinternals pagedefrag to do that for you.

Thanks for the kind words. I'm a bit new here (only been here 10 months, but been absentee for 8.5 of them).

I would just take a look on distrowatch and see which distros come with the most up to date stable release of SAMBA 3 - and that would be for using it as a file server.

Whoops - misread your question. The extra columns are stored in an attribute called extraColumns. I can't find a technet article which explains how to add/remove them, but if you fire up ADSIedit, you should be able to browse to: CN=organizationalUnit-Display,CN=<lang>,CN=DisplaySpecifiers,CN=Configuration,DC=<Domain>,DC=<Domain> and find the extraColumns attribute. I think you need to be at Win2k3 native functional level for this to work.

Depends on how exactly you've extended the Schema - but you should probably find what you're looking for if you install ADSIedit MMC snap-in: http://technet2.microsoft.com/windowsserve...cd3d401033.mspx

Dear font of all knowledge, I've been using driverpacks for a while on a variety of Dell and HP/Compaq systems, but have no come across 2 Dell Optiplex 370 machines, both of which are giving a BSOD saying "Hardware Malfunction - Call your hardware vendor for support - The system has halted". I'm pretty sure it isn't a hardware failure, since it's happened on two of these machines which were, up till rebuild, working just fine and dandy. I've tried disabling various onboard devices, but nothing seems to work with it. Has anyone else had problems with the Optiplex 370? Thanks, Adam.

You can indeed change registry keys through Group Policy. Are you sure the value is definitely ending up in the right place? Do your users have roaming profiles?

https://mozy.com/support/faq "We do not support Windows 2003 or 64 bit architectures at this time." Looks like they deliberately don't want you to run their software on Windows Server 2003. There might be a very good reason for it. Also - bear in mind that depending on an unsupported backup 'solution' is just crazy. Perhaps you could run filemon and regmon to see what the software is using to determine which version of Windows it is running on?

Your options are: 1) Make the changes in HKEY_USERS\.Default **before** any accounts are created 2) Make the changes in HKEY_USERS\.Default, and then make the change for each user's SID in HKEY_USERS 3) Make the changes in HKEY_USERS\.Default, and create a batch file to check the value under HKEY_CURRENT_USER, and a .reg file to change the value if it isn't set the way you want it , save it locally and add it's path and filename to a value in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 4) Enforce the change via Group Policy

Is it definitely a clean reboot that's causing this? Is there anything in the event log which might give a clue? I think the server service leaves an entry in the log if it can't share a folder for whatever reason.

I've not heard of this being a widespread problem, nor of a patch as such. Only thing I can think to check is in Tools... Options... Advanced... make sure the box is ticked next to 'show pictures'. Also, check disk free space, and that your friend has permissions to the temporary internet files folder.

Hi - long time listener, first time caller here ..... How many DCs do you have? And are you sure the change has replicated? Can you check with ADUC against the DC that authenticated them? Oh, and if you're specifying the logon script through ADUC's profile tab, is it just the filename that you've put in there, or the full UNC path? If it's the full UNC path, can you try changing it to just the filename (eg logon.bat, rather than \\192.168.2.1\share\logon.bat) - and copying the file to sysvol\sysvol\domain.com\scripts folder? Check that it appears in \\DC-Server\netlogon - and give it time to replicate to whichever DC is going to be authenticating them. I *think* - but I don't *know* - that you can't specify full paths in the ADUC profile tab's field. If you want to point to a script outside of \\DC-Server\netlogon - you need to do it via Group Policy (and if your clients are NT/9x) - it won't run the script on them.