Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations


About TimHi

TimHi's Achievements



  1. Hi. We are running a Server 2003 Print Server that uses Print Management to deploy printers via GPO. It accomplishes this using an exe called pushprinterconnections.exe that is referenced in a GPO logon script. I know XP can act as a print server, but to my knowledge cannot be used to deploy printers using this method. Does anyone know of any other way? Basically I have several remote locations that I want to deploy certain printers to depending on where users log in, and I want to avoid installing a 2003 Print Server at each location if I can avoid it. Having only one print server total would be tough as remote PC's would have to shoot their print jobs over a slow WAN link and back in order to get to the printer 5 feet away from them. Thanks for your help.
  2. Thanks for the reply, so create a child domain for the private domain... Does this mean I will need another PDC and another NS server, or will my ISP host the public domain.com on their end? In that case, do I even need a second domain controller for domain.com if all of my users and resources are on int.domain.com? Thanks.
  3. Hi, We are doing a domain migration and from I have read, it is recommended that you keep seperate domain names for inside and outside. (Lets say domain.net for inside and domain.com for outside). So basically the world should only see domain.com. Registering two domain names is no problem. I am probably just overcomplicating it. Do I just create two primary lookup zones and have domain.net point to our internal servers and domain.com point to our ISP? Our public DNS name is ISP-hosted. Do I need two DNS servers inside my network (one for public, one for private)? Do I need two PDC's also? I am running Server 2000/2003 DC's (2000 native mode). Thanks a bunch for all the help, this site is the best.
  4. I've created the following logon script in my Group Policy: copy \\pdc\screen\picture.bmp %SystemRoot%\picture.bmp REG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "%SystemRoot%\picture.bmp" REG ADD "HKCU\Control Panel\Desktop" /V WallpaperStyle /T REG_SZ /F /D 2 REG ADD "HKCU\Control Panel\Desktop" /V TileWallpaper /T REG_SZ /F /D 0 %SystemRoot%\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters It works great... on Enterprise Admin accounts. It copies the bmp to the workstation and modifies the registry like it should. However, everyone who isn't an Exchange admin isn't able to grab the file from the server. The batch processes because the registry gets modified, but the picture.bmp does not get copied over. The "share" folder on PDC is set to allow "everyone" and "domain users" full access (in both tabs). It's got to be a permissions issue seeing is how Enterprise admins can pull it. Any ideas? Thanks. ************************** SOLVED ************************** The user was not a local administrator. I forgot that you cannot create/edit files in your Windows Dir (%systemroot%) unless you are a local admin. Bah!
  5. Hi, I am going to create a GPO to set a wallpaper to all workstations. But because a lot of people want to save their current backgrounds, I would like to create a logon script to copy whatever nonstandard wallpaper one might have to a different location on their computer, whether it is an Internet Explorer background or a picture that has since been deleted from the drive. I am not planning to restrict wallpaper changing, so these people can just change the wallpaper back if they wanted to. Can this be done with relative ease, or am I just dreaming here? Thanks.
  6. The trust is fixed. In case anyone else was interested: many people use conditional forwarders to set up trusts, which work fine, but only if both machines are 2003. 2000 machines cannot do conditional forwarders, so I set up a secondary zone. Apparently forwarders and zones don't play well together. Creating a secondary zone for DomainB in DomainA and ice versa solved the problem. Is it possible to log onto Exchange from a different domain? I am moving all users to domainB and keeping Exchange in domainA (that was the whole purpose of the trust). Anyone have any advice on what I need to do next? Thanks.
  7. Would you mine taking a peek at my DNS? I probably have this setup totally wrong... DomainA = current domain (2000) (2 dns servers) DomainB = new domain (2003) (1 dns server) DomainA DNS: has 2 AD-integrated forward lookup zones AD-integrated lookup zones for DomainA.com: Zone1: domainA.com SOA=DC.domainA.com Name servers=dc.domainA.com, dc-backup.domainA.com, dc.domainB.com Created a host record in this domain to point to the IP of the domainB DC. Is that right? Zone2: domainB.com SOA=DC.domainB.com Name servers=dc.domainB.com, dc.domainA.com Forwarder pointing to DC.domainB.com I am to understand that the second lookup zone for domainB is so they can talk. AD-integrated lookup zones for DomainB.com: Zone1: domainB.com SOA: dc.domainB.com Name servers=dc.domainB.com, dc.domainA.com Conditional Forwarder pointing to DC.domainA.com domainB.com also has a _msdcs zone because DCPROMO installed DNS automatically. Do I need to do anything with it?? I even created a root hint in both domains to point to each other. DomainA cannot ping domainB.com, but it can ping dc.domainB.com DomainB CAN ping domainA.com as well as dc.domainA.com and dc-backup.domainA.com Plus, all of my references to DomainA from domainB are to the DC housing the DNS, not the PDC. Should that change? When I try to create the trust I get: The secure channel (SC) verification on domain controller \\dc.domainB.com of domain domainB.com to domain domainA.com failed with error: The security database on the server does not have a computer account for this workstation trust relationship. The secure channel (SC) verification on domain controller \\DC-backup.domainA.com of domain domainA.org to domain domainB.com failed with error: The specified domain either does not exist or could not be contacted. Any advice you could give would really help at this point. This is a test box but I am pulling my hair out!! Thanks,
  8. dcdiag /v reported no failures on both domains. This event popped up on both domains when I tried to put the trust in: Event 5723: The session setup from the computer <computer name> failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is <computer name>$. So each can tell that the other computer is trying to make a trust, it just can't authenticate. Does the pdc from each domain need to have a computer account in AD users and Computers for trusts to work? Thanks.
  9. Thanks for the reply cluberti. I went with the forest route. Got AD and DNS configured so I can ping from both sides and I created an account and logged in from a workstation in the building. I'm having a problem getting my trust in however. When I try to verify the external two-way trust it says that it cannot contact the target domain controller. I read that it uses netbios to resolve for trusts so I installed WINS server in the test domain (current domain already has it). I set up replication partners on both servers, but when I try to replicate it says gives the following: event 4102 "The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server." and event 5721 "The session setup to the Windows NT or Windows 2000 Domain Controller \\*host*.*domain*.org for the domain *domain* failed because the Domain Controller did not have an account *test*.org. needed to set up the session by this computer *testhost*. ADDITIONAL DATA If this computer is a member of or a Domain Controller in the specified domain, the aforementioned account is a computer account for this computer in the specified domain. Otherwise, the account is an interdomain trust account with the specified domain. So it ties back to the same reason the trust wasn't working. Any ideas? Thanks.
  10. Hi. I am in a bit of a bind. We are migrating our Server 2000-based domain to Server 2003. This will involve a domain name change and DNS/DHCP restructuring. I've been reading a lot about forests and trees and that's where my question lies. Should I put my new 2003 PDC in a new forest, or make new tree in the existing forest? I am kind of looking for common practice I guess. I am renaming the domain with new hardware, so I am leaning toward creating a new forest. That way I wouldn't have to transfer any operations roles and I can start fresh with a new PDC. Then after the migration, I would scrap the original forest and take the old stuff offline. Downside is I would have to configure a new schema. This is a pretty simple domain: no trusts, no GP, only a couple administrative groups. Just Exchange, Blackberry Enterprise, and lots of accounts. Is remaking the schema a big deal? The other downside of starting a new forest is I can't setup a forest-to-forest trust using 2000 Server. I sort of want to keep the old domain up while I migrate accounts over for disaster recovery so people can log into either domain. So it's either make a new tree: keep the existing schema, transfer roles, maintain an online backup during cutover. OR make a new forest: start fresh, new shema, higher risk, original forest dies. Anyone have any advice? Thanks...
  11. Hi, I am looking for a way to deploy wireless PEAP profiles created via Intel's PROSet Wireless software (running v11.5) onto other computers. Using the software you can deploy autoinstalls with common "universal" access profiles, but that is against our organizations security policy, so each user in Active Directory needs to be setup individually on each computer - which is a lot. So does anyone know of a way to transfer an indivual users Intel profile to another machine? I think it uses a combination of an encrypted file and registry entries. (And ghosting did NOT work). This is a pretty popular and flexible wireless program, so I'm hoping someone here has some experience with it. Thanks!
  12. Burned using a CDr and it worked. Learned a little lesson about going against common knowledge. Thanks again for your help.
  13. I'm using CDIMAGE to compile, and a CD-RW to record via Nero (disk-at-once). The CD-RW "may" be the cause since I heard you're only supposed to use CDR. But I recompiled and burned it a second time at 4x and slow-formatted the drive and got the same error - a little too consistant for a bad disk. I successfully loaded a fresh XP disk onto the computer a couple weeks ago, so I hope it's not a hardware issue; but that would explain it working on a VM. I'll test out the memory and perhaps try on a second test computer and see what happens. (I disabled networking with no success). Thanks for all the info! I'll let you know what I find out.
  14. Thanks for the reponse Iceman, The VM was not using a network connection. The only difference between the two is hardware. I read that this is quite a popular problem even with brand new retail XP discs. Is it possible for a corrupt file to halt a machine but go unnoticed in a VM? I really don't want to re-slipstream all my updates again
  15. Hi, I am getting the following error during T-39, about 15 seconds into it before any devices or network is installed: FATAL ERROR----- SXS.DLL: Syntax error in manifest or policy file "D:\i386\asms\10\MSFT\WINDOWS\GDIPLUS\GDIPLUS.MAN" on line 4. Any idea what this means? It stops the install in its tracks, reboots, and does it again. Here is the contents of GDIPLUS.MAN: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="Microsoft.Windows.GdiPlus" version="1.0.2600.2180" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df"/> <file name="GdiPlus.dll" hash="7c911766c2ebe993a520bbd53395d9cd5b115271" hashalg="SHA1"/> </assembly> The install works perfectly on Virtual Machine, but this error keeps popping up on a live test. I also can't find sxs.dll on the install CD. Does it extract into system32 or something? Here is my winnt.sif: ;SetupMgrTag [Data] AutoPartition=0 MsDosInitiated="0" UnattendedInstall="Yes" AutomaticUpdates=Yes [Unattended] UnattendMode=FullUnattended OemSkipEula=Yes OemPreinstall=Yes TargetPath=\WINDOWS Filesystem=* UnattendSwitch="Yes" [GuiUnattended] AdminPassword=ae6e1b1fccb24d5ba82f437833c90159d3d38908f11fb3aa203e8f5aac8f45b4 EncryptedAdminPassword=Yes OEMSkipRegional=1 TimeZone=10 OemSkipWelcome=1 [UserData] ProductKey=(omit) FullName="(omit)" OrgName="(omit)" ComputerName=* [TapiLocation] CountryCode=1 [Identification] JoinWorkgroup=WORKGROUP [Networking] InstallDefaultComponents=Yes [WindowsFirewall] Profiles = WindowsFirewall.TurnOffFirewall [WindowsFirewall.TurnOffFirewall] Mode = 0 [GuiRunOnce] "%systemdrive%\apps\start.cmd" I am frustrated at this point, I havn't gotten anything like this in the few unattendeds that I've run. Thanks, Tim

  • Create New...