lubinski

Does IIS need to be installed on the CA? Can I run them as separate servers?

Its from Microsoft too. But I guess the idea is to get all ownership on this guy. Disable him, then no one can mess with the structure.

"Create an account PKIGroupOwner that will be used as the owner of these groups. This account is only used to transfer ownership away from the default, the domain Administrators group. You will not need to use this account for administration tasks." "Grant Full Control permissions to PKIGroupOwner for each of these group objects." "Log on using the PKIGroupOwner account and take ownership of each group in turn." Heres the excerpt for the guide im following on implementing PKI. Its probably pretty easy solution and just an oversight on my behalf at this time....

I cant remember or find for the life of me where I can set a new security group owner or restrict the groups permissions. Heres what I am trying to accomplish: I need to set a new group owner for a few groups, to transfer ownership away from the default administrators. Thanks!

Here is a little more information. I have a GPO applied to my XP client. It has applied IPsec security settings. I used the default policy of Secure server, (so no communications are "open") I also edited the DC policy to reflect the same IPsec policy of "secure server". I cannot access a share on the DC when the DC has the policy active. Question is, When both policies reflect the same thing, Why doesn't it allow communications between the client and server.

Is there a way I can test to see if the IPsec policy I have enabled on the server is actually doing what its supposed to be doing? Basically its a test VM environment where I enabled the default (secure server) ipsec rules in the GPO applied to the test client that I have.

Thanks!

So on the client side I would go to add printer. Should it show up in the directory? Or am I adding it via a port again?

I have been told by other peoples to add it to the server, and "push" it out that way. Can someone elaborate on this process?

Situation: A network with SBS2k3R2 as a DC, 20+ users, and a new network printer that needs to be installed. Question: What is the quickest way to "push" this new printer out to the 20+ clients without going to each client and adding via an IP port. Thanks for your help!

I am trying to run a batch file off a winxp install cd. What is the wildcard for choosing that cd (install source), It may be D: or E: depending on the hardware available.

I got it so it only asks for user and protection level, not timezone anymore. Same image as before. Just an update.

Yes, I think I will buy a copy anywayz. Wont hurt to have it around.

Still not working, Could there be a problem with the image im using? If so what causes it?

I tried your unattended.xml and it still prompts the same. Any other suggestions as to why my unattend is not working. Hardware? Image?

Whats the purpose of having the user account in the specialize pass and the OOBE pass? The same user account is in both passes. Surely it doesn't create the user twice.

What is the other pass thqt needs user aaccounts added?

Check out this technet link here 1. The settings above outline a basic unattended installation; no user input is required during Windows Setup. When the installation is complete, the computer will reboot to audit mode. Windows Welcome does not run in audit mode 2. Microsoft-Windows-Deployment\Reseal ForceShutdownNow = false Mode = Audit Any comments on whats there? I might give it a try but It would bypass the whole oobe and wouldnt be able to create users.

<?xml version="1.0" encoding="utf-8" ?> - <unattend xmlns="urn:schemas-microsoft-com:unattend"> - <settings pass="windowsPE"> - <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <SetupUILanguage> <UILanguage>en-US</UILanguage> </SetupUILanguage> <InputLocale>en-US</InputLocale> <UILanguage>en-US</UILanguage> <UserLocale>en-US</UserLocale> <SystemLocale>en-US</SystemLocale> </component> - <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <DiskConfiguration> <WillShowUI>OnError</WillShowUI> - <Disk wcm:action="add"> - <CreatePartitions> - <CreatePartition wcm:action="add"> <Order>1</Order> <Size>20000</Size> <Type>Primary</Type> </CreatePartition> </CreatePartitions> - <ModifyPartitions> - <ModifyPartition wcm:action="add"> <Active>true</Active> <Extend>false</Extend> <Format>NTFS</Format> <Label>Primary</Label> <Letter>C</Letter> <Order>1</Order> <PartitionID>1</PartitionID> </ModifyPartition> </ModifyPartitions> <DiskID>0</DiskID> <WillWipeDisk>true</WillWipeDisk> </Disk> </DiskConfiguration> - <ImageInstall> - <OSImage> - <InstallTo> <DiskID>0</DiskID> <PartitionID>1</PartitionID> </InstallTo> </OSImage> </ImageInstall> - <UserData> - <ProductKey> <WillShowUI>OnError</WillShowUI> </ProductKey> <AcceptEula>true</AcceptEula> <FullName>User</FullName> <Organization>Company</Organization> </UserData> </component> </settings> - <settings pass="oobeSystem"> - <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> - <UserAccounts> - <DomainAccounts> - <DomainAccountList wcm:action="add"> <Domain>cnsi</Domain> - <DomainAccount wcm:action="add"> <Group>Administrators</Group> <Name>cnsi</Name> </DomainAccount> </DomainAccountList> </DomainAccounts> - <AdministratorPassword> <Value>####=</Value> <PlainText>false</PlainText> </AdministratorPassword> </UserAccounts> - <OOBE> <HideEULAPage>true</HideEULAPage> <SkipUserOOBE>true</SkipUserOOBE> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>3</ProtectYourPC> </OOBE> </component> </settings> <cpi:offlineImage cpi:source="wim:c:/install.wim#Windows Vista BUSINESS" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>

Ok

I did it, and it still pops up for the user. What are the reasons it doesnt skip the oobe parts?

Ok its removed and the unattend is working, well see if it goes. It takes a while for it to go through its install.

Let me try. Could you explain this to me? In the AIK the new distribution share is selected in the upper left window. Will that change , the removing of the oem folder, change the unattended? Or will I have to remove the oem folder from the disk image?

BDD comes with a number of tools necessary to have a zero touch install. The best way I can explain it is that BDD is a central repository for the tools and documentation required for vista deployment scenarios. Download BDD and you might see what I mean. One of the tools you need is the Windows AIK, which you can reach through the workbench.

Most likely its an OEM version. This is for testing purposes to help me with an exam. Is there a way to tell? The iso name is Vista_32_ultimate.