nmX.Memnoch

Windows XP does not support multiple RDP sessions.

This is the list of updates included in Service Pack 1. http://www.microsoft.com/technet/security/...er2003/sp1.mspx However, there are also changes in functionality that you can only get by applying SP1. See the following page for more details. http://technet2.microsoft.com/windowsserver/en/sp1.mspx

Don't create the GPO at the domain level. Create it on the OU, then "Add" it to the top level.For instance, for OU-green you would create a New GPO called GPO-green. Then you would go to the top level and Add the GPO browsing to OU-Green and selecting GPO-Green.

You'll find it under the following key: HKEY_CURRENT_USER\Software\Microsoft\Screensavers\Text3D The value you want to change is DisplayString. Why they chose to put it there for Windows XP instead of with the other screensaver configurations is beyond me... BTW, the way I found it was to configure the screensaver to use some text I knew probably wouldn't be anywhere else in the registry. Then I opened regedit and searched on that text (which was, of all things, "FindMe").

That's what I'm trying to figure out now...I'm just not having much luck finding anything. I haven't given up yet though...I'll post again if I find something. Using a 3rd part download manager may do the trick I can't believe I forgot about this. You may also want to give SiteKiosk a look as it has a ton of features to control what users can or can't do on the system: http://www.sitekiosk.com/ I'm using that on a public access terminal and it's been very good at keeping users from getting into things we don't want them into. It has features and add-ons that are specifically geared towards Cyber Cafes.

Do they require Change (Modify) permissions on the share? Since it's an application I'm going to assume they only require Read access. Configure as such (I'm using Domain Users as the group in the example, your group may be different). Share Permissions: Domain Users - Read Security Permissions: Administrators - Full Control Domain Users - Read SYSTEM - Full Control If they require read/write then configure the group as Change on the Share permissions and Modify on the NTFS permissions. That's about the simplest explenation you can get. Things can obviously get more complex, but we won't go there just yet.

No, you can only assign share permissions to a directory that has been shared. Share permissions dictate what access level a user has when accessing the resource across the network. NTFS permissions dictate what access level a user has when accessing the resource both locally and across the network...the more restrictive permissions take precedence. For example, if you give a user Change permissions to the share, but they only have Read NTFS permissions then they will effectively only have read access to the share.

A regular logon script won't work in that case either because if they aren't connected to the domain then Windows won't be able to "find" the Domain Admins group. Setting is as a GPO ensures that as soon as the laptop is brought back onto the corporate network the Domain Admins group will immediately be added back.

Having XP Home rules out having an Active Directory since you can't join an XP Home install to a domain. I think gpedit.msc is available on XP Home, but I don't have an XP Home machine handy to check that for you. You can find out by trying to launch it from the Run command. In that case what you actually want to do is remove the Browse feature. I'll have to do some research on this (someone else may already have the answer) but in the meantime you can force the default download directory through the following registry value:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer] Value Name: Download Directory Type: REG_SZ Value Data: Full path to directory (i.e. C:\Downloads)

Make it a machine startup script instead of a user logon script within GPO. That way anytime the machine is rebooted or GPO refreshes the group will be readded if it's been removed. This is done in the Group Policy Editor at Computer Configuration > Windows Settings > Scripts (Startup/Shutdown).

That's why the "REGEDIT /S LOGON.REG" is failing. Any particular reason y'all are disabling that? That option has the potential to kill a lot of options you have available to you with logon scripts in the future. KiXtart has registry functions as well that may bypass this setting though...I'd have to try it just to verify for you, but I'm willing to if you want. VBS may also bypass this. I personally prefer KiX, but that's what I got started with. I know it's a permissions thing but I haven't been able to nail down exactly what it is yet. Let me see if I can explain this correctly... Our previous version was 9.0.2.1000. The office that controls our SAV servers/clients was directed to upgrade to 10.0.1.1007. For some reason they decided to create an SMS package to push 10.0.1.1000 with the 1007 patch instead of using the SSC to push 10.0.1.1000 and then an SMS package for the 1007 patch (at least that's what I would've done...or just patched the install point with the 1007 MSP...either way would've been better). This seemed to have worked ok until we started getting calls from some of our users. Basically when they right click on anything that activates the explorer.exe context menu (My Computer, Create New Folder, etc) the Microsoft Installer acts like it's attempting to finish the SAV install. This only happens if they only have "User" or "Power User" (which we don't use) permissions. If they have Admin permissions (which only my office does), it doesn't happen. It also doesn't happen if the machine was installed fresh with 10.0.1.1007, only if it was upgraded from 9.0.2.1000. We're also being told that we're the only unit* seeing this problem. However, I suspect this is because a lot of other administrators on base give their users Admin privs because they've been told "XYZ application requires admin privs to work"...when in actuality all that's required is changing NTFS permissions on a few specific files so that a "User" has write access to them. We've taken those steps to prevent "having" to make our users Admins on their workstations. It's been my experience that most of our "in-house" developers don't understand permissions outside of "Admin", "Power User" or "User"...which is really sad, but that's a completely different discussion. * I work on an Air Force base.

The point of using a larger fan at lower RPM is noise. Smaller fans have to spin faster to move the same volume of air as larger fans...which makes them louder.Fin design can also come into play so make sure you check the dB level when looking at fans. Basically "El Cheapo" 120mm spinning at, for example, 2200RPM may still be louder than a brand name 120mm fan spinning at the same speed. That's about all the input I have. I haven't looked at upgrade HSF's in a very long time.

You're doing this for your Cyber Cafe? You can do this through the Group Policy Editor on the local machine by following these steps: 1. Run gpedit.msc (Start > Run > gpedit.msc <Enter>) 2. Navigate to Local Computer Policy > User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page 3. For each Zone in the Security Page section there is an option for Allow file downloads. Set it to disabled. Be sure to give this some thought before setting this though because setting it on the local machine will disable file downloads for all users. If you have an Active Directory a better option would be to put the restricted users into their own OU and then creating a custom GPO for that OU with these settings. That way you, as the administrator and non-restricted user, could still logon to the machine with full access to perform maintenance and other tasks.

See the Caution on the second step of KB319974.

'Nuff said...we're having our own set of problems with SAV 10.0.0 and 10.0.1 on WinXP (works fine on Win2000). The problems we're having have Symantec completely befuddled. I've heard that 10.1 will be out pretty soon though and should fix a lot of problems. I downloaded RemoveStartScan.reg and checked the keys it attempts to remove/update. The default permissions should allow for the user to change the settings within those keys. Have y'all set any policies to prevent the users from running registry editing applications (GPO > User Configuration > Administrative Templates > System > Prevent access to registry editing tools)?

This sounds like one of your 512MB sticks is being left off. The board is dual channel capable...how do you have the memory installed? It should be like this: Slot 1 - 1GB GeiL Slot 2 - 512MB Dialog Slot 3 - 1GB GeiL Slot 4 - 512MB Dialog If you have it 1GB, 1GB, 512MB, 512MB (as the screenshot shows) then I suspect what's going on is that the board is disabling dual channel and dropping usage of the last DIMM.

Note that it is recommended that you not use the profile of a user with Local Admin privileges on the workstation.

I think what happens if you set it in User Shell Folders only then this value is read the next time the user logs on and makes the change to the Shell Folders key. I'm not positive on this though. I know that I've tried setting it just in the Shell Folders key and it doesn't work, which is why I assume the value in User Shell Folders overwrites the value in Shell Folders at the next logon. I set it in User Shell Folders during my unattended installs. It's done from CMDLINES.TXT so it's applied to the Default User profile...which in turn automatically sets it for any user who logs on to the workstation.

Sorry...skipped right past that part. What keys/values are you trying to change? Are they HKLM, HKCU, software specific, policy settings, etc?

Yes, get a picture of the actual hookup inside the PC for the cases built in front-panel audio connector. Hopefully it looks something like the attachment. Note that the attachment shows part of my currently uncompleted mod...

What I gathered from his post is that he already has a work connection established on one network card. He can put the broadband on a seperate network card...even if it's behind a router...and it won't affect the work connection.

I'm pretty sure you have to change the "Personal" value in both of the following keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders If you do that it should take effect without rebooting. Change the other values (My Music, My Pictures, etc) as necessary in both keys.

Stupid question but I'll ask anyway... The workstation is joined to the domain, right?

REGEDIT /S <path>\logon.reg

When compared at the same speed (i.e. DDR400 CL2.5 vs DDR400 CL3) in real-world applications...probably not. You're talking nanoseconds. Synthetic benchmarks will show a difference though. However, if you get CL2.5 you may be able to overclock the memory higher by raising the CAS rate to 3. The faster speed and more memory bandwidth will result in a more responsive system.