fizban2

Sorry away for the weekend, issue at #3 going this route means that you will not be able to use roaming profiles anymore. local profiles will be used, the roaming profile are too hard to update or the wire and do not afford any real advantages ofr traveling users, if there are features of it that your users like find out what those are and we can see if there is anyway to recreate those features with the local profile. everything else looks good, you will want to leave the laptop in the domain since the users will logon to the laptop with their domain creds,

R6su, use the active directory migration tool to migrate the user account from the old domain to the new one. I am basing this on that the new 2003 machine you have is in a new domain/ new AD. if so you should be able to create a trust between the 2 domain, your old NT 4.0 that was upgraded to 2003 and the new 2003 x64 machine, you can use the Active Directory Migration Tool to do this, courtesy of MS Overview The Active Directory Migration Tool version 3 (ADMT v3) simplifies the process of restructuring your operating environment to meet the needs of your organization. You can use ADMT v3 to migrate users, groups, and computers from Microsoft® Windows NT® 4.0 domains to Active Directory® directory service domains; between Active Directory domains in different forests (interforest migration); and between Active Directory domains in the same forest (intraforest migration). ADMT v3 also performs security translation from Windows NT 4.0 domains to Active Directory domains and between Active Directory domains in different forests. ADMT 3.0 the ADMT tool will allow for migration from NT to 2003 also, so if you wanted to bring your PDC from your NT 4.0 domain back online and work off of that machine you could do that also.

GPO would be the best way to push out a user account to the masses, or a logon script, you DO NOT add the users to the domain admin or enterprise admin group, having them as part of of the local admin group is all you need to be able to change computer name and IP and such, far better would be to allow your Techs to know the local admin password (but just them) and use the runas commands to make changes and edits to the machine, this will allow them to run programs and make changes as a computer admin while logged on as themselves or as the user.

best bet would be to create a global group in AD and add the users that you want to have the ability to do what you want or if a generic account just that account. then add that group to the local admin group of each PC

where did you find ximage on the DVD?? looked in all the folders...

Everyone would do well to remeber that this is still beta, there has been no optimization and adjustment made to make the OS run cleaner. this is the first feature complete version to be released. Optimization will come next, and i think those who have 5308 install on machine will agree with me that it runs pretty **** fast even with using all that ram. i have 512 installed on a box with a 2.26 P4 and it runs just smoothly very little hold up and anypoint and that is with aero turned on

by logging onto the domain once with the laptop, with a computer local domain account you create a local cache of user information that goes with the laptop, try this with a laptop, join it to the domain and the logon with your account, or a account that will create a local profile on the PC. make sure that you can connect to so network rescource and that network access seems to be good. log of the domain and unplug your network cable, now try logging onto the domain, you should be to log onto the laptop with the domain account while not of the network. by logging on this way then logging onto the VPN, the user will use their network credentials when trying to hit network resoucres (exchange, webpages, sharepoint pages, etc) again i will state that are down falls as i posted above but for a roaming user, it is very nice to be able to work on their profile while on the road and not have to worry about downloading/updating their profiles to the network each time. let me know if this helps, i can try and work out a scenerio if needed this is how caching works, can be configured under GPO, so you can push it out to all your users, or to maybe just a OU of remote users. i would recomend setting it to remeber just that last logon, which should be the user of the laptop, that way you don't have to worry about how many different people logged on to a laptop and now can still logon to it with their domain credentials Interactive logon: Number of previous logons to cache (in case domain controller is not available). This policy setting is found under: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options

go with cluberti's option first as it will be faster if you cannot get to the recovery console use the bart pe method, just so used to the laptops and machines my clients sending me that won't even boot properly the bart is the first thing i use

boot up the laptop using a bart/win PE disk and run a check disk from there, this should determine if there is an corruption on the disk. More in on BartPE of you aren't familiar BartPe

Sounds like the Key you are using is for a version that is not on the disc, did you download this from connect? there is no version of longhorn server on this DVD, i typed my key for that in by mistake once and got the same error you are getting, it is trying to read the DVD and the associated WIM for a image that is not present, if you dloaded from connect check you CD-key and let MS know if you are still encountering the issue

no biggie, you are doing the right thing and trying to learn more about your job, that is what forums are for. and don't worry, some of us aren't admins anyway In this cause you have the watchgaurd firewall, i am not to famililar with but i will assume either you use a VPN client that is installed on the laptops, or use the vpn that is built into windows, in either case depending on the level of security that you want to use (IPsec is my suggestion not sure if the watch Guard has this available but it should) in either case your computing policy should state at some point that only company computers can connect to the network, based on the fact you cannot control and manage home/personal computers so that they can comply with your network standards(Ie patch levels, OS versions, Antvirus deployment and management etc). this is where the local profile on the laptop come into play, by having the users use local profiles on the laptops they effectively cache their profile and logon for the domain on the laptop, this will them to log onto their domain account even while not on the domain, at this point they can connect to the VPN and then become connected to the domain, Since they logged into their laptop with their domain credentials already, once they have logged onto the domain they have effectively connect and authenticated to the domain. several downfalls to this method, password syncronization becomes an issue(the cached password and the AD password become unsynced(one is different then the other or at least AD thinks so) not so hard to fix. GPO's and Logon scripts will not fire like when a user normally logs on to the domain since that time has passed, if you are using a logon script there should be place to fire that off after they are connected to the VPN, if all that the users need are some drives mapped, then a simple batch file should suffice. if you want to get fancy, logon script would be the way to go.

shots from vista on a tablet PC Another one

gaah my bad, i totally read something wrong on the connect site sorry

guess PE 2.0 got released today after all...

CHeck to see what authentication is set for the website, is the a page out on the web? can it be set with anonymous access

albuquerque, you may not even have to worry much longer, if you can get into the Vista beta, the new version has been released along with a WAIK with the new PE 2.0 (or it is suppose to be) this should allow you to do what you are looking for without creating it ad-hoc WINPE 2.0 if you are interested on reading up on the new PE, Since you have a MS EA you should be able to get the PE beta, it has all the nessacry tools that you are looking for to create a PE based on the WIM format @getwired, Very cool technology thanks for helping to bring it to us!!!

Internet Authentication Service"Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, IAS forwards authentication and accounting messages to other RADIUS servers. This page includes links to resources about IAS in Windows Server 2003." Detemermining slow link speed this is based on windows 2000, was not able to find a corrisponding 2003 article, so i am not sure if it has changed or not Correct if the user is VPN'd through to your server, they are using your internal bandwidth for internet requests

i would suggest having the laptop users use local profiles on their laptops, configure the router to pass vpn information to a MS VPN server, (again as chili stated, it can be secure you just have to put a little more effort into making sure the server is secure) this way credentials can be used based on what the user logged on with (ie in this case their domain creds) this will allow access to normal network functions and functionality (for mapped drives and homeshares you may need script or create a batch file for those to be remapped) this really doesn't solve your printing issues. is there a reason for the roaming profiles with the laptops? do people go from laptop to laptop or is each one assigned to a user? if so roaming profiles don't seem to be the way to go (better to route my docs folders and such to a homeshare if you want their info saved on a server) when you create the VPN connection there is overhead with all the encryption that happens, when a remote user makes a internet request while on VPN, it has to be encryted, sent through the VPN, decrypted passed to the gateway, retrieve the page encrypt the data again pass it back across the vpn and decrypted by the remote user, a much longer proccess and probably the reason for the delay

BGinfo from sysinternals very cool little app BGinfo

RIS is good to learn, but don't get to used to it, come longhorn and vista there will be a new replacement for RIS, Windows Deployment Services, heres a link to get the low down WDS

Have you tried looking at the Vista WIM, there are 2 images there, one for hte PE that is used for boot and one for the actual OS, the file you are looking for may already be available for you in the Vista PE wim, i know i was able to extract the PE WIM and create a bootable PE from that image, taking later files from 6270 may not be backwards compatible with 5112, depends on what was changed between the 2 verions, but i will look to see what i can find

I thought they were aim for a feature complete version for the Febuary CTP? does that mean they missed the dates for that?

Has this error occured only after updating to a newer driver? Event ID 6161 some suggestions can be found above, seems to point to a issue with the print driver

I think we are reaching out a little farther then what Twostep is looking for Now is this a SBS server? being the only and main server that seems like the case, getting a second Server that you install SBS to and create a Second DC (my knowledge of SBS is limited, can't rember if it can handle more then one) on the 2 machines you can create a DFS root for having availablility of all your information and data is either machine went down for the Cluster yes, everything would have to be the same, same machine, same config, same programs installed, data could be copied over after a DFS root was created so data isn't that much an issue When clustering it is recommended to use a SAN or NAS device to store the quroum and data for the Cluster rather then internal HDs for another tier of redundency @ littlebrook, there aren't backup domain controllers in 2003 anymore just straight DC's not a problem though they still have the same effect, but if one goes down, the other picks up that slack and nothing really goes down, (unless it is dependent of the server that went down)

bad at reading through dumps, but what i think happend is the sound card driver is buggy, did you update/change it lately? looks like it was trying to allocate space that had already been take and not freed yet and crashed, can you get into safe mode? maybe a rollback of the sounds card driver or reinstall might help