Jump to content

annakin108

Member
  • Posts

    24
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    United States

About annakin108

annakin108's Achievements

0

Reputation

  1. can you use shutdown.exe? that has pleanty of flags to go along with it... it will kill all apps running and also reboot for ya.. I guess the next hurdle would be figuring out how to trigger it... "based on what" if screensavor on for "howmany mins" than shutdown.exe -f -r
  2. open the mmc and choose view from the menu option... then enable User, Groups, and Computers as containers. This will give you more of an explorer view when looking at the objects. This is how we were able to view the extensions. Also, I enable the advanced features. let me know if that was what you were looking for...
  3. Turn on auditing .... I would start with a full audit. Then look at the logs because depending on how many users you have they could overwrite. Also, If it is possible I wouldn't have shares on DC's.... but I don't know what you $$$ situation is.
  4. yup... we have even gone as far as creating an OU with all the gpo's we have in place but they are opposite from the one's we have applied. Crazy! but it works in situations were we need to trouble shoot...
  5. i may be able to help you.. but I am going to need more information... you say the .bat you are using a dos batch file to map drives? what OS are the workstations? what level is your domain? did you try any of my previous suggestions?
  6. I know this is crazy but ... just rebuild DC2. You said it was just acting as a DC. What level is the domain? Also, I would suggest splitting up some of the FSMO roles... hope this helps...
  7. ya... cluberti has it ... delegation is your friend. you can avoid using built in groups wich is a good idea..
  8. The first thing about GPO and software install is there isn't a auditing feature... so no you cannot "that I know of" track a successful install. I\we were faced with this issue before we were privy to SMS and what we did was use some scripts batch or vb and PSEXEC wich is part of pstools used to be owned by Sysenternals... now owned by MS. As for the drive mappings missing... I would start with running the RSOP util and GPresults... also check the event logs on the workstations... good luck. oh ya... we were told by our MS people that software distor via gpo is not the best solution. hence not being able to verify a successful install....
  9. I can't even think of a good reason for that many DC's.... Back to the drawing board... Is there some sort of leagle reason? Is it politics? How big is you environment? How many users and such? MS has a new tool for monitoring this stuff so have you spoken with support?
  10. My first question is why is the path so deep? "\\servername\share\...\share\username" Is it possible to shorten that? Also, assuming you are using 2003 there is an install called Access based enumaration. It will hide all of the folders that the use doesn't have access to. This can be found on MS's website. Usualy when the drive mapping doesn't map all the way there is a security issue... "NTFS" Also, you will have to become very familiar with NTFS it will pay off in the long run. As a side note I do agree on mapping the home directories within the profile. I like to keep the GPO's at a minimum. Hope this helps..
  11. Vb script with the adsi attribute. I started with robbie allen's web site and go to his scripting solutions. "google robbie allen" This will help you out. Use adsi to look for the attribute name that you want to modify and then use his scripts to help you put one together. Make sure you use a test account first.
  12. So... when installing a printer via this white paper http://www.microsoft.com/windowsserver2003...bleprinter.mspx It directes you to install the printer on the resurce name. When you do that the windows update button for the latest windows printer drivers is not there. Microsoft says that using it's drivers is the best practace and is reccommended. I have also looked all over for a way to download there drivers for a printer repository but of course that isn't available any more. Any suggestions?
  13. Do a reverse ping. Ping -a to all three IP's and see if it resolves the same name... I guess what I am asking is do you really have a problem?
  14. You could call a .reg file from a login script via gpo. the current user key can be edited by a client w/ out admin rights. We do it all the time. Just put the reg file in the netlogon directory. if you need more info just let me know. We try to avoid .adm files as much as possible. Maybe just an opion but I believe that policies are best keep simple and as static as possible.
  15. Well.. I'm not sure why you would have so many DC's, maybe it is a politicaly thing but if the client is creating the account from his\her computer than it should happen on the DC that he\she is authinticated to. This is controlled by the subnets being added to sites and services correctly. We use a vb script for the same purpose and the time there is an issue is if an account is deleted and needs to be recreated "there is a wait for replication then"
×
×
  • Create New...