Zartach

Are you running the ping command from a client ? casue if an ipconfig /flushdns solves the problem it is not the server thats the problem but the client cache. I am not familiar with symantec cluster services, so i wonder how it does the failover ? does it update the dns reccords on the server? or is there an arbiter involved ?

Like some said here, you need to look at suspicious proccesses and services, make a point of isolating all but the required protocols to keep serving your domain. Check technet for required ports to do this, also check up on their security documentation on how to go about securing your system.You may also want to use specialized tools to make sure there is no virus and or malware installed. I frequently use HijackThis to check the system if i suspect an intrusion, most of the time that alone will make the problem apear. It is a standalone utility that solves a lot of problems for me. set up auditing on the DC on objects you suspect to be related and if possible do the same on the switch/router the system is behind. one you know what ports are required to keep the domain up you can check for open ports on the machine, see what process is attached to it and locate it on the disk. Everything malware can be removed, the real question is how long it will take and if it is worth the effort over doing an emergency recovery.

That is actually a nice looking tool, tried the demo a bit and to be honest it can measure up with some of the expensive ones out there (or at least the implementations i have seen) Thanks for sharing that link

There are various groups in the 2003 AD namely: Universal groups Global goups Domain Local groups Where the Domain Local groups are effectively replacing the local groups from Windows NT, in the old model MSFT used the accurate way of assigning permissions was: grant the Local group access to the object, make the Global group a member of the Local group, and place the User in the Global group. This can now be done with the domain level group 'Domain Local groups' effectively you would store users and computers in the Global groups where the Global groups are a member of the Domain Local groups that are given permissions on objects like printers or shares. The Universal groups can be used anywhere in the forrest to grand users permissions in other domains than that the users are a memebr of. Domain Local groups can be granted access on specific resources that are not stored in Active Directory, (File server shares, Printer queues, etc.) - Domain Local groups cannot be seen from another domain. Global Groups can only be granted access to objects or be made a member of groups that reside in the same domain as the group is. (On a sidenote, beware of using the Domain Local groups, they take up 40 bytes in the access token that kerberos is using, where as global groups only use 8 bytes. If a member has a kerberos token that exceeds 12000 bytes his GPO policies will fail and any group membership that was not within the 12000 bytes will not apply on his permissions We had this problem when upgrading a fileserver to a cluster environment and effectively doubeling up on groups in the domain, with the Domain Locals 60% of the people using the new cluster were reporting problems and it was tracked back to the 12000 bytes tokensize. We switched the Domain locals to Globals to work around the problem. There is a fix from MSFT as well but that includes a premium patch and a domain wide registry change.)

Hmm did not know that, well then the only option is to go localy i guess. Hyena etc use the same field that you would configure via ADUC. Localy you can rclick on 'network' -> properties and go to the identification tab, its been a while since i worked with NT though so i could be off a little.

Lilbit hostile ey? Try reading the article someday, might surprise you how relevant it could be. 90% of a backup scheme is planning what and how to recover when itr fails otherwise the backup is moot. The friggin title says : Recovery Planning for Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Databases, excuse me for not going in blind and planning to actualy restore a db when it fails ..

There is more information stored in that folder than just indexing and file restore, it however depends on the role the server has. The sysvol folder on a DC for instance holds the full replica of the AD database in ldf files deleting the folder would be 'unhandy' in that situation.

This artivle explains how you should tackle this problem, it is a bit scetchy on the actual software used but does have some sql statements to verity the integrety of the database for instance. http://support.microsoft.com/kb/328747/en-us Hope it helps,

What would be a betetr option is to navigate there via the filesystem and set the permissions on that file only. Most php 'applications' have a set up wich requires the script to access certain files to write to, it is never a good idea to open write access up on the whole website, as certain individuals can then misuse the script and even go as far as upload malicious content to your site. Review the need for write access on a file to file basis and preferably move those files to a folder that is not shared via IIS (eg outside of the wwwroot folder in your case) sometimes this is not possible and then you will need to restrict access to that file only and not the whole website. - if it is an installer it may only need access to the file when it is installing, verify and remove write access as soon as possible from the site.

Start the Active Directory Users and Computers from a management server or DC and navigate to the PC/Server you want to set the description for. rclick on it and select properties, from the pane that shows up you can edit the contents of the description and apply it to the PC. Cheers,

CTRL-X has it right it is the cheapest option and requires the least effort atm. Some documentation: http://support.microsoft.com/kb/263532/en-us http://support.microsoft.com/kb/241594/en-us And 2 Whitepapers i have on the subject, i do not know where they are on the ms site so i attach them in the post. [edit]the promised link[/edit] Plan on how you want to restore and from that plan your backup scheme, also it might be good to backup all DC servers in your domain in case of corruption. Hope it helps, [edit] cant attach, something about not enough space, its 1.1 mb's but the 4.88mb's on forum aint enough to hold it ;-) i'll upload to my own site and link from here [/edit]

I have used vbscript in the past to create services: CreateService.vbs Const OWN_PROCESS = 16 Const NOT_INTERACTIVE = False Const NORMAL_ERROR_CONTROL = 2 strComputer = "." Set objWMIService = GetObject("winmgmts:" & _ "{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2") Set objService = objWMIService.Get("Win32_BaseService") errReturn = objService.Create("DbService", _ "NAME", _ "C:\WINDOWS\PROGRAM.EXE", _ OWN_PROCESS, _ NORMAL_ERROR_CONTROL, _ "Manual", _ NOT_INTERACTIVE, _ "NT AUTHORITY\LocalService", "") RemoveService.vbs strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colListOfServices = objWMIService.ExecQuery _ ("Select * from Win32_Service Where Name = 'SERVICE_NAME'") For Each objService in colListOfServices objService.StopService() objService.Delete() Next I do believe that this will work only for programs that are meant to run as a service.

It depends on how your network is configured, in a native 2000/2003 environment all authentication traffic uses Kerberos by default, but in mixed mode the NT4 Domain controllers can be used and they use the NTLM method to authenticate users. If your clients are all running XP there wont be any problems as it can handle both and will negotiate the protocol to be used. If you use NT4 clients and want them to be able to use Active Directory you need to install the Actrive Directory Client available here : http://www.microsoft.com/ntworkstation/dow...er/adclient.asp

Ok, i have not tried this since i do not use server as a client, but this might do the trick. Installing the DirectX SDK, it is the runtime and the development source etc. from the supported OS list it says that Windows Server 2003 Service Pack 1 is supported so this might be a good bet. http://www.microsoft.com/downloads/details...;DisplayLang=en Beware though this is a development pack, and the dload is 500ish MB. Witch is way larger than directX by itself. But it might do the trick. And if it does i am sure someone can create a light version (like miniXP) Again, i did not try this as i do not have any server running client atm but it might be worth to test.

It might be that the connectionstate was cached on the particular client computer and became corrupted at some point. Does not seem like a profile problem since he can log in via another client. So removing the cache might solve the problem. To remove the cache for Remote Desktop delete the .bmc files in "C:\Documents and Settings\(username)\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache" Hope this will fix your issue,