Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

  • Country


Everything posted by Zartach

  1. Are you running the ping command from a client ? casue if an ipconfig /flushdns solves the problem it is not the server thats the problem but the client cache. I am not familiar with symantec cluster services, so i wonder how it does the failover ? does it update the dns reccords on the server? or is there an arbiter involved ?
  2. Like some said here, you need to look at suspicious proccesses and services, make a point of isolating all but the required protocols to keep serving your domain. Check technet for required ports to do this, also check up on their security documentation on how to go about securing your system.You may also want to use specialized tools to make sure there is no virus and or malware installed. I frequently use HijackThis to check the system if i suspect an intrusion, most of the time that alone will make the problem apear. It is a standalone utility that solves a lot of problems for me. set up auditing on the DC on objects you suspect to be related and if possible do the same on the switch/router the system is behind. one you know what ports are required to keep the domain up you can check for open ports on the machine, see what process is attached to it and locate it on the disk. Everything malware can be removed, the real question is how long it will take and if it is worth the effort over doing an emergency recovery.
  3. That is actually a nice looking tool, tried the demo a bit and to be honest it can measure up with some of the expensive ones out there (or at least the implementations i have seen) Thanks for sharing that link
  4. There are various groups in the 2003 AD namely: Universal groups Global goups Domain Local groups Where the Domain Local groups are effectively replacing the local groups from Windows NT, in the old model MSFT used the accurate way of assigning permissions was: grant the Local group access to the object, make the Global group a member of the Local group, and place the User in the Global group. This can now be done with the domain level group 'Domain Local groups' effectively you would store users and computers in the Global groups where the Global groups are a member of the Domain Local groups that are given permissions on objects like printers or shares. The Universal groups can be used anywhere in the forrest to grand users permissions in other domains than that the users are a memebr of. Domain Local groups can be granted access on specific resources that are not stored in Active Directory, (File server shares, Printer queues, etc.) - Domain Local groups cannot be seen from another domain. Global Groups can only be granted access to objects or be made a member of groups that reside in the same domain as the group is. (On a sidenote, beware of using the Domain Local groups, they take up 40 bytes in the access token that kerberos is using, where as global groups only use 8 bytes. If a member has a kerberos token that exceeds 12000 bytes his GPO policies will fail and any group membership that was not within the 12000 bytes will not apply on his permissions We had this problem when upgrading a fileserver to a cluster environment and effectively doubeling up on groups in the domain, with the Domain Locals 60% of the people using the new cluster were reporting problems and it was tracked back to the 12000 bytes tokensize. We switched the Domain locals to Globals to work around the problem. There is a fix from MSFT as well but that includes a premium patch and a domain wide registry change.)
  5. Hmm did not know that, well then the only option is to go localy i guess. Hyena etc use the same field that you would configure via ADUC. Localy you can rclick on 'network' -> properties and go to the identification tab, its been a while since i worked with NT though so i could be off a little.
  6. Lilbit hostile ey? Try reading the article someday, might surprise you how relevant it could be. 90% of a backup scheme is planning what and how to recover when itr fails otherwise the backup is moot. The friggin title says : Recovery Planning for Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Databases, excuse me for not going in blind and planning to actualy restore a db when it fails ..
  7. There is more information stored in that folder than just indexing and file restore, it however depends on the role the server has. The sysvol folder on a DC for instance holds the full replica of the AD database in ldf files deleting the folder would be 'unhandy' in that situation.
  8. This artivle explains how you should tackle this problem, it is a bit scetchy on the actual software used but does have some sql statements to verity the integrety of the database for instance. http://support.microsoft.com/kb/328747/en-us Hope it helps,
  9. What would be a betetr option is to navigate there via the filesystem and set the permissions on that file only. Most php 'applications' have a set up wich requires the script to access certain files to write to, it is never a good idea to open write access up on the whole website, as certain individuals can then misuse the script and even go as far as upload malicious content to your site. Review the need for write access on a file to file basis and preferably move those files to a folder that is not shared via IIS (eg outside of the wwwroot folder in your case) sometimes this is not possible and then you will need to restrict access to that file only and not the whole website. - if it is an installer it may only need access to the file when it is installing, verify and remove write access as soon as possible from the site.
  10. Start the Active Directory Users and Computers from a management server or DC and navigate to the PC/Server you want to set the description for. rclick on it and select properties, from the pane that shows up you can edit the contents of the description and apply it to the PC. Cheers,
  11. CTRL-X has it right it is the cheapest option and requires the least effort atm. Some documentation: http://support.microsoft.com/kb/263532/en-us http://support.microsoft.com/kb/241594/en-us And 2 Whitepapers i have on the subject, i do not know where they are on the ms site so i attach them in the post. [edit]the promised link[/edit] Plan on how you want to restore and from that plan your backup scheme, also it might be good to backup all DC servers in your domain in case of corruption. Hope it helps, [edit] cant attach, something about not enough space, its 1.1 mb's but the 4.88mb's on forum aint enough to hold it ;-) i'll upload to my own site and link from here [/edit]
  12. I have used vbscript in the past to create services: CreateService.vbs Const OWN_PROCESS = 16 Const NOT_INTERACTIVE = False Const NORMAL_ERROR_CONTROL = 2 strComputer = "." Set objWMIService = GetObject("winmgmts:" & _ "{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2") Set objService = objWMIService.Get("Win32_BaseService") errReturn = objService.Create("DbService", _ "NAME", _ "C:\WINDOWS\PROGRAM.EXE", _ OWN_PROCESS, _ NORMAL_ERROR_CONTROL, _ "Manual", _ NOT_INTERACTIVE, _ "NT AUTHORITY\LocalService", "") RemoveService.vbs strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colListOfServices = objWMIService.ExecQuery _ ("Select * from Win32_Service Where Name = 'SERVICE_NAME'") For Each objService in colListOfServices objService.StopService() objService.Delete() Next I do believe that this will work only for programs that are meant to run as a service.
  13. It depends on how your network is configured, in a native 2000/2003 environment all authentication traffic uses Kerberos by default, but in mixed mode the NT4 Domain controllers can be used and they use the NTLM method to authenticate users. If your clients are all running XP there wont be any problems as it can handle both and will negotiate the protocol to be used. If you use NT4 clients and want them to be able to use Active Directory you need to install the Actrive Directory Client available here : http://www.microsoft.com/ntworkstation/dow...er/adclient.asp
  14. Ok, i have not tried this since i do not use server as a client, but this might do the trick. Installing the DirectX SDK, it is the runtime and the development source etc. from the supported OS list it says that Windows Server 2003 Service Pack 1 is supported so this might be a good bet. http://www.microsoft.com/downloads/details...;DisplayLang=en Beware though this is a development pack, and the dload is 500ish MB. Witch is way larger than directX by itself. But it might do the trick. And if it does i am sure someone can create a light version (like miniXP) Again, i did not try this as i do not have any server running client atm but it might be worth to test.
  15. It might be that the connectionstate was cached on the particular client computer and became corrupted at some point. Does not seem like a profile problem since he can log in via another client. So removing the cache might solve the problem. To remove the cache for Remote Desktop delete the .bmc files in "C:\Documents and Settings\(username)\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache" Hope this will fix your issue,
  16. When do you recieve this error, at BIOS boot or after windows started ? Are there eventlog errors if the error comes up in windows ? Out of the box i have not seen an error that would require the DEL key to continue on any of my w2k3 server installations yet so i am guessing it may be BIOS related. Either LAN card BIOS, SCSI card BIO or Motherboard BIOS would be my first guess. Hope it helps,
  17. The easiest way to do that would be to create a vb or batch script that does that for the user and distribute it among the users. After they are joined the login scripts etc. can cover this but untill that is done it could be doable to provide your users with a 'one click sollution' . Distributing the script/batch would be tricky though, if the users can access mail you can send a mail to all users with the script attached and noted on how to use it.
  18. Ah, then you can scrap my vb script comments ;-) as they only work in an AD environment. Hopefully the tool B Owen provided will help you on this then.
  19. If it was a dll that was removed you would have problems with it every time you used it. It may be a problem related to some other issue, check when the problem became aparent and check if any applications have been installed just prior to when the problems began. It also can be related to some malware that was accidently installed on your system so you might want to check with a standalone scanner like 'HijackThis' if you can see some wierd software listed. Or it might be a virus, usualy this would not be a problem but in cases like this always assume the worst ;-) and double check the AV product you are running and if possible run a scan from another server on the system drive. This in case the AV application on the system itself is damaged by the malware/virus. And lastly check if there is any logging related to your problem or recuring errors that look like they might have an effect like this. May be far fetched but you never know. Hope it helps,
  20. I do not know if this will solve your problem but it does not hurt to try, There is a feature in windows that will disconnect active network drives on the client but will 'remember' them in the configuration. The driveletter will be taken and can not be re used untill disconnected completely. To turn this off type the following command on the client machine. net config server /autodisconnect:-1 This will configure the 'server service' on the client so it will keep all network connections active in stead of placing them in the disconnection state. If this does not fix your problem, please check for Event error's regarding network or logon error's as there may be a problem then. Hope it hepls,
  21. Create a new group in the AD and name it how you like for example G_RMT_ADMIN_%SERVERNAME% Add the G_RMT_ADMIN_%SERVERNAME% to the local administator group on the server. By default Local administartors can log in on the server via RDP, but you can configure this via the Terminal Server Configuration tool from Start -> Settings -> Administrative Tools -> Terminal server Configuration. Add the user to the group : G_RMT_ADMIN_%SERVERNAME% And he will have local administrative rights on the specific server and not on the main server. Hope it helps,
  22. IIS has the option to host multiple instances of websites, the host header is used when you have more than one site running on the same port. When you have for example : www.contoso.com and webmail.contoso.com running both on port 80, by default if you type any of the addresses in the browser you will end up on the default (first) website IIS has listed. Now if you configure IIS host headers, you can 'bind' the dns name www.contoso.com to an interface (represented by an IP address). You can 'bind' multiple sites to the same interface so the configuration would be: www.contoso.com host header x.x.x.x webmail.contoso.com host header x.x.x.x Where x.x.x.x is your IP address, by doing this the end user can type both dns names in his/her browser and end up on the specific page you configured the host header to. At the moment i have a running configuration at a customer who is behind a Firewall, his fqdn's point all to the firewall's IP (7 dns addresses) and the firewall forwards them to the internal IIS server. IIS checks the host header vs the browser request and directs the user to the proper page. Hope it helps,
  23. For the sake of knowledge, if you were to do this or the /f and attempt to force them, does this go about the shut down in a much different way than clicking on Start-->shut down-->shut down ? I guess to be more clear, I just want to understand how the system responds to these different requests, as well as how the requests differ internally. Shutdown.exe makes the same call to windows for shutting down the system, however the /f option forces all application and services to stop and it will kill the process if it hangs. No confirmationboxes will be shown if the /f option is used. So if there is a problem with some app hanging, /f will kill it and the shutdown can take place normaly.
  24. I'll see if i can make a little script for this, wont be able to do that at the moment though. Do you have any specific needs ? does it need to apply to all users in an OU or just 'some' that can be specified in a txtfile ?
  25. For the Profile information you can script this in vbscript via : objItem.Put "profilePath", "VALUE" objItem.Put "scriptPath", "VALUE" objItem.Put "homeDirectory", "VALUE" objItem.SetInfo objUser.TerminalServicesProfilePath = "VALUE" objUser.TerminalServicesHomeDirectory = "VALUE" objUser.TerminalServicesHomeDrive = "VALUE" objUser.AllowLogon = Enabled objUser.SetInfo Hope it helps,

  • Create New...