sanity1977

Thanks for your reply cluberti ... I had another go at it and when I checked the permissions this time they were different. Perhaps I hadn't changed them correctly or something. Unsure ... but non the less it is mostly working with one exception. It doesn't appear to load the wallpaper. It just shows a blank wallpaper. Any ideas on this? I have tried putting it in different locations before copying the custom "Default User" I create. I figure that if the wallpaper image is stored in the My Pictures folder for my test user that should be sufficient right? Doesn't appear to be. Is there a policy that may be set by default somewhere that blocks sending wallpapers accross the network maybe? Where would I get to that in SBS 2003?

Hi I was looking at how the default user profiles work and was interested in trying to set one up that was domain wide so that if someone logs into a new workstation they receive a common wallpaper and settings are set at a standard initially. I believe this can be done as a domain wide feature. I know how to create a new default user profile and from what I have read if I stick this profile in the NETLOGON share on the SBS 2003 server then when a person logs on to any workstation that hasn't logged on before it should pull the profile from the share or update the Default User profile on the workstation from this share at the very least. I have a "Default User" profile in the NETLOGON share but it just doesn't seem to use it when I try this. I have made sure that the user profile does not allready exist on the workstation I am trying it with and have also confirmed it doesn't exist in the registry under the HKLM/Software/Microsoft/WindowsNT/CurrentVersion/ProfileList. Has anyone had this working? I have checked the security on the NETLOGON folder and the Default User profile inside that and it appears to be allowing read and modify access to Authenticated Users. It just seems as tho it will only user the default user on the local machine. I guess I could probably synchronize this folder with every machine but it just doesn't seem like it should have to be done that way and I probably wouldn't even worry about it if it came to that. Any pointers/help would be greatly appreciated.

Thanks for replying cluberti. All machines are on the same subnet with the same gateway and DNS servers. I haven't yet tried doing a trace. I've never done that before so I will download one of those programs you mentioned and try it. I really cannot understand why this isn't connecting through. I even moved one of my workstations from the domain to the same workgroup as the MCE and still no luck. I don't think it's a domain issue anymore I think it's to do with wireless networking or perhaps somethings screwed up on the mediacenter but I really don't like rebuilding the media center cause it's such a pain to get working correctly.

This is still semi related to a previous post but I've simplified things a little with the same problem. I have an XP Pro and an MCE machine on the same workgroup. Both firewalls are turned off but they still cannot ping one another or see each other via My Network Places. They are both connected to the same Netcomm NB9W Wireless Gateway and can ping it as normal. The both also can access the internet and ping it without any problems. I have shared folders on both machines and there are no other antivirus or firewalls in place. Thinking about it, I did have Avast Home Edition on the MCE for a little while but it was removed. Any ideas? Could it be the Netcomm NB9W causing the problem some how or is it a common wireless thing. I have even tried having no security over the wireless.

Hi Guys I'll explain my main objective first. I have a SBS 2003 server setup with three workstations (Vista, XP Pro, Mediacenter) I want to share three folders on my MCE and be able to access them from at the very least the XP Pro machine. That's it. I appreciate that has no domain support. I wouldn't expect this would cause no access to these shares tho. These three machines are connected via wireless networking. The server on the other hand is connected to my Wireless ADSL Gateway via ethernet. At this stage the no additional firewalls have been installed on the actual systems and I have tried to disable the firewall completely on the MCE to no avail. I am able to ping the server and the gateway with no problems at all from any machine on the network. I would expect to be able to ping client to client eg XP Pro/MCE, MCE/XP Pro, Vista/XP Pro, XP Pro/Vista etc. but this does not happen. Request is timed out. I can even access all three shares on the MCE from the server just not from any client. This sounds to me like a firewall issue? right? Is there a port that I need to be opening? I allready have File & Print Sharing open on the clients but the fact that it's only a problem between clients makes me wonder. Could it be something to do with the gateway firewall? Any help would be greatly appreciated guys. I had this all set up previously and it worked fine but I have just rebuilt the SBS server (My second time) and it doesn't want to work. Things that are different are the new Gateway (NB9W) and the wireless cards.

Thanks for that JuMz ... The above link helped explain some things to me and a link on that page http://www.windowsnetworking.com/articles_...guring-FTP.html confirmed what I was finding. The document explains that you do infact need to include the Pre-Windows 2000 name between the specified home directory and the user's directory. I might have a crack now at using the active directory isolation. Previously I tried this method but I installed the admin pak and I was under the impression that two additional items would appear in the user properties through active users & directories. These items were supposed to be ftproot and ftpdir. I know I could specify them using iisftp.vbs but I wanted to actually see it in the user properties.

I have setup an IIS FTP Site because I wanted to force users into there own personal folder. Having done this and played around with it quite a bit I noticed something which I can't quite understand. I have set the home directory of the FTP to show c:\user and then created folders matching the users login name eg. jblogs pking etc which then ment that c:\user\jblogs and c:\user\pking existed. When the user pking logged in I expected that pking's root folder would be c:\user\pking but he wouldn't actually know that he would just think it was the root folder. Now I had set all the necessary permission by allowing full access to pking on the c:\user\pking folder but when I tried to log in it would say that permission was denied to the home directory. Couldn't understand this. Did a little reading and it was suggested to use sysinternals filemon program to see exactly which folder the ftp site was trying to put the user pking into. This is where it got interesting. My netbios domain name was MAGIC and I was finding that the ftp site was trying to actually put user pking into the following folder c:\user\magic\pking. Why is it adding the netbios name before the username and after c:\user??? I modified my file structure to include magic and it all works fine but why is it putting it there. I am using SBS2003 and these users I have mentioned do not require access to my domain, nor do they log into my domain. They are purely ftp users from the outside world. Now I created these users not from within the SBS Server Management console but via Admin Tools/Active Users & Directories. Was this the wrong thing to do? Should I have created them else where? I can only think that the reason that the ftp site is adding the magic folder because they are users of the magic domain. Is this right? Hope someone can help me get my head around this.

Hey Everyone I have a problem that has just presented itself and I have recently setup NAT on my server but don't think that has anything to do with it. Whats happening is that when I try and perform remote desktop connection from one workstation to another using the computer name it comes back and says that the specified computer could not be found. Here's the catch ... If I use the IP address it works fine. If I turn off the firewall from the local machine that I was trying to remotely connect to then I can then use the computer name to remotely connect. What am I missing here? The RDP port is open and it would have to be if it still connects via the IP address. The other thing is that if I then enable the firewall again from the local machine then I can still remotely login using the computer name for a little while but perhaps thats just because the firewall takes a little while to kick back in. Anyone have any ideas? I know it doesn't matter if I just log in using the IP address but I'd like to know why this is happening. Oh by the way NAT is not set up on either of the two machines that I have just been referring to, it's on the server. Thats why I don't think it's due to that but maybe just coincidental that I have noticed it happening since installing it. Thanks guys

Hi I just found an evaluation copy I had of SBS 2000 and thought I'd give it a go until I can get an eval of SBS 2003 but I'm stuggling to understand the logic of the Client Setup Wizard. It doesn't make any sense to me that the new user that is being added must have local Administrative rights to install the software. Sorry, it makes sense but it seems stupid. My understanding is that for every user that you add to your domain on the server you need to create a client setup wizard disk and run it on the workstation. At this stage I have been doing this from the workstations local administrator account. This then copies some information across and creates the user account locally and then when you log in on the workstation as the new user you are eventually prompted with a screen that you must give your user local administrator rights, otherwise you can't install the necessary software that was specified initially when setting up the Client Setup Wizard disk on the server. This then means that the new user you have just added now and forever (unless manually removed) has administrator rights to the local machine and can make all sorts of changes like changing administrator password, deleting accounts and making a general nusense of themselves if they want to. Install peer-to-peer networking clients etc if they wanted to. Am I right in assuming that this means for every user that is added to the workstation I would have to manually remove the administrator rights after the Client Setup Wizard has finished installing the required software? Perhaps, I'm looking at this all wrong. What would be the normal process of setting up these workstations. I'm just thinking that these Client Setup Wizard disks are going to be used by someone who isn't necessarily very computer literate within the business and I wouldn't think they would normally know how to go and remove permissions after following through the wizard. Am I sounding very confusing? Any help would be greatly appreciated.

Excellent ... Thanks heaps for all your help guys

Nope ... using a bitmap had no effect. Still had the same problem. I also tried removing the recycle bin in the OU policy instead of the "Default Domain Policy" and the same problem was evident. I tried a couple of other things too. I said previously that it didn't matter whether "Enable Active Desktop" was enabled or not that the .jpg file would still display, well that is still the case but if I use a .bmp file it will not work if "Enable Active Desktop" is not enabled. Even if I used a .bmp file and enabled "Allow only bitmapped wallpaper", using a .bmp file still required "Enable Active Desktop" to be enabled. Maybe because when you specify a .jpg file Windows automatically knows that Active Desktop needs to be enabled and does this itself. Like you say the wallpaper thing is pretty screwed up from what I can see. I can't help but think that maybe I'm over looking something still. It just doesn't seem right somehow.

I've just spent about an hour and a half trying to understand why the policy settings I have set were not allowing an Active Desktop Wallpaper display. Here's what I did. Note: This is all for testing purposes only. I changed the "Default Domain Policy" to "Enable - Remove Recycle Bin icon from desktop". This worked fine on it's own. I then created a new policy on my custom OU (Accounting) called "Set Accounting Wallpaper". In this policy I "Enabled - Active Desktop Wallpaper" and specified a UNC path called "\\server1\wallpaper\home.jpg" this path is correct and has full permissions etc. everything there is good. When I logged on as one of the accounting users the Recycle Bin is gone but the wallpaper would not display. Ok ... I did a lot of research in this hour and a half trying to find out what the hell was going on and everyone is saying that Active Desktop needs to be enabled as well. I had set this allready but it still wouldn't work. I checked through all sorts of things that would have an affect on the wallpaper policy but I had only changed these two policies. As soon as I changed the "Default Domain Policy" back to "Not Configured - Remove Recycle Bin icon from desktop" the wallpaper works just how I would expect it to. Why is this? I haven't put any service packs onto Win Server 2003 yet but I do have service pack 2 on the WinXP machine that the users are logging on with. Is it a known issue? I noticed in some of the descriptions of what each policy does that they mention when something will affect another policy for example the "Active Desktop Wallpaper" but theirs nothing on the Recycle Bin description. Has anyone ever developed a small application or database with a listing of things that group policy can do and when one policy will affect another or am I being lazy and it's all provided for us allready. I'm using GPMC service pack 1 when changing policies by the way if that has anything to do with why this has happened. Another quick question ... After sorting this all out I found that I didn't in fact need to have the policy for "Enable Active Desktop" set to "Enable". It still worked ever with it Disabled. Is this because I'm using WindowsXP and active desktop is enabled by default? That being the case would it only be necessary and wise to enable it just in case there are older windows operating systems being used within the domain? Thanks in advance guys And I hope the above helps other people too.

Hi I'm am new to Windows 2003 Server AD and I have set up a domain server "server1", client "client1" and two basic users "user1" and "user2". On the server I have created a share "c:\users" and created two user folders inside of this "c:\users\user1" and "c:\users\user2". Now the share permissions of "c:\users" is set to Allow Everyone to Change and Read. "c:\users\user1" has permissions set to Allow Administrators and User1 to Full Control. "c:\users\user2" has persmissions set to Allow Administrators and User2 to Full Control. This works quite well. In each user profile I have selected to map drive "H:" to "\\server1\users\%username%" and when the user logs on and goes to "H:" it shows the contents of their shared folder from the server and they are able to have full control over that folder and it's contents. It also works the way I planned in that if the user is smart enough to go to "\\server1\users" they can see the list of user folders including the "user1" and "user2" folders but if "user1" is logged on he/she will only have access to the "user1" folder. Trying to access the "user2" folder results in access denied. Excellent was very happy with that. However, if either user goes to "\\server1\users" they are able to create a folder or file of whatever they want. In order for the administrator to keep things neat I don't want users to be able to do this. Is this the method people would generally use to set up this situation or am I on the completely wrong track? Thanks in advance for any help. Remember, I'm new ... be gentle