Browsing "Windows 2003"

What is DropMyRights?

“DropMyRights is a very simple application to help users who must run as an administrator run applications in a much-safer context—that of a non-administrator. It does this by taking the current user’s token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla’s Firefox, Eudora, or Lotus Notes e-mail.”
Download the DropMyRights.msi file

How Can I Move the Blackberry Administrator mailbox?

The administration mailbox is essential to the operation of the BlackBerry Enterprise Server because it holds critical information, such as the Server Relay Protocol (SRP) connectivity information, instance names and associated user lists.

To move the administration mailbox between mailbox stores or Exchange servers, complete the following steps:

1. In Services, on the BlackBerry Enterprise Server, stop the BlackBerry Enterprise Server service.
2. Move the administration mailbox to the new location. See your Microsoft Exchange Server Administration Guide for more information.

Note: You must be logged in to the BlackBerry Enterprise Server administration account to complete the following steps.

3. Update the Messaging Application Programming Interface (MAPI) profiles on the BlackBerry Enterprise Server:
a. On the Start menu, click Programs > BlackBerry Enterprise Server > Edit the MAPI Profile for > BlackBerry Server .
b. Type your Exchange server name in the Microsoft Exchange server field.
c. Type your Mailbox name in the Mailbox field.

4. Run the Handheld Cleanup utility on the BlackBerry Enterprise Server:
a. Open a command prompt.
b. Change the directory to C:Program FilesResearch In MotionBlackBerry Enterprise ServerUtility.
c. Type the following command:

handheldcleanup –m

5. Press ENTER.
6. In Services, start the BlackBerry Enterprise Server service.

Open / View .Bat .log files in IIS6 Windows 2003

When you try and click on a .log file served from IIS6 you receive a 404 error.

You need to look through you log files and find out exactly what 404 IIS was giving. If it was 404 with a sub status of 3, then it is denied due to MIME Type, so make sure to add a .log/bat MIME Type at the website/vdir level and it should immediately be downloadable.

You can add the .log extension with application/octet-stream in the MIME types.

However, if that vdir has “Scripts and Executables” enabled and a Scriptmapping for .bat, then you will likely see 404.2 — in which case, you need to remove the Scriptmapping so that downloading is allowed.
If it returned 404 with a win32 error of 2, then that’s a real “file not found” — look at the vdir mapping to make sure the file actually exists where you think it does.

How can I use the registry to configure Group Policy update times?

You usually configure Group Policy update times under the Computer ConfigurationAdministrative TemplatesSystemGroup Policy and the User ConfigurationAdministrative TemplatesSystemGroup Policy branches; however, you can also directly set the registry to configure Group Policy update times by performing the following steps:

Start regedit.exe.
Go to HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem to set Computer refresh. Or, alternatively, go to HKEY_CURRENT_USERSoftwarePoliciesMicrosoftWindowsSystem to set User refresh.
Create a DWORD value with a name of GroupPolicyRefreshTime, and set it to a number between 0 and 648000 minutes.
Create a DWORD value with a name of GroupPolicyRefreshTimeOffset, and set it to a number between 0 and 1440 minutes. (You specify an offset value to prevent many clients from trying to refresh at the same time.)
Close regedit.

How can I let users search, but not browse, Active Directory (AD)?

You can use either a policy setting or the registry to configure AD for browsing. To use the policy setting method, perform the following steps:

Open Group Policy with the Group Policy Editor (GPE).
Navigate to User Configurations, Administrative Templates, Desktop, AD.
Double-click “Hide Active Directory folder.”
Select the Policy tab.
Click Enabled, and click OK.
Close the policy.

To use the registry to complete the same task, perform the following steps:

Start the registry editor (e.g., regedit.exe).
Navigate to HKEY_CURRENT_USERSOFTWAREPoliciesMicrosoft.
If the Windows key doesn’t exist, click Edit, New, Key to create the key.
Look for “Directory UI” under the Windows key, and if it doesn’t exist, click Edit, New, Key to create the key.
From the Edit menu, select New-DWORD Value.
Enter a name of HideDirectoryFolder, and press Enter.
Double-click the new value, set it to 1, and click OK.
Close the registry editor.

How can I let users log on to the domain when they can’t contact the Global Catalog (GC)?

When a native-mode user logs on to the domain, a GC checks Universal group memberships. If the user can’t contact a GC, the logon will fail. To let users log on even though they can’t contact the GC, perform the following steps on the servers that service the client logons:

1. Start a registry editor (e.g., regedit.exe) on each domain controller (DC).
2. Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa registry subkey.
3. From the Edit menu, select New, DWORD Value.
4. Enter the name IgnoreGCFailures, set the value to 1, then press Enter.
5. Close the registry editor.
6. Restart the DC.

Be aware that performing these steps can cause security problems. For example, imagine that you’re a member of the Universal group that’s denied access to a particular network resource. If your system can’t contact the GC when you log on, your user token won’t have the SID of the Universal group. In that case, you might be able to access the denied resource just as if you weren’t a member of the Universal group.

Jul 2, 2004 - Windows 2003    1 Comment

How can I use the command line to rename a user account in Windows Server 2003?

You can use the Dsmove command with the -newname switch to rename Active Directory (AD) objects. For example, to change user savillj to user johnsavill, type

C:>dsmove CN=savillj,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com
-newname johnsavill
The machine will return the following result:

dsmove succeeded:CN=savillj,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com

Related Posts Plugin for WordPress, Blogger...