Jump to content
Compatible Support Forums

DS3Circuit

Members
  • Content count

    738
  • Joined

  • Last visited

Everything posted by DS3Circuit

  1. DS3Circuit

    Best practices for AD over multiple sites

    As long as there is a GC in every site that has an Exchange Server, you should be alright. Being that you brought it up .... depending on your DSL speed and what not ... you MAY have to place your NATIVE (?) mode exchange servers in there respective routing groups, but under the same administrative group.
  2. DS3Circuit

    FileSystem You Use Poll

    Thank god for setting up multiple recovery agents for your EFS BUT I do have something to make all of you chuckle..... One of our technicians made the mistake of turning several old P2 machines .... into RAS servers .... only thing is they Dual boot into either windows 95 or 2000 Server ....
  3. DS3Circuit

    Dell PowerEdge 1600SC and Registered DDR

    Crucial is fine ... we have used it in the past to upgrade some of our older ibm 5500 servers ...
  4. DS3Circuit

    Confuse a tracert - show it more then it actually is???

    Hmmm Now this is good thread ... you have jogged my memory into doing somethings ... APK, thanx for the link
  5. DS3Circuit

    Anyone know how to set up dial-up ICS under Win2K?

    http://www.practicallynetworked.com/sharing/ics/ics.htm
  6. DS3Circuit

    NT to 2000 server

    Well I will throw in a couple of things .... With NT 4 hitting its Microsoft End of Life, I would strongly recommend going to a product that is supported. With DNS, it is "easier" for internal DNS to have the same name as the external one. Everyone is absolutely correct with trying all this in a test domain. When going live, unplug a BDC from the network ... you can always promote it "IF" something goes wrong with your Win2k PDC emulator. Anymore specific questions ?
  7. DS3Circuit

    Best practices for AD over multiple sites

    Microsoft Product Support Services ... PSS 800-936-4900 If you have any questions, feel free, and if anyone else has something to add, the same m8
  8. DS3Circuit

    Best practices for AD over multiple sites

    In ADSS *** At this point I wouldnt recommend playing with replication times and just leave them at the defaults *** *** What I am recommending here, will optimize AD replication, software deployment, remote management, WAN traffic, and use of resources AND requires a DC in each site running DDNS *** 1. Create 3 different sites ... 1 for your main site and 2 more for your satellites. 2. Create those subnets that are in your entire organization and link them each to their own individual site. 3. For Inter-Site Transports, I would just stick with RPC replication since your DSL lines have a better "uptime" then say a Dialout with a modem. (Also if you used SMTP for replication, you would need to create a certificate authority to verify the data ... no need) ***RPC runs over port 135 .... LDAP queries run over 389 by default*** 4. NTDS settings only appear for DCs and each site should have its own Global Catalog (AD queries then wont have to go over WAN links). This obviously requires a DC in EACH site. 5. There is no need for the Conferencing Site (from what I have been told) 6. IMHO, It is far easier to have a bridgehead DC in each site, sitting in the DMZ of each site, so you wont have to turn your firewall into swisscheese by opening numerous ports 7. Did you know you could apply Group Policies by SITE as well as OU. (Domain as well) ? IN ADUC 1. Builtin, Computers, ForeginSecurityPrincipals, Users are NOT OUs, but actual just CONTAINERS .... in otherwords you cannot apply GPOs to them. So then just move them into a new OU. 2. The Printer OU is for you to publish legacy printers into your AD ... mostly for NT servers .... not neccessarily needed. IN BOOKS Well I enjoyed Windows 2000 Server Resource Kits, anything from the Microsoft Press, and the publisher SYBEX. LINKS www.labmice.net www.microsoft.com/technet Remember Microsoft PSS, is the best 250 bucks you will ever spend Well thats enough for now, if anyone else wants to chime in, please feel free by all means
  9. DS3Circuit

    Outlook xp

    If in Internet Mode = POP3 or IMAP ... you could put in a bad SMTP server in your settings ... block anything with port 25 If for Exchange ... you would need a MAIL-ENABLED user ... not a MAILBOX ENABLED user.
  10. DS3Circuit

    Active Directory Deploy SP3?

    Though I havent played with SUS recently, I believe it can be applied to machines as well as users. I should read their ADM file. Try it out on a test machine
  11. DS3Circuit

    Active Directory Deploy SP3?

    SUS doesnt work with Service Pack Deployment Only Hotfixes
  12. DS3Circuit

    Best practices for AD over multiple sites

    Well best practices 1. A site is defined as a high bandwidth location - it is entirely physical and may encompass logical administration - depending on centralization or decentralized administrative environments (office politics ) DSL lines dont encompass this (mostly) 2. Break it down by subnets in ADSS 3. Windows 2000 Pro machines locate DCs through DNS queries first (SRV records), then WINS, then Netbios and so on down the line. 4. You need some books, and some more particular questions as well. Suggestions A DC in each remote site, with timed replication to the main site, will ease bandwidth, GPO deployment, and logon times. Remote DCs should also be Global Catalogs as well. And if a site has more then one DC, one should be made a bridgehead for replication. Your situation is a perfect model for Hub n Spoke topology and replication.
  13. DS3Circuit

    Freeware CommandLine Tools link/url, good for scripting

    Yeah that site as been in my bookmarks for probably a couple of years ... only thing is ... I never even bothered to THINK to search that topic .... You have given me a good arsenal for some remote management and batch work Loads his script gun
  14. DS3Circuit

    Freeware CommandLine Tools link/url, good for scripting

    DOH .... what a morning ... had to reboot a 3com 3300 switch Never mind ... 8)
  15. DS3Circuit

    Removing SCSI disk wreaks havoc on dual boot system :(

    Out of curiousity ... did you check the termination of the drives ? ... your ARC paths in your Boot.ini seem correct
  16. DS3Circuit

    Active Directory Deploy SP3?

    Sure thing In response to 1 = Sure, you only deploy service packs to computers anyways, just disable the GPO portion that is for User configurations (a faster load of the GPO) ... in a side note, for managerial and logical administration, I put them in separate OUs, but thats just me. IN response to 2 = Same deal with office, but you can also specify it by machine AND user. Create an MST (configuration file) using the Office Resource Kit to custom your install. Also, this one can be either assigned or published. Personally, its how we do it on my networks. HTH
  17. DS3Circuit

    Windows 2000.....Can you password protect folders?

    Sure Give the everyone group full share access and then limit it by NTFS permissions to those who need particular read and or write acess. There are numerous topics about this .... search the forums, google, and/or http://support.microsoft.com
  18. DS3Circuit

    Active Directory Deploy SP3?

    Login normally Assigned MSIs run under the context of machine level security. They are installed before a user ever logins.
  19. DS3Circuit

    DVD Software Poll

    True True Cyberlink does make a very good product
  20. DS3Circuit

    DVD Software Poll

    I prefer NVDVD and of course, the Sony in my living room
  21. Morning Boys Has anyone worked with a product that has to the ability to package the permissions on registry keys. I am at the moment struggling with this using Ghost 7.5 AI, Altiris Rapid Deploy 5.5, and that free MSI packager included on the Win2k CD. I realize that you can use regini.exe (through logon scripts) from the resource kits, but the powers that be, would rather have it far more granular than what regini can do. Anyone work with the Active Directory method of controlling registry keys?? What about EPAL? Basically once these applications are packaged and ready for deployment, I need to find a way to get certain apps to run under USER permissions. PS....Already tried adding them as power users and/or compatibility security mode... Opinions, Ideas, Comments, would all be GREATLY appreciated.
  22. DS3Circuit

    Packaging Registry Key Security Permissions

    For those who are interested EPAL - Does work, but the application has a 300% increase in loading time as it searches AD for the correct permissions. Those higher up were addament into saying this was not a solution. AD - works far better at distributing the correct registry keys so that applications that need the correct permissions to launch, receive them.
  23. DS3Circuit

    Active Directory Deploy SP3?

    If you are using a Domain security context 1. Place the computers that need to be updated in their specific OU 2. Extract SP3 onto a server share that has the correct permissions for those to access it. Read access is enough 3. Create a GP for that OU and create a GPO that has (for computers) a software installation that maps to the update.msi that is located once you extract all the service pack ... you can use winzip for this. 4.Once the Group Policy is in place, have your users reboot their machines, and upon startup the MSI for Service Pack 3 will come down, install on their machines, reboot again, and thats it. 5. There is a place to check in the policy to "not uninstall the software" when "management falls out of scope", otherwise when you move the computers to another OU, Service Pack 3 will uninstall itself. HTH
  24. DS3Circuit

    Routing failures using 2 NICs and windows2k srv.

    Quote: I would doublecheck your gateways. Wouldnt you want traffic routed out the 204 public address instead of the 10 private? Good glad to hear mate . I have found that relatively simple mistakes such as wrong IPs, Gateways, Masks, etc have caused problems on my networks.
  25. DS3Circuit

    Routing failures using 2 NICs and windows2k srv.

    Did you use the RRAS snap in to configure this multihomed machine as a network router? Winroute Pro is "usually" seen as a better alternative if this is being used in a business environement. I would doublecheck your gateways. Wouldnt you want traffic routed out the 204 public address instead of the 10 private?
×