mmthomas
Members-
Posts
214 -
Joined
-
Last visited
-
Days Won
6
mmthomas last won the day on December 6 2010
mmthomas had the most liked content!
mmthomas's Achievements
Newbie (1/14)
7
Reputation
-
Modify Server Core To Full Installation
mmthomas replied to Codin's topic in Servers / Domains / Hosting
There is no upgrade path from core to a full installation; you must do a clean install. Information that you can't export to other locations would be lost. -
Logon Script For Mount Network Drive Based On Group Name
mmthomas replied to scream's topic in Servers / Domains / Hosting
Here is a sample from another site on mapping based on group memberships: ' GroupMap.vbs ' VBScript to test group membership ' Script can be amended to actually MapNetworkDrive ' Author Guy Thomas http://computerperformance.co.uk/ ' Version 3.3 - May 2010 ' ----------------------------------------------------' Option Explicit Dim objNetwork, objUser, CurrentUser Dim strGroup ' Initialise Groups with Const Const Dentists_Group = "cn=dentists" Const Managers_Group = "cn=managers" Const What_ever_you_Like = "cn=any_lower_case_group" Const Users_Group = "cn=users" Const Administrators_Group = "cn=administrators" ' Create objects and extract strGroup values Set objNetwork = CreateObject("WScript.Network") Set objUser = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & objUser.UserName) strGroup = LCase(Join(CurrentUser.MemberOf)) ' If logic testing strGroup for the values in Const groups If InStr(strGroup, lcase(Dentists_Group)) Then WScript.Echo "Dentists " ' objNetwork.MapNetworkDrive "h:", "\\Server\Users\" _ ' & objNetwork.UserName ' For a production script remove the WScript ' Activate mapnetworkdrive by removing the apostrophes (' Rem) ElseIf InStr(strGroup, lcase(Managers_Group)) Then WScript.Echo " Manager " ' objNetwork.MapNetworkDrive "h:", "\\YourServer\Users\"_ ' & objNetwork.UserName ElseIf InStr(strGroup, lcase(Administrators_Group)) Then WScript.Echo "Administrator: " & strGroup ' objNetwork.MapNetworkDrive "h:", "\\Another Server\Users\" _ ' & objNetwork.UserName ElseIf InStr(strGroup, lcase(Users_Group)) Then WScript.Echo " Only a User... " ' objNetwork.MapNetworkDrive "y:", "\\alan\home\" _ ' & objNetwork.UserName End If Wscript.Echo "Finished Testing for Groups " WScript.Quit ' End of example VBScript . -
Back in your gpedit local policy, what is your setting for Local Policies > Security Options > Network Security: LAN Manager authentication level ? You may need to check your NAS documentation to see if it recommends changing that to: Send LM and NTLM - use NTLMv2 session security if negotiated. The QNAP NASes, for example, recommend this., though it may lower your security if that has to be set on a domain controller.
-
Ok. Different tack. In your net use command, are you using a domain username and password, or is that a NAS device username and password?
-
Carp! You're right. I was thinking of the Drive Maps option which is under the User Configuration which brings us back to the same problem. Hmm.
-
Yes, you could put this in the Default Domain Controller Policy if this is the only domain controller (assuming domain controller from "domain server") and no other machines will apply that policy. If it is not a domain controller, but just a member server in the domain, you can make a new policy and attach it at the domain level, but in the security filtering section add your server's computer account, and then it will still only be applied to that one server.
-
Gpedit opens just your local computer policy. If you use gpmc.msc, that opens your domain group policies -- assuming that you have a domain, which you may not. The domain policies add the preferences section, which contain a lot more settings. Security filters are another gpmc addition. The local computer policy only applies to, well, the local computer. A domain group policy applies to whatever organization unit (OU) that you apply it to, but you can use a filter to restrict it even further. So, I might have all of my servers in an OU called "Internal Servers", but maybe I only want a policy to apply to print servers or a single server, so you can add a filter that is that one computer's account or a group which contains the computer accounts of all of your print servers. In affect, your saying that other computers/servers don't have permission to apply that policy. So, if you're not using a domain, then that may be a lot of information that you can't use.
-
Hmm, does it need to be a script? You could map a share through your GPO in Computer>Preferences>Windows Settings>Network Shares. If it's not something you have an OU, you could security filter the gpo for that one (or more) computer account (or a group).
-
Are you running your script via a GPO? If so, from the computer section or user section? If computer, try changing to user section. You might also enable "Always Wait for the Network at Startup and Logon" under Computer\Admin Templates\System\Logon. Perhaps also try net use /persistent:yes z: etc. This kb may or may not apply as well.
-
How about if you add a line "net use z: /delete" before your other net use z: line?
-
Is the script running on the server and mapping a drive from itself? Does this behavior change if you use the IP address instead of the FQDN?
-
New Installation, Very Slow Performance
mmthomas replied to jesseplace's topic in Servers / Domains / Hosting
Do you have other workstations on the network? What kind of speed do you get copying files between workstations? Do you have a separate switch or is everything plugged into extra ports on the router? What speed is your server NIC autonegotiating? It's possibly it may be having trouble with autonegotiating a stable speed. You may need to try setting either the server nic or switch to 100Mb full duplex or something instead of auto. Is the cable from server to switch new? If not, you may want to try a new one. I've seen a marginal cable that worked fine with XP/2003 cause slow network access with Win7/2008 -- not sure why. -
Are you trying to save information on this server other than the Active Directory information? If not, it seems like it would be far easier to simply create a second domain controller and use active directory replication to update the info. If you don't have an always on WAN link to the office, you could occasionally VPN from one DC to the other and replicate, or set up a demand-dial vpn connection. If you're set on a mirror, you're going to need to have the backup server off your network or it will cause problems. You might be able to put it in its own VLAN so that it can't talk to any other machines on the network and that would resolve some issues. But it would make sense to me to just make a secondary domain controller in the other office and then routinely copy over any other non-AD data on that server that you think you may need.
-
2008 has volume shadow copies. This works by backing up files on a set schedule, up to 64 versions retained. You can then revert to any of the backup versions. This doesn't help when all of the changes have been made after the last backup, though. Something like DocsOpenwould be a more complete document security/versioning system, but with something like that every document that you create has some overhead in the creation process for filing and assigning the file.
-
It's really up to what you want, but if you are going to have 1 virtual server, then it's good to have 2 virtual servers. With 2 virtual servers you can move servers from one to the other if you need to, or recover your servers if one of the physical hosts dies. We're running just about everything on virtual servers, now, and loving the flexibility. As for the number of servers running which roles, it really depends on the number of clients you will be serving with the roles.