mmthomas

There is no upgrade path from core to a full installation; you must do a clean install. Information that you can't export to other locations would be lost.

Here is a sample from another site on mapping based on group memberships: ' GroupMap.vbs ' VBScript to test group membership ' Script can be amended to actually MapNetworkDrive ' Author Guy Thomas http://computerperformance.co.uk/ ' Version 3.3 - May 2010 ' ----------------------------------------------------' Option Explicit Dim objNetwork, objUser, CurrentUser Dim strGroup ' Initialise Groups with Const Const Dentists_Group = "cn=dentists" Const Managers_Group = "cn=managers" Const What_ever_you_Like = "cn=any_lower_case_group" Const Users_Group = "cn=users" Const Administrators_Group = "cn=administrators" ' Create objects and extract strGroup values Set objNetwork = CreateObject("WScript.Network") Set objUser = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & objUser.UserName) strGroup = LCase(Join(CurrentUser.MemberOf)) ' If logic testing strGroup for the values in Const groups If InStr(strGroup, lcase(Dentists_Group)) Then WScript.Echo "Dentists " ' objNetwork.MapNetworkDrive "h:", "\\Server\Users\" _ ' & objNetwork.UserName ' For a production script remove the WScript ' Activate mapnetworkdrive by removing the apostrophes (' Rem) ElseIf InStr(strGroup, lcase(Managers_Group)) Then WScript.Echo " Manager " ' objNetwork.MapNetworkDrive "h:", "\\YourServer\Users\"_ ' & objNetwork.UserName ElseIf InStr(strGroup, lcase(Administrators_Group)) Then WScript.Echo "Administrator: " & strGroup ' objNetwork.MapNetworkDrive "h:", "\\Another Server\Users\" _ ' & objNetwork.UserName ElseIf InStr(strGroup, lcase(Users_Group)) Then WScript.Echo " Only a User... " ' objNetwork.MapNetworkDrive "y:", "\\alan\home\" _ ' & objNetwork.UserName End If Wscript.Echo "Finished Testing for Groups " WScript.Quit ' End of example VBScript .

Back in your gpedit local policy, what is your setting for Local Policies > Security Options > Network Security: LAN Manager authentication level ? You may need to check your NAS documentation to see if it recommends changing that to: Send LM and NTLM - use NTLMv2 session security if negotiated. The QNAP NASes, for example, recommend this., though it may lower your security if that has to be set on a domain controller.

Ok. Different tack. In your net use command, are you using a domain username and password, or is that a NAS device username and password?

Carp! You're right. I was thinking of the Drive Maps option which is under the User Configuration which brings us back to the same problem. Hmm.

Yes, you could put this in the Default Domain Controller Policy if this is the only domain controller (assuming domain controller from "domain server") and no other machines will apply that policy. If it is not a domain controller, but just a member server in the domain, you can make a new policy and attach it at the domain level, but in the security filtering section add your server's computer account, and then it will still only be applied to that one server.

Gpedit opens just your local computer policy. If you use gpmc.msc, that opens your domain group policies -- assuming that you have a domain, which you may not. The domain policies add the preferences section, which contain a lot more settings. Security filters are another gpmc addition. The local computer policy only applies to, well, the local computer. A domain group policy applies to whatever organization unit (OU) that you apply it to, but you can use a filter to restrict it even further. So, I might have all of my servers in an OU called "Internal Servers", but maybe I only want a policy to apply to print servers or a single server, so you can add a filter that is that one computer's account or a group which contains the computer accounts of all of your print servers. In affect, your saying that other computers/servers don't have permission to apply that policy. So, if you're not using a domain, then that may be a lot of information that you can't use.

Hmm, does it need to be a script? You could map a share through your GPO in Computer>Preferences>Windows Settings>Network Shares. If it's not something you have an OU, you could security filter the gpo for that one (or more) computer account (or a group).

Are you running your script via a GPO? If so, from the computer section or user section? If computer, try changing to user section. You might also enable "Always Wait for the Network at Startup and Logon" under Computer\Admin Templates\System\Logon. Perhaps also try net use /persistent:yes z: etc. This kb may or may not apply as well.

How about if you add a line "net use z: /delete" before your other net use z: line?

Is the script running on the server and mapping a drive from itself? Does this behavior change if you use the IP address instead of the FQDN?

Do you have other workstations on the network? What kind of speed do you get copying files between workstations? Do you have a separate switch or is everything plugged into extra ports on the router? What speed is your server NIC autonegotiating? It's possibly it may be having trouble with autonegotiating a stable speed. You may need to try setting either the server nic or switch to 100Mb full duplex or something instead of auto. Is the cable from server to switch new? If not, you may want to try a new one. I've seen a marginal cable that worked fine with XP/2003 cause slow network access with Win7/2008 -- not sure why.

Are you trying to save information on this server other than the Active Directory information? If not, it seems like it would be far easier to simply create a second domain controller and use active directory replication to update the info. If you don't have an always on WAN link to the office, you could occasionally VPN from one DC to the other and replicate, or set up a demand-dial vpn connection. If you're set on a mirror, you're going to need to have the backup server off your network or it will cause problems. You might be able to put it in its own VLAN so that it can't talk to any other machines on the network and that would resolve some issues. But it would make sense to me to just make a secondary domain controller in the other office and then routinely copy over any other non-AD data on that server that you think you may need.

2008 has volume shadow copies. This works by backing up files on a set schedule, up to 64 versions retained. You can then revert to any of the backup versions. This doesn't help when all of the changes have been made after the last backup, though. Something like DocsOpenwould be a more complete document security/versioning system, but with something like that every document that you create has some overhead in the creation process for filing and assigning the file.

It's really up to what you want, but if you are going to have 1 virtual server, then it's good to have 2 virtual servers. With 2 virtual servers you can move servers from one to the other if you need to, or recover your servers if one of the physical hosts dies. We're running just about everything on virtual servers, now, and loving the flexibility. As for the number of servers running which roles, it really depends on the number of clients you will be serving with the roles.

I believe that the Belkin F7D4302 is only capable of forwarding UDP and TCP protocols. You will need to get a more advanced router/firewall in order to forward GRE -- for example one of the small office Sonicwall products. If this is just for home, and you like playing with tech, the DD-WRT software may work with your model.

Most of the Dell rack servers, at least, just have one built-in vga port, but an add-in card would be possible if you aren't filling the slots with other things.

netsh ipsec

If you run RSOP.msc on that machine, does the setting show correctly or not and either way does is show the correct GPO name for the setting? You may have a policy that isn't applying correctly or fully. You might also try creating a second policy that sets the same thing.

Make sure that your Windows 7 machine is configured with a DNS server that is in the new 2008 domain. To check if it is, go to a command prompt and type "ipconfig /all". Under the Local Area Connection you should see one or two DNS server IP addresses listed. Make sure the first one is the IP address of a DNS server in your new 2008 domain. If it isn't, go to the Control Panel > Network and Sharing Center > Change adapter settings and right-click on your Local Area Connection and enter Properties. In the list on the Networking tab, go to Internet Protocol Version 4 (TCP/IPv4) and highlight it, then click the Properties button. Check "Use the following DNS server addresses" and enter the IP address of a DNS server in your new 2008 domain. If your DNS is already set correctly, what are you entering as a domain when you try to join the Windows 7 machine? If you are using the netbios domain name (e.g. MYDOMAIN), then try using your full dns name (e.g. MYDOMAIN.LOCAL, or MYDOMAIN.COM). If you are still having problems, go back to a command prompt and type: nslookup At the ">" prompt, enter your domain name (i.e. MYDOMAIN.LOCAL). It should return the IP address of one of your domain controllers. If it doesn't, then there is still a DNS problem somewhere.

The DynDNS service should not care what service is being used. It's only function is to provide resolution of host name to an IP address. If you can do an NSLOOKUP from a command prompt on your remote client computer of your dyndns name and it returns the proper IP address, then any program running on that client should work. But if you can't resolve the hostname properly through nslookup, then something is either wrong with DynDNS or with whatever DNS service your client is using for name resolution.

Hi, Dana. Normally, you do not want end users logging directly into servers unless it is a terminal server. Usually, you will only your server administrators logging in. This is for the security of your data and computer services. This is especially true on your domain controllers which hold the keys to all of the rest of the security in your network in most cases. If you see a policy option greyed out in the group policy editor, it is probably because the option has already been set at a higher level policy and you will need to change it at the higher level.

You can experience some slow startup and shutdowns if the machine is unable to talk to a domain DNS server. Are you loading in drives from a NAS or SAN? On occasion, I've seen machines be very slow starting and shutting down when they have a drive that is connected via iSCSI, but I don't know if those were caused by an iscsi issue or something else to do with the remote drive.

You should still be able to get your 2 administrative sessions without paying for more licenses. Check your event logs. If the connection is making it to the server and being denied at the server, there should be a log entry. Check your firewall again. Make sure you have the target IP address correct in addition to the ports being forwarded. You may need to install a program like Netmon or wireshark to view the packets coming in and see what is going on.

You may have a virus. You may need to try something like a Kaspersky Rescue Disk to boot up and scan. You could also try booting into safe mode and turning various services off in MSCONFIG or disabling activex controls. You may also have a hardware problem. You could use the 60 seconds to check the Event logs or use a server management console to check for issues.