Jump to content
Forum²

ICTCity

Members
  • Posts

    1,509
  • Joined

  • Last visited

  • Days Won

    12

Everything posted by ICTCity

  1. Run the RSOP by going in GPO Management (from DC), and create a new resultant policy, from there, you can see WHY a policy is not applied.
  2. Hi, First of all: Is there any other settings on the same GP which is applied correctly? Second: If you run a resultant group policy (admin tools > group policy management) does the policy is applied or there's any error? Third: Is there anything on the event viewer during logon?
  3. Errr well, I think yes. I have 3 GPo: 1 = small, 2 = medium, 3 = large. By default 1 is applied, then, for graphics and so on, 2 or 3 is applied, and finally 3 is for directions (you know... holiday's photos). I think it will be too much "fine grained" applying different quota to EACH user. Do you really need this? Why not create 3 level associated to 3 groups... it could be easier for you too!
  4. Hi, You can create GP: http://www.windowsnetworking.com/articles_tutorials/Configuring-Disk-Quotas-Windows-2003.html I prefer to create a separate GP which does ONLY the quota, but this is not mandatory. The link above is for 2k3, but it works for 2k8 too.
  5. I don't think so, I used a VB script time ago which read a excel worksheet to retrieve usernames, and it worked fine. There's not any event "On user add" but you can program a service which runs on your server and with a client you can add a user. Everytime you create a user, your program create the user and folders. But you need a program...
  6. Yes, this is dangerous. You can write this batch file by passing it a username, you can run-it as administrator, not as the user. Instead of using %username%, use %1.
  7. Unless you are on domain, you only have LOCAL POLICY (start > run > gpedit.msc)
  8. Yes you can: write a batch file: mkdir \\AD1\private\%username% mkdir \\AD2\public\%username% cacls /p %username%:RWCF REM where R=read, W=write, C=change, F=Full control REM for more info, type cacls /?
  9. Hi, you should check the event viewer when you logoff. I assume you are using your server without a domain, if so, I don't know what happens to local users. Yes, you should upgrade to 4 GB, 64 bits should have at least 4 GB.
  10. Hi, If you are sure that there aren't any "open" or "hung" sessions somewhere, check these things: - Scripts with hard coded password - Scheduled tasks with OLD password - 3rd part login (SQL,...) Also download this tool: http://www.microsoft.com/download/en/details.aspx?DisplayLang=en&id=18465 Let me know.
  11. Hi, There is one thing you must tell me: when you click the dropdown box, the report query the DB or there are predefined values in there? It's not a great job, but download process monitor (sys internals), run it against the report and wait until the problem happens. If you want upload the result. You may see a timeout or something else. Users are connected to SQL via active directory or Sql login?
  12. Actually there's a problem with GPO and registry settings, sometime they're applied correctly, sometime not... The easier way is to create a script and use regedit.exe /s FileName.reg. In fileName.reg you can write your code.
  13. Hi, First of all make sure that your clients have the latest FRAMEWORK installed, also update RDP client to the latest version (7). Once ok, try again with redirected printers. When you install a x86 driver on a x64 print server, if your drivers are designed for windows server 2008 x86, you MUST have the i386 folder of Windows Server 2008 x86.
  14. Well, actually sometime they're funny with their answer... Usually the best answer is: "This is for security purpose" and to resolve that issue: "Oh, you have to use an Administrative account". Mhhh that's secure! The point is that they want to keep Clients and Servers in the same way. In a normal client, for normal users, you don't need to show file extensions. You don't need the pagefile to be visible and so on... this apply to workstations and servers... If you think for a while, until Vista, docs were located under DOCUMENTS AND SETTINGS! And if you look at the Windows Server 2008 registry there're still folders named "WINDOWS NT". You may still experiencing problem with locked profiles, a user may not logon properly because of in the registry there's a SID.BACKUP. This problem was seen the first time on Windows NT (I'm not sure), but it's still present! :) we all love Microsoft.
  15. Ahahah "encouraged by your post" :) I know, sometime it happens when you RDP into server, my boss has the same problem, but according to Microsoft, there's no way to fix that... they told me: "you could slow down the mouse pointer"... yeah... thanks for this brilliant idea -.-
  16. First of all, open Group Policy Management and run a NEW RESULTANT GROUP POLICY. Select the computer which has this problem and wait until the process is completed. Check if there's any error or some policies are not applied (if a policy is not applied there's a reason on the right column).
  17. Hi, Open Windows Explorer and press ALT on your keyboard. On the very top of the windows the menu TOOL will appears. Click there > Folder Options > view and scroll down until you see a checkbox with "Hide extensions for known file types", remove it and apply. Regarding the column width, you must point exactly between 2 columns until you cursor changes.
  18. NAT is considered secure because of the "hiding" process, it doesn't expose your clients to the internet. The problem starts with IPSec, in certain cases, the traffic could be routed to the wrong device (there's also a KB of microsoft somewhere). The process is called NAT-T (traversal). Here you can a find a simple explenation: http://www.computerworld.com/s/article/102985/NAT_Traversal_NAT_T_Security_Issues I heard that there're routers which are vulnerable to NAT traversal without using the IPSec, but I never tried. Cheers
  19. This is exactly what I said before. 2 LANs, 1 router. On the router you have 3 cables: LAN1, LAN2 and WAN. It routes connections OUTSIDE with the same public ip, unless you specify something different.
  20. You have 2 LANs: LAN1 = 192.168.1.0 LAN2 = 192.168.0.0 Now, your router is on the FIRST lan (192.168.1.1), so it must know something regarding the other LAN. Let's say your router has 2 internal interfaces, one is on LAN1 and the other is on LAN2. Usually you assign the IP of 192.168.0.1 on the second interface, so the clients will contact the gateway on 192.168.0.2 (same LAN). If you don't want (or can't) do that, you MUST add a static route ON YOUR ROUTER which says that traffic coming from 192.168.0.0 goes to internet or LAN1 (depending on your needs). If you router supports this, you can set that traffic comining from 192.168.0.0 will go out with IP 212.243.60.70 and traffic from 192.168.1.0 will go out with IP 212.243.80.90. Otherwise, both LANs will go out with your public IP address. If you still don't understand, re-write the question :)
  21. Of course this is up to you. Because of the address is on a different network, your router must route correctly the traffic, anyway once the client reaches the router it goes outside in the same way :)
  22. First try to determine if the problem persist with another CLIENT. Regarding the slowness check the event viewer to see if there's something wrong during startup.
  23. Yes, this is interesting, I never seen 80072afc error! Thanks.
  24. This is ok, "local shutdown" with "remote user".
  25. NAT: Network Address Translation. Everyone has a LAN with a PRIVATE ADDRESS. At home you have a LAN with the address 192.168.1.0 (example), now you are in your office and your LAN's address is 192.168.1.0 (example again). Most of people at home have that address (192.168.1.0) this is a PRIVATE ADDRESS and it CANNOT BE USED on internet. Now, when you go to the internet, you must have a PUBLIC ip address which is assigned by your ISP (there're RIPE, ARIN and so on which decide which country / region / nation have the class XXX.XXX.XXX.XXX). This class is then assigned to the "local" ISP (there are 3 levels of ISPs). Now, let's go back to your ISP. Your router receive a PUBLIC address: 212.243.60.10 (example), you can surf the internet and everything works fine. Nothing special is configured on your router, and everything works! One day you decide to connect another pc to your home network and you notice that that you can surf only with one computer at time, not both together. Here comes the NAT. Your router has ONE public IP and it MUST use this address in order to surf. If you try 2 PCs at the same time, your router says: "Hei! My public IP is already used by PC1 with the PRIVATE IP 192.168.1.10, I cannot bring another pc to the internet... I HAVE NO MORE IP ADDRESSES AVAILABLE". To resolve this problem, you can buy another public IP from your ISP, or, better, you can use NAT or IP MASQUERADING. Let's write some data: LAN address: 192.168.1.0 PC1: 192.168.1.10 PC2: 192.168.1.20 ROUTER: 192.168.1.1 PUBLIC IP: 212.243.60.70 Your router now has a NAT TABLE activated and PC1 (192.168.1.10) want to surf to a website (so, port 80). On the NAT table, your router will write: 192.168.1.10:80 ---> www.serverforum.org:80 Now, PC2 wants to open google.com, on the NAT table of your router you will see: 192.168.1.20:80 ---> www.google.com:80 Now the NAT table looks like this: 192.168.1.10:80 ---> www.serverforum.org:80 192.168.1.20:80 ---> www.google.com:80 The problem persists because of your router doesn't have 2 public IPs and cannot give the internet to both PCs. This process is called NAT. Now, you need that EACH PRIVATE IP IS TRANSLATED TO A SINGLE PUBLIC IP. You need the IP MASQUERADING technology. Everytime you create a connection, this is made of 2 sockets, your client will send a request to the public address 195.90.100.30 (example) on port 80 with its PRIVATE IP and port (80). THE ROUTER NOW must translate (or better, masquerade) the PRIVATE IP AND PORT with the public one and change the port number to a higher value. This process is saved on the NAT TABLE. [code]192.168.1.10:80 ---> 195.90.100.30:80 192.168.1.10:80 ---> 212.243.60.70:20100 212.243.60.70:20100 ---> 195.90.100.30:80 When the server responds, the router will process the nat table backward. NAT or IP masquerading are almost invisible to the computers. DNAT is used when you have more than one public IP to use to surf (load balancing...). SNAT CAN BE: specify a group of private address to use a specific public IP (static NAT) or Secure NAT which is a secure connection on ISA server OR it can also be STATEFUL NAT in the CISCO's WORLD. I think it's all... I hope my explanation is not too boring. If you need further help let me know :)
×
×
  • Create New...