Jump to content
Forum²

ICTCity

Members
  • Posts

    1,509
  • Joined

  • Last visited

  • Days Won

    12

Everything posted by ICTCity

  1. Are you sure you haven't confused the screenshots? The first 2 should block WILLIAM, the second two should allow him to browse folder. Anyway, can you please post the EFFECTIVE permissions by settings permissions like in the first 2 screenshot and select user WILLIAM? Thanks.
  2. Assuming you are not trying to connect via RDP (TS), check this: http://www.grouppolicy.biz/2011/03/best-practice-using-group-policy-to-configure-desktop-wallpaper-background/ The only thing is that you are trying to connect via terminal server, and this policy cannot be applied correctly.
  3. When you specify specific permission to a folder, you must map the directory itself. Remember that if you want to be able to list folder, there's the appropiate policy. If you can provide more details (examples) like: folder name, user name it's easier to solve the issue.
  4. I didn't tell you to specify the domain because from your picture there was the word "SERVER\UserName" so I tought that SERVER was your domain... Anyway, take a look here: http://support.microsoft.com/kb/977944/en-us
  5. To be honest, there's a way to do this: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17918 But if you can simply use a trust, do it. If not, you must RESTORE one domain: http://www.microsoft.com/download/en/details.aspx?id=19188
  6. No you cannot, you just can create a TRUST between the two domains, so they will be able to share infos.
  7. Hi, do you have any minidump? They're located in C:\win\minidump\ Anyway, I really hope your problem is not SERVICES.EXE because it means you should reinstall windows server...
  8. So, here we go :) RemoteApp is a role of server 2008 and is completely different from installing a software via GP :) I suggest you to read this article: http://technet.microsoft.com/en-us/library/cc730673(WS.10).aspx Specially from the middle. In our environment we had this scenario, but after months we moved to terminal services, users log on via RDP to the application server and they can access what they want. Of course you can manage this and the most interesting thing is that you can easily update programs, you must do it in just one server and not deploy an update to the clients.
  9. This should be what you need: http://technet.microsoft.com/en-us/library/cc756952(WS.10).aspx
  10. You have to provide password for every application installed via GP? Regarding your last question it should be like this: "install at next logon" can create shortcuts because the GPO know WHICH user need the application and can actually put the link. If not, the software will be installed for computer not for a specific user. It's quite confusing... but it's microsoft :P
  11. Check the DC's LOG AND client's LOG to see any error / warning regarding policies. It looks like there's a compatibility issue... those events are triggered at user logon.
  12. This is the question: HOW can you tell a server to check the client's firewall status and report it to the SERVER'S LOG?! I really don't know HOW to do this, once you can understand why your server is checking the client's firewall status... you will be able to fix this issue.
  13. You should have a policy or something else which centralize everything to your server. If a client has the firewall turned off, it isn't in the server's log.
  14. Hi there, Before reading the last sentence I had many ideas, but now you must solve the biggest problem: ACCESS DENIED. First of all under GROUP POLICY MANAGEMENT (from domain controller), create a "NEW RESULTANT POLICY" from GROUP POLICY RESULTS. You must select a computer (a remote computer) and a user. After a while you have a result which tells you which policy has been applied and which has not been applied (denied policy). Here you can see if there are any other policy which are not applied correctly. The next step is: Open Group Policy management mmc, select the OU where the policy is applied, select the policy. On the right side, there are 4 tabs, select the last one (I think is DELEGATION), on the right corner (bottom), click ADVANCED. On the next windows, click ADVANCED again and add a new user (the user or group you want to allow), now check the box "APPLY GROUP POLICY" and everything related to "READ" (it should be already ok).
  15. Hi, your server centralizes something? Log server? It looks like the clients must be contacted, maybe you have to check specific software. Tell me what that server do (did).
  16. Yep, but this should prevent you from accessing your router on HTTP from the EXTERNAL (internet) network.
  17. Ok, so assuming you have configured all the required parameters for routing from outside to inside, do the same for inside to inside.
  18. But one time it worked, right?
  19. There's some wrong with the DNS, try to flush your client: ipconfig /flushdns and restart your router to "flush" its cache. If the problem remains try the following: nslookup > all your domains Post results.
  20. ;) you're welcome.
  21. Hi, there's a "simple" way to monitor ipsec: (from microsoft's KB): You can also install network monitor to see what is happening on your network. Regarding the bruteforce attemp, I suggest you to block every account after 3-5 attempts for 15-30 mins, this will not block brute force but MAYBE the attacker will be disappointed and he will find an easier target :)
  22. Everything is ok here, BIND is a DNS server which reads the file bind.conf every X minutes and apply (if possible) modifications. You could check on google if there's a way to disable this notification (maybe by logging only errors or waring).
  23. Hi, can please export the entire "set" of the error? It looks like the event ID is the number 3, but this is odd because of event ID 3 should be related to kerberos or spooler.
×
×
  • Create New...