vasek125

Hello, I delegated permission for one user to manage one group policy, but this user can not connect to group policy management via MMC on his computer. He always gets "Access is denied". Server is Windows 2008R2 with active directory role, client computer is Windows 7 as member of AD domain. What else should I configure?

Hello. How can I achieve this behaviour: user1 has directory dir1 with full permissions for its content, but user1 can not change permissions on files which user1 created? Is it possible? I think this is some kind of Mandatory Access Control.

Hello, we have company dns servers (BIND 9) on linux. I created new dns zone and permitted to update it from windows server IP address. During active directory installation I selected to use already configured dns server. Everything works fine. But this official solution is very insecure (access based on IP address). Is there any way to force windows to use some HMAC key for zone updates?

I found workaround - user another ldap browser. With Apache Directory Studio I can log in as Myuser, but I can not log in as Administrator, vice versa with JXplorer

... remote log in fails with Invalid credentials (AcceptSecurityContext error, data 52e)

Hello. I need to bind to my Active Directory server. I use JXplorer. I can log in using cn=Administrator,dc=...., but I can not login using cn=Myuser,dc=... User Myuser is member of DomainAdmins and has delegated all required permissions. I can log in with Myuser via ldp.exe on local server machine, but I can not do it remotely. Where is the problem? Are there any remote access permissions?

I tried it but it does not work. I created GPO, set quota, connected it to Domain Controllers OU (I want to set quotas for drives on AD servers) but with no effect. After the first write user gets unlimited quota. ... and another problem: quota settings persist for deleted users (I just see UNKNOWN identifier) - can it be automatically corrected?

This will set quota for everyone. How can I divide quotas by user's group .. or will I need 10 GPO's for 10 groups? I dont undestand the mechanism of GPO quotas. GPO quota will be applied to every logical drive supporting quotas? How? By autocreating user entry in quota table (with GPO default quota)?

Hello, I was really surprised - NTFS does not support group quotas? How can I set disk quotas for every user with specific user group? Now, after the user creation (in AD) I have to run scripts to set quotas (fsutil quota). Is there another easier way?

It is also dangerous, not so much but it is. And I don't think this will work. As I remember SMB protocol for network sharing works with username authenticated to share - not with username authenticated to local computer. It means when I authenticate to \\AD1\private as USERNAME, I will work with share as USERNAME all the time. Is there any server side solution like action "on user add"?

But what about permissions? Logged user will need permissions to create folders under \\AD1\private\ and \\AD2\public\ which is dangerous.

Hello, is it possible to automatically create some folders for some group of users in Active Directory? My idea: 1. user USERNAME will login on some client PC (PC is joined to domain which has two domain controllers: AD1, AD2) 2. specified directories will be automatically created on both domain controllers and connected as a network drives (e.g. \\AD1\private\USERNAME, \\AD2\public\USERNAME) I know how to automatically map network drives but I don't know how to automatically create these directories (and set them some permissions). Is it possible to do this automatically or I must to do it in manual way?

Users don't have physicall access to server but it is cleaner and better to block everything I don't want or need.

Windows server has domain controller role. Users are stored in Active Directory. PC client stations are joined to domain. I want to deny access to Windows server - user will physically not be able to login to server. SERVER -------domain------- | | CLIENT_PC1 CLIENT_PC2 SERVER is domain controller, clients are joined to domain. Active Directory user will be able to login on computer client_pc1, client_pc2 but the same user will not be able to login on server (neither direcly nor remotely). How to do this?

User can login to every station connected to domain but cannot connect (login) to windows server 2008 domain controller pc itself.

Hello, is there any way how to disable direct login to windows server?

Hello, I want to create special group with permissions to join computers to domain controller. No more permissions. Is it possible? How?

I need file locking. Some files are shared by multiple users (about 30 MB db files). I know that dfs does not support file locking but there is some 3rd party software which implements file locking for dfs. But I dont know whether I need to install something to clients - that could be a problem becouse we have Windows and Linux clients.

OK, what about file locking? Is it sufficient to install 3rd party sw for locking to both windows 2008 server or I will need to install it into clients too?

And what about personal experiences? What about this situation: 30 clients are uploading data 30 * 20 GB at the same time and 20 other clients are working with small files (editing some files). Is DFSR faster or slower than "single server solution"?

Hello, is it a good idea to use DFSR on Windows Server 2008 R2 for large folders (2000 users, a lot of files up to 20 GB per file). What about performance?