Search results for query: *

Yes, you are correct. I would start with auditing then. You can set auditing on a single DC. FRS will replicate that everywhere. I've seen similar problem once, and we could not find a cause. As a workaround we made all files under that affected policy folder read only. I know it's kind of a...

netadmin06, group policies apply based on the location of user/computer accounts and not by where the group is located. leave your group policy at top level (or at the level where your users are located) and use security filtering to apply this policy only to Sales Group. Lukasz

555324KB explains how to use ADM template to push out registry changes to the machines. That's all this template does. I don't have 2000 machine to check, but just open registry and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom. If that key exists then this GPO will...

No. Alternative way: create the shortcut manually, then copy this shortcut file onto a network share. Create a logon script that copies this file onto user's desktop at logon. You can then deploy that logon script via group policy.

Do you have more than one domain controller? Wild guess, but I would start with checking FRS logs. Could be that FRS+AV could be wacking the files. I'd also put auditing on that file. Also I'd check if this file exists on all domain controllers under sysvol. Lukasz

No, you cannot create trusts between SBS domains, hence this is not possible. As far I as I know, you need to have an exchange cluster if you want to have an exchange redudancy. There's really no easy solution for what you're trying to achieve. You will need to introduce multiple servers to have...

You will only have the redudancy for AD and DNS if you have an integrated zone. You have to take care of all other server roles by yourself. If you want user's data replicated then you could setup DFS/FRS. Exchange will not be redundand as you only have one exchange server.

if you promote it as an additional domain controller, then yes, it will replicate AD

step1: networking; get it to the point where every machine can ping all other machines step2: DNS; you need full DNS resolution both ways between two domains, either by using forwarders or secondary zones step3; as lhuegele suggested, you need to create a trust between two domains lukasz

yes, you can promote additional 2003 (non SBS) domain controllers to your existing SBS domain lukasz

Are you talking about sysvol here or your own DFS? How much data are you replicating? Are the servers on VAN or LAN? You do not want to manually delete any files from staging folders, if FRS can't find the file it needs, it will stop replicating. Yes, there are ways to invoke the cleanup, but...

target account name is incorrect = secure channel busted this is fixable without a rebuild. also if this DC was unplugged for more than the tombstone lifetime (usually 60days) and if it's windows 2003, then other DC will refuse to replicate with this DC anyways (there's a reg hack for that...

If you only planning to have one server, you can always take a hard drive image and keep it just in case you need to rebuild it again. That way you'll have the same SID next time you image it back. (but only do it if you have one DC).

Try using user state migration tool: http://www.microsoft.com/downloads/details.aspx?FamilyID=0caa294c-29d9-4449-81d5-4b69b97df7ae&displaylang=en This will save your MS settings; however i'm not sure about the apps though.. Lukasz

If you have any other domains then transitive trust will allow eg. child domains to use that trust as well.. but if you only have those two domains then it doens't matter. So in your case, you need an incoming trust from B. Or in other words, domain B must trust domain A Have a look at this...

I assume you have a two way domain trust between your domains. Modify this by having only a one-way trust. Lukasz

As long as group X has enought rights on computers container and the workstations OU, it should work. Enable advanced features in ADUC so you can see security tabs. Then right click on computer object in each location and check effective permissions for group X. It's very possible that computer...

No, you cannot add external domain to existing forest. You can however create a trust between your two domains. What is the end result that you're looking for? If you want to have two domains in one forest, you would have to create a second domain in your original forest and then migrate your...

If you have support tools installed then run the following to confirm the roles: netdom query fsmo Then use ntdsutil to seize the remaining two roles. Transfering will not work as your original server is unavailable. You can follow this article (Seize FSMO roles section)...

This is kind of a late response, but i had similar problem and that's how i solved it: - stop wuauserv service (automatic updates) - rename systemroot\SoftwareDistribution folder - start wuauserv service and attempt to do an update - as soon as you start doing new update, you'll notice that...