Using DirectAccess to locate stolen computers?
We had a theft attempt this weekend and I wondered what to do if laptops were stolen. Do anybody have any thoughts on this matter?
Our DA installation is set up so all laptops member of a DA group will automatically go online on our network wherever they are.
I have opened firewall to accept incoming CIFS so I know I can monitor files locally. If anybody know of any free tools etc that can be installed to laptops for localization purposes that would also be nice.
Reply:
Hi HAL07,
Thanks for posting here.
I’d suggest to first disable this computer account for this lost laptop in AD database and suggest the user who loses his laptop to reset his password ASAP and that will help to prevent it to connect back to our network.
Meanwhile, not sure the detail information about our current authentication setting for DA but consider to enable strong CRL checking for IPsec authentication:
How to deny a computer access to DirectAccess?
Meanwhile, we also have other features that will help to protect our data from the accident about device losing:
Reacting to Laptop Theft
http://blogs.technet.com/b/microsoftsetup/archive/2009/03/25/dynamic-restore-of-stolen-laptops.aspx
BitLocker Drive Encryption Overview
http://technet.microsoft.com/en-us/library/cc732774.aspx
For more information please refer to the suggestions in the links bleow:
Traveling? 10 tips to protect your laptop from theft
http://www.microsoft.com/atwork/security/laptopsecurity.aspx
Tracing down stolen laptop...
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
------------------------------------
Password Reset Registration issue
Hi,
We are facing this weird issue in our environment, when users are booting their machines in our internal network. Although users have registered for password reset and pw reset itself works normally, they see following error every time after boot:
Does anyone have an idea what might cause this strange behavior? This is more user experience issue, but is distribution to employees is pending because of this issue. PW Reset deployment is done by following Technet's Password Reset Deployment Guide so everything should be by the book.
Trace looks like following:
<
E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent
">
<
System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system
">
<
EventID>3</EventID
>
<
Type>3</Type
>
<
SubType Name="Error">0</SubType
>
<
Level>2</Level
>
<
TimeCreated SystemTime="2011-10-12T07:22:31.7592123Z
" />
<
Source Name="Microsoft.ResourceManagement
" />
<
Correlation ActivityID="{00000000-0000-0000-0000-000000000000}
" />
<
Execution ProcessName="PwdMgmtProxy" ProcessID="792" ThreadID="7
" />
<
Channel
/>
<
Computer>Machine</Computer
>
</
System
>
<
ApplicationData>Microsoft.ResourceManagement: Microsoft.ResourceManagement.WebServices.Client.UnwillingToPerformException: The endpoint could not dispatch the request. ---> Microsoft.ResourceManagement.WebServices.Faults.ServiceFaultException: The endpoint could not dispatch the request.
at Microsoft.ResourceManagement.WebServices.EnumerationClient.Enumerate(Message request)
at Microsoft.ResourceManagement.WebServices.EnumerationClient.Enumerate(Enumerate enumerate, EnumerateHelper helper)
at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters parameters)
--- End of inner exception stack trace ---
at Microsoft.ResourceManagement.WebServices.Client.ResourceTemplate.EnumerateResources(SearchParameters parameters)
at Microsoft.IdentityManagement.PasswordReset.GinaOperation.GetLoginId(String domainname, String username, UniqueIdentifier& userIdentifier)
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.QueryRegistrationStatus(UserStatus& userRegStatus)
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.CheckRegistration(ClientPipeContext& client)
at Microsoft.IdentityManagement.PasswordReset.PasswordResetOperation.Register(ClientPipeContext& client)
at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.PipeCommunicationThread(Object context)
<
System.Diagnostics xmlns="http://schemas.microsoft.com/2004/08/System.Diagnostics
">
<
LogicalOperationStack></LogicalOperationStack
>
<
Timestamp>1418558101</Timestamp
>
<
Callstack
>
at System.Environment.get_StackTrace()
at System.Diagnostics.TraceEventCache.get_Callstack()
at System.Diagnostics.XmlWriterTraceListener.WriteFooter(TraceEventCache eventCache)
at System.Diagnostics.TraceSource.TraceEvent(TraceEventType eventType, Int32 id, String format, Object[] args)
at Microsoft.ResourceManagement.Utilities.LoggingManager.LogError(String formatString, Object[] arguments)
at Microsoft.ResourceManagement.Utilities.LoggingManager.ReportError(Exception exception)
at Microsoft.IdentityManagement.PasswordReset.PasswordManagementProxy.PipeCommunicationThread(Object context)
at Microsoft.IdentityManagement.PasswordReset.ClientPipeContext.<>c__DisplayClass1.<Start>b__0()
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
</
Callstack
>
</
System.Diagnostics>
</
ApplicationData
>
</
E2ETraceEvent
>
I would appreciate for any input/help regarding this :)
BR,
-Snendis
- Changed type Markus VilcinskasMicrosoft employee Wednesday, May 22, 2013 1:00 PM
Reply:
Hi,
I reported a bug in connect for this issue while using FIM R2:
"If an unregistered user tries to reset his password via the SSPR module in the windows logon screen, he gets an cryptic execption message [Error Code 40007]. That was actually fixed with KB978864"
Which FIM version are you running on?
Regards,
Moritz
------------------------------------
Reply:
Hi,
I reported a bug in connect for this issue while using FIM R2:
"If an unregistered user tries to reset his password via the SSPR module in the windows logon screen, he gets an cryptic execption message [Error Code 40007]. That was actually fixed with KB978864"
Which FIM version are you running on?Regards,
Moritz
Hi Moritz,
And thanks for answering. We have update 1 installed and hotfix 4.0.3473.2 as well.
Our case is bit different from yours. Our pilot users has registered for password reset already and password reset itself works well. Our issue is lack of user experience. I'm struggling to find the root cause why users see that pop-up always when they restart their machines. Obviously management does not want to release this for corporate users before this is fixed somehow :)
BR,
-snendis
------------------------------------
Reply:
What did you do to see that dialog? Just logon to the machine? or are you invoking "MsPwdRegistration.exe" or "MsPwdRegistration.exe -all" manually?
The FIM Password Reset Blog http://blogs.technet.com/aho/
------------------------------------
Reply:
Hi
As per Thomas Vuylsteke blog: http://setspn.blogspot.com/2011/07/fim-2010-sspr-client-error-after.html
"We quickly saw that we only had this error when users logged on to a workstation where the user didn’t exist in the Portal. IF these people visit the Portal they should get the generic FIM Service unavailable error. However before updating to the last build, the Password Reset Client software just closed quietly when it couldn’t match a user. As it should. I discussed this with someone at Microsoft and it seems to be a known bug which is fixed in FIM 2010 R2 but which will not be fixed in 2010."
Regards
Andre
------------------------------------
Reply:
>>which will not be fixed in 2010.
This is not entirely true. The way that Microsoft prioritize bug fixes is based on customer impact and business justification. Please contact Microsoft Product Support with your scenario and business impact, we would be happy consider fixing it in a QFE. (Seems it's never come up as a QFE request)
The FIM Password Reset Blog http://blogs.technet.com/aho/
------------------------------------
Reply:
What did you do to see that dialog? Just logon to the machine? or are you invoking "MsPwdRegistration.exe" or "MsPwdRegistration.exe -all" manually?
The FIM Password Reset Blog http://blogs.technet.com/aho/
Hi Anthony,
Just logon to machine. Our pilot users have registered to PW reset and seeing this error on every reboot.
Only way I'm able to reproduce this issue is to invoke "MsPwdRegistration.exe -all" command.
I think it would be the best to open the ticket since it's recommended action.
@Andre, I'm familiar of the link you posted and this is not the issue.
BR,
-Snendis
------------------------------------
Reply:
The FIM Password Reset Blog http://blogs.technet.com/aho/
------------------------------------
Reply:
Thanks for the post.
OK, same problem, so I go out and download the hotfix(s)
Extract on the server.
They extract to .MSP files.
So I have to be logged in as local admin because there is no Run As Administrator for MSP files.
Logged in as admin gives me the error that it cannot connect to the FIM SQL databse because the local admin does not have permissions to access the database.
I log in as user( the account which does have permssion to access the sql database but cannot run the hotfix(s) because I cannot run as administrator) and I even logged in with my domain admin account which has permission to run against the sql db and still can't run because I have to run as admin..
Any answers other than extract the msp to a different form that will allow me to run the hotfixes?
Of course I can disable UAC(which is probably what I will do, but why? why do I have to do this?
Why didn't MS provide the correct format to begin with?
Man I loathe this program. Every step of the way has been 2 steps forward, one step backwards.
Nonsensical documentation, etc. etc.
Now my boss is on me to get it up and running.
So we are paying MS to license the product and now we will have to pay them to even get it installed and up and running because every turn I take there is some other roadblock.
Frustrated? Beyond belief.
- Edited by GPD Tuesday, January 24, 2012 10:33 PM
------------------------------------
Reply:
GPD,
To run .MSP files as admin, just open command prompt as admin and navigate to .MSP file and run it. This imitates the same thing as 'run as adminitrator' option that you get with executables, only you can use this with MSP files.
------------------------------------
Network Card (NIC) Does not connect in Virtual Network to external network -Sol'n
I have an old motherboard with 2 Reatech NICS -- Lost about 3 hours to this. Stupidity 101.
For the record:
Symptom -- 1) Can ping network card before added to virtual network on VM -- External
2) Add to virtual network and then to VM -- cannot ping -- cannot pass traffic.
Solution -- reboot the server after creating the virtual network before adding it to your VM. :-)
- Changed type Vincent Hu Wednesday, January 25, 2012 2:39 AM
Reply:
------------------------------------
SBS2011 virtualised: 2 hour perfect fit
Just had to comment on my day spent moving my SBS2011 from Dell t310 16 GB X3430 to virtual guest on my Dell r710 64 GB machine e5506. Spent three weeks getting ready and two hours max using disk2VHD. Easy as soup. Hardest part was starting up guest with duplicated IP address issue on now-virtual server. Ended up running wizard and changing sbs2011 IP from .2 to .10 and everything up after workstation reboot.
15 Windows 7 Pro and 1 W2008R2 server (host to Hyper-v). Memory use on guest running 10 GB where physical ran 14 GB. Backup to USB drive just finished (attached SCSI drive setup).
Will keep physical server offline for a couple of days and then look for new home for it.
Guzzifrank
Reply:
Thanks for sharing the experience with us, Guzzifrank.
Sean Zhu
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Sean Zhu
TechNet Community Support
------------------------------------
Hyper-V madness
I am not sure where to start. I have a Windows Server 2008 R2 server with SP1 installed. I have been successfully building and working with VMs. Just yesterday the connection to my VMs have started to timeout. I can see that the machines are starting up in the thumbnails. When I double click on the image it says Connecting to (VMName). It will sit there for a little while then comback saying that the connection timed out. Now I did not change anything in the OS. After this started happening I did a Windows Update to get the latest and greatest patches. Still nothing has fixed the problem. Anyone , experience the same problem and where to I start to look for a solution? I have checked the event logs and there is nothing pointing to the problem. There are some events but they point to the Integration Pack for Hyper-V saying that the Integration pack is outdated. I created new VMs and get the same symptoms as the older VMs. I am a MCT so I have imported VMs and still have the same results. I have reinstalled Hyper-V and there is no success. I have read about rebooting the server and have done that many times.
I am pulling my hair out, which I have a lot. But not for long. Can someone help? What should I try next? I have gone through each of the processes. The Anti-Virus is not actively checking the directories where the VMs are located. This is boggling. HELP!!!!
I have a lot of work to get done and more VMs to build. This is a test server but the center of my business.
- Changed type Vincent Hu Monday, January 30, 2012 2:34 PM
Reply:
------------------------------------
Certificate renewal period being ignored
I have a Windows 2008 OCSP responder that is automatically renewing it's signing certificate (from an Enterprise 2008 CA) every 2 days, despite the template having a lifetime of a year and a renewal period of 6 weeks (yes I know that is considered too long, has to be that way).
When the OCSP service was first installed the template had a very short lifetime with a renewal period of two days, however it's subsequently been extended. The provider has been deleted and re-added, but it won't honor the new renewal periods. The CA stopped offering the template, then re added it.
In between re-adding an OCSP provider any old certs have been deleted.
Any ideas what could be happening?
Reply:
Hello,
the security forum is the better place to ask: http://social.technet.microsoft.com/Forums/en/winserversecurity/threads
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
------------------------------------
Reply:
------------------------------------
Join Windows 2003 Member Server to Domain: Network Path Cannot be found.
Hey All –
I’m having a problem with adding servers to my domain (Network Path Not Found). Here’s the story.
A group at my company came to me and wanted me to migrate some virtual hosts from one vCenter to another. Additionally, P2V the remaining physical hosts. Two of the servers – upon login with a domain account would refuse to logon with the error (after accepting the credentials) “RPC Server is Unavailable”. Okay fine, I could still logon with local admin accounts, so I figured I’d deal with it after I got done with the P2V migrations. All that went off without a hitch, but I was still receiving the “RPC” error message as stated previously. I installed SP2 on the servers as this had not been done yet to bring them up to at least SP level patching. No change. I started digging around in DNS and found that there used to be an additional DC that was decommissioned and not properly demoted/removed. Frustrated, I went through with the DC metadata cleanup and removed all the entries from DNS – thankfully, there were no roles to seize, so the cleanup went without a hitch. Thinking this would ultimately cure the problem, is tried to add the server to the domain again, no change. I fired up Wireshark on the DC/DNS server and noticed that nearly every machine on the domain was sending DNS queries for trafficconverter.biz – yup, Conficker. I spent the majority of last night cleaning up the PCs on the domain. Strangely, one of the first servers I was having trouble with – after cleaning conficker, AV update and scan (the AV dats hadn’t been updated in 3 + years) and a reboot, happily joined up the domain. I thought I was onto something. The first machine worked, the second didn’t. Then the third and fourth all failed with the same error “Network Path Not Found”. At this point, I’m having more trouble than when I started – a straw that broke the camel’s back type situation. So, I went back to the machine that joined earlier, unjoined, re-booted.. fail.. and now I'm back to square one.
At this point, this is what I know:
- I haven’t completely ruled out DNS, but I’ve exhausted every test that I could come across and they all come back fine.
- DCDIAG/c comes back clean from the DC
- The servers can resolve _ldap._tcp.dc._msdcs.<domain name> SRV record via nslookup
- The Windows XP clients seem to remain unaffected from this phenomenon – although, they too were heavily infected.
- If I run Wireshark during a domain add, the client starts the communication, receives answers from the server, then sends requests to the server which never receive a reply (see attached)
- I think this is the problem, but I don’t know enough about what’s actually going on during the process to pin point the problem.
- During a successful re-add (when the server magically joined) there was a gamut of traffic between the DC -> Server after the point that it now stops.(see same attachment)
- All the Servers are Windows 2003 EE and at patch level of SP2
- All server have been scanned with Conficker buster from Kaspersky and a full scan of McAfee 8.8 with the dat update from yesterday
I'm about at my wits end with this. I am hoping there's someone out there that's more knowledgable about the domain join process than I am, and might be able to tell me where to look based on the information provided.
This is what the server is sending. The part I don't get is why it's not getting responses to the microsoft-ds and netbios-ssn packets
- Moved by Tiger LiMicrosoft employee Thursday, January 26, 2012 2:15 AM (From:Network Infrastructure Servers)
- Changed type Tiger LiMicrosoft employee Monday, January 30, 2012 12:54 AM
Reply:
This is what the DC is seeing..
Sorry this is so small.. but if you zoom in on them, you can see them better (CTRL +)
- Edited by RC Chris Tuesday, January 24, 2012 2:07 PM
------------------------------------
Reply:
Hello,
please upload the following files, so we can get a complete overview:
ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server]
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and don't run on Windows server 2008 R2]
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
------------------------------------
DPM 2010 no EUR - Only works when browsing directly to dpm share
DPM 2010 protecting Storage Server 2008 shares. EUR is configured and everything seems fine with Active Directory.
Issue is, my users have mapped drives directly to the shares on Storage Server 2008, and the Previous Versions Tab shows nothing. However, if we browse the the DPM shares directly, then you can see all of the previous versions.
What am I missing? I read somewhere that you must make sure shadow copies are not enabled on the protected server, but this was true only with Server 2003 VSS right? Any help would be great!
Thanks.
Reply:
More info: I have verified that shadow copies are disabled on all volumes on the Storage Server.
I have a total of 5 shares on the same volume. 4 out of 5 previous versions work fine, but on my largest share they just dont work. On storage server I checked permissions and the like, and they all match up.
Bizarre
------------------------------------
Reply:
------------------------------------
Reply:
Hi,
For clarity - the restriction of not having local shadow copies enabled on a protected volume also applies to windows 2008 servers as well.
Are there any DPM alerts about not being able to update share permissions ?
Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
------------------------------------
Reply:
Hello,
Does this issue still exists?
Thanks
Shane
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
- Edited by Wharf FC Tuesday, January 24, 2012 2:08 PM
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
Yes. Actually, it didnt work the first time, which really made me sad. I went back into ADSI edit, found the share, and after going to properties I scrolled down to the common share name and noticed even though it had been re-created, the wrong server name was listed! The server was an old 2007 DPM we took offline over a year ago! So, I manually edited the ADSI record to reflect the current server, and it instantly worked!
Thanks for the advice, and God bless Al Gore for inventing the interwebs.
------------------------------------
Master Plan of key milestones from multiple project plans
Hello
I'm just finding my way around MS Project (using 2007 version). I'm working with 25 separate project plans and know there is a way of creating a master plan containing all activities and milestones from all of the separate plans. What I would like to do is create a master plan, that just contains the key milestones from each individual plan (i.e. without all the other activities and milestones that are not deemed to be critical). Is this possible? And if so, is it possible to get them to update in the master milestone plan automatically when updated in the individual plans? Any help/guidance would be much appreciated. By the way, I'm not using microsoft server, just standalone version, with individual plans on a shared drive.
- Edited by markster_uk Monday, January 23, 2012 2:52 PM
Reply:
Prasanna Adavi, PMP, MCTS http://thinkepm.blogspot.com
------------------------------------
Reply:
Thanks Prasanna - that is exactly what I needed.
Kind regards
Mark
------------------------------------
Reply:
------------------------------------
Reply:
Prasanna Adavi, PMP, MCTS http://thinkepm.blogspot.com
------------------------------------
Has anyone installed SQL SP3 on their TMG box?
MCITP Enterprise Admin/Server Admin, MCSE NT, 2000, 2003
- Changed type Nick Gu - MSFTModerator Friday, January 27, 2012 6:46 AM
Reply:
Thanks all for the responses. I installed it, went without a hitch. I just had to reboot afterwards, so I did that later in the day.
MCITP Enterprise Admin/Server Admin, MCSE NT, 2000, 2003
------------------------------------
Reply:
Yes I have.
Worked just fine!
Hth, Anders Janson Enfo Zipper
------------------------------------
Reply:
Hi,
runs fine. All of my installed TMG Servers will always get the latest SQL Service Pack
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
------------------------------------
Reply:
Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
Reply:
MCITP Enterprise Admin/Server Admin, MCSE NT, 2000, 2003
------------------------------------
Reply:
Hi,
no. TMG use LLQ (Large Logging Queue) when the SQL services are stopped:
http://www.isaserver.org/tutorials/Explaining-Microsoft-Forefront-TMG-Firewall-Lockdown-Mode.html
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
------------------------------------
Reply:
Thanks all for the responses. I installed it, went without a hitch. I just had to reboot afterwards, so I did that later in the day.
MCITP Enterprise Admin/Server Admin, MCSE NT, 2000, 2003
------------------------------------
Forum FAQ: Deployed printers on Windows XP are not deleted even though they have been removed from the GPO.
Symptom
You used group policy on Windows Server 2008 server to deploy printers and then you tried to remove the deployed printers from GPO. However, the printers deployed on Windows XP are not deleted even though they have been removed from the GPO.
Workaround
This issue may occur if the pushprinterconnections.exe file for Windows Server 2008 does not work properly. To troubleshoot this issue, please perform the following steps to use the Windows Server 2003 R2 version of pushprinterconnections.exe file to remove deployed printers:
1. Replace the pushprinterconnections.exe in the startup script with the one for Windows Server 2003 R2.
You can download the pushprinterconnections.exe file for Windows Server 2003 R2 from the following link:
http://cid-3a34925a69915608.skydrive.live.com/self.aspx/.Public/pushprinterconnections.zip
2. Add the -log parameter in the startup script.
3. Refresh the policy on client. Add back those printers you want to remove.
4. Restart the client and then make sure the printers are added. Remove the printers in the policy again. Refresh the policy on client.
5. Restart the client and check if the printers have been removed.
Applies to
Windows Server 2008
Reply:
Hello
I have a network of 30 WIndows XP and 20 of WIndows 7.
i have a total of 5 printers deployed by a window 2008 std server to all the computers. In the past i had different printers which i uninstalled and i deleted the deployment.
I still can see in all my WinXP computers the old servers. I have done what you have mentioned above (by replacing the pushprinterconnections.exe file and also i have added the -log to the parameters.
I still cannot delete them. ANy idea what else i can do?
Thx in advance.
------------------------------------
Reply:
What is in the %TEMP%\PPCUser.log file. Or %windir%\temp\PPCmachine.log if removing machine connections
Alan Morris Windows Printing Team
------------------------------------
Reply:
Hello
The file at c;\windows\temp\ppcmachine.log has the following info:
Microsoft Windows Operating System Deploy Printer Connections Utility v1.0
Copyright (C) Microsoft Corporation. All rights reserved.
... Logging enabled by command line switch.
... Logging started at 4:34:36 PM 1/19/2012.
... Found and applied this GPO: Computers Policy XP NOUSB.
... Found and applied this GPO: Computers Policy XP NOUSB.
... Found and applied this GPO: Default Domain Policy.
... Found and applied this GPO: Computers Policy XP NOUSB.
... Found and applied this GPO: Computers Policy.
... Found and applied this GPO: WinXP.
... Found and applied this GPO: WinXP.
... Found and applied this GPO: Computers Policy XP NOUSB 1.
... Failed to search Active Directory. The operation completed successfully.
... There are no connections to remove.
... Deploying per machine connection \\Arahide\HP LaserJet P2055dn Etaj 1.
... Deploying per machine connection \\Arahide\Lexmark X656de Fabrica - 201.
... Deploying per machine connection \\Arahide\Lexmark X656de Etaj - 203.
... Deploying per machine connection \\Arahide\Z -Brother MFC-6890CDW Marketing.
... Deploying per machine connection \\Arahide\Lexmark X656de Intrare - 200.
Microsoft Windows Operating System Deploy Printer Connections Utility v1.0
Copyright (C) Microsoft Corporation. All rights reserved.
... Logging enabled by command line switch.
... Logging started at 8:36:33 AM 1/23/2012.
... Found and applied this GPO: Computers Policy XP NOUSB.
... Found and applied this GPO: Computers Policy XP NOUSB.
... Found and applied this GPO: Default Domain Policy.
... Found and applied this GPO: Computers Policy XP NOUSB.
... Found and applied this GPO: Computers Policy.
... Found and applied this GPO: WinXP.
... Found and applied this GPO: WinXP.
... Found and applied this GPO: Computers Policy XP NOUSB 1.
... Failed to search Active Directory. The operation completed successfully.
... There are no connections to remove.
... Deploying per machine connection \\Arahide\HP LaserJet P2055dn Etaj 1.
... Deploying per machine connection \\Arahide\Lexmark X656de Fabrica - 201.
... Deploying per machine connection \\Arahide\Lexmark X656de Etaj - 203.
... Deploying per machine connection \\Arahide\Z -Brother MFC-6890CDW Marketing.
... Deploying per machine connection \\Arahide\Lexmark X656de Intrare - 200.
but at the Control Panel at Printers i have the following
i dont know why they are not removed.
thx in advance
------------------------------------
Reply:
What do you have listed under this registry key?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Connections
Alan Morris Windows Printing Team
------------------------------------
Reply:
Hello
to each computer i should look at the registry or at the domain controller?
thx
------------------------------------
Reply:
Alan Morris Windows Printing Team
------------------------------------
The Taskbar is reset to the default settings when you use the "Automatically Log On" feature in Windows 7
Reply:
Are you referring to this hotfix: http://support.microsoft.com/kb/979155
That hotfix is included in service pack 1, did you install it? It can be downloaded from http://www.microsoft.com/downloads/sv-se/details.aspx?familyid=c3202ce6-4056-4059-8a1b-3a9b77cdfdda
Blogging about Windows for IT pros at www.theexperienceblog.com
------------------------------------
Reply:
------------------------------------
Reply:
Ok, then this is another bug or the a regression from the original bug. I would suggest contacting Microsoft opening a case with them to find out if there is a new bug or the old one is back.
Blogging about Windows for IT pros at www.theexperienceblog.com
------------------------------------
Change User Permissions Once the Item Gets Approved in SP2010 List
Hi,
Is there any way/method in sharepoint through which I can change user permissions once the item gets approved.
Following is the detailed requirement.
1. I have a custom list where approval setting is enabled
2. User creates a new entry under the list
3. After entry is created, approver will approve/reject an entry
4. Now, (the important part) if item is approved then user should not able to edit the entry again (which means his entry should be changed to read only)
5. If item is rejected than entry should be editable by the user
The overall purpose says “user should not allow to edit his entry after getting approved”.
Can anyone please help or suggest me some feasible solution here.
Sachin D - Sharepoint Developer
Reply:
Sachin D Sharepoint Developer
------------------------------------
Reply:
Well while thinking today, I thought of alternante method as follows
1. Under AllItems.aspx page I will keep 2 fields "Approvial Status" and "Title (linked to Item)
2. IF Approvial Status = Approved then I will make 'Title' field as non linkable so user (whose item is approved) will not able to get an option to edit the same
I just need some help for any JQuery/Javascript solution which can help me to achieve the above requirement. I found one good article here (http://social.msdn.microsoft.com/Forums/en-US/sharepointcustomization/thread/4c366cd9-dd84-440c-bdbc-30ee2c81876e), but didn't worked for me :( .
Expect and Appreciate help.
Sachin D Sharepoint Developer
------------------------------------
suddenly my reader role cant read facts
Reply:
This gets better. When we deploy the same solution to a different server, my readers can read facts on that server's copy of the cube. The second server may be R2, I have to check. The first is not R2. The peer who is deploying has R2 installed on his workstation and developed the solution on that workstation.
We did a quick experiment and made sure the target server's version was chosen as 10.0 instead of 10.5. But readers still cant read facts after we deploy.
We run std 2008 and as you can see we have R2 in the picture sometimes.
- Edited by db042188 Friday, January 20, 2012 10:39 PM spelling
------------------------------------
Reply:
------------------------------------
Specified argument was out of the range of valid values.
Hi All,
I have created a web part and getting the value of all the list present on that page by using following code but it returns the exception of the type " Specified argument was out of the range of valid values."
My code is as follow
string[] DCR_Sales = { "ProspectVisited", "Date", "PersonMet", "AccompniedBy", "Activity", "StageOfCall", "FollowUpAction", "Lead", "Quality", "Proposal", "Closed", "Approval Status", "Approver Comments" };
coll = oWebsite.Lists[ListName].GetItems(DCR_Sales);
myGridView.DataSource = coll.GetDataTable();
myGridView.DataBind();
myGridView.Visible = true;
Please help me to fix the same.
Reply:
Hi Vaibhav,
coll = oWebsite.Lists[ListName].GetItems(DCR_Sales);
Above statement is creating problem in your code.Please refer http://msdn.microsoft.com/en-us/library/ee562161.aspx for how to get data from List in sharepoint.
Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
------------------------------------
Customising Federated Search
Morning/afternoon everyone.
I have a query regarding the output of a federated search connector I have here. I'm using Search Server Express 2010.
I have created a custom list and created a scope that points to only that list. I've then created a federated search connector which uses that scope and added that to my search results page. When I run a search, I see the docs/site results etc listed in the main results section and my federated search on the right - all working nicely.
What I would like to do now is to modify the hyperlinks displayed in my federated search web part so that when the user clicks on one of those results, it displays the matching list item in a modal window rather than taking the user to the custom list and away from the search center.
The main results should stay the same, it's just the federated search results I need to tweak.
Does anyone know if this is possible and if so, how can I achieve this?
Many thanks!.
Dave
SharePoint Administrator and MCTS | SharePoint Fan www.davepyett.wordpress.com - Follow me on twitter: twitter.com/dpyett
Security group permissions on public folders
- Changed type Sean Zhu - Monday, November 8, 2010 6:31 AM no response
Reply:
/kj
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
------------------------------------
Reply:
Please explain type of group? It was a security group, but I can provide additional information. What we where attempting to do is listed below.
I want to create groups that I can use to organize which users get access to public folders and shared folders. I have used the directions below, but users who are put in these groups are not able to gain access. I have made sure the group roles are correct, but still cannot get them to work. Am I missing something? Putting the group in the wrong section (active directory / my company / sbs users, etc..)? Any help would be appreciated.
Directions
1. Please create a Security Group, then add the user accounts who can
access Public Folders (include your "Office Loop" and "Office Only" user
accounts) as the number of this group. In further, which account wants to
have Public Folders access permission, you only need to add the account as
the number of this Security Group.
2. Give Public Folders access permission
a. Open ESM, extend public folders
b. Open folder properties which you want, click Permissions tap
c. Click Client permissions button, please remove all in the list (if you
do not delete the old permission, the accounts may still can access the
folder)
d. Then add the new Security Group, give it Read items or other more
permissions
e. Click OK twice time to finish.
3. Configure OWA function: by default, the OWA function is open for
everyone, please try to disable the OWA for "Office Only" accounts.
a. Open ADUC, extend to the user account
b. Double-click it, click Exchange Features tap,
c. Highlight Outlook Web Access, click Disable.
d. Click OK to finish.
1. Right click your new security group, select Exchange Tasks
2. Click Next, select Establish E-mail Address on Groups, click Next
3. Click Next, then click Finish button
4. Waiting for 2 minutes, then go through the steps:
b. Open folder properties which you want, click Permissions tap
c. Click Client permissions button, please remove all in the list (if you
do not delete the old permission, the accounts may still can access the
folder)
d. Then add the new Security Group, give it Read items or other more
permissions
------------------------------------
Reply:
Security groups can be domain local, Global, or universal.
Where did you get these directions? Please post a reference.
/kj
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
------------------------------------
Reply:
Hi,
I know this thread has been abandoned for some time, but i am experiencing a similar problem.
I have a public calendar that needs a large number of users to have access to it. Rather than give each individual rights (which is a management nightmare) i have added a mail enabled universal security group with all the relevant users accounts in it.
I then made this group a publishing editor of the public calendar, but none of the users actually have any access above the default of reviewer.
I cant see any problems with the group creation and so i am now at a loss as to why this isnt working?
------------------------------------
Windows Azure Integration Pack for Microsoft Enterprise Library
The patterns & practices team has published the preliminary backlog for the Windows Azure Integration Pack for Microsoft Enterprise Library. Public consultation is now open. Feel free to review the stories, comment on them, and engage with our team. Stories are grouped in the following categories:
― Data Access: Windows Azure Table Storage
― Crypto
― Learning
Thanks,
Grigori
Reply:
The final release was shipped in November 2011. Check it out. Many useful features, including 2 new application blocks: Autoscaling and Transient Fault Handling.
------------------------------------
Reply:
Regards, Vishal Supekar BE.CSE MCPDEA(Micorsoft Certified)
------------------------------------
Bigscreens
Maybe it's an idea to define "bigscreens". Fx. a "widescreen" is defined by the format 16:9 where normal is 4:3. And that is used when displaying movies. when you want a 16:9 movie to fill the screen.
A "bigscreen" is something else and can be used to other things: You'll notice if you buy one of the new fx. all-in-one PCs that have big ##" screens, that when you open fx. internet explorer most webpages are not designed to fill out such big screens, and if you max the explorer windows it will just be alot of either blank white or some other theme colour. And you don't raise the size of content, becuase you're used to it as it is. So now you will be running explorer windows that fx only takes up 1400-1500 pixel width of 1920 and 700-800 pixel height of 1080 for a normal view. Of course if you distant the screen from yourselves up to 1 metre or more, you would scale up the content and max it, but at normal about 50 cm distance it could be defined as a "bigscreen" because windows would then "know" that it has extra space for special content around the "browsing area".
Windows already has a "processbar", but on "bigscreens" there could be something more ...
Example of bigScreen with permanent unused extra space around IE: https://skydrive.live.com/redir.aspx?cid=7915bbaf8fa8141b&resid=7915BBAF8FA8141B!197&parid=7915BBAF8FA8141B!196
- Edited by Hobby Developer Wednesday, December 7, 2011 6:59 AM
Reply:
Fx. all windows os have a desktop trashcan and that might as well be placed in extra area on bigscreens.
There could also be one superficial decorative gadget and one special message gadget.
A decorative gadget is a stupid idea so it will probably be popular. It could be a green plant - big icon - that have flowers in the summer etc. or it could be a logo.
And a message box (for overviews only) should be a local surprise connected to the user's hobby. Fx some people continuesly look at stock prices, some always follow the (local) television programs overview, some actually interest in government politics. It just have to be something of continuesly interest to the user with internet connection.
And they have to be silent so they do not really interupt the main view of the desktop.
----------------
You could also make the processbar expand on the extra area, when pressing start [windows]
----------------
Or fx. allow the system folders [controlpanel, videos, pictures, music, documents] to open up in extra area and while opened occupy that area, so when another window (fx. internet explorer) is opened and maximized it will not overlap.
------------------------------------
Reply:
Another issue about BigScreens is the user's distance to the screen. Because if it is normal sitting at desk distance, you might wish that even games played in fullscreen would be lesser - that fullscreen would actually be lesser.
Obviously BigScreens are not used with mobile PCs, so when you got one, it's normally a desktop.
If used personally to fx. "internet, movies, games, livechat" then the screen will mostly be in either a 1) fullscreen game mode or displaying 2) the desktop with some seperate activities.
If windows recoqnize a BigScreen, it could ask the user about "close (.5 meter)" or "normal (used as television seen from a sofa)" distance to screen. Because if sitting close the eyes can't comprehend much more than half of the content anyway.
Take this ex. https://skydrive.live.com/redir.aspx?cid=7915bbaf8fa8141b&resid=7915BBAF8FA8141B!198&parid=7915BBAF8FA8141B!196 which is not unusual, if lower right side of screenarea was reserved for WMP, and so it will only expand upwards regarding video format 4:3 or 16:9. That could be a permanent size. The top area of the player could be used to icons, news, gadget etc.
On a BigScreen the user could also have the possibility to choose a half processbar when put on a horizontal edge. Since there is no need for more.
------------------------------------
Reply:
What about a special windows edition for bigscreens and gamers? Fx. "BigScreen Windows"
A windows edition that does special support for graphics is of course something 3D gamers and designers would look after.
Special gamer support would be:
- that 3D gamers are able to see FPS in games;
- a) that they can capture their gameplay with same capture performance as Fraps (because it doesn't compress capture, which mean that FPS is only little effected and you need a big harddisk) and upload it with WLMM;
b) or that this windows edition support external connection to a videocamera, so that a videocamera will record everything on screen (*) and afterwards send data to windows live movie maker. An external videocamera would be able to capture the whole system boot, and system freeze during games, etc. and without decreasing FPS. - that this windows edition in order to run will make PC system requirements high enough to run all modern 3D games with > 15 FPS in 1920x1080res with ansi-alising x4, vert sync enabled and medium shadows + view distance. Recommended system requirements would be 30 FPS + some more video effects.
- And because system requirements to graphics would be high and this windows edition does special video support, it should also automatically setup advance video graphics in programs (just like you don't set screen position and rotation anymore on newer flatscreens like you did with the old box screens)
Special BigScreen Support would be different setup of desktop.
- *) Because the screen is at least 23" to define a lesser part of it as Fullscreen;
fx 1600x900 of 1920x1080 would be fullscreen and primary screen. - The secondary area should run as a tablet PC screen view, since many newer all-in-one PCs are bigscreen and touchscreen, they could run the secondary area as a tablet PC (touchscreen), so while primary screen area was running a 3D game, the secondary screen area show fx internet browing in a tablet screen or windows explorer or control panel or task manager. The secondary screen area could also show FPS on game played + game options ...
Or fx. while one is watching a movie in primary screen area, the secondary area could show movie player controls. - If the PC screen is lesser than 23" it could still be possible to run BigScreen windows by connecting a second screen as long the PC can fulfil system requirements defined at least a primary and a secondary screen area (tablet form).
- - - - - - - - - - -
Windows 7 has 100% info on CPU usage. Just open up task manager and you can see what program is eating up your system resources. But it is definitely not 100% up to date on video issues:
Fx. if you are setting up graphics for a game (just like you could be setting up PC boot by checking startup programs or setting up internet explorer for a smooth run by checking add-ons that have been installed by advertisers, if you're setting up a 3D game you need to adjust video settings) then you first try a resolution but playing the game it may seem laggy, so you lower the resolution. Then you set fx. ansi-alising and if you don't know what it is, you may have trouble finding what to look for in game etc. If windows were 100% on system info with graphics there should of course be a system tool telling FPS usage in game. Setting up graphics with such a tool is very simple, because a displayed number is showing YES or NO to the settings you do...
I don't know how FPS is measured, if it can be done like in task manager for every program or only for the whole screen.
There's actually also some difference to graphics control panel by nvidia and ati, on this PC it's possible to install drivers for 3D graphics where you need to wear glasses, but it can make objects appear infront of your screen or more 3D.
I've heard that it can cause headache after some hours, and since I often do many hours, I have only tried it in the stores. If you're developing graphics controls I'd recommend trying this with 3D glasses in a television shop. And if windows is going to be 100% info on graphics you got to figure out info about 3D glasses and headache...
But it's a little annoying that you can't buy a PC and then count on windows about graphics controls, that you also have to check whether you get nvidia or radeon.
So I suggest that for a windows edition with special graphics support that you consider anything that get FPS below 15 FPS as virus or bug, and that you make system requirements high enough to ensure it!
- Edited by Hobby Developer Wednesday, January 25, 2012 10:07 PM
------------------------------------
Reply:
I have to ask: If you have a large monitor, with a lot of pixels, why would you want to maximize a window on it? You do know that you can just run an application in a window, right?
Large monitors (and even multiple monitors) are great for running multiple apps in windows, which is a powerful feature for people who need to use multiple apps in the process of getting work done. For example, one can imagine running a development tool in one window, the Help facility in another, an internet web page (e.g., a reference) in another, a test application in a virtual machine in yet another window...
Another example, for example with Photoshop, one could make room to work on an image and also have all the panels with useful tools displayed.
All these things are possible now... What is it that you're suggesting here that adds value to an extended desktop (or spanning courtesy modern display drivers)?
-Noel
Detailed how-to in my new eBook: Configure The Windows 7 "To Work" Options
------------------------------------
Reply:
I have to ask: If you have a large monitor, with a lot of pixels, why would you want to maximize a window on it? You do know that you can just run an application in a window, right?
Large monitors (and even multiple monitors) are great for running multiple apps in windows, which is a powerful feature for people who need to use multiple apps in the process of getting work done. For example, one can imagine running a development tool in one window, the Help facility in another, an internet web page (e.g., a reference) in another, a test application in a virtual machine in yet another window...
Yep, and it works great. Just use buttons on your processbar to shift between them. But if you tried doing it on a 23" screen or bigger, you might see, that since more internet pages are already neatly sorted into panes, and the only other programs you deal mostly with (as 3D gamer) are controlpanel, windows explorer, it would be nice, if they were available (like the processbar) around in the space that aren't used.
I think all-in-one PCs will be more popular and they don't come in small screens.
I just had a laptop HP pavillion dv-7, 1600x900res with windows experience index 5.8. Laptops are not ideal for 3D games, because you can't play a first-person shooter with a touchpad. And if you need to attach an external mouse, you'll also need a table, so you're not going to use it in your car or on a trainstation etc. But I still bought a laptop to get a single packet with all inside. Btw. the flat laptop keyboard isn't ideal for gaming either.
But then I bought an all-in-one PC with windows experience index 5.1 for only 5.000 danish kr. (not because I got a big vallet or income), it's just my hobby. And now that I've tried it, I really think, that they (and BigScreens) will be more popular than box desktops and laptops for 3D games.
I think about 15 years ago, I used photoshop alot, when I was out taking pictures and wanted to apply text to them on print. Nowadays I mostly watch videos and play 3D games. >Here<'s a picture of this desktop right now. Notice the lot of unused space. If there was a clock gadget with date on it also, I would have added that also.Another example, for example with Photoshop, one could make room to work on an image and also have all the panels with useful tools displayed.
If you could get your hands on a 23" at least, perhaps even more to really get the feeling. Use it for some time. I think, you'll see.All these things are possible now... What is it that you're suggesting here that adds value to an extended desktop (or spanning courtesy modern display drivers)?-Noel
Detailed how-to in my new eBook: Configure The Windows 7 "To Work" Options
- Edited by Hobby Developer Tuesday, January 24, 2012 10:51 AM
------------------------------------
Owner approval for criteria-based membership groups not working
Hi,
I'm trying to use owner approval for criteria-based groups in FIM 2010 but it's not working.
I've created a criteria-based group in FIM 2010. If you switch to 'Advanced View' and then 'Extended attributes' in the window describing the group in the FIM web interface, you can see that there is a "Membership Add Workflow"option set to 'None'.
I enter the value "Owner approval" in the "Membership Add Workflow" field and then I save the group, with no problem. However, if I try to create a user with the right info in order to match the criteria used by the group, he's automatically added to the group and no approval workflow is executed.
The use of a "manual membership" group with the same option works correctly.
Am I missing something ? Is it possible to use "owner approval" membership wokflow with criteria-based groups ?
Thank you,
- Changed type Markus VilcinskasMicrosoft employee Wednesday, May 22, 2013 1:01 PM
Reply:
Those are two fundamentally different types of groups. In a criteria-based group, membership in the group is based solely upon criteria such as (department = Sales). If someone's department changes, the group is updated based on that and not based on any owner's approval.
Chris
------------------------------------
Reply:
Hi Chris,
Thanks for your answer.
I understand the fundamental differences between the groups and how membership is managed. However, since the option is available in the interface but did not have any visible effect (provided I did not do any config mistake), I was wondering if it was possible to set up owner approval for criteria-based membership groups.
In my opinion, having a criteria-based group with owner approval does not seem to be contradictory: the "criteria-based" part provides automation (users are automatically joining the group based on their info) but owner approval is necessary for group management and control purposes.
So does that mean that it's not possible to combine the two? If that's the case, then the option should not be displayed (or should be grayed out) in the interface.
- Edited by Mfenetre Thursday, January 19, 2012 9:35 AM
------------------------------------
Reply:
We've approached or passed the level that I can speak with authority, but my suspicion is that the normal view is written with the appropriate options for what the portal was intended to do with groups. The extended attributes only get "grayed out" when you don't have permission to edit the attribute but as an administrator you can edit almost anything, even to your disadvantage.
I found another thread that covers a similar scenario. It seems like you need to have the approval step occur before the attribute/set change takes effect that would trigger group membership, meaning you might not define the group membership directly based on the attribute criteria you are using now.
Chris
- Edited by Chris Clayton - STLCC Thursday, January 19, 2012 2:39 PM
------------------------------------
Reply:
Hi Chris,
Thanks for your answer and for the tip about the alternate approach.
------------------------------------
No comments:
Post a Comment