Computer Support Forum

Can I block local computer from joining an Azure Active Directory without user permission?

Question: Can I block local computer from joining an Azure Active Directory without user permission?

My Windows 10 computers are joined to an Azure Active Directory without my permission. I did not actively join an Azure AD on the settings/accounts/access work or school account page or on the System about page. When I go to any of these settings pages there is not option to join or leave an Azure AD. I also found a provisioning package being applied to the computer at logon. Presumably coming from the Azure AD that the computer is linked to. How do I disconnect my computers from whatever active directory they are joined to?
Details: The computers are personal home use computers that should not be joined to any organization's active directory. Every time a new computer is setup in my house it gets joined to an unknown Azure Active Directory. During setup and subsequent updates the computers are automatically joined to some active directory without input from the local user. The computers are new and have not had any additional apps added. All security settings have been changed to not allow sharing of any type. Default user accounts have been disabled. The computers have not been used for anything aside from surfing the web for a solution. They are out of the box with setup and updates completed.
Event Log viewer shows remote power shell commands being executed event #4104. Device management-enterprise-diagnostics- reports System migration tasks completed event #1700. Windows Remote Management reports Activity Transfer Event #254. These events seem to be related to the computers being linked to an active directory somewhere.
On the settings-account-join a work or school account there is an option to "Export your management log files" which exports an XML to Users\public\Documents\MDMDiagnostics\. The log file shows 100 pages of code being provisioned to the home use computers.
TCPview shows the home computers trying to/or connecting to various computers around the world at various times when a browser is open on the Google search page with no other web pages open. I assume all this activity is related to the active directory the home computers have been linked to.
Whatever is happening with these new computers seems to be a serious security threat related to Windows 10 "join an azure active directory". These home computers should not be connecting to or trying to connect to: computers in the Ukraine, Croatia, Canada, England, Germany, etc when no web pages are open aside from a google search screen.
I have been searching the web for months to figure out how to disable the join an azure active directory feature on new computers. I have contacted Microsoft support desk, visited a Microsoft store for technical help, and contacted McAfee support to no avail. All technical assistance ended at level 2 support telling me they do not know how to correct the issue and to take the computers back to the store or contact the computer manufactures to get the setup disks and rebuild the computer. After 5 new computers, I would prefer to have a different solution.
If anybody has had a similar situation, please provide information on how to disconnect the local computers from the active directory they are attached to and disable or block them from ever being joined to an Azure Active Directory again. Thank you.

More replies
Relevance 100%
Preferred Solution: Can I block local computer from joining an Azure Active Directory without user permission?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 104.14%

I installed ATA in my environment yesterday and the server alerted me to my AADSync server.  I allowed the activity, but I'm wondering if it is best practice to install the (Lightweight) Gateway on the AADSync server?
AADSync server is running Windows 2008 R2 without any roles installed.  Microsoft Azure AD Connect is the only service running on this server.

More replies
Relevance 92.25%

Hi, I've just setup an Active Directory (DAWSON.HOME), on a Windows Server 2008 (Enterprise Edition). When I tried to join my Windows 7 to the domain I got this error:

---------------------------
Computer Name/Domain Changes
---------------------------
The following error occurred attempting to join the domain "DAWSON":
An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain. For information about network troubleshooting, see Windows Help.
---------------------------
OK
---------------------------

Click to expand...

Is there anything that needs changing in my DNS and/or network setup before other computers can join? Of course they're both on the same LAN.
 

Answer:Joining an Active Directory

10 more replies
Relevance 91.43%

I'm completely at a loss for what to try at this point. I've gone through about every step I can find with Google, with no luck. I have a new Macbook Pro running El Capitan (10.11.6). I am able to ping either of our domain controllers.

In network settings, I can confirm that it has a proper IP address, our domain (company.local, for this purpose) is shown in Search Domains, and the proper DNS servers are listed.

Whenever I try to join the domain, I am greeted with a message that is it unable to contact the directory server. Sometimes, it adds a 5200 at the end of the message. I am using domain admin credentials, and have tried creating the computer account in AD already and without the account being present.

Is there anything else I can try? The two domain controllers are both running Server 2016, if that matters.
 

Answer:Joining a Macbook Pro to Active Directory

Does your computer name contain a hyphen (-)?

To check Choose Apple menu > System Preferences, then click Sharing.
 

4 more replies
Relevance 91.43%

Hey Everyone
Lately I've Got to an Issue in AD Joining Section. I Have a Network of 120 Windows Servers, 2016, 2012 & 2008.

This Servers are Connected Through a Cisco Router with DMVPN Tunneling.
i wanted to join them to my AD Server in my Core. from this 120, almost 110 of them joined with no problem but 10 of them, does not joined. the error is because when you authenticate as administrator of the domain, then you have to wait for joining message
but it look a long time & it gives me an error : "The Following Error Occurred Attempting to Join The Domain. The Specific Server Cannot Perform The Requested Operation"
but the point is : -servers connection to core are not slow    - they can ping the server's IP    -they can ping the Server's Name
but still it took a long time & at last it won't join the domain
can anyone help ?

More replies
Relevance 91.43%

We are trying to connect a Buffalo TeraStation PRO II to Microsoft Active Directory by the join process is failing. Buffalo's knowledge base is useless as is the 'debug' in the TeraStation system log so I'm hoping somone else has had a similar problem and got over it.

OK some facts...

AD is set-up on Server 2003 R2 Standard with a ".Local" FQDN config and everything is working OK. NetBios domain is COMPANY and 'Realm' is COMPANY.Local and domain controller is "mozart". In addition to AD, this server is running SharePoint server.

The TeraStation has been given the name "TSTN1TB" and this has been added as a "pre-2000" Computer recrod in AD.

On the TeraStation, we have successfully joined the NT Domain with a name and computers can see the shared folders but access control is based on TeraStation user control.

When trying to add to AD, if you get any of the domain or controller names wrong, error messsages are reported. get them right and it tries to join the domain but the system logs simply show "trying to join the domain..." and, 17 seconds later, "failed to join domain".

We have added WINS to the AD controller in case this was it.

Event logs do not show any attempt at log in on from the TeraStation.

We have tried connecting as "administrator" and as another user set up as part of the domain admins group.

Going bald here - any suggestions appreciate... Read more

Answer:TeraStation PRO joining Active Directory

afstcklnd said:





We are trying to connect a Buffalo TeraStation PRO II to Microsoft Active Directory by the join process is failing. Buffalo's knowledge base is useless as is the 'debug' in the TeraStation system log so I'm hoping somone else has had a similar problem and got over it.

OK some facts...

AD is set-up on Server 2003 R2 Standard with a ".Local" FQDN config and everything is working OK. NetBios domain is COMPANY and 'Realm' is COMPANY.Local and domain controller is "mozart". In addition to AD, this server is running SharePoint server.

The TeraStation has been given the name "TSTN1TB" and this has been added as a "pre-2000" Computer recrod in AD.

On the TeraStation, we have successfully joined the NT Domain with a name and computers can see the shared folders but access control is based on TeraStation user control.

When trying to add to AD, if you get any of the domain or controller names wrong, error messsages are reported. get them right and it tries to join the domain but the system logs simply show "trying to join the domain..." and, 17 seconds later, "failed to join domain".

We have added WINS to the AD controller in case this was it.

Event logs do not show any attempt at log in on from the TeraStation.

We have tried connecting as "administrator" and as another user set up as part of the domain admins group. ... Read more

10 more replies
Relevance 89.38%

I'm trying to joint a Fedora Core 1/Samba 3 machine to our corporate ADS so I can authenticate users with active directory. I have tried to follow The Official Samba How-To and Samba 3 By Example. I have read the applicable material in both books. So far, I've edited the smb.conf and krb5.conf as listed in the books. When I try:

krbinit '[email protected]'

and put in the correct password, I get no output. If I put in the wrong password I get an error message saying "failed getting initial credentials." I assume the no output is what is supposed to happen when it authenticates properly. Then I try and actually join the machine to the domain using:

net ads join -U'name'

and the output is this (the host name is testmachine):

libads/ldap.c:ads_add_machine_acct(1006)
Host account for testmachine already exists - modifying old account
libads/ldap.c:ads_join_realm(1342)
ads_add_machine_acct: No such object
ads_join_realm: No such object

One of the books said the DC had to have MS Services for Unix installed. I'm not sure if it is installed because I do not actually administer the DC. Is anyone intimate enough with Samba and ADS to know if Services for Unix would cause this, or if it could be something else? Any other little tricks I should look into?

If the Services for Unix is not installed and required, the DC admins would not let me install it. I do have full admin access to a Win 2003 Server on AD though, it just isn't a DC. ... Read more

Answer:Joining a Fedora/SAMBA machine to Active Directory

Well, I didn't use kbinit, I just modified the /etc/krb5.conf file to point to my domain controller, then did net ads join -U'username'.

Presto, it's joined.

Let me know if you want a copy of that file
 

5 more replies
Relevance 87.33%

I didn't find the one on the Samba.org website to be that great and was wondering if there is a better guide or how to on joining fedora 3 samba server on 2003 active directory.


Thanks in advance
 

More replies
Relevance 82.82%

I'd like a brief tutorial, or a link to a page where I might be able to accomplish a little more restrictive environment. I understand the basic logic for what I want to accomplish, yet I can't get it to work. Here's my scenario:

Through Active Directory, I want to set a global group of users with restricted access to certain settings and programs, namely Remote Desktop Connection (I had a separate thread that dealt with comp. sci. students using the RDC to bypass the web filter). I can go around each computer and disable the RDC remotely, but I'd like to set it up to where every account name takes on the security/permission settings.

As a note: At my college, the accounts are set up to where even the desktop background is reset after logout. We have a tiny problem with kids changing the mouse cursors and backgrounds here. Any suggestions on how to accomplish this?

Thanks in advance.

Answer:Privileges and Security Permission Settings Through Active Directory

Anyone? Anyone? Beuller?

2 more replies
Relevance 81.59%

So I handle IT for a small business (20 employees) and have been gradually trying to transition our laptops from consumer grade to business level laptops with Windows Pro. This actually isn't my primary job but the company didn't have anybody handling it before I arrived so I've taken it on.

The last two laptops I've setup as using the users Azure/Office 365 logins and they default to pin for secure access. Note that as of now, only three computers out of ten are using this login method as the remaining ones using local accounts with Windows 10 Home. Also there is no Windows Server on our local network

The laptop I am currently trying to setup needs to access a database file on one of those other computers on the local network and I've been running some weird credentialing/access issues that a more experienced person would probably have anticipated.

So initially while using the pin for logging into Windows (which was the default for the Windows login), the new laptop wouldn't even see the computer with the database file despite being able to ping the IP Address. I then switched the logon to a password and then the computer showed up on the network discovery.

This time it's asking for network credentials to connect to Server (email and password) even though the server is local account. Another option was to use the security pin which again doesn't work.

Is there a way for me to access that computer?
 

More replies
Relevance 80.77%

Basically, I rolled out active directory at the house, behind my untangle box. The AD box is setup to do dhcp as well as DNS.

Through the firewall rules in UT, the ports are forwarded to the correct machine.

I can resolve my website off site, but, not on site. If I punch in the internal IP of the webserver, it will load.

I am not too familiar with how windows DNS works, but, I did make a new forward zone look up and pointed it at opendns, but, the site still times out.

Any ideas? Everything else seems to be working decent.
 

More replies
Relevance 79.95%

I see lots of arguments for and against use a TLD name for your Active Directory. For example, a lot of places suggest buying businessname.net and using that for the website, but businessname.local for Active Directory and internal DNS. We've always used the same name for both.

Another thing I've seen is using a subdomain of my TLD for the Domain tree.

It just kind of makes me curious, since the latest versions of Windows Server and Mac OS X both use .local by default and make you change it to net/com/org. I own a domain name for my family, and I'm going to be redoing my domain controller at the house soon (SBS 2008 baby! ), so I'm wondering if I should use cortiaus.net or cortiaus.local inside the house.
 

Answer:Active Directory domain name - local versus com/net/org

I've always used .local or .pri/.prv. I never understood the point in using a pubicly available domain name for something that should stay internal. You run the possibility of having a split horizon type issue; where you have to resolve the same domain/host name differently internally than externally.
 

11 more replies
Relevance 79.95%

I have an active directory domain on my home lab. lets say its called example.local. If i wanted to set up an exchange server, how does my example.local name relate to email addresses? Lets say I wanted all email addresses to have @example.com instead of example.local. How is this done? I've Googled with no luck because i think my terminology is bad.
 

More replies
Relevance 79.54%

Hi
In A domain environment when i rest a user password from active directory users and computers he is unable to login to Windows with new password. He is configured to login through wifi And we are using single sign on in the wifi settings. This issue is only affecting few users. connection to company wifi network is authenticated through 802.1x. so we manualy create a wifi profile for 802.1x .


At the dual login screen the new credentials (we are using active directory credentials for wifi since it's 802.1x) are entered. First it spits an error that unable to connect to wifi. Then windows spits an error of invalid user name or password.

If we enter the old credentials at login in both wifi access and windows access we are able to login to Windows (it logs in with Cached credentials) but I it obviously is unable to connect to wifi network.

The user is a member of wifi group so he has access to wifi and he can access wifi through his iPhone.


Also another observation is that if I login with his Cached credentials and configure a wifi profile /connection using his new (reseted password) password windows spits an error that cannot connect to the network.

So the core issue is that after reseting his password from active directory users and computers he cannot connect to wifi through windows.






The workaround that currently I do is i login with his Cached credentials to Windows and then i use my own credentials to configure wifi connecti... Read more

More replies
Relevance 79.54%

I have a couple of W2K servers running on a home network (same subnet). I have established both as their own domains (as opposed to having both with a common namespace in the same tree). Both are DC's and running AD as disjointed namespaces. Here comes the brain dead part.......how do I "connect" both of these as 2 separate trees in a AD forest? They cannot "see" each other in Sites and Services or Users and Computers even though I can share files between them as is. As a test of my configuration, I have demoted one of the DC's and joined it with the other in the same tree. That works without a hitch. I must be missing something. Any AD help out there? Thanks! (I'm usually hanging out in Networking if I can return the favor!)
 

More replies
Relevance 79.13%

Hey,
I made another thread yesterday, and it was helpful, but now I have another scenario I'm trying go figure out.

I have servers in an OU. Group A and Group B are allowed to log in as users to the servers in the OU. Group A though are only guest users and can't install apps, reboot the machine, etc. Group B though has full admin access to the machine.

How would I go about giving Group B local admin rights to a machine in an Active Directory while keeping Group A guest users? Would a GPO be needed for that OU?

Thanks,
Robert
 

Answer:active directory - giving local admin privilege?

I would just make the group that Group B's memebrs are in local admin.
 

3 more replies
Relevance 78.31%

correct me if im wrong. in the NT 4 domain days, a file server that has a shared folder, will first create a machine local group on the computer. assign permissions to the file share to that machine local group. add global groups in the machine local group. and finally users in the global group.

in 2k native domain, i have a file server w/shared folder. create a domain local group in the active directory. assign permissions to that domain local group on the shared folder. add global groups in the domain local group. then add users to the global group.

can i substitute a machine local group to the domain local group??? what is the best practice??

also read that i can change from DL or global groups into universal, but not universal back to DL or global. but i tried it out, and it didn't complain when i change from universal to global. what gives??
 

Answer:question about w2k active directory groups (domain local, global, etc.)

I am lazy I make Local Group assign the users to it then Make that Part of Doman Group. Much easier to change Local groups then domain groups.
 

1 more replies
Relevance 78.31%

I've searched long and hard for an answer to this but I've found very little info on it so I'm starting to wonder if it's at all possible.

On some of our "Presenter PC's" at work it has been deemed that the creation of a new account from the Default profile takes too long when logging into Active Directory and slows presenting down too much. Our Default profile is probably around 120Mb due to
the contents of the image after deployment and how every application is tailored for use hence the AppData folder takes the bulk of the size up and it's not an option to remove it.

These PC's are (for now at least but hopefully not for much longer) locked down by Deep Freeze which resets all changes to all files when the PC is rebooted so a shared profile is not a problem at this point in time.

What I want to know is whether there is ANY way to make it so that a user authenticating to Active Directory can ALWAYS be forced into a pre-configured, local profile running on Win 7 32/64 Pro?

I've been looking at credential providers and replacing USERINIT.exe. I'm just not 100% sure which part of the process actually tells the PC which profile to use. I know that the registry is checked for the user GUID and if not present creates a new entry and
copies the Default profile but I don't know quite where this is called and how to modify it.

My programming knowledge limited to a bit of CMD and AutoIt but I do know a few coders so if we really have to get our hands dirt... Read more

More replies
Relevance 75.85%

Ok i have added some users to the server and when they alllog onto a client they should have a roaming profile, they should also auto conect to their own home directory on the server.

So i created a user went to the profile tab and then under home folder i selected connect and then i chose the drive letter G and then entered the home folder path beside it in the empty box at \\servername\work\staff\mick.smith when i create the user it does create the folder, it just does not save any files to it when logging on from any clients

the problem is everytime the user logs onto any client it takes approx 3-4 mins before it actually starts up. also when the user goes to save anything it does not auto take them to thier home directory on the server it takes them to the my docs folder on the client.

I hope someone can help me resolve this problem as it is starting to annoy me.

Thanx
Mick
 

More replies
Relevance 75.85%

Active Directory User and Computers
"MMC could not create the snap-in"

Anybody get this working?
I've googled to no avail

I've tried the Vista fix, registering a bunch of DLLs, but that didn't fix it.

Answer:Active Directory User and Computers

Bump. Wow, this must be unresolvable. Any alternative solutions? Currently, I'm remote desktop'ing into an XP PC, cause I need AD Users and Computers for work, but I much rather not have to do that and have something working on Win7.

9 more replies
Relevance 75.85%

Hi all

At my company we are currently running a server (with Windows Server 2012 R2 Standard), without Active Directory, and we have a bunch of laptops running Windows 8.1 Pro. Now we want to install Dynamics CRM which requires an Active Directory domain.

I am trying to run through every anticipated problem before I do the domain configuration. The last problem that I anticipate is the following:

Our MD's laptop is currently logging in without a Microsoft account (in other words, he uses a standard local user profile in Windows 8.1 Pro). He has a whole lot of data in this profile. So now, when we configure the domain, obviously he will have to sign in using an Active Directory username and password. So question 1 is, is it possible to synchronize the current non-Windows Live account with the domain account? And second question is, when he's working from home, without the domain controller to authenticate logins, will he still be able to access his data and profile? In other words, what I'm really asking is, will we be able to kind of integrate the Active Directory account and local account as one account, but the authentication is AD based when he's at the office, but local if he's at home?

Thank you!

Answer:Win 8.1 user accounts and Active Directory

You really are best to consult with someone in your area, that can better assist you with what you are wanting to do. Unless you have an IT/LAN coordinator that knows how to do this stuff. This is something that is deeper than what we can help you on here.

There is the Slipstick.com website. It is dedicated to this kind of stuff. Slipstick Solutions is probably going to be your best resource.

5 more replies
Relevance 75.85%

Hey I have a user that when trying to logon gets the error message "user is damaged" it does´nt work logging on, and it does´nt work logging on with a local profile either.

Her computer has been reinstalled since it apparantly crashed real hard before this error occurred. She´s had this error since the crash.
Her personal folder on the server has been recreated, the only thing that has´nt been done is to delete her completely from AD and put her back in.

Anyone have any tips about how to solve this? (Preferably without deleting the user from AD).
 

More replies
Relevance 75.85%

I have a user with that just got married and needs to change her last name. If I do a rename in Active Directory, how long does it take for this to replicate throughout the system. In the past, we always seem to get hosed up a bit because the system still remembers the old information in some cases (i.e. updating global address books, contact lists, e-mails getting to the right source). Any advice would be appreciated.
 

More replies
Relevance 75.85%

I was logged onto the server by a remote desktop connection, I was in the network Active directory and was supposed to be clean up the Tutor OU folder (Which has users in) and have some how deleted it, because I was interrupted and pressed delete and it has now disppeared.What I desperately need to know is, how can i recover them, I recreated the folder and few users, but they seem to have lost network access, although they can log in OK.I attempted to look for a recycle bin on server but couldn't find one........have you suggestions, I am desperate,Please Help...Before all the Users start screaming!!!!!!!!

More replies
Relevance 75.44%

Windows
2012 

IP settings           172.17.2.36

Subnet mask       255.255.0.0

Gatevay                 172.17.2.1

DNS                       8.8.8.8

                           
     

Windows 7

Obtain
IP address automatically  

----------------------------------

----------------------------------

DNS
                       8.8.8.8

 
                                

The
error code reads 

------------------------------------------------------------------------------------------------------------------------------------------------

The
following error occored wen DNS was queried for the servise location (SRV)

resource
record used to locate an Active Directory Domane Controller (AD DC) for Domain

"dalek.local
".

 

the
error was: "This operation returned because the timeout period expired."

(error
code 0x000005b4 ERROR_TIMEOUT)

 

The
query was for SRV record_ldap._tcp.dc._msdcs.dalek.local.

the
DNS server used  by this com... Read more

More replies
Relevance 75.03%

I've become pretty familiar with the active directory as far as adding users and implementing a descent group policy for different departments. Now I am wondering how would I go about hosting the users account settings (profile) so that it comes directly from the win2k3 server? In other words the user can change whatever settings they desire and this follows them computer to computer since it is based on the user.

I hope that makes sense.
 

Answer:Active Directory hosting user accounts

You want roaming profiles then.

Make a share on a file server somewhere, and then in the user's account settings specify that location as their profile location.

Like \\servername\Profiles\%username% , where servername is your server (obviously) and Profiles is the sharename you created,

(%username% expands to the login name, so you dont have to type it)
 

3 more replies
Relevance 75.03%

Hi,

I am trying to find a "hidden" user account in active directory and cannot find it. I have already selected Advanced Features and it still isn't locatable. I know the user exists and can see that the account has been used to login to pcs, but when searching active directory it doesn't show up except under administrators, where it is ghosted. It is listed under a hidden ou that used to be viewable. This is on a server running Server 2000. Any help would be so very much appreciated.
 

More replies
Relevance 75.03%

This is a bizarre one. We've had a new user join us here this week. I created an active directory account and exchange mailbox for them. All of this is fine. But the bizarre thing is, their name doesn't appear in the Global Address List in Outlook for some of our users, but does show in the very same list for other users. Can anybody explain why this would be?EDIT: Sorry guys, I was in Cached Exchange Mode. Got it now

More replies
Relevance 75.03%

Hi

I want to know how can I hide a user account in the login screen. User is in an ?Active Directory?.

I know to do this , I need change some registry keys :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

But this method not work when system use ?Active Directory?!

Answer:Hide User in winlogon (active directory)

What's your purpose to do this? As far as I know (been a long time since I saw a domain), only the accounts that have logged in on that particular machine is listed (or perhaps only the last logon).

You should be using group policy (gpedit.msc) I believe, see if:
Computer Configuration - Windows Settings - Security Settings - Local Policies - Security options - "Interactive logon: Do not display last user name" set to enable will do the job.

You can enable this only to a certain machine or a group of machines.

9 more replies
Relevance 75.03%

A coworker recently got married and I need to change her name and email in Active Directory. We are running Standard Server 2003, and Exchange 2003. Can anyone tell me the correct steps to follow?
 

More replies
Relevance 75.03%

I ame having all sorts of fun with an active directory user (cbromley) whose passwords are being cached to their local machine. In addition their account is being locked out even when they aren?t attempting a password. For example if I was to log the user out, within about 10 minutes her account would have been locked again, presumably because of something running somewhere else that is attempting to use a previously stored password to log her in. If we change the password on her account and run ?control keymgr.dll? from her machine we can see that credentials are being stored for exchange and delete them, quickly log her in before her account is locked again and this temporarily solves the problem. Any suggestions are much appreciated, thanks, Kev.
 

Answer:Active directory user is repeatedly locked out

Have any mobile devices running active sync?
Has this always been the case with this account?
 

2 more replies
Relevance 75.03%

If I am the domain admin, is there a tool I can run to capture usernames and passwords? My manager wants to keep a copy of this under lock and key, in case someone leaves the company. I would prefer not to send out an e-mail asking each person to reply with their password, if necessary. I am the IT Manager, so there's nothing fishy or bending of rules going on here. Any suggestions? If it matters, the accounts are on a Server 2003 Domain, and I have full admin rights.
 

Answer:Active Directory User Accounts and Passwords

With default policy of a native 2003 domain you won't be able to. If some one leaves, reset their password and log in. Administrators don't have a need to know everyone's password in a properly set up environment.

If the domain was upgraded from 2000 or you have lowered your security settings, you can use something like LC5 to crack them.
 

17 more replies
Relevance 75.03%

For some strange reason, all of a sudden 1 of uor mandatory profiles isn't syncing correctly, but all the others are. All the mandatory profiles' folders are redirected to a read-only directory on the server (excluding their documents, which is a seperate share on the server). When this user logs in, their documents is synced correctly, but their mandatory folders (e.g. Desktop) aren't. The user is in an organizational unit, and the redirected folders are applied via group policy, in the OU scope (and set on 'Domain Users', which the user is a member of) - also, the other GPO settings are applied, it's just the redirected folders. I've tried deleting the account, and recreating it, but that brung no lucky. Anybody has any ideas?

I tried logging in on another workstation (which is under identical group policy and user profile settings), and it worked fine. Maybe the problem is locally on the workstation?
 

More replies
Relevance 75.03%

I had to temporarily disable an account in my Windows Server 2003 Active Directory. After re-enabling the account, the user cannot login. I've changed his password and checked all his Member Folders, Permissions, etc and all seem correct. Obviously, I'm missing something. Any help?

Dave
 

Answer:Active Directory User Account Enable

I had the user must reset password on next login box checked. VPN authentication did not like this. I removed the check in the box and the user was able to login just fine.

Problem resolved.

Dave
 

1 more replies
Relevance 75.03%

We're trying to set up something on our network here where people can easily get to information about each person.
Kind of like a shared rolodex for the company.

In administering Active directory, I can view each users address, phone number, a photo, etc...
But is there any way of getting it so that anyone on our network can view this as well?

On our network we also have an exchange server, and a sharepoint server...so if it nedds to be through one of those, that's do-able.

Thanks!
 

Answer:Active Directory: shared user info?

Set up a shared contacts folder in the public folder of Exchange using Outlook.
 

2 more replies
Relevance 75.03%

Greets,

Im migrating a local user profile to our new Domain. (Win 2k server)

the local user login name is 'jchung', but is linked to the "JAMESR" profile.. i created the jchung profile on the domain, and initially logged on. Here's where i hit a SNAFU:

I want to copy the old local profile to the domain profile, BUT, when I hit control panel -> system, the local/JAMESR profile doesnt show up. I get access denied errors when I try to manually copy the JAMESR profile into the jchung one, so im a bit lost as to where to go from here.

any suggestions?

thanks, as usual.
 

Answer:Active Directory User Migration problem

When you migrate to roaming profiles from local profiles, all you have to do it set where you want the profile to be stored in the user's properities in AD Users and Computers. Then, have them log on to the machine with the local profile. When they log off, it will sync the profile to the remote location, making a copy of it.
 

5 more replies
Relevance 74.62%

hello,
can any one provide me solution for my problem .
I hav created a domin by our company name. Also i hav created some users in that domain , when thses users login as domain user they ar not able to get acess to all application which ar used prevoiusly when the system was in workgroup . our users use many applications these applications ar not seen in start menu . what could be the problem or any mistake done by me.
i 'll explain u how i hav created the users
start menu , administrative tools , domin users and computers and then new user . here i hav given the required information .After this process i hav to anything more for creation of user , if any please provide me few steps not the links .
i hav to assiign local administrative permissions so that the users can acess all the applications which they were using previously . In workgroup they were able to access all the applications but when they login as domin user they ar not able to access,What could be the reason
we use server as 2000 advanced server and client machines ar 2000 professional and XP professional

ravi
 

Answer:how to assign a local administrator permission to a doamin user

Sounds like a permissions issue, do they have the correct permissions for the files and programs they are using?
 

1 more replies
Relevance 74.62%

My brother has a 2tb hard drive in his computer and he barely uses any of the space in it. So I shared a folder from his computer, and then mapped that folder to mine. I use to this for storage purposes. I was wondering if there was a way from preventing my brother from being able to open this folder if he were to find it on his computer. I'm running win 8 and he's running win 7.

More replies
Relevance 74.21%

Greetings,

I am wondering if it is possible to have particular AD contact objects add into the address book for only particular users. I would be surprised if it weren't possible, and I have a feeling I would have to modify the Security permissions on the object. I took a look and there were a lot of entries from Exchange and others I've never seen before -- so basically I don't know what I would need to remove or add to get this to work. I'll give it a test later by removing everything and add a test dummy account with full access / appropriate permissions and see if it automatically adds into said account's address book.
 

Answer:Active Directory 2012 'Contact' object: possible to have it only add for one user?

Are these user accounts or contacts? You could use the HidefromGAL attribute, but it wouldn't be targeted.
 

2 more replies
Relevance 74.21%

Hi all the Win 7 Guru,

I have encounter a problem where my "Active directory users and computer" function suddenly unable to connect to my remote server.

I have run a nslookup and below are the reply

C:\>nslookup
Default Server: UnKnown
Address: 10.10.2.6

I confirm it is not the next work issue because in the same network there is few more PC running window 7 and XP, they don't have the problem as i mention.

I also have a virtual XP running in the notebook that i am using, So i try to install the adminpak and run the Active directory users and comptuer and what a supprise it work.

I have try to reformat the notebook and the problem still occur after i use it...

Please help!!!... tired of reformating.



Update on the troubleshooting of the problem i am encoutering, I find out that the window 7 that i am running is not able to resolve any PC name on my network. I am mentioning this because went i am using the virtual machine install in the notebook (Win XP) to remote desktop to other PC using the desktop name it is working fine. Another weird window 7 problem.... :S

Thanks, in advance.

Answer:Unable to connect to Active directory user and computers

Hi,

did you try ipconfig /flushdns. and the ipconfig /registerdns. once that is done also clear the dns cache from the dns server and try.

Hope this helps

cheers!

5 more replies
Relevance 74.21%

Hi, good afternoon everyone.

First, I dont know is it correct to post the question in here.

I am a network administrator but one of my branch faced a problem when they try to install software. It prompt out a error message like "can not installed due to restriction , please contact system administrator".

Actually , i can give them administrator right but I scare one of them will use it to change some local setting. Like open USB port and so on.

May I know how to change the setting in Active Directory, just let them can install specific software only?

Thank you very much.
 

Answer:<Active Directory>user can not install software due to restrictions.

Hello, If this is on a company LAN I would suggest to have the IT department give this a look see to try and fix this up. Basically this is a company network and if we try to help you fix this thru our forum here and something happened your company might look upon this in a really negative way. The LAN is company property and it should be the companies people to fix it.
 

1 more replies
Relevance 74.21%

Hi, i'm new to the win2k3 server and it's been real ugly for me. Anyways i enabled active directory and dhcp and dns and wanted created a server locally (biz.local as the dns name). Now whenever i try to create user by going into the active directory managment control interface, clicking on biz.local then to users, right click, new, user and creating the user name and login name, and the password, it pops a error message saying "windows cannot create object (nameofperson) because : Unable to update password, The value provided does not meet the length, complexity or history requirement of the domain." What's going on? since this is a fresh install and i am the admin logged in, it doesn't let me create a user even though i never made any criteria or length.
any help will be appreciated, thanks
 

Answer:Win2k3 Server, Active Directory User add problem

HitmanZ said:



Hi, i'm new to the win2k3 server and it's been real ugly for me. Anyways i enabled active directory and dhcp and dns and wanted created a server locally (biz.local as the dns name). Now whenever i try to create user by going into the active directory managment control interface, clicking on biz.local then to users, right click, new, user and creating the user name and login name, and the password, it pops a error message saying "windows cannot create object (nameofperson) because : Unable to update password, The value provided does not meet the length, complexity or history requirement of the domain." What's going on? since this is a fresh install and i am the admin logged in, it doesn't let me create a user even though i never made any criteria or length.
any help will be appreciated, thanksClick to expand...

Win2k3 has very tough password requirements right out of the box. You can change them via the security policy or just find passwords that meet the requirements. If its for internal testing only try [email protected]
 

3 more replies
Relevance 74.21%

Hello --

I've searched quite a bit and have done quite a bit... this is my last stop before I dump the login and go to something else.

I had a profile that was acting odd not loading different apps slow logins etc so I wanted to basically wipe it and start over and now i'm having issues.

I started by deleting everything about the login from both active directory the server profiles folder and even the individual computers that are used to login with it at.

To do so I deleted the folders out of the users/%username% and then also went into regedit and deleted the profilelist with the username as well.

To me the profile should literally be as if it never existed....

Next I recreated it in active directory recreated it's folder in the profile database and attempted to login...

the computer immediately goes to a black screen and then says logging off and back to login.

I've looked up several fixes but none have worked.. at this point i'm open to trying anything...

More replies
Relevance 74.21%

Hello,
I need to set the user tile picture to the picture defined in the adthumbnail attribute in Active Directory.  I see that there are many scripts out there to do this.  I need one that will do this for Windows 7, 8.x and 10.  Any recommendations?
Thanks!

More replies
Relevance 74.21%

Hello, sorry for being a bit thick but should I remove the .tmp files from the above directory and is it safe to do so?

Answer:c user appdata local temp directory

Hello David, and welcome to Vista Forums.

Yes, it's safe to delete your temp files.
Temporary Files - Temp FolderIf you like, you could use Disk Cleanup every so often to cleanup temp and junk files instead. I personally like using the free CCleaner to do so though.

Hope this helps,
Shawn

4 more replies
Relevance 73.39%

When you disable a user account in netware, it immediately blocks access to any network resources. However, it seems in AD that's not the case. The ticket that was generated for the user on login is still valid for the entire ticket life duration. So while the user can't login any more ( and thus, can't get any more tickets generated ), they still retain access to network resources until their current ticket expires.

Is there any way around this? I'd like to mimic the behavior of netware here if I could. It's one of netware's redeeming features.
 

Answer:Active Directory - Disabled user network file access

Somethings not right, a disabled user in AD = 0 access.
 

8 more replies
Relevance 73.39%

Where can I find and download Active Directory for User and computers for Windows 7?  We are currently Using Windows 7 Enterprise with Active Directory installed.  We just need to  find the right module to install AD
onto another computer for use.
Thanks,
Fred Tarpley
[removed}
District of Columbia Government
Department of Consumer & Regulatory Affairs (DCRA)

More replies
Relevance 73.39%

First off I apologize if this isn't the proper place for this post. We have an active directory domain at the school corporation I work for. The elementary school's use a generic student account to login. All of the faculty members have their own accounts to login with. Every time we log in using a specific elementary school's generic account it creates two different user profiles. One user profile that is created is for the account we logged in to XP machine with. The other user profile that gets created is of the account that belongs to secretary at the same school of the generic login account we used to login with. I have tried use Google to find answers to no avail. Any help would be appreciated.

More replies
Relevance 73.39%

Ok, so I just upgraded to W7 and was going through a process of organizing the "libraries" and I noticed (possibly of my own doing but am not sure) that the second drive in my system (B) was sitting there in my user folder. My question is, is that normal? How did it get there and how do I correct it if it isn't suppose to be there. Here is a picture of what I am talking about...

Answer:Local Disk inside User Directory (folder)

hey, what you must have done is drug it over there by accident, as you can see it is still located were it is supposed to be further below, all you did was add a link to it. so you can safely erase the link, or ignore it, its up to you.

9 more replies
Relevance 73.39%

Ok, so I just upgraded to W7 and was going through a process of organizing the "libraries" and I noticed (possibly of my own doing but am not sure) that the second drive in my system (B) was sitting there in my user folder. My question is, is that normal? How did it get there and how do I correct it if it isn't suppose to be there. Here is a picture of what I am talking about...

[/URL][/IMG]
 

More replies
Relevance 72.57%

The question is which soft is good for this.
GFI Webmonitor looks good on the outside, but the reports it generates do not include the most important for me: which sites a given user of Active Directory visits on a given day (much better if it includes the time they visited them).
 

Answer:Monitoring which sites a user visits. We work with ISA server and active directory.

There isn't an option in ISA to do this? Or are you looking for something to make the logs into something readable...
 

6 more replies
Relevance 72.57%

Is there a solid procedure for users of a Windows 7 laptop to authenticate to Active Directory over a wireless network that does not include using cached credentials?
Here is my scenario, Windows 7 Enterprise laptop used by 30-40 different users. Wireless network available, but the wireless network requires authentication (same credentials as AD authentication) and laptop is in Active Directory. User boots the
machine up and the logon screen for AD authentication comes up. Obviously they cant login because they have not authenticated to the wireless network yet. I know I can do this somewhat with cached credentials for a single user but as stated before we
have dozens of users that need to use these machines. And obviously cached credentials only work as long as the password does not change.
Is there an easy and secure way to authenticate a Windows 7 machine to AD and a wireless network without having to deal with cached credetials and it will work for any user that uses the machine?

Answer:Active Directory Authentication over Wireless Network on a Multi-user laptop

You could try disabling the cached credentials, enabling the wifi connection setting above. Make sure when you do the registry setting above it is under Local Machine and not Current User that way the setting applies to all users on the machine.
Also, while on the network (your domain network) the user does not need the cached credentials. If you use VPN, consider starting it before user login so any user can access the domain while not on the network.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107598-sbl.htmlDon't forget to mark the post that solved your issue as &quot;Answered.&quot; By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional

9 more replies
Relevance 72.16%

Active Directory user account issues on replication in Windows 2000 Server

I have two domain controllers replicating to each other. SRV-1 is my main domain controller while SRV-11 is my additional controller. When I create a user account on SRV-1 named "bsmith" is pops up on SRV-11 but the little face icon next to the name has a red/white "X" symbol on it. It appears to be disabled. However, the same account on SRV-1 where I originally created the account doesn't have the symbol. Vice versa happens when I create an account on SRV-11.

When I right-click on the account with the "X" icon I have an option labeled "disable account", but it appears to already be disabled from the way the icon looks. So I click on "disable account" option anyway and the icon stays the same. Next, I right-click again and this time I have the "enable account" option. When I click "enable account" the "X" disappears and the account appears to go back to normal.

Why is this happening? How come the account is getting disabled on the other server? Shouldn't it be enabled on all servers after creation? Also, why is it that I don't get the "enable account" option right off the bat when I right-click, instead of first having to click "disable account" in order to get the "enable account" option?

Thanks,
Jerry
 

More replies
Relevance 70.93%

I'm trying to remotely shutdown another PC in my home from my Desktop PC.

My Desktop PC is 64bit Win7 Home, but I don't think it matters, since a Google search shows every version of Windows AFTER XP has this problem.

I have the Win10 Preview running on a computer in another room. I'd like to be able to shut it down remotely from my primary (Win7) computer. To do this, I run "shutdown /I" from the command prompt. The dialog appears but when I try to "Browse" the network for the other PC, I get an error message telling me:

"Active Directory Domain Services unavailable"

This happens whether I do this from the Win7 PC or the Win10 PC, so I know it's not a hardware or OS specific thing. It also happens if I try to do the same directly from the CLI.

I don't want to have to setup a Server just to do this one tiny thing. Any ideas? TIA.
 

Answer:Can't shutdown local PC. "Active Directory Domain Services unavailable"

When you say remotely do you mean Remote Desktop? If so, have you tried pressing Ctrl_Alt_End and then clicking on shutdown?
 

4 more replies
Relevance 70.11%

I am setting up my own small network that include the following configuration :

Server : Windows 2000 Server with active directory
Clients : 5 clients

My question is :

Is there an easier way have the existing local account converted to active directory account.

Objective :

I want to be able to have the current user of the pc sign-on to an active directory account and be able to have all the access to the existing applications, email(outlook express), bookmarks etc. which have been there in the local pc before the active dierctory upgrade.

I found that once I log in the local pc to the active directory domain, everything start fresh. The "my document" is empty. Cant see all the setting/folders which have been set up before the conversion to active directory.

Appreciate any suggestion.

Thx
OzzieGUY
 

More replies
Relevance 69.7%

Folks I'm long standing Windows user and up to Windows 7 all has been absoluley fine. I'm now on a Windows 10 and I am pulling my hair out trying to connect to a drive or even to use workgroups. Its driving me crazy.

So simple example on windows 7 this works for map networked drive \\192.168.1.4\share

Asks for userid and password , I supply save credentials and from there on fab.

On Windows 10
I have tried setting up credentials for 192.168.1.4 and get a message that the file or folder is invalidI have used the option to connect using other credentialsI created a "local" account and this delighfully obliterated my Azure acount settings so I could not switch between logons. But the local account did work and the Map Drive was fine worked a treat.So complete wipe and replace to get back to Azure as per my companies needs.Map Network fails againChecked all required services - seems fineEven tried net use y: \\192.168.1.4\share /user:xxx password and this just gets the message A specified logon session does not exist. It may already have been terminated.

So how does one Map a local network drive in a Azure authenticated system.

More replies
Relevance 68.06%

Greetings,

My apologies for posting this on the "SevenForums", but I didn't know where else to go!

I have two servers at my place of employment. One of them acts as a designated domain controller which runs Active Directory. Another is our main server and acts as a file server, DHCP server, and print server.

Somebody sat things up so that we could access "Active Directory Users and Computers" from our main server. The Active Directory Role was NOT installed on our main server. I assumed they simply mapped a shortcut to the Active Directory file (IE \\servername\windows\system32\file.msc) but I was unable to do that.

We're running Server 2008 R2 on both.

Answer:Accessing Active Directory from Another Computer

I checked our old server (running 2003) and the shortcut points to the Active Directory .msc file in it's own System32 folder. However, Active Directory is not an installed role on the server.

1 more replies
Relevance 68.06%

Greetings,
We recently added a new computer to the network and everything is working fine except for one thing. In active directory under computers all the other computers show the computer names in Capitial letters, while the new computer is shown as small caps. When ever anyone tries to connect to the new computer they get an error that says "Logon failure: account name is incorrect" I am sure that this is the problem but not sure how to correct it other then deleting the computer then re-adding it. Any suggestions?
Thank you
 

Answer:[SOLVED] Computer in Active Directory

7 more replies
Relevance 67.65%

Hello.
We are using active directory accounts in our network. Recently, my account seems not to work.
When I login using my account (using my computer), I cannot access shared folders which I used to.
When I login using another account (using my computer), it works without any problem.
When I login using my account in another computer, it also works.
What could be the problem?
Thanks.

More replies
Relevance 67.65%

Hello all,
After I join my client to the AD, I cant manage client's managment.
but some of client could do. Could anybody delete my problem? thank you
 

More replies
Relevance 66.83%

Hi all

At my company we are currently running a server (with Windows Server 2012 R2 Standard), without Active Directory, and we have a bunch of laptops running Windows 8.1 Pro. Now we want to install Dynamics CRM which requires an Active Directory domain.

I am trying to run through every anticipated problem before I do the domain configuration. The last problem that I anticipate is the following:

Our MD's laptop is currently logging in without a Microsoft account (in other words, he uses a standard local user profile in Windows 8.1 Pro). He has a whole lot of data in this profile from a few years of work. So now, when we configure the domain, obviously he will have to sign in using an Active Directory username and password. So question 1 is, is it possible to synchronize the current local (non-Windows Live) account with the domain account? The second question is, how will this affect his data, settings, etc? And the third question is, when he's working from home, without the domain controller to authenticate logins, will he still be able to access his data and profile? In other words, what I'm really asking is, will we be able to kind of "integrate" the Active Directory account and local account as one account, but the authentication is AD based when he's at the office, but local if he's at home?

Thank you!
 

Answer:Possible to "integrate" Win8.1 user accounts with Active Directory?

When you join a domain you get a new user account/profile on the computer. All his data and settings will need to be transferred from the old local account to the new domain account. Once joined to the domain and logged onto the domain users can take the computers offsite and still log onto that same account, the domain does not have to be contacted for logins while offsite., a local account is not needed for offsite use but the previous local accounts will still exist on the laptop. That account if its not going to be used should be disabled for security though.

Now there are tools and a procedure to move a local account to a domain account if you want to give that shot, doesn't always work, and I've never needed to use it. ForensiT User Profile Wizard supposedly works well: http://www.forensit.com/downloads.html
Definitely have a backup in place first.
 

2 more replies
Relevance 66.83%

Hi,
I have WSUS setup and running and need to get two computers connected to it.. XP Pro, and they are in a workgroup.

So far I have entered the following into the registry:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://192.168.100.4"
"WUStatusServer"="http://192.168.100.4"
"ElevateNonAdmins"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"RescheduleWaitTime"=dword:0000000a
"AUOptions"=dword:00000005
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000001
"UseWUServer"=dword:00000001
"DetectionFrequencyEnabled"=dword:00000001
"DetectionFrequency"=dword:0000000c
"AutoInstallMinorUpdates"=dword:00000001

-----------------------------------------

I also edited the servers in the local Group Policy Object Editor one of of the client computers.

To direct the computers to the WSUS server

In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

In the Details pane, double-click Specify intranet Microsoft update service location.

Type the URL of the WSUS server in both Set the intranet update service for detecting updates and Set the intranet statistics server. For ... Read more

Answer:Adding computer to WSUS in non-active directory environment

From what I remember it can not be done
 

4 more replies
Relevance 66.83%

Windows 2000 native-mode Active Directory setup. We have about 200 computer accounts in an OU, and I know that some of them are no longer used (i.e., the machine has been formatted or renamed but its account has not removed from AD properly).

Does anyone know of a utility to check/remove old computer accounts from the domain?
 

Answer:removing stale computer accounts from Active Directory

Hmmmmmmm I worked at a place that had a Domain Admin that built a script that would look at the "last logged in date" and just delete ones that were workstation names that hadn't been logged into within a month or 3 or 6 or whatever.

That's pretty safe. Granted you might get a few that you want back in there but it's a quick fix.

(You also end up finding some PC's in wierd places you never knew existed when you do this )
 

2 more replies
Relevance 66.01%

up until now, my firm has been joining computers to the domain, which creates the computer object for you. we'd like to change this to pre-creating the computer object so the object can be moved into the correct security group before the computer joins the domain. i tried to create the computer object first and then join the domain as that computer name, but i got an error that said the computer name already exists and it was going to join the domain as the old name. is there a policy for doing this right? how does active directory know that the computer i'm joining with is the one i want coupled with the computer account i've already created?
 

Answer:question regaring creating computer object in active directory

how many times have you tried this?
and are you changing the name, rebooting, then joining the domain?

we're in the process of migrating departments over to a new domain, and have came across a few issues.

When computer accounts are manually created, I've came across a few where I could not join that computer to the new domain, without first deleting and recreating the computer object manually. Otherwise I got an "Access Denied" error message.

There should be no problem doing this, though.
 

1 more replies
Relevance 66.01%

Is there a reliable cleanup tool/script to remove stale computer accounts in a Windows 2000 AD? (I need something that will first IDENTIFY the stale accounts then give me a list so I can delete them.)

In windows 2003, you can use the dsquery command.

To display stale computer accounts:
dsquery computer DC=domain,dc=com -stalepwd 45

If you want to delete the accounts, you pipe the results to DSRM: dsquery computer DC=domain,dc=com -stalepwd 45 | dsrm -noprompt

Unfortunately, this command is not available in Windows 2000 AD.

It is important that I find a way to IDENTIFY & DELETE these stale accounts from our Windows 2000 AD.

Thanks
 

More replies
Relevance 66.01%

Hi All

I am trying to get to grips with Win2K server by running a test network at home. Because of space restrictions I just have a Dell Dimension XPS T500 (PIII, 128MB) running W2K Server and connected directly (NIC to NIC) with a crossover cable to a Toshiba Portege (also PIII) running W2K Professional. I have successfully (I think) set up Active Directory on the Server and have got to a point where the client gets the correct DHCP address from the client with DNS configured etc.
The problem I am having at the moment is adding the computer to the domain. When I go to the network ID section in W2KP and change properties, it tells me that it cannot locate the domain. I can see the domain in Network Neighborhood but cannot access it from there.
Any ideas on how to proceed?
The Server name is "Server" and the domain name is "Domain" (very imaginative I know). The full DNS name is server.domain.local.
I assume I only need to enter DOMAIN as domain name on W2K client??
 

Answer:{Solved} - Problem adding computer to W2K domain and using Active Directory

Greetings

No. If you have set up the AD, then you need to use the fully qualified Domain name (ie. "domain.local").

Also, and this is vitally important... have you set up the DHCP server to send it's IP address as the DNS server, or have you setup the W2K pro client to use the server as it's DNS server? See, W2K works on Dynamic DNS. It's like WINS, in a DNS format. It is important that the W2K client can see the DNS server and know where it is.

Cheers

------------------
Reuel Miller
Windows NT Moderator (yes, that does make me biased )

[email protected]

Every morning is the dawn of a new error...
 

3 more replies
Relevance 64.78%

Microsoft has announced the release of their newest free ebook, Microsoft Azure Essentials: Azure Machine Learning, by Jeff Barnes. This is the third ebook in Microsoft Press?s free Microsoft Azure Essentials series.
Go get your copy here.

More replies
Relevance 63.96%

HI I was trying to download some software online. There was some problems in downloading.When I asked the supplier of that software (trusted source), he advised me that I do not have control of my computer.He suggested that I need to go to properties of the c drive, properties, click permission for all users on the computer. I tried doing that but the computer refuses to grant me control. I have an acer aspire. Can you please help?

Answer:security permission to be user on the computer

The message I get when I try to click full control and modify under User in teh security tab, it says that it cannot access file and the access is denied because it is being used by another process. 

1 more replies
Relevance 63.96%

HI I was trying to download some software online. There was some problems in downloading.When I asked the supplier of that software (trusted source), he advised me that I do not have control of my computer.He suggested that I need to go to properties of the c drive, properties, click permission for all users on the computer. I tried doing that but the computer refuses to grant me control. I have an acer aspire. Can you please help?

Answer:security permission to be user on the computer

The message I get when I try to click full control and modify under User in teh security tab, it says that it cannot access file and the access is denied because it is being used by another process. 

1 more replies
Relevance 63.96%

HI I was trying to download some software online. There was some problems in downloading.When I asked the supplier of that software (trusted source), he advised me that I do not have control of my computer.He suggested that I need to go to properties of the c drive, properties, click permission for all users on the computer. I tried doing that but the computer refuses to grant me control. I have an acer aspire. Can you please help?

Answer:security permission to be user on the computer

The message I get when I try to click full control and modify under User in teh security tab, it says that it cannot access file and the access is denied because it is being used by another process. 

1 more replies
Relevance 63.55%

How to Block Internet on local Windows XP PC but Not "Skype" and other Locally hosted WebPages { I means 192.168.0.2, 127.0.0.1 and etc } ?

Here is my Network :

Internet Lease Line---> CentOS Server(with 2 lan cards)---> Local Lan----> Windows XP ( Gateway defined as server IP)

Answer:Block Internet but Not Skype and Local WebPages Hosted on Local Lan Server

I have 2 users, admin and agent(limited access)

9 more replies
Relevance 62.73%

So heres my issue.

I'm on a domain here at my office. I have files stored on my server I need to access (client info). When I need to troubleshoot a client's system, I logon to their VPN and now I can access their server to do work. However, I no longer have access to my own network, because im on their VPN.

What can I do to keep local access to my own network when im on their VPN. Is installing a 2nd network card possible, if so, how would i handle the vpn/local access, via the route command in dos??
 

Answer:How To Keep My Local Network When Joining A VPN

If it just standard windows VPN then you can split the tunnel

http://technet.microsoft.com/en-us/library/bb878117.aspx

If its Cisco etc then this may be an issue.
 

17 more replies
Relevance 62.73%

Hi

I mistakenly changed the user access permissions to a folder in order to fix a problem where an update to a program would not install as it did not have the required permissions. I'm pretty much inept at this, so I have no idea what the permissions should look like for the folder in question.

I was told that I could simply delete the file and reinstall the application completely to reset the access permissions by a friend of mine, but I now cannot delete the file. It asks for permission from DESKTOP-H8EAS90\User to delete, but I have no idea what this is and cannot find out through google.

If any information is required to give advice on what is happening feel free to ask.

Thanks

Answer:Deleting a file requires permission from a user that is not on this computer?

If you do not know what you are doing, it is best to leave the Permissions alone. As you have seen, this can cause great harm.
For this one file you can Take Ownership of it

2 more replies
Relevance 62.32%

Hi ,How are you. I get this error over and over again in the Event Viewer:

 DCOM
1203 - Description              : The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

                                  {D63B10C5-BB46-4990-A94F-E40B9D520160}
                                   and APPID

                                  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
                                   to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19)
from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Could you tell me exactly... Read more

More replies
Relevance 62.32%

I am receiving the following error in the Event Viewer from the source DistributedCOM (Windows 8.1 64 bit) :
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID class identitification
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID identification
{316CDED5-E4AE-4B15-9113-7055D84DCC97} 
 to the user Lenovo\Ewa with security identification SID
(S-1-5-21-1287633286-651115146-4152900111-1001) from the address LocalHost (using

LRPC) acting in the application container with identity SID
ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e
(S-1-15-2-720185855-2675332291-2976434075-758544043-626028312-300598871-2309835828.
This security permission can be modified using the Component Services administrative tool.
It regards Zinio Reader application.
Please advice how can I fix the problem.
Thanks and best regards, Ewa

Answer:The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

Hi Ewa,
It's just a example instead of your real ID.
The ID of yours {316CDED5-E4AE-4B15-9113-7055D84DCC97} must be in that list. Have you attempt to find it?
I have search it on my lab computer(Windows 8.1)as below:
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

8 more replies
Relevance 61.91%

Hi I just bought a new computer for my mother in law. I created the first account..that is an administrator for my mother in law. Then I used her account to create another admin account for myself. This is for Windows 10. I logged in with my microsoft ID and everything looked fine. Then I started discovering things weren't working properly in the account so I contacted support for my computer.

They thought that maybe I should create a new user account and see if that fixes the bugs. The support person created an account called "Test." Once I examined "Test" to see if everything was functional, and it was, I deleted my old/original account and logged in with my microsoft ID on the "test" account. From the main screen it shows my picture, and when I log in, my walpaper and other settings are there. It even shows my proper name in the account.

I thought everything was ok, but then I went into the user directory from CMD and noticed that my user directory was still called test and that the account I deleted was still showing up.

What I want to do is have my user account name in CMD associated with my microsoft id email address like it originally was.

Now when I see file paths in my account I"m noticing that all the files point to user/test...I want it to be user/myname not user/test. Even though my account works perfectly, and all my stuff is there...I'm finding it an annoyance that the test directory is the DOS name for my account. I want... Read more

Answer:How do I change my user directory name on the computer? Windows 10

Rename User Account Folder in Windows 10 Preview - Microsoft Community
Method 2

Also read:
User Profile Folder - Change User Account Folder Name - Windows 7 Help Forums
User Folder Name not correct - how to change? - Windows 10 Forums
is it possible to change user's name in windows 10 ? - Windows 10 Forums
for example.

Note: I've never tried this, and would view this as hazardous if you get it wrong.

Therefore I would strongly advise you to
a. create a disk image (everyone is strongly recommended to use disk imaging routinely here) before proceeding
b. also enable (if not enabled) system restore and create a restore point -noting sometimes difficulty with these is experienced, hence (a) as well.

Disk imaging:
Creating disk images lets you restore Windows and all your disks and partitions to a previous working state, quickly and probably without technical help.

You can recover from:
- a failed disk drive (restore to a new one)
- ransomware (which encrypts your disk)
- user error
- unrecoverable problems from failed updates to problem programs
- unbootable PC (hardware faults aside)

Images also act as a full backup- you can extract files too.

You can even use images to help you move more easily and quickly to a new PC.

Imaging can even help you sleep at night knowing you have a second chance.

Many here recommend Macrium Reflect (free) as a good robust solution and more reliable than some others. It?s
- more feature rich
- more flexible
- more reliable
than Windows... Read more

4 more replies
Relevance 61.91%

Hi I just bought a new computer for my mother in law. I created the first account..that is an administrator for my mother in law. Then I used her account to create another admin account for myself. This is for Windows 10. I logged in with my microsoft ID and everything looked fine. Then I started discovering things weren't working properly in the account so I contacted support for my computer.

They thought that maybe I should create a new user account and see if that fixes the bugs. The support person created an account called "Test." Once I examined "Test" to see if everything was functional, and it was, I deleted my old/original account and logged in with my microsoft ID on the "test" account. From the main screen it shows my picture, and when I log in, my walpaper and other settings are there. It even shows my proper name in the account.

I thought everything was ok, but then I went into the user directory from CMD and noticed that my user directory was still called test and that the account I deleted was still showing up.

What I want to do is have my user account name in CMD associated with my microsoft id email address like it originally was.

Now when I see file paths in my account I"m noticing that all the files point to user/test...I want it to be user/myname not user/test. Even though my account works perfectly, and all my stuff is there...I'm finding it an annoyance that the test directory is the DOS name for my account. I want... Read more

More replies
Relevance 61.5%

Hi everyone. I feel dumb...but...

When joining an XP Pro computer to a 2003 domain, how can I get the local profile to match up with the Active Directory logon? To clarify, when logging on to the Domain, I want to have the same desktop/my docs/everything as I do when logging on locally. I have to be missing something, this should be easy right?

Thanks in advance!
 

Answer:Joining a domain, saving local profile..?

this is probably just me, but i don't understand the question. either i don't know enough and can't help you or you're phrasing it wrong.

at any rate, i think it's something to do with networking, so why not give the Networking FAQ a try?
 

26 more replies
Relevance 61.5%

I am trying to create an "End-User" Friend Company Directory site that links to field in Active Directory.

Active Directory is currently hosted on Server 2003 with latest Service packs.

I have seen several pieces of software such as People Updater/Finder most of which do more than I want to do.

Any suggestions on a CHEAP or even FREE solution?

Thanks.

-- BS
 

Answer:Active Directory to Company Directory

How often will you update this?

If its a one time deal, excel, Dsquery/ dsget and a little vbs/ JS can get you done... querying the LDAP is not too hard to put into a txt file or xls. Cleaning it up can be depending on how much you want to put into the development.
 

1 more replies
Relevance 61.09%

Hi,

Whenever I try to navigate through my user directory (C:\Users\MyName), sometimes it takes ages for the computer to respond. This was happening earlier when I was trying to access AppData so I could fix a GreaseMonkey script.

Once the computer "unfreezes" (it doesn't really freeze, as I can use the mouse and other applications that don't have Explorer interfaces open), it seems that I can browse the same directories unimpeded for a time, but this is a regular occurrence, and something must be wrong, or some service that should be running is not.

I'm fairly proficient with computers, but this has me stymied. Thanks in advance for any help or suggestions.

Answer:Computer behaves very slowly when browsing within my User directory

I would look at any third-party software you have including security software.

1 more replies
Relevance 61.09%

I just renamed my PC and would like to rename the default user folder to match the name.  Is there an easy way to do so?  There is no option to rename the folder.  Please advise.  This is causing conflicts with my printing/scanning
ability through our network.
Thanks.

Answer:How to rename a default user directory after changing computer name?

Hi,
 
You can change your user name, but it is hard to change the user profile folder name. If you want to change it indeed, I suggest you could create a new user profile
to match your computer name.
 
Alex Zhao
Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

16 more replies
Relevance 60.27%

Hi, we upgraded from sbs2003 server to sbs2008 server. We removed the pc from the old domain and then added it to the new domain. Something went wrong after we joined the new domain it doesn't see the new domain for login and the local Administrator account has been disabled. The only account available is the guest account. Is there a way to enable the local administrator account again?

Answer:Can't login to local admin account after joining sbs2008 domain

You can try this but without any slides or full explanation.. I don't know....

If you can go into a user account with administration rights than you can go into command prompt and type:

Note: elevate the dos command to admin

net user administrator /active:yes

If you cannot log into an admin account: than you have to boot into dos from a bootable CD

4 more replies
Relevance 59.86%

Hi there.. is there someone that could help me out? I've searched and searched but have not found a satisfying error free answer yet..: (well, 2 questions actually...)
1.
I want to move the entire User Folder in my Vista OS in a different alltogether hard drive.
instead of c:\users\myusername...I want something like f:\my_folder_users\myusername
This would also apply to os folders such as AppData, and default location of file allocation, ie Microsoft or Adobe.
I am aware that you can move specific user folders but not the entire tree... Any help with that?

2.
I want to move the default target installation directory for any new application... I mean you can do it the manual way but some of the programs may not allow this, or even addons...

Any help greatly appreciated...
M.
 

Answer:Moving the User directory & default installation directory

I'm not answering this with any great confidence that you are not going to get into trouble here, but the default locations for the "current user" -- what you are talking about in item 1 -- are covered in this registry location:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

You might find some more information here:

http://www.kellys-korner-xp.com/xp_shell_folders.htm

I could be wrong, but I don't think there is a way to get setup programs to automatically offer that.
 

2 more replies
Relevance 58.63%

Hey there,

I've been looking on several forums to find an answer to solve my problem, but couldn't find anything, so here it comes.

I am having a big problem with saving files on my computer. When I try to save anything (.doc, .avi, .mp3, .sav and so on) to my C: Harddisk (which is internal, not external) there is a message which says: "you do not have permission to save in this directory, contact the administrator to obtain permission, and I am then asked if I want to save it in "My documents" instead. However, I am the only user on this computer, and I am administrator. And it's a harddisk ?n my computer. Shouldn't I be able to just save files there?

by the way, I can save files on my desktop and in my documents. i can also transfer files from there to the C: harddisk, although I have to authorize those actions. But I can't save them from the programme I'm working with.
Another, totally different problem is as follows. In my control panel, certain buttons dont work. for example, i cant click: "delete a programme", but have to click "programmes" >> "programmes and other parts"(not sure, my pc is in a different language). The button "delete a programme" simply doesn't work.
finally, a third problem. i can practically always work my way around it, but sometimes when I want to install a programme, I get the message: "unable to initialize installer GUI". I don't know what to do about it, and I can't fi... Read more

Answer:You do not have permission to save in this directory

When I try to save files from the net I get a message You do not have permission to save in this directory. and asks if I want to save it in My documents instead. I respont yes but when I try to save the same file in my documents I get the same message - You do not have permission to save in this directory.

2 more replies
Relevance 58.63%

Hi,

I'm not sure if this is a problem relating to my cd rw drive or with the programme I'm attempting to back up from. I have an hp pavillion pc, I never have issues burning cds, however, I am running MYOB accounting pluc V16, when I go to backup and I select my cd rw drive, irrespective of whether its a brand new or previously used rewritable disk, I get a message saying 'you do not have permission to save in this directory. See the administrator to obtain permission.'

This is weird, to me anyway!! I am the administrator of both this pc, and also the MYOB programme. I can save the back up to a my docs file, and then burn to the cd without problem, I have also, previously been able to backup straight to my CD RW drive from this programme, now however, I can't. Its frustrating and time consuming having to save to a file, then open my burning software, and resave to CD.

Do you have any idea how I can fix this. Any suggestions would be much appreciated.

Thanks
 

Answer:No permission to save in directory

8 more replies
Relevance 58.63%

My XP Professional is trying to log on to a domain, my problem is that this is a local computer.In the login display there is no choice between local/domain/workgroup. Only one user "Administrator" and I do know that the password is empty.From the above you can se that I'm stuck.Starting up the machine shows only one user "Administrator", trying to log in here just tells me that the system can't find the "Domain "Computer.Normally you can press options to get a choice of local/domain but this is not the case.Hope for some help!!

Answer:Can't login as local user ..... Domain Computer not found

It should not have changed to a domain computer. Can't even being to think how that happened by accident. Usually someone does it.You should still be able to log on as a local admin user in safe mode. Try that maybe.Hang up and live.

11 more replies
Relevance 58.63%

Here are the steps I took. Please tell me if I should have done differently.

1. On the server end add the user and computer to the domain in advance.

2. Fresh install windows 10 and make the first username Admin.

3. Once at desktop rename PC to match PC name on domain i.e. Workstation001.

4. Add computer to mydomain.local and when asked for username and password I entered the credentials for the new user.

5. Restarted the PC and signed into mydomain\newuser without any problems.

However now when I try to access the original local Admin account by typing 'Workstation001\local Admin' as the username and then the password. It keeps saying password invalid.

So I logged back into the domain account and tried resetting the password to Admin and then tried signing in as admin again, still no luck.

Currently there are 2 accounts on the computer one of them is a local/domain account for newuser and the other is a local Admin account which I cannot access.

What kind of glitch is this? Should I have not joined the domain through the original Admin account and instead added a local user to the PC 'newuser' and then sign in as that user locally then add them to the domain through their own local account? I didn't think this was necessary.

More replies
Relevance 58.63%

Here are the steps I took. Please tell me if I should have done differently.

1. On the server end add the user and computer to the domain in advance.

2. Fresh install windows 10 and make the first username Admin.

3. Once at desktop rename PC to match PC name on domain i.e. Workstation001.

4. Add computer to mydomain.local and when asked for username and password I entered the credentials for the new user.

5. Restarted the PC and signed into mydomain\newuser without any problems.

However now when I try to access the original local Admin account by typing 'Workstation001\local Admin' as the username and then the password. It keeps saying password invalid.

So I logged back into the domain account and tried resetting the password to Admin and then tried signing in as admin again, still no luck.

Currently there are 2 accounts on the computer one of them is a local/domain account for newuser and the other is a local Admin account which I cannot access.

What kind of glitch is this? Should I have not joined the domain through the original Admin account and instead added a local user to the PC 'newuser' and then sign in as that user locally then add them to the domain through their own local account? I didn't think this was necessary.

Answer:Can't login as local user after adding a computer to a domain

Maybe the first answer here?
windows - Allow users to log on to computers in a domain - Server Fault

3 more replies
Relevance 58.63%

Hi!

I've been trying to set Windows Firewall to behave like that, but can't figure how.

In two lines, I want this:

- Every attempt to connect to internet is blocked, and a pop-up warns about it and ask for permission.

- There's a "remember this action" checkbox so you only have to authorize Chrome, Mozilla, utorrent and other main internet apps once.

I'm pretty sure years ago this was the default behavior of Windows Firewall, wasn't it? Anyway, I'm trying to setup firewall to this, but can't see how. I've tried the most evident tweaks in Firewall setup, but I must be missing something.

Any help? Thanks in advance!

Answer:Set Windows Firewall to block everything and ask for permission

With the Windows firewall, it's not possible to do what you want. The fundamental lacking feature you're looking for are connection attempt notifications, which it doesn't have.

It has the ability to block outgoing connections (which is disabled by default), but you can enable and fine tune them on the advanced firewall settings, putting the rules to allow only certain programs to connect under certain protocols and ports. However, when a connection is blocked due to those rules, the firewall will NOT warn you (without chance of allow/deny), the program will simply fail with an access denied.

You may use a third party programs that attempt to give back those notifications. I've used Windows Firewall Notifier - Home, with limited success, but didn't find that useful. Give it a try at least. But if you really want reliable notifications, a good thing, I'm afraid you should begin to look at other, more serious firewall options.

6 more replies
Relevance 58.22%

I run windows 7 premium 64 and all of the sudden I stated to get this popup after windows loads that says
"C:\User\Lori-Bee\AppData\Local\Temp\032150Log.iniis lost"
How can I fix this?...I tried check disk running CCleaner ....No difference

Answer:C:\User\User -User\AppData\Local\Temp\032150Log.iniis lost

Hi there ... Read the Link below and follow the Instructions ..
ASUSTeK Computer Inc.-Forum- Error 182418Log.iniis lost

7 more replies
Relevance 58.22%

I have a directory on a XP machine that I can no longer do anything with. I have no idea how it got into this state. When I try to go into it by the command prompt or Windows Explorer, I get the following message:

"c:\extract is not accessible
Access is denied."

If I try to delete it by either Windows Explorer I get the following message:

"Cannot delete extract: Access is denied
Make sure the disk is not full or write-protected and
that file is not in use."

Does any know how to change the permissions so that I can access it again or even delete it?

TIA,
Keith
 

Answer:Wierd Xp Directory Permission Problem

try booting into safemode and deleting it that way
 

6 more replies