On Wed, 17 Jun 2009 01:06:07 +0530, Kord <Kord.3tw47a@DoNotSpam.com I am wondering if anyone has had any experience with whitelisting executables via a GPO. I have not yet tried this and am thinking about moving towards this as an added measure of prevention and security. Any thoughts/comments/real world experience would be great. Also, any links to papers discussing this would help too. -- Kord ------------------------------------------------------------------------ Kord's Profile: ht...

Hi! I wanted to know whether there is a best practice/recommendation for following scenario. - A windows 2003 domain has a service - To access this service from windows (and as well as linux) machines, domain wide service account/accounts needs to be used. - This service will be accessed by multiple machines from within the domain. What I am trying to find is in the scenario mentioned above is whether there exists best practice/recommendation for either of following two options: a) use ONE se...

On Wed, 13 May 2009 03:09:01 -0700, Paul <Paul@discussions.microsoft.com Hi, We have a multi domain multi site 2003 forest and experiencing a lot of event ID’s 1865 and 1311. Our organization is administered by many System Administrators and all of them have different opinions on the best way to setup Sites and Services. My understanding is there are two ways in which Sites and Services could and should be setup: 1 Create multiple sites place a DC within the site and assign the subn...

On Tue, 12 May 2009 05:14:02 -0700, Brendon B <BrendonB@discussions.microsoft.com I am trying to re-create our live environment in the lab for some testing that needs to be done. I took a snapshot of 1 of our root DC's and one of our other DC's using Vmware converter and I have them both up in a virtual lab. I obviously didn't think about the fact that one of them would suffer from a USN rollback due t othe other having newer information about it (The vmware conversion runs 1 at a time...

On Mon, 4 May 2009 07:13:19 -0700, John McC <JohnMcC@discussions.microsoft.com Hi All, I hope this sis hte correct place to ask my question. We have a single forest active directory with two domain trees. We are now starting another company within the business thousands of mile away from our company head office. The new business will have its own IT department but some IT related work will still be done from HQ. The IT team in the remote office will not need access to any resources...

On Sat, 2 May 2009 21:22:02 -0700, Taz1972 <Taz1972@discussions.microsoft.com Hi, For some reason I no longer get the rpc error - strange because I haven't even touched dns??? Anyway, now I get a different error: Thus I am Unable to Create RUS Instances However, I found this possible solution in msexchange.org forums: 1. Made the server that was failing in the RUS connection into a GC. 2. Added Domain Admins group of source domain to administrators group of target domain. 3. Force...

On Mon, 27 Apr 2009 10:24:39 -0400, "Ace Fekay [Microsoft Certified Trainer]" <aceman@mvps.RemoveThisPart.org <momo2804@gmail.comnews:904f248e-2076-4948-8802-2341792bd5ed@l16g2000pra.googlegroups.com... If anything is in the Netlogon folder that gets changed, that is if you have anything in there, that will trigger a full replication. My concern is that you *may* (just guessing at this point) a piece of malware. The Conficker bug propagates using shares, but the only thing I that c...

On Mon, 13 Apr 2009 11:46:47 -0700, Steve Goddard <SteveGoddard@discussions.microsoft.com Hey Guys, I've always worked with a DMZ domain but after reading into my MCSE stuff I find a strong case for creating and managing the one domain. The more I think about I just think that the DMZ just doesn't have a case for separation. High Security can be applied by GPO's on that OU, domain admin accounts can should already be secured by policy and we should all use secondary non-admin accoun...