More servicesWindows Live
HomeHotmailSpacesOneCare
 
MSN
Sign in
 
 
Spaces home  eentropyPhotosProfileFriendsMore Tools Explore the Spaces community

Music lists index
There are no music lists on this space.

Friends (1)
View space
Vitaly Kuznetsov

eentropy

Blog
September 04

Accounts: Administrator account status

The Security and Countermeasure Guide* said about the Accounts: Administrator account status local policy settings:

Under safe mode boot, the Administrator account is always enabled, regardless of this setting.

 

Yes, the Local Administrator Account is enabled under safe made boot, but the Account is disabled checkbox is still checked. You can uncheck it, of course.

 

Also you can uncheck it if you are logged under Domain Administrator account.

 

*Security and Countermeasures Guide.pdf, Version:  1.2, Date Published: 10/19/2004 

11:53 AM | Add a comment | Send a message | Permalink | View trackbacks (0)
August 28

Advanced Client Push installation on Windows XP

Advanced Client Push installation depends on two options:
• Advanced Client Push installation account.
• Windows Firewall: allow remote administration exception. 
 
On SMS server you must enter Advanced Client push installation account even if you are logged with local administrator rights on the workstation.
On the workstation you must allow remote administration exception in addition to the File and printer sharing exception.
 
*
MS SCCM 2007 RC1
MS Windows XP Prof Ru with SP2
4:05 PM | Add a comment | Send a message | Permalink | View trackbacks (0)
August 13

Office Communicator 2007: no legacy

You can't use Office Communicator 2007* with LCS 2005. It says "Cannot sign in because the server version is incompatible with Microsoft Office Communicator 2007 Public Beta.". 
 
Broken Microsoft legacy again.
 
*
MS Office 2007 Communicator 2007 Public Beta
12:44 PM | Add a comment | Send a message | Permalink | View trackbacks (0)
August 03

If you rename the SMS client you lost it

If you rename the SMS client you lost it as an advanced client. This is by design.

Prerequisites
The w13 computer is an AD-domain member. It’s assigned to the SMS site and advanced client is installed on it.

Reproduction steps
1. Rename the w13 computer to w20.
2. On the SMS-server run Smsconsole.
3. Run AD-discovery, update collection and refresh it.
4. There are two computers in the All Windows XP systems collection – w13 and w20. w20 has client status "No".

Expected Results

1. Rename the w13 computer to w20.
2. On the SMS-server run Smsconsole.
3. Run AD-discovery, update collection and refresh it.
4. There is one computer in the All Windows XP systems collection – w20. w20 has client status "Yes".

* MS SMS 2003; MS SCCM 2007

11:07 AM | Add a comment | Read comments (1) | Send a message | Permalink | View trackbacks (0)

Prerequisite Check failed

At the Installation Prerequisite Check Options step you can enter SQL Server and Management point addresses.
 
  • If you enter inaccessible Management Point name then the Prerequisite Check failed with errors:
    Administrative share (Site system)
    Unsupported site server operating system version for setup
    Domain membership
    Short File Name (8.3) Support (Site system)
    IIS service running
    BITS installed
    BITS enabled
    WebDAV installed
    WebDAV enabled
I think the Prerequisite Check is slightly stupid. It doesn’t check computer accessibility at all. 
 
*
Installation package: MS SCCM 2007 RC1
OS: MS Windows Server 2003 Enterprise Edition, 5.2.3790 Service Pack 1 Build 3790.
10:57 AM | Add a comment | Send a message | Permalink | View trackbacks (0)
July 19

Network discovery using DHCP data

A few days ago I enabled the Network Discovery method to assign computer W02 (11.0.0.25) to the SMS-site. On the DHCP tab I entered IP address 10.0.0.1. There is also suitable option “Always use the site server’s DHCP servers” but I didn’t use it intentionally. Also I created “IP Subnet”-type boundary Subnet ID: 11.0.0.0.
 
I ran Network Discovery process manually but the Network discovery method doesn’t found w02.
In the netdesc.log file there was the error:

DC: Network discovery initialising~  $$<SMS_NETWORK_DISCOVERY><Пн июл 16 18:23:46.641 2007 Caucasus Daylight Time><thread=3124 (0xC34)>

ADM: DHCP: Retrieving subnets from server <10.0.0.1>.~  $$<SMS_NETWORK_DISCOVERY><Пн июл 16 18:23:48.775 2007 Caucasus Daylight Time><thread=3184 (0xC70)>

ADM: DHCP: Error retrieving subnets from server <10.0.0.1>, error <0x5>.~  $$<SMS_NETWORK_DISCOVERY><Пн июл 16 18:23:49.005 2007 Caucasus Daylight Time><thread=3184 (0xC70)>

 

I made a little research and found the answer with the help of the SCCM 2007 beta team. SMS server computer account is not a member of the DHCP Users domain group and so it doesn’t have access to the DHCP server. And so it cannot retrieve subnets and other information from DHCP server.

 

Windows Server 2003 Product Help said us:

Group: DHCP Users (installed with the DHCP Server service)

Description: Members of this group have read-only access to the DHCP Server service. This allows members to view information and properties stored at a specified DHCP server. This information is useful to support staff when they need to obtain DHCP status reports.

 

Workaround was relatively simple. I added computer account OM01 to the “DHCP Users” domain users group, restarted computer OM01 and ran the Network Discovery again. Then I selected the All Systems collection, ran the Update membership option, and then Refresh option. After all I saw W02 in the collection. His status was desirable: Assigned.

 

Here are parts from the netdisc.log file.

DC: Network discovery initialising~  $$<SMS_NETWORK_DISCOVERY><Чт июл 19 12:15:32.852 2007 Caucasus Daylight Time><thread=192 (0xC0)>

ADM: DHCP thread started.  Thread ID <0x00000A10>~  $$<SMS_NETWORK_DISCOVERY><Чт июл 19 12:15:34.124 2007 Caucasus Daylight Time><thread=2576 (0xA10)>

ADM: DHCP: Server <10.0.0.1> reported device <11.0.0.25 255.0.0.0 00:03:FF:A2:F8:59 W02>~  $$<SMS_NETWORK_DISCOVERY><Чт июл 19 12:15:34.555 2007 Caucasus Daylight Time><thread=2576 (0xA10)>

DC: Device reported by NEW_SYSTEM <11.0.0.25 255.0.0.0>~  $$<SMS_NETWORK_DISCOVERY><Чт июл 19 12:15:34.555 2007 Caucasus Daylight Time><thread=2576 (0xA10)>

ADM: ICMP: Address <11.0.0.25> did respond to a ping.~  $$<SMS_NETWORK_DISCOVERY><Чт июл 19 12:15:34.565 2007 Caucasus Daylight Time><thread=1888 (0x760)>

 

Notes about my network

**

My routed network includes servers that are members of subnet 10.0.0.0/8, and workstations - members of 11.0.0.0/8. Alone domain controller DC01 (IP: 10.0.0.1) works as DNS- and DHCP-server. Workstations can receive IP addresses through DHCP relay agent.

 

SMS-server is installed on domain member OM01 (IP:10.0.0.10) and works fine on the whole.  SMS-site boundary spans the Default-First-Site-Name AD-site.

3:42 PM | Add a comment | Read comments (1) | Send a message | Permalink | View trackbacks (0)
July 11

All Users Group collection

  • Run the SMS Administrator console.
  • Run Active Directory Security Group Discovery.
  • Point to the " (...) Collections / All Users Group" object, update
    membership and refresh the collection.
  • There are only domain security groups. Not domain distribution groups.

It was in SMS 2003 and we'll get it in SMS 2007.

So I think the All Users Group collection must be named as "All Security
Groups".

 

2:41 PM | Add a comment | Send a message | Permalink | View trackbacks (0)
View more entries
 

Photos
There are no photo albums.