| Author |
Messages |
|
akimmons
Posts:8
 |
| 05/08/2008 4:06 PM |
|
Hello Gurus,
I have a question concerning local administrator rights.
Here is my setup:
Server/Network
Server 2003 Active Directory, single domain controller, Exchange 2003
member server, (both fully patched as of April) small network with Cisco
6509 core, and all Cisco Wiring Closet switches.
Workstation
Gateway units with XP Pro, IE7, fully patched as of April, joined to
the domain.
No group Policies in effect (I am still a newbie and doing things the
hard way  .
We use a Web based software application that requires a java plug in
(jinitiator).
If I run the application logged in as the default local system
administrator, it works.
If I run the app logged in as a domain user, it won't work.
If I run the app logged in as a domain administrator, it won't work.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
If I run the app as any other type user I can think of except the
default local administrator, then use the "run as" option and choose
the default local administrator, it won't work. (I have used this
option for a couple of other apps such as a web based mainframe
terminal emulation, and it did work. For this one, it will not.)
I do not want this secretary to run as a local admin for everything she
does.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?
Can those rights be granted to a "created local administrator"? If so,
how?
Is there some way to grant "more rights" to the "run as option"?
Any guidance or pointing me in the right direction will be greatly
appreciated.
Anthony
Anthony Kimmons
Technology Coordinator
Mississippi School of the Arts
P O Box 229
Brookhaven, MS 39601
601-823-1354
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
kennedyjim
Posts:3
|
| 05/08/2008 4:16 PM |
|
Run regmon/filemon as a failing user and find out for sure where it fails. Probably something as simple as full access rights to a file or folder.
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
> Sent: Thursday, May 08, 2008 4:05 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Local Admin Rights Question
> Any guidance or pointing me in the right direction will be greatly
> appreciated.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
habr
Posts:10
|
| 05/08/2008 4:21 PM |
|
Anthony,
Once you get this fixed, you REALLY need to work on the "single domain
controller" problem.
RH
________________________________________
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org]On Behalf Of Anthony Kimmons
Sent: 08 May, 2008 4:05 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Local Admin Rights Question
Hello Gurus,
I have a question concerning local administrator rights.
Here is my setup:
Server/Network
Server 2003 Active Directory, single domain controller, Exchange 2003
member server, (both fully patched as of April) small network with Cisco
6509 core, and all Cisco Wiring Closet switches.
Workstation
Gateway units with XP Pro, IE7, fully patched as of April, joined to
the domain.
No group Policies in effect (I am still a newbie and doing things the
hard way .
We use a Web based software application that requires a java plug in
(jinitiator).
If I run the application logged in as the default local system
administrator, it works.
If I run the app logged in as a domain user, it won't work.
If I run the app logged in as a domain administrator, it won't work.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
If I run the app as any other type user I can think of except the
default local administrator, then use the "run as" option and choose
the default local administrator, it won't work. (I have used this
option for a couple of other apps such as a web based mainframe
terminal emulation, and it did work. For this one, it will not.)
I do not want this secretary to run as a local admin for everything she
does.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?
Can those rights be granted to a "created local administrator"? If so,
how?
Is there some way to grant "more rights" to the "run as option"?
Any guidance or pointing me in the right direction will be greatly
appreciated.
Anthony
Anthony Kimmons
Technology Coordinator
Mississippi School of the Arts
P O Box 229
Brookhaven, MS 39601
601-823-1354
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
akimmons
Posts:8
|
| 05/08/2008 4:26 PM |
|
I found it with Google. I have just downloaded it, and will try it
out.
Thanks for the direction. I will let you know if this works.
Anthony
>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM >>>
Sorry, it's called process monitor now....
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
> Sent: Thursday, May 08, 2008 4:11 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
>
> Run regmon/filemon as a failing user and find out for sure where it
> fails. Probably something as simple as full access rights to a file
or
> folder.
>
>
> > -----Original Message-----
> > From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> > owner@mail.activedir.org] On Behalf Of Anthony Kimmons
> > Sent: Thursday, May 08, 2008 4:05 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: [ActiveDir] Local Admin Rights Question
>
>
> > Any guidance or pointing me in the right direction will be greatly
> > appreciated.
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
kennedyjim
Posts:3
|
| 05/08/2008 4:26 PM |
|
I just noticed 'school'.
Are you playing with ESIS by any chance, is that the software in question?
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
> Sent: Thursday, May 08, 2008 4:23 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I have the hardware in the rack.
>
> I will tackle it when school lets out in a couple of weeks.
>
> Hope it lasts that long
>
>
>
> >>> "Rocky Habeeb" <habr@jws.com> 05/08/08 2:21 PM >>>
> Anthony,
>
> Once you get this fixed, you REALLY need to work on the "single domain
> controller" problem.
>
> RH
> ________________________________________
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org]On Behalf Of Anthony
> Kimmons
> Sent: 08 May, 2008 4:05 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Local Admin Rights Question
>
>
> Hello Gurus,
>
> I have a question concerning local administrator rights.
>
> Here is my setup:
>
> Server/Network
> Server 2003 Active Directory, single domain controller, Exchange 2003
> member server, (both fully patched as of April) small network with
> Cisco
> 6509 core, and all Cisco Wiring Closet switches.
>
> Workstation
> Gateway units with XP Pro, IE7, fully patched as of April, joined to
> the domain.
>
> No group Policies in effect (I am still a newbie and doing things the
> hard way .
>
> We use a Web based software application that requires a java plug in
> (jinitiator).
>
> If I run the application logged in as the default local system
> administrator, it works.
>
> If I run the app logged in as a domain user, it won't work.
>
> If I run the app logged in as a domain administrator, it won't work.
>
> If I run the app logged in as a local administrator created on the
> local machine with no domain rights, it won't work.
>
> If I run the app as any other type user I can think of except the
> default local administrator, then use the "run as" option and choose
> the default local administrator, it won't work. (I have used this
> option for a couple of other apps such as a web based mainframe
> terminal emulation, and it did work. For this one, it will not.)
>
> I do not want this secretary to run as a local admin for everything
> she
> does.
>
>
> Here is the question:
>
> What rights does a default local administrator have that are missing
> from a local user granted local machine administrator rights by adding
> them to the "Machine Administrators Group"?
>
> Can those rights be granted to a "created local administrator"? If
> so,
> how?
>
> Is there some way to grant "more rights" to the "run as option"?
>
> Any guidance or pointing me in the right direction will be greatly
> appreciated.
>
> Anthony
>
>
>
>
>
> Anthony Kimmons
> Technology Coordinator
>
> Mississippi School of the Arts
> P O Box 229
> Brookhaven, MS 39601
>
> 601-823-1354
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
akimmons
Posts:8
|
| 05/08/2008 4:36 PM |
|
The application is called MSIS (Mississippi Student Information
System).
It is a custom written conglomerate running Oracle on a Sun box.
>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:25 PM >>>
I just noticed 'school'.
Are you playing with ESIS by any chance, is that the software in
question?
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
> Sent: Thursday, May 08, 2008 4:23 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I have the hardware in the rack.
>
> I will tackle it when school lets out in a couple of weeks.
>
> Hope it lasts that long
>
>
>
> >>> "Rocky Habeeb" <habr@jws.com> 05/08/08 2:21 PM >>>
> Anthony,
>
> Once you get this fixed, you REALLY need to work on the "single
domain
> controller" problem.
>
> RH
> ________________________________________
>
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org]On Behalf Of Anthony
> Kimmons
> Sent: 08 May, 2008 4:05 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Local Admin Rights Question
>
>
> Hello Gurus,
>
> I have a question concerning local administrator rights.
>
> Here is my setup:
>
> Server/Network
> Server 2003 Active Directory, single domain controller, Exchange
2003
> member server, (both fully patched as of April) small network with
> Cisco
> 6509 core, and all Cisco Wiring Closet switches.
>
> Workstation
> Gateway units with XP Pro, IE7, fully patched as of April, joined to
> the domain.
>
> No group Policies in effect (I am still a newbie and doing things
the
> hard way .
>
> We use a Web based software application that requires a java plug in
> (jinitiator).
>
> If I run the application logged in as the default local system
> administrator, it works.
>
> If I run the app logged in as a domain user, it won't work.
>
> If I run the app logged in as a domain administrator, it won't work.
>
> If I run the app logged in as a local administrator created on the
> local machine with no domain rights, it won't work.
>
> If I run the app as any other type user I can think of except the
> default local administrator, then use the "run as" option and
choose
> the default local administrator, it won't work. (I have used this
> option for a couple of other apps such as a web based mainframe
> terminal emulation, and it did work. For this one, it will not.)
>
> I do not want this secretary to run as a local admin for everything
> she
> does.
>
>
> Here is the question:
>
> What rights does a default local administrator have that are missing
> from a local user granted local machine administrator rights by
adding
> them to the "Machine Administrators Group"?
>
> Can those rights be granted to a "created local administrator"? If
> so,
> how?
>
> Is there some way to grant "more rights" to the "run as option"?
>
> Any guidance or pointing me in the right direction will be greatly
> appreciated.
>
> Anthony
>
>
>
>
>
> Anthony Kimmons
> Technology Coordinator
>
> Mississippi School of the Arts
> P O Box 229
> Brookhaven, MS 39601
>
> 601-823-1354
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
robertsingers
Posts:57
|
| 05/08/2008 5:27 PM |
|
> We use a Web based software application that requires a java plug in
(jinitiator).
Hi Anthony, I've asked our Ops people to send me a copy of our user GPO
so I can check the specific details. From memory tho' to get Jinit to
work you need to give modify access to some directories, and potentially
one small part of the registry.
I also had to make it work on Citrix so I think my brain is actively
repressing the memory of the pain :-)
#############################################################################################
This e-mail message has been scanned for Viruses and cleared by NetIQ MailMarshal.
##############################################################################################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
CrawfordS
Posts:11
|
| 05/08/2008 5:32 PM |
|
I think you're barking up the wrong tree. Using process monitor is
helpful to find things a standard user needs access to, but your
original post indicated that it only works as the actual administrator
account. That means it's not a permission issue, it's the app actually
checking the username, in which case all the rights in the world won't
help.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony Kimmons
Sent: Thursday, May 08, 2008 3:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Local Admin Rights Question
I found it with Google. I have just downloaded it, and will try it
out.
Thanks for the direction. I will let you know if this works.
Anthony
>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM >>>
Sorry, it's called process monitor now....
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
> Sent: Thursday, May 08, 2008 4:11 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
>
> Run regmon/filemon as a failing user and find out for sure where it
> fails. Probably something as simple as full access rights to a file
or
> folder.
>
>
> > -----Original Message-----
> > From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
> > owner@mail.activedir.org] On Behalf Of Anthony Kimmons
> > Sent: Thursday, May 08, 2008 4:05 PM
> > To: ActiveDir@mail.activedir.org
> > Subject: [ActiveDir] Local Admin Rights Question
>
>
> > Any guidance or pointing me in the right direction will be greatly
> > appreciated.
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
miller4
Posts:8
|
| 05/08/2008 5:42 PM |
|
sorry, disagree. it is a perms issue.
jinit needs to write some junk somewhere outside the local profile (some
cache directory).
Thus, you need to grant Everyone write perms for this directory if you
can figure out where it is 
-mjm
Crawford, Scott wrote:
> I think you're barking up the wrong tree. Using process monitor is
> helpful to find things a standard user needs access to, but your
> original post indicated that it only works as the actual administrator
> account. That means it's not a permission issue, it's the app actually
> checking the username, in which case all the rights in the world won't
> help.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony Kimmons
> Sent: Thursday, May 08, 2008 3:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I found it with Google. I have just downloaded it, and will try it
> out.
>
> Thanks for the direction. I will let you know if this works.
>
> Anthony
>
>
>>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM >>>
>>>>
> Sorry, it's called process monitor now....
>
> http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
>
>
>
>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
>> Sent: Thursday, May 08, 2008 4:11 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: RE: [ActiveDir] Local Admin Rights Question
>>
>>
>> Run regmon/filemon as a failing user and find out for sure where it
>> fails. Probably something as simple as full access rights to a file
>>
> or
>
>> folder.
>>
>>
>>
>>> -----Original Message-----
>>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>>> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
>>> Sent: Thursday, May 08, 2008 4:05 PM
>>> To: ActiveDir@mail.activedir.org
>>> Subject: [ActiveDir] Local Admin Rights Question
>>>
>>
>>> Any guidance or pointing me in the right direction will be greatly
>>> appreciated.
>>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
CrawfordS
Posts:11
|
| 05/08/2008 6:02 PM |
|
I respectfully disagree with your disagreement
"We use a Web based software application that requires a java plug in
(jinitiator).
.
.
.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
.
.
.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?"
I suppose it's possible that some perms have been changed to allow only
the "Administrator" account, but I think that's far less likely than an
app checking the username to make sure it's the actual account. I know
nothing about jinit, so I don't disagree that it needs some extra perms,
but I do disagree that it needs more perms than a user of the local
administrators group has (by default). Note that the OP wasn't
specifically about jinit, but rather "a Web based software application",
which can have its own set of requirements.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael Miller
Sent: Thursday, May 08, 2008 4:40 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Local Admin Rights Question
sorry, disagree. it is a perms issue.
jinit needs to write some junk somewhere outside the local profile (some
cache directory).
Thus, you need to grant Everyone write perms for this directory if you
can figure out where it is
-mjm
Crawford, Scott wrote:
> I think you're barking up the wrong tree. Using process monitor is
> helpful to find things a standard user needs access to, but your
> original post indicated that it only works as the actual administrator
> account. That means it's not a permission issue, it's the app
actually
> checking the username, in which case all the rights in the world won't
> help.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony
Kimmons
> Sent: Thursday, May 08, 2008 3:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I found it with Google. I have just downloaded it, and will try it
> out.
>
> Thanks for the direction. I will let you know if this works.
>
> Anthony
>
>
>>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM >>>
>>>>
> Sorry, it's called process monitor now....
>
> http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
>
>
>
>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
>> Sent: Thursday, May 08, 2008 4:11 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: RE: [ActiveDir] Local Admin Rights Question
>>
>>
>> Run regmon/filemon as a failing user and find out for sure where it
>> fails. Probably something as simple as full access rights to a file
>>
> or
>
>> folder.
>>
>>
>>
>>> -----Original Message-----
>>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>>> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
>>> Sent: Thursday, May 08, 2008 4:05 PM
>>> To: ActiveDir@mail.activedir.org
>>> Subject: [ActiveDir] Local Admin Rights Question
>>>
>>
>>> Any guidance or pointing me in the right direction will be greatly
>>> appreciated.
>>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
akimmons
Posts:8
|
| 05/08/2008 6:32 PM |
|
I think ya'll are arguing a moot point.
The local administrator accounts on the boxes in question are all
renamed.... Administrator does not get you anywhere....
(Of course the local profile is saved under docs and settings using the
term "Administrator" but you can not log in by using the name
administrator)
FWIW
Additionally, I have tried installing jinitiator with the desired
account doing a "run as" the local admin. That doesn't work either.
I will try the process monitor tomorrow.
I am gone for the day.
Thanks for all the replies.
Anthony
>>> "Crawford, Scott" <CrawfordS@evangel.edu> 05/08/08 3:58 PM >>>
I respectfully disagree with your disagreement
"We use a Web based software application that requires a java plug in
(jinitiator).
.
.
.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
.
.
.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?"
I suppose it's possible that some perms have been changed to allow
only
the "Administrator" account, but I think that's far less likely than
an
app checking the username to make sure it's the actual account. I
know
nothing about jinit, so I don't disagree that it needs some extra
perms,
but I do disagree that it needs more perms than a user of the local
administrators group has (by default). Note that the OP wasn't
specifically about jinit, but rather "a Web based software
application",
which can have its own set of requirements.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael
Miller
Sent: Thursday, May 08, 2008 4:40 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Local Admin Rights Question
sorry, disagree. it is a perms issue.
jinit needs to write some junk somewhere outside the local profile
(some
cache directory).
Thus, you need to grant Everyone write perms for this directory if you
can figure out where it is
-mjm
Crawford, Scott wrote:
> I think you're barking up the wrong tree. Using process monitor is
> helpful to find things a standard user needs access to, but your
> original post indicated that it only works as the actual
administrator
> account. That means it's not a permission issue, it's the app
actually
> checking the username, in which case all the rights in the world
won't
> help.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony
Kimmons
> Sent: Thursday, May 08, 2008 3:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I found it with Google. I have just downloaded it, and will try it
> out.
>
> Thanks for the direction. I will let you know if this works.
>
> Anthony
>
>
>>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM
>>>
>>>>
> Sorry, it's called process monitor now....
>
> http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
>
>
>
>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
>> Sent: Thursday, May 08, 2008 4:11 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: RE: [ActiveDir] Local Admin Rights Question
>>
>>
>> Run regmon/filemon as a failing user and find out for sure where it
>> fails. Probably something as simple as full access rights to a file
>>
> or
>
>> folder.
>>
>>
>>
>>> -----Original Message-----
>>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>>> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
>>> Sent: Thursday, May 08, 2008 4:05 PM
>>> To: ActiveDir@mail.activedir.org
>>> Subject: [ActiveDir] Local Admin Rights Question
>>>
>>
>>> Any guidance or pointing me in the right direction will be greatly
>>> appreciated.
>>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
robertsingers
Posts:57
|
| 05/08/2008 6:37 PM |
|
The user needs modify access to somewhere like c:\program
files\oracle\Jinitiatorx.x.x.xx\lib\security and one of the registry
keys that they don't have by defualt.
I'm trying to make sense of my Advanced Installer project file for
repacking Jinit for install by GPSI, but I'm going to have to get admin
access to the domain so I can browse the GPOs for workstations and
users, and the citrix servers to find the other cunning things I did
late one night.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Crawford, Scott
Sent: Friday, 9 May 2008 9:59 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Local Admin Rights Question
I respectfully disagree with your disagreement
"We use a Web based software application that requires a java plug in
(jinitiator).
.
.
.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
.
.
.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?"
I suppose it's possible that some perms have been changed to allow only
the "Administrator" account, but I think that's far less likely than an
app checking the username to make sure it's the actual account. I know
nothing about jinit, so I don't disagree that it needs some extra perms,
but I do disagree that it needs more perms than a user of the local
administrators group has (by default). Note that the OP wasn't
specifically about jinit, but rather "a Web based software application",
which can have its own set of requirements.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael Miller
Sent: Thursday, May 08, 2008 4:40 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Local Admin Rights Question
sorry, disagree. it is a perms issue.
jinit needs to write some junk somewhere outside the local profile (some
cache directory).
Thus, you need to grant Everyone write perms for this directory if you
can figure out where it is
-mjm
Crawford, Scott wrote:
> I think you're barking up the wrong tree. Using process monitor is
> helpful to find things a standard user needs access to, but your
> original post indicated that it only works as the actual administrator
> account. That means it's not a permission issue, it's the app
actually
> checking the username, in which case all the rights in the world won't
> help.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony
Kimmons
> Sent: Thursday, May 08, 2008 3:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I found it with Google. I have just downloaded it, and will try it
> out.
>
> Thanks for the direction. I will let you know if this works.
>
> Anthony
>
>
>>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM >>>
>>>>
> Sorry, it's called process monitor now....
>
> http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
>
>
>
>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
>> Sent: Thursday, May 08, 2008 4:11 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: RE: [ActiveDir] Local Admin Rights Question
>>
>>
>> Run regmon/filemon as a failing user and find out for sure where it
>> fails. Probably something as simple as full access rights to a file
>>
> or
>
>> folder.
>>
>>
>>
>>> -----Original Message-----
>>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>>> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
>>> Sent: Thursday, May 08, 2008 4:05 PM
>>> To: ActiveDir@mail.activedir.org
>>> Subject: [ActiveDir] Local Admin Rights Question
>>>
>>
>>> Any guidance or pointing me in the right direction will be greatly
>>> appreciated.
>>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
TG
Posts:45
|
| 05/08/2008 6:37 PM |
|
it may not be looking for the name. Checking if it is the "500" account
will do just that. People that code that in, should be put in front of
the firing squad, though.
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 |
USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
"Anthony Kimmons" <akimmons@mde.k12.ms.us>
To:
ActiveDir@mail.activedir.org
Date:
05/08/2008 05:30 PM
Subject:
RE: [ActiveDir] Local Admin Rights Question
I think ya'll are arguing a moot point.
The local administrator accounts on the boxes in question are all
renamed.... Administrator does not get you anywhere....
(Of course the local profile is saved under docs and settings using the
term "Administrator" but you can not log in by using the name
administrator)
FWIW
Additionally, I have tried installing jinitiator with the desired
account doing a "run as" the local admin. That doesn't work either.
I will try the process monitor tomorrow.
I am gone for the day.
Thanks for all the replies.
Anthony
>>> "Crawford, Scott" <CrawfordS@evangel.edu> 05/08/08 3:58 PM >>>
I respectfully disagree with your disagreement
"We use a Web based software application that requires a java plug in
(jinitiator).
.
.
.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
.
.
.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?"
I suppose it's possible that some perms have been changed to allow
only
the "Administrator" account, but I think that's far less likely than
an
app checking the username to make sure it's the actual account. I
know
nothing about jinit, so I don't disagree that it needs some extra
perms,
but I do disagree that it needs more perms than a user of the local
administrators group has (by default). Note that the OP wasn't
specifically about jinit, but rather "a Web based software
application",
which can have its own set of requirements.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael
Miller
Sent: Thursday, May 08, 2008 4:40 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Local Admin Rights Question
sorry, disagree. it is a perms issue.
jinit needs to write some junk somewhere outside the local profile
(some
cache directory).
Thus, you need to grant Everyone write perms for this directory if you
can figure out where it is
-mjm
Crawford, Scott wrote:
> I think you're barking up the wrong tree. Using process monitor is
> helpful to find things a standard user needs access to, but your
> original post indicated that it only works as the actual
administrator
> account. That means it's not a permission issue, it's the app
actually
> checking the username, in which case all the rights in the world
won't
> help.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony
Kimmons
> Sent: Thursday, May 08, 2008 3:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I found it with Google. I have just downloaded it, and will try it
> out.
>
> Thanks for the direction. I will let you know if this works.
>
> Anthony
>
>
>>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM
>>>
>>>>
> Sorry, it's called process monitor now....
>
> http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
>
>
>
>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
>> Sent: Thursday, May 08, 2008 4:11 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: RE: [ActiveDir] Local Admin Rights Question
>>
>>
>> Run regmon/filemon as a failing user and find out for sure where it
>> fails. Probably something as simple as full access rights to a file
>>
> or
>
>> folder.
>>
>>
>>
>>> -----Original Message-----
>>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>>> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
>>> Sent: Thursday, May 08, 2008 4:05 PM
>>> To: ActiveDir@mail.activedir.org
>>> Subject: [ActiveDir] Local Admin Rights Question
>>>
>>
>>> Any guidance or pointing me in the right direction will be greatly
>>> appreciated.
>>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
|
|
|
|
|
CrawfordS
Posts:11
|
| 05/08/2008 8:08 PM |
|
The administrator account can be renamed without changing its SID. I'd expect they're looking for a particular SID.
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Anthony Kimmons
Sent: Thu 5/8/2008 5:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Local Admin Rights Question
I think ya'll are arguing a moot point.
The local administrator accounts on the boxes in question are all
renamed.... Administrator does not get you anywhere....
(Of course the local profile is saved under docs and settings using the
term "Administrator" but you can not log in by using the name
administrator)
FWIW
Additionally, I have tried installing jinitiator with the desired
account doing a "run as" the local admin. That doesn't work either.
I will try the process monitor tomorrow.
I am gone for the day.
Thanks for all the replies.
Anthony
>>> "Crawford, Scott" <CrawfordS@evangel.edu> 05/08/08 3:58 PM >>>
I respectfully disagree with your disagreement
"We use a Web based software application that requires a java plug in
(jinitiator).
.
.
.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
.
.
.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?"
I suppose it's possible that some perms have been changed to allow
only
the "Administrator" account, but I think that's far less likely than
an
app checking the username to make sure it's the actual account. I
know
nothing about jinit, so I don't disagree that it needs some extra
perms,
but I do disagree that it needs more perms than a user of the local
administrators group has (by default). Note that the OP wasn't
specifically about jinit, but rather "a Web based software
application",
which can have its own set of requirements.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael
Miller
Sent: Thursday, May 08, 2008 4:40 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Local Admin Rights Question
sorry, disagree. it is a perms issue.
jinit needs to write some junk somewhere outside the local profile
(some
cache directory).
Thus, you need to grant Everyone write perms for this directory if you
can figure out where it is
-mjm
Crawford, Scott wrote:
> I think you're barking up the wrong tree. Using process monitor is
> helpful to find things a standard user needs access to, but your
> original post indicated that it only works as the actual
administrator
> account. That means it's not a permission issue, it's the app
actually
> checking the username, in which case all the rights in the world
won't
> help.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony
Kimmons
> Sent: Thursday, May 08, 2008 3:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Local Admin Rights Question
>
> I found it with Google. I have just downloaded it, and will try it
> out.
>
> Thanks for the direction. I will let you know if this works.
>
> Anthony
>
>
>>>> "Kennedy, Jim" <kennedyjim@elyriaschools.org> 05/08/08 2:14 PM
>>>
>>>>
> Sorry, it's called process monitor now....
>
> http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
>
>
>
>
>> -----Original Message-----
>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>> owner@mail.activedir.org] On Behalf Of Kennedy, Jim
>> Sent: Thursday, May 08, 2008 4:11 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: RE: [ActiveDir] Local Admin Rights Question
>>
>>
>> Run regmon/filemon as a failing user and find out for sure where it
>> fails. Probably something as simple as full access rights to a file
>>
> or
>
>> folder.
>>
>>
>>
>>> -----Original Message-----
>>> From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-
>>> owner@mail.activedir.org] On Behalf Of Anthony Kimmons
>>> Sent: Thursday, May 08, 2008 4:05 PM
>>> To: ActiveDir@mail.activedir.org
>>> Subject: [ActiveDir] Local Admin Rights Question
>>>
>>
>>> Any guidance or pointing me in the right direction will be greatly
>>> appreciated.
>>>
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ma/default.aspx
>>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
|
|
|
|
|
|