Notification for domain administrator
Hi pls help me.How can a domain administrator get notification through email or any others option when domain users install software in their own PC and they are all local administrator on their own PC.
This topic first appeared in the Spiceworks Community
Hi pls help me.How can a domain administrator get notification through email or any others option when domain users install software in their own PC and they are all local administrator on their own PC.
This topic first appeared in the Spiceworks Community
Similar Messages
-
hi, I'm using windows server 2012 R2 and I was Just wondering how to make the Remote Desktop enable connection through domain\administrator before actually creating the domain... In other words, I wanted to create an Active Directory Domain User and connect
to the server from the RDP. The problem is that I can only connect through the RDP considering that I'm using Windows Azure, so the physical server isn't actually sitting on my desk... Anyway when I create an AD DS the system automatically reboots and I'm
not able to connect to it anymore, so all I need to do right now is enable somehow the Remote Desktop Services to connect through "Domain\Administrator" before I actually create the AD DS and assign it to my server so that when the system reboots
and I open the RDP I can connect to the server.
Thanks in advance.Hi,
Thank you for posting in Windows Server Forum.
As per your comment, it seems that you are managing the server with .RDP file. I can suggest you to run
"Remote Desktop Connection Manager” for maintaining server. With that you can specify the credential for domain\administrator and when you setup the AD DS, after that you can open the connection through domain\administrator and not as local user.
Hope it helps!
Thanks,
Dharmesh -
Getting notifications for groups, based on administrator attributes
We have multiple development teams who want to subscribe to notifications that are relevant to the targets that they use. We also have an operations team that cares only about notifications for production targets involved in batch jobs.
What is the approach for doing this?
We can create groups of targets (i.e. 1 group for each team. )
But we don't want to set up multiple copies of every notification rule, each tied to one of these target groups. What we would like is to have a notification rule that can connect the relevant targets to an attribute of each administrator. We can use Department or Line of Business, for example, on the target and on the administrator, if that would get us a solution.
I looked at the 'target privileges' for a user but I did not see anytihng specific to receiving notifications. (Most of our administrators have 'view' access to more targets than they would want notifications for.)
Is it possible to implement soemthing like this?
We are using Enterprise Manager Cloud Control 12.1.0.2.0.
Thanks,
MikeSuppose I have Red, Blue, and Green development teams, plus the Operations team.
I recognize that one approach would be:
- Create a Red incident rule, which includes only targets of interest to the Red team
- Create a Blue incident rule, which is just like Red but includes only targets of interest to the Blue team
- Create a Green incident rule, which is just like Red or Blue but includes only targets of interest to the Green team
- Create an Operations incident rule, which is just like the above but includes only targets of interest to the Operations team
and tell the Red team to subscribe to the Red incident rule, etc.
I think this is what you are suggesting. But to do this, I have created (and must maintain) multiple rules which are clones of each other, except for the targets they apply to.
I would much rather have one incident rule, that everyone can subscribe to, but notifies each only for the targets that we have somehow associated to each administrator.
Is this something that can be done? Or is it wishful thinking? -
Alert Email notification for Log file alerts
Hi,
Scenario: SCOM 2012 R2 UR4.
There are created unix/linux log file monitoring objects. In SCOM console I can view alerts related to unix/linux log file monitoring. Email notification is: Warning or Critical for severity, and, Medium or High for priority. The alerts for unix/linux log
file are severity warning and priority medium.
In my inbox there are emails for alerts (Warning or Critical for severity, and, Medium or High for priority) except for unix/linux monitoring.
The question is:
How to enable email notification for unix/linux log file monitoring?
Thanks in advance!Hello,
If you go into the "Subscription" in the Notifications section of the Operations Console\Administration, you should be able to see the Description of the subscription criteria. Could you copy paste that in a reply?
Thanks,
Kris
www.operatingquadrant.com -
ACL migration Error : 1210 could not find a domain controller for domain "Test Domain" (Old Domain)
Hi
We are migrating from old domain to new domain. Before live migration, we are trying to check the ACE/ACL migration through SubInACL. We are running the SubInACL on a cluster, which is a member of the Old Domain (Test Domain). We are able to resolve and
ping both Old Domain and the New domain from this cluster machine. We have created a network share on this cluster, which is accessible to all Domain Users of the Old Domain. Both Domains have two way forest level trust. we are trying to migrate
the ACL of this share (\\ClusterMachine\testshare$) to the new domain using SubInACL. We are trying to run the below command to get it done.
subinacl /outputlog=C:\Users\Administrator\Desktop\Migrationlog.txt /subdirectories
\\ClusterMachine\testshare$\*.* /migratetodomain=OldDomain=NewDomain=mappingfile.txt
Mapping file contains : Domain Users=NewDomain_Users
But we are geeting the Error that "1210 could not find a domain controller for domain "Test Domain". Error finding domain name : 1210 the format of the specified computer name is invalid. Current Object "\\ClusterMachine\testshare$"
will not be processed."Hello,
how in detail is DNS set up in each domain?
Any problems when using nslookup to verify?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
How to Reset Windows 2008/R2 Domain Administrator Password
How to Reset Windows Server 2008/R2 Domain Administrator password if forgot or lost it?
It is annoying and bad to forget a Windows Server 2008/r2 Domain administrator login password. It is troublesome unless you have that Windows Server 2008/r2 password reset disk. We can still find several tricks to reset Windows Server Domain password but they require a mass of operations and waste a lot of time. For example, you can reset Windows Server 2008/R2 domain administrator password with an installation disk but it requires you to type a mass of command line. So today I want to share everyone an omnipotent method to reset Windows Server 2008/R2 Domain/local administrator password. You need the following 3 things.
An accessible PC.
A USB/CD/DVD flash drive.
The Windows password reset tool Daossoft Windows Password Rescuer.
Then it requires 4 steps as below:
Step 1: Download and install Daossoft Windows Password Rescuer into that accessible computer.
Step 2: Burn it to the flash drive.
Step 3: Boot your Windows Server computer from the flash drive.
Step 4: Follow its instruction and click “Reset Password” button to reset your Windows 2008/R2 Domain/Local administrator password.
More details in this video: Windows Server 2008 R2 Password Reset - Reset Domain or Local Password.It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
Thanks, -
Domain Administrator account being locked up by PDC
Hi everyone,
My PDC is locking up my domain administrator (administrateur in french) account.
System event logs :
The SAM database was unable to lockout the account of Administrateur due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please
consider resetting the password of the account mentioned above.
Level : Error
Source : Directory-Services-SAM
Event ID : 12294
Computer : Contoso-PDC
User : System
There is absolutely no events in the security events log, not a single "Audit Failure" event for the "administrateur" account.
I tried to change the name of the domain administrator account from "administrateur" to "administrator".
Now there is "Audit failure" events poping up in the security event logs.
Once again the Source Workstation is the PDC. I guess those events are there because it receive credential validation for an account who doesn't exist anymore since it have been renamed in "Administrator".
Here is the detail log :
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrateur
Account Domain: CONTOSO
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: CONTOSO-PDC
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
On the PDC i checked :
Services : None of them are started with the "administrateur" account
Network Share : There is no network share ...
Task Scheduler : None of the tasks are launch with the "administrateur" account.
And the logon type (3:network) seem to indicate that the login comes from an other computer but i have nothing to look for, not a single IP.
Any ideas?
ps : Sorry for the probable english mistakes :(Hi,
Thanks for you answers.
San4wish :
Lockout tool confirm that the domain administrator account is locked on my PDC. I didn't run eventcomb but i though it only helped parsing security event logs which i did "manually". Anyway i'll try eventcomb after this week end.
About the conficker worm : I looked into it and this worm was exploiting a vulnerability in the server service. It have been patched by MS08-067 (KB958644) and this kb isn't available for Windows 2008 R2 and Windwos 2012 so i guess Windows 2008 R2 have
fixed this vulnerabilty.
So i doubt its a conficker type worm.
Also i gave the PDC role to another DC (let's call him DC2) and now DC2 is locking the administrator account so it seems that the computer locking the account is doing it through the network and it's not something executed on the DCs. -
Good morning all,
I took over as IT director for the school district in my town about 2 years ago, and we've had some techs come and go, all of which have had the domain administrator password (not my call, but my fault for not changing it by now). I am about to change
it, but before doing so I want to know how I can make sure what all this will break so I can quickly change the cached/saved password on whatever supporting services use this user/pass.
Can anyone help here?
Thank you!Hello,
In my point of view if I were in this situation I would Change the domain administrator password. By
Resetting the domain administrators all the services which use domain administrator as their logon user, will lose their functionality. I had this experience and I did change the domain administrator password with no problem. However do not
forget to have a account lockout tool or script for locating the place where the account was locked out.
But to keep it short most of the time. lockout problems are arise from mapped drives, credential manager and saved RDP sessions and etc.
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
hello,
i am receiving this event on MX:
this is showing ip address of my unity connection that is 172.20.101.22....
what could be reason and cause of it?
EventID: 0xC0000007 (7) - After 5 unsuccessful attempts to send a notification for subscription [EABtYngwMi5uaGljLmxvY2FsEAAAAIfIUmalt2VFie2S8ahJiKNZu5GtCIfRCA==] against endpoint [http://172.20.101.22:7080/NotificationService/services/NotificationService?id=33a00cf5-3f28-44e1-9d44-46b24da4bc2a&pid=14227], the subscription has been removed. Details: WebException: Unable to connect to the remote server Status: ConnectFailure at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult)
at Microsoft.Exchange.Services.Core.NotificationServiceClient.CreateSendNotificationRequestAsync(IAsyncResult requestAsyncResult)Navigate to CUC Administration, set the following under SMTP Configuration > Server, and give it another shot.
[V] Allow Connections From Untrusted IP Addresses
[ ] Require Authentication From Untrusted IP Addresses
-Mateusz -
Email notification for MeetingPlace not being received
Client has MeetingPlace 7.1.1 installed. Outlook email notification for MeetingPlace stopped working.
Problem symptom: When users try to schedule a meeting from web server page, both scheduler and invitee do not receive email notifcaiton in their email account. But email notification for MeetingPlace works when users schedule meeting from MeetingPlace for Outlook Plug-in regardlessly.
I've run a test with client, meeting creation is successful. But as soon as user finishs creation meeting, email notification is "Queued for delivery" in Email Notification Report in MeetingPlace App Admin page. I checked all possible settings in MeetingPlace Administration page, nothing looks wrong - correct email address account and type in user profile; SMTP server is properly configured and passes tha test; SMTP server is up and runnin.
I'm stumped after deep research online, did not go anywhere. Can someone point out where could possible go wrong and how to fix this issue??
FeiEmail notification works differently depending on where the scheduling is done. When done from Outlook your Outlook client sends the request directly to Exchange. When scheduling from the web the invite is held in a mailbox on the Application Server and periodically the system tries to send the email to its mailbox on Exchange. Since the issues is with meetings scheduled via the web interface there is an issue with MP talking to Exchange. I assume the users scheduling from the web have Outlook selected in their profile. This is the first place to check. Next I would look at the Outlook settings in MP. Make sure the MP mailbox is still in Exchange and that the user name and password is correct for the Exchange mailbox. This is usually where the issue is. Also make sure that SSL has not become a requirement to talk with Exchange.
Let me know if you have any questions.
John -
Built in domain administrator... locked out?
PART-1
Today our built in domain administrator got locked out. From what I've read this is not possible. We were alerted on it and when I opened the object it said it was locked out. (I'll admit, I didn't try logging in with it). I double checked and the objects
SID does indeed end in -500 which is indicative of it being the built in account.
I ran this query:
$BA=(get-addomain).domainsid
$BA.tostring() + "-500"
and the only result I got back was the SID that matched the user in question.
What's going on? Was it truly locked out? I guess we will run a test tomorrow but I wanted to reach out to the forums too.
PART-2
Once this account was locked out we went to the source server and found that it was no longer on the domain. Instead it was in a workgroup that had a name that resembled our domain. I checked the event log and there were a ton of errors with event ID 4097
that said "The machine [machine-name] attempted to join the domain [FQ-domain-name]\[FQDN-of-PDC] but failed. The error code was 1326". These errors correspond with the time that the account was locked out. There were a ton of them...
The account that was originally used to join this machine to the domain was the built in admin above (I know, not best practice). Regardless, why would it switch from domain to a workgroup? Why would it attempt to auto re-join? And why would it use the account
originally used to join the domain?I have found my answers...
Part 1:
The built-in administrator will get locked out and marked as locked out - however, when you go to log in with it, it will AUTOMATICALLY unlock the account. So essentially it cannot be locked out but it will give off the impression that it is.
you can however disable the account. .... supposedly if you ever have to recover your domain in restore mode it will enable the account for you... .never had an opportunity to test that and I hope I don't
Part 2:
This is a vmware related issue. The machine tried to re-run custom specs. Please see the following vmware article if you are having the same issue.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2078352
This is related to deploying machines with custom specs in 5.1 with hosts on build 1743533 (ESXi 5.1 patch 4) -
Extended Notification for UWL + Change the description of task/workitem
Hi,
I have implemented the Extended notification for UWL and I am getting the emails in outlook. Now the requirement is to customize the body of the email completely for the task '12300096'.
I have tried going to PFTC->Description but it does not have full text which I am getting in the email. I tried SE63 also. But in the email I am getting
The following work item requires processing in your SAP Workflow inbox in system xxx.
<Task description>
Log on to this system and process the work item.
If you have problems logging on to the system, contact your system administrator.
Now I want to remove the following lines;
The following work item requires processing in your SAP Workflow inbox in system xxx.
Log on to this system and process the work item.
If you have problems logging on to the system, contact your system administrator.
I don't find from where it's coming - please let me know how to remove these lines so that I can add my text in SE63.
Thanks,Hi,
Go to SWNCONFIG -> General settings.
There you have TEXT_GOTO_INBOX - DTSWN_MSG_GOTO_INBOX. (I am not sure if this was the correct one, but you should check all the texts in general settings, if this was not the correct one.)
Now open dialog text SWN_MSG_GOTO_INBOX in SE61 (you see that you need to remove the prefix DT from the name). Here is your text. You can make your own Z-version of a dialog text in SE61, and then use that in SWNCONFIG general settings.
Regards,
Karri -
Windows Server 2008 - Group policy for domain client to start/stop services installed on it
Hello Experts
I am a newbie to windows server administration , though did a Google , but ended up with these question with my requirements
I have created a new domain and 2 client/computer (A & B namely) to domain . Now A & B has tomcat server running with port 8080 , 9090 which i have installed
domain ADMIN account .
&& now i am want to start/stop/restart services enabled for domain users !! How do i achieve this !!
basic question : How can i access A & B tomcat services on DOMAIN CONTROLLER server to create a GPO and that are on (A & B)
what is the easiest way to achieve the same , (if not using GPO)???
similarly I am looking for many features : where I want to control the permission to user on (A & B ) like : If the binaries of tomcat is available on machine say : A , if the user can install (now
it ask for ADMIN credentials)
Thanks
Mike~EdControlling services with Group Policy is done under Computer Configuration\Policies\Windows Settings\Security Settings\System Services.
The limitation is that system services can only see the services the computer running the Group Policy management console. To access other services, you will either need to create the services on your computer (install the software the adds the service)
or install the remote server administration toolkit (RSAT) on the computer with the service already on it.
If my answer helped you, check out my blog:
Deploy Happiness -
Windows 2012 Verification of prerequisites for Domain Controller promotion failed
Windows 2012 Verification of prerequisites for Domain Controller promotion failed and gave the below error(In computer management local group and user option is not there as suggested by a solution!)
"Verification of prerequisites for Domain Controller promotion failed. The local Administrator account becomes the domain Administrator account when you create a new domain. The new domain cannot be created because the local Administrator account password
does not meet requirements.
Currently, the local Administrator password is blank, which might lead to security issues. We recommend that you press Ctrl+Alt+Delete, use the net user command-line tool, or use Local Users and Groups to set a strong password for the local Administrator
account before you create the new domain."OK, the reason you see this error is because when you set up and configured your Windows R2 environment you may have logged into the OS with an account other than Administrator. So, if you created your log in account named Bob, this is throwing off the Server.
So, hit Ctrl-Alt-Delete, and look who you are logged in as, and then change the account you are logging in as and use the local Administrator account. What you may find is that the default Admin account password has not been set.
Check that out and see if that is what you are experiencing.
Best wishes -
Group Policy changes cause Access Denied error for Domain Admin account
Hi All,
I am battling to get WSUS to work, and I think the route cause is problems editing the domain and domain controller group policy objects.
We have 1 DC, approx 20 clients. 1 GPO for DC, 1 GPO for clients. Ther e is a link to the default domain GPO in our staff (users) OU, I don't know if it should be there or not.
I log in as domain administrator, right-click the domain GPO in GPMC, click Edit.
Find the setting I want to edit (specify intranet microsoft update service location), double click.
Change something, click OK.
I get error:
Unhandled exception has occurred in a component in your application. If you click Continue, the application will ignore this error and attempt to continute.
Access is denied. (Exception from HRESULT: 0x80070005
(E_ACCESSDENIED)).
I have followed the steps in the links posted by Brent in another post called: "restricting-domain-admin-account-to-edit-group-policies" (no links allowed for my account yet sorry) and the user does have edit settings, delete, modify security delecation.
PLEASE NOTE: the solution may very well be something very simple/basic. I am reasonably computer savvy, but have just upgraded the whole network for an NGO on a voluntary basis. Never seen a sever before I came here, but I'm the best they have. Please bare
that in mind when offering advice :)
Any help appreciated!
JamesMore diagnostic info:
Inside GPMC, there's Group Policy Results.
If I right-click, Result Wizard, choose this computer, it works fine showing default domain controllers policy with alert that it's enforced.
If I browse for another PC (it comes up as Domain\PC name), click Next, I get error:
Failed to connect to DOMAIN\PCNAME due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details.
Details: the RPC server is unavailable.
If you need the recent related events, I will post them. I also checked that service on the client - it's automatic and started.
PPS Clients are all Win 7, PCs are 32bit, laptops are 64. Server is Windows Server 2012 Datacenter. WSUS when clicking Help -> About from the snap-in/GUI: 6.2.9200.16384.
PPPS Directory browsing for the whole WSUS object in IIS is enabled, thanks to SorinAlbu over at Spiceworks post WSUS and IIS.
PPPPS Launching IE and loading http://servername:8530/iuident.cab fails 404 error from both clients and server. That file in C:\Program Files\Update Services\WebServices\Root\iuident.cab doesn't exist. Maybe because we recently removed the WSUS role and reinstalled
it, to check if something went wrong the first time? It's all been configured using the snapin/GUI, but the new installation of the role hasn't yet connected to the Microsoft Update servers.
PPPPPS Added the Application Server role with default settings as recommended by the step by step guide to WSUS at Technet. Still no dice.
Maybe you are looking for
-
Closing stock as off a particular date
How to write a query for closing stock (in quantity) for all items by group by warehouse for a particular date? Thank you.
-
Unable to save using custom form in Public folder?
Hi, Years ago I created a custom form for a Public calendar folder. Recently I was asked to update that custom form, which I did. Then I published it to the Public folder and changed the properties of the folder to use the new form as the default.
-
How to select scanner from menu of acrobat pro 9?
The menu item for selecting scanner is shaded and will not let me select a scanner.
-
E71 - Problem with multiple recipients selection i...
I can see and mark all contacts on my contact list while in "To" when creating a new text message. However the "OK" button is missing on the left lower corner of the screen while "Back", on the right, is active. I can type in recipients, though this
-
Push button application tool bar
Hi All, i have a push button on application tool bar , i need to disable that button , where can i do this. Kindly suggest. Thanks&Regards. Ramu