Sand box Windows 7 on domain
Hi,
I am using Windows 7 PC on a production network (domain joined) and I have a requirement to installed some programming interpreters for Java and Python. I want to sandbox the interpreter so that no damage can be done to the network or PC, the users
do not have administrative rights to the PCs but from my understanding once they have the ability to execute scripts anything can go.
I have looked at options such as Windows togo, virtualization, remote app, however I wanted to explore XP Mode, does anyone have any experience or ideas on this subject?
Hello,
The TechNet Sandbox forum is designed for users to try out the new forums functionality. Please be respectful of others, and do not expect replies to questions asked here.
As it's off-topic here, I am moving the question to the
Where is the forum for... forum.
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book:
Windows PowerShell 2.0 Bible
My E-mail: -join ('6F6C646B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})
Similar Messages
-
Copy in sand-boxed app. in 1.6.0_24+
<ul>
<li>Problem Summary
<li>Question
<li>Typical Output
<li>See Also
<li>Accumulated Results
<ul>
<li>Not grabbing focus
<li>Grabbing focus
</ul>
<li>Source
<ul>
<li>PropertyProbe.java
<li>propertyprobe.jnlp
<li>js.html
<li>Java Scripts
</ul>
<li>Post Revisions
</ul>
<h2><a name="summary"></a>Problem Summary</h2>
A security bug was fixed recently in the JRE (1.6.0_24 in Sun's JRE). The result of the fix is that sand-boxed apps. no longer provide 'Ctrl-c' copy (or cut/paste) functionality by default on text output controls like JTextArea & JTable.
While Ctrl-c copy no longer works by default, it is possible to add the functionality back in for any applet run in a 'Next Generation' Java Plug-In. Since Java Web Start existed, JWS provided sand-boxed copy via. the JNLP API's javax.jnlp.ClipboardService, & since Sun 1.6.0_10, & the next gen. plug-in, embedded applets can be deployed using JWS & can access the JNLP API.
I have redesigned an applet that relied on the old functionality, to now use the JNLP API Services if available.
<h2><a name="question"></a>Question</h2>
Does it work for you?
To answer that question:
<ol>
<li>Surf on over to the applet at http://pscode.org/prop/js.html and attempt to copy the data. See the instructions in the page for details of how to copy using the old and new forms of the applet. If the button appears, you should be prompted as to whether to allow the copy.
<li>Paste the data here (assuming the copy is successful). Or report if it fails to copy or the applet fails to appear.
</ol>
<h2><a name="egoutput"></a>Typical Output</h2>
This is what you might see at the applet.
||Property||Value||
|java.version|1.6.0_24|
|java.vendor|Sun Microsystems Inc.|
|os.name|Windows 7|
|os.version|6.1|
<h2><a name="related"></a>See Also</h2>
This relates to the thread Copy & Paste Function in Java JDK 6 Update 24. That thread contains some interesting comments, including:
<ul>
<li>A link to Sami Koivu's blog entry that explains the security bug.
<li>My Re: Copy & Paste Function in Java JDK 6 Update 24 table.
</ul>
<h2><a name="results"></a>Accumulated Results</h2>
<p>The first form of the applet showed a variety of problems with 'post copy focus', if the security prompt appeared in the JWS form of the applet.
<h3><a name="nograbfocus"></a>Not grabbing focus</h3>
||Reporter||Browser||Version||OS name||OS version||Java Vendor||Java version||Focus post dialog||Comments||
|Andrew Thompson|IE|8.0.7600.16385|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|(1)|
|Andrew Thompson|Chrome|10.0.648.151|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|page|(2)|
|Andrew Thompson|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|*nothing*|(3)|
|Walter Laan|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_20|*locked*|(4)|
|almightywiz|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|?|(5)|
|camickr|IE|8|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_07|N/A|(6)|
|Christian|FF|3.6.15|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_24|no problems|(7)|
|Walter Laan|?|?|Windows XP|5.1|Sun Microsystems Inc.|1.7.0-ea|page?|(8)|
|abillconsl|FF|3.6.13|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_12|?|(9)|
<ol>
<li>Makes 'Ding' sound when copying the alert is dismissed (who said MS was not security conscious?).
<li>The only way to refocus the applet in Chrome is to click in it with the mouse.
<li>'Alt space' allowed me to minimize/restore FF, but no key combo. I could think of would restore focus to controls in the browser or applet.
<li>Reported serious problems with focus for FF on 1st start-up using 1.6.0_20 JRE. Unable to reproduce on the 1.6.0_24 JRE. Ref. {message:id=9470476}, {message:id=9470587}
<li>Reported no problems with focus. Ref. {message:id=9470371}
<li>1st report for a pre plug-in2 JRE. IE 8 produced no prompts (as expected), so the 'Focus post dialog' does not apply. No auditory warnings. Ref. {message:id=9470761}
<li>'No problems with focus.'. Ref. {message:id=9474121}
<li>Focus returned to page, presumably. Ref. {message:id=9474513}
<li>Ctrl-a seemed to do nothing. No mention of focus. Ref. {message:id=9477829}
</ol>
<h3><a name="grabfocus"></a>Grabbing focus</h3>
<p>The second form of the applet has a provision to grab the focus immediately after the copy (and presumably after the trust dialog).
||Reporter||Browser||Version||OS name||OS version||Java Vendor||Java version||Focus post dialog||Comments||
|camickr|IE|8|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_07|N/A|(1)|
|Andrew Thompson|IE|8.0.7600.16385|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|-|
|Andrew Thompson|Chrome|10.0.648.151|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|-|
|Andrew Thompson|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|-|
|Paŭlo Ebermann|FF?|?|Linux2.6.34.7-0.7-desktop|2.6.34.7-0.7-desktop|Sun Microsystems Inc.|1.6.0_20|?|(2)|
|bogdana|IE|9.0.8112.16421|Windows 7 |6.1|Sun Microsystems Inc.|1.6.0_22 |applet|(3)|
<ol>
<li>The first result for camickr can be inferred from the fact that a pre plug-in2 applet should behave the same in both forms of the applet. Ref. {message:id=9470761}
<li>There are further updates on that thread that have not yet been reflected here. See the thread for details. Ref. P.E. comments at SO
<li>Also reported the auditory warning in IE when dialog disappears. Ref. {message:id=9488352}
</ol>
<h3><a name="java"></a>PropertyProbe.java</h3>
package org.pscode.tool.property;
import java.awt.*;
import java.awt.event.*;
import java.awt.datatransfer.StringSelection;
import javax.swing.*;
import javax.swing.table.*;
import javax.swing.border.EmptyBorder;
import java.util.Locale;
import java.security.AccessControlException;
import javax.jnlp.*;
/** Adds a comma delimited list of property names defined in the
props param, to the constructor of a new PropertiesPanel and
displays it. */
public class PropertyProbe extends JApplet {
static String[] defaultProps = {
"os.name",
"os.version",
"os.arch",
"java.vendor",
"java.version",
"java.vm.version",
"default_locale",
"display_mode",
"win.highContrast.on",
"win.text.fontSmoothingOn",
"win.defaultGUI.font",
"awt.font.desktophints",
"awt.mouse.numButtons",
"awt.multiClickInterval"
public void init() {
String propertyNames = getParameter("prop");
String[] props;
if (propertyNames==null) {
//getContentPane().add( new JLabel("Must specify 'prop' to query!") );
props = defaultProps;
} else {
props = propertyNames.split(",");
boolean grabFocus = getParameter("jnlp.grab.focus")!=null;
System.out.println("jnlp.grab.focus: " + grabFocus);
boolean jnlpServicesAvailable = getParameter("jnlp.launched")!=null;
PropertyPanel pp = new PropertyPanel(props, jnlpServicesAvailable, grabFocus);
pp.setPreferredSize(new Dimension(200,140));
getContentPane().add( pp );
validate();
public static void main(final String[] args) {
Runnable r = new Runnable() {
public void run() {
String[] props = defaultProps;
if (args.length>0) {
props = args;
boolean jnlpServicesAvailable = false;
try {
Class.forName("javax.jnlp.ServiceManager");
jnlpServicesAvailable = true;
System.out.println("JNLP services available!");
} catch(Throwable t) {
t.printStackTrace();
System.out.println("JNLP services ***NOT*** available!");
PropertyPanel pp = new PropertyPanel(props, jnlpServicesAvailable, false);
pp.setPreferredSize(new Dimension(200,200));
JPanel mainPanel = new JPanel(new BorderLayout());
mainPanel.setPreferredSize(new Dimension(400,200));
mainPanel.add( pp );
JFrame f = new JFrame("Property Probe");
f.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
f.setContentPane(mainPanel);
f.pack();
try {
f.setLocation(50,50);
f.setLocationRelativeTo(null);
f.setLocationByPlatform(true);
f.setMinimumSize( f.getSize() );
} catch(Exception e) {
f.setVisible(true);
EventQueue.invokeLater(r);
class PropertyPanel extends JPanel {
/** The JNLP API service used for copy in apps. deployed using JWS. */
private ClipboardService clipboardService;
private boolean grabFocus = false;
private JTable table;
/** A widget (JTable) of values for properties specified in the
array of property names. The properties are sourced from the
system, environment and AWT toolkit properties.If there is no
value defined in one of those three, 'null' is displayed. */
PropertyPanel(String[] props, boolean jnlpServicesAvailable, boolean grabFocus) {
super(new BorderLayout());
this.grabFocus = grabFocus;
setBorder( new EmptyBorder(5,5,5,5) );
String[][] propValuePairs = new String[props.length][2];
for ( int ii=0; ii<props.length; ii++ ) {
propValuePairs[ii][0] = props[ii];
propValuePairs[ii][1] = getProperty( props[ii] );
String[] header = {"Property","Value"};
table = new JTable( propValuePairs, header );
try {
table.setAutoCreateRowSorter(true);
} catch (Exception e) {
// pre 1.6 JRE, go with an unsorted table
this.add( new JScrollPane( table ) );
if (jnlpServicesAvailable) {
try {
clipboardService =
(ClipboardService)ServiceManager.
lookup("javax.jnlp.ClipboardService");
Action action = new CopyAction(
"Copy",
null,
"Copy data",
new Integer(KeyEvent.VK_CONTROL+KeyEvent.VK_C));
table.getActionMap().put( "copy", action );;
final JButton copy = new JButton("Copy to clipboard");
copy.setMnemonic('c');
copy.addActionListener( action );
JPanel bottomPanel = new JPanel(new FlowLayout(FlowLayout.CENTER));
bottomPanel.add(copy);
add(bottomPanel, BorderLayout.SOUTH);
// Expecting only javax.jnlp.UnavailableServiceException. But if we
// try to catch it, we get a NoClassDefFoundError in non JWS apps.!
} catch(Throwable use) {
use.printStackTrace();
System.err.println("Copy services not available. Copy using 'Ctrl-c'.");
/** Check for properties in the order of the toolkit, system
then environment, on the basis that all the toolkit properties
are available to sandboxed apps., as well as some of the system
properties, but none of the environment properties. */
public String getProperty(String prop) {
String value = null;
if ( prop.equals("default_locale") ) {
return Locale.getDefault().toString();
if ( prop.equals("display_mode") ) {
return getDisplayModeString();
value = getDesktopProperty(prop);
if (value!=null) {
return value;
value = getSystemProperty(prop);
if (value!=null) {
return value;
value = getEnvironmentProperty(prop);
if (value!=null) {
return value;
return "null";
public String getSystemProperty( String prop ) {
try {
return System.getProperty( prop );
} catch(AccessControlException ace) {
// this property is either restricted, /or/ 'null'
// the plug-in will not reveal which, for a sandboxed
// app.
return "unknown";
public String getEnvironmentProperty(String prop) {
try {
Object value = System.getenv().get(prop);
if (value==null) {
return null;
} else {
return value.toString();
} catch(AccessControlException ace) {
return null;
public String getDesktopProperty(String prop) {
Object value = Toolkit.
getDefaultToolkit().
getDesktopProperty(prop);
if (value==null) {
return null;
} else {
return value.toString();
public String getDisplayModeString() {
DisplayMode dm = GraphicsEnvironment.
getLocalGraphicsEnvironment().
getDefaultScreenDevice().
getDisplayMode();
String value =
dm.getWidth()
+
"x"
+
dm.getHeight()
+
+
dm.getRefreshRate()
+
"Hz "
+
dm.getBitDepth()
+
"bit"
return value;
public void copyData(Component source) {
TableModel model = table.getModel();
StringBuilder sb = null;
if (true) {
sb = new StringBuilder();
for (int ii=0; ii<model.getRowCount(); ii++) {
for (int jj=0; jj<model.getColumnCount(); jj++) {
sb.append( model.getValueAt(ii,jj).toString() );
sb.append( "\t" );
sb.append( "\n" );
String s = sb.toString();
if (s==null || s.trim().length()==0) {
JOptionPane.showMessageDialog(this,
"There is no data in the table!");
} else {
StringSelection selection =
new StringSelection(s);
clipboardService.setContents( selection );
if (grabFocus) {
source.requestFocus();
class CopyAction extends AbstractAction {
public CopyAction(String text, ImageIcon icon,
String desc, Integer mnemonic) {
super(text, icon);
putValue(SHORT_DESCRIPTION, desc);
putValue(MNEMONIC_KEY, mnemonic);
public void actionPerformed(ActionEvent e) {
copyData((Component)e.getSource());
}<h3><a name="jnlp"></a>propertyprobe.jnlp</h3>
<?xml version='1.0' encoding='UTF-8' ?>
<jnlp spec='1.0'
href='propertyprobe.jnlp'>
<information>
<title>Property Probe</title>
<vendor>PSCode.org - Andrew Thompson</vendor>
<description kind='one-line'>
Table for common Java properties.
</description>
<shortcut online='false'>
<desktop/>
</shortcut>
</information>
<resources>
<j2se version='1.2+' />
<jar href='propprobe.jar' main='true' />
</resources>
<applet-desc
main-class='org.pscode.tool.property.PropertyProbe'
name='applet'
width='600'
height='300' >
<param name='jnlp.launched' value='true' />
</applet-desc>
</jnlp><h3><a name="html"></a>js.html</h3>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<title>
Property Probe - applet
</title>
<script type='text/javascript' src="http://www.java.com/js/deployJava.js"></script>
<script type='text/javascript' src='http://pscode.org/file/urlcode.js'></script>
<script type='text/javascript' src='http://pscode.org/file/queryprm.js'></script>
<script type='text/javascript' src='http://pscode.org/file/urlquery.js'></script>
<script type='text/javascript' src='http://pscode.org/file/appletparams.js'></script>
<script type='text/javascript'>
archiveName = "";
if (true) {
archiveName = 'propprobe.jar';
} else {
archiveName = 'propprobe-trusted.jar';
var attributes = {
code:'org.pscode.tool.property.PropertyProbe',
codebase:'../lib',
archive:archiveName,
width:'600',
height:'400'
var version = '1.2';
var params;
params.jnlp_href='../lib/propertyprobe.jnlp';
</script>
</HEAD>
<BODY>
<H1>Property Probe</H1>
<script type='text/javascript'>
deployJava.runApplet( attributes, params, version );
</script>
<P>.. (text & instructions)
</BODY>
</HTML><h3><a name="scripts"></a>JavaScripts linked in the HTML</h3>
'Sold separately' - pull them by direct fetch into your browser window, if you're that interested.
<h2><a name="revisions"></a>Post Revisions</h2>
Edited by: Andrew Thompson on Mar 26, 2011 5:32 AM
Changed subject.
Edited by: Andrew Thompson on Mar 26, 2011 5:19 PM
Added accumulated results and index, other tweaks.
Edited by: Andrew Thompson on Mar 31, 2011 11:08 AM
Removed 'how output appears in code tags'. Added latest results, 'grab focus' results. Changed URL to invoke 'grab focus'.
Edited by: Andrew Thompson on Apr 2, 2011 4:20 AM
Added 1st result from SO - on Linux system.
Edited by: Andrew Thompson on Apr 2, 2011 6:15 AM
Added latest result.Walter Laan wrote:
almightywiz wrote:
Walter Laan wrote:
The security popup really messes with the focus in Firefox (3.6.16) though.Not saying you're wrong, but I'm using FireFox 3.6.16, as well, and I have none of the focus troubles you've described.Cannot reproduce it now either. Weird.I got the impression you were referring to keyboard focus, so I did some further tests on focus behavior. The test results are listed in the Accumulated Results table on the 1st post.
The only browser so far that works as I'd expect, or at least as I'd like, is IE.
Applets and keyboard navigation have always been a PITA. Some time ago I vaguely recall seeing an update involving a new parameter to regulate initial focus (applet or page, ..or another applet), but for the life of me I cannot locate it now. Given that it was a parameter for initial focus, I doubt it would help in this case.
Edited by: Andrew Thompson on Mar 26, 2011 6:18 PM
Removed table which has now been expanded & added to 1st post. -
I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server
with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.
Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain
is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it
is not available.
Help please!Hi,
As there is server 2012 DC (SERVER1) DC is operational in a domain then "This domain controller is the last controller for the domain" should be remain unchecked when you demote SERVER2 DC.
If you are getting error "Active Directory domain controllers for that domain can be contacted" while demoting SERVER2 DC then check the DNS pointing on both as per below article, disable windows firewall on all DC, less possiblities but worth to check if both
are different site then check the ports are open on firewall.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
run “ipconfig /flushdns & ipconfig /registerdns“, restart DNS server and NETLOGON service on each DC and try to demote server2 DC.
If issue reoccurs, post dcdiag /q result.
NOTE: If initial replication was completed between both DC (new 2012 and old DC) then you may remove the server2 DC from Active Directory forcefully (DCPROMO /FORCEREMOVAL) and perform metadata cleanup.
Active Directory Metadata Cleanup
http://abhijitw.wordpress.com/2012/03/03/active-directory-metadata-cleanup/
Best regards,
Abhijit Waikar.
MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
Blog: http://abhijitw.wordpress.com
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights. -
Sand Box has stopped working error when using System Exec.vi with wait until completion is true
I get the following error message in Windows 7 "Sand Box has stopped working" when using System Exec.vi with wait until completion set to true, if I set it to false there is no error message.
Hello JJVerdi
mmm well System Exec.vi simulates a DOS command window, can you run the sandbox from the cmd window using the same commands without any errors?
you may take a look to this KB, it may be related to your issue:
http://digital.ni.com/public.nsf/websearch/2393462BD57B854186256C4F007B706A?OpenDocument
Regards
Mart G -
Unable to bind MacBook Pro (running 10.6 - Snow Leopard ) to Windows Server 2003 domain
Hi there, I've been working on this problem for a few hours now (and a few hours last Thursday) and don't feel I'm getting anywhere, so I'm reaching out for help....
My organisation has just purchased a new MacBook Pro, running Snow Leopard (OSX 10.6) and as a Technical Support Engineer I have been asked to configure it for an end user.
I am currently trying to join it to our corporate domain, which is a Windows Server 2003 domain operating at the Windows Server 2003 Native domain functional level.
The MacBook is configured to use DHCP, and has been assigned valid IP address, DNS servers etc by the DHCP server. It can resolve all names on our network, including the names of our domain controllers. When I use nslookup to resolve the name of the domain "my_domain.local" it returns a list of DC's on the domain, which would indicate to me that name resolution is working perfectly. It is using our primary DNS server, 'Ponus' to resolve these names - Ponus is also the Domain Controller in this site.
To attempt to join the MacBook to the domain I have created a computer account for it on the domain, in the Computers container. I have gone into System/Library/Core Services and run the Directory Utility.
In the directory Utility I have ticked Active Directory and clicked on it to edit. The 'Forest' field is greyed out and set to 'Automatic', in the 'Domain' field I have entered my_domain.local, which is the FQDN of my domain. I click Bind and when prompted enter my Domain Admin username and password (in the 'Create Computer Account in:' field it displays correctly as CN=Computers,DC=my_domain,DC=local.)
When I click OK I get the message: Invalid domain. An invalid Domain and Forest combination was specified. You should enter a fully qualified DNS name for the domain and forest (e.g., ads.company.com).
I have attempted writing the domain as my_domain.local, my_domain.local., MY_DOMAIN.LOCAL and MY_DOMAIN.LOCAL. but I get the same error each time. I have checked and rechecked DNS is resolving OK, and cannot see why it cannot find the Domain and Forest from the FQDN that I am entering. Even so I tried creating records in the hosts file on the MacBook to point to the main Domain Controller at this site (Ponus) but this didn't change anything.
I have seen a few people report the same issue online but the responses tend to fizzle out before anyone gets to the bottom of it. I have seen some indication that people with an understore (_) in their domain name, or with a .local domain name may experience issues with joining Mac hosts, however these details are very vague and if true there must be a workaround.
If anyone could help me with this I would greatly appreciate it, I'm running out of time to complete this work and have run out of things to try.
I have an inkling that this is due to the Mac for some reason not reading the SRV records for the DCs and LDAP in DNS, or to do with the Mac looking only at one SRV record (ie. there is one for a new DC that we haven't deployed yet), not being able to reach this and giving up, but I'm clutching at straws really with my limited knowledge of the Macs process for joining the domain.
Many many thanks,Hi there,
A simple suggestion , please make sure both MacBook Pro clock and the server clock are the same meaning the hour/Min/ sec both should match. A least difference of 3 seconds is fine.
I had faced this problem in many place and only solution was to match the time and it will bind immediatly. -
How to Reset Windows 2008/R2 Domain Administrator Password
How to Reset Windows Server 2008/R2 Domain Administrator password if forgot or lost it?
It is annoying and bad to forget a Windows Server 2008/r2 Domain administrator login password. It is troublesome unless you have that Windows Server 2008/r2 password reset disk. We can still find several tricks to reset Windows Server Domain password but they require a mass of operations and waste a lot of time. For example, you can reset Windows Server 2008/R2 domain administrator password with an installation disk but it requires you to type a mass of command line. So today I want to share everyone an omnipotent method to reset Windows Server 2008/R2 Domain/local administrator password. You need the following 3 things.
An accessible PC.
A USB/CD/DVD flash drive.
The Windows password reset tool Daossoft Windows Password Rescuer.
Then it requires 4 steps as below:
Step 1: Download and install Daossoft Windows Password Rescuer into that accessible computer.
Step 2: Burn it to the flash drive.
Step 3: Boot your Windows Server computer from the flash drive.
Step 4: Follow its instruction and click “Reset Password” button to reset your Windows 2008/R2 Domain/Local administrator password.
More details in this video: Windows Server 2008 R2 Password Reset - Reset Domain or Local Password.It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
Thanks, -
What exactly is Sand Box and what does it do?
What exactly is Sand Box and what does it do? I think it works in the Security Mechanism of Java as a Byte Code Verifier (or atleast as a part of the Byte Code Verifier)..
Your thoughts please..?What exactly is Sand Box and what does it do?It's a concept. It means that the executed code (of applets, Webstart apps) has restricted access rights to System resources. So if it tries anything evil, it won't be able to.
-
Windows 2008 R2 Domain Controller (PDC) - NTP server - time showing local CMOS clock
I'm having issues setting an external source on a Windows 2008 R2 domain controller (PDC emulator role for the domain)
Here is the output showing its source is the Local CMOS clock.
C:\Windows\System32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name: "LOCL")
Last Successful Sync Time: 06/11/2014 15:44:15
Source: Local CMOS Clock
Poll Interval: 6 (64s)
1) I have performed the following on the DC with the PDC role:
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
w32tm /config /reliable:yes
net start w32time
w32tm /query /configuration
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\System32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org (Local)
NtpServer (Local)
DllName: C:\Windows\System32\w32time.DLL (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
But still showing the output:
C:\Windows\System32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name: "LOCL")
Last Successful Sync Time: 06/11/2014 15:58:45
Source: Local CMOS Clock
Poll Interval: 6 (64s)
2. If I resync and rediscover the following error appears:
w32tm /resync /rediscover
Sending resync command to local computer
The computer did not resync because no time data was available.
3. I've also clearing the current time config, by
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
But no change, it still shows the Local CMOS clock.
4. This event is showing
Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 06/11/2014 15:43:30
Event ID: 12
Task Category: None
Level: Warning
Keywords:
User: LOCAL SERVICE
Computer: domaincontroller1
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.
It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy.
If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-11-06T15:43:30.465619200Z" />
<EventRecordID>77295</EventRecordID>
<Correlation />
<Execution ProcessID="256" ThreadID="2056" />
<Channel>System</Channel>
<Computer>domaincontroller1</Computer>
<Security UserID="SID" />
</System>
<EventData Name="TMP_EVENT_DOMAIN_HIERARCHY_ROOT">
</EventData>
</Event>
5. If I perform the below it appears DC2 is having problems but I'm not sure if related.
C:\w32tm /monitor
DC1.domain.local *** PDC ***[192.168.1.1:123]:
ICMP: 0ms delay
NTP: +0.0000000s offset from DC1.domain.local
RefID: 'LOCL' [0x4C434F4C]
Stratum: 1
DC2.domain.local[192.168.1.2:123]:
ICMP: 0ms delay
NTP: -110.4925481s offset from DC1.domain.local
RefID: (unspecified / unsynchronized) [0x00000000]
Stratum: 0
DC3.domain.local[192.168.2.1:123]:
ICMP: 0ms delay
NTP: -0.0256084s offset from DC1.domain.local
RefID: DC1.domain.local [192.168.1.1]
Stratum: 2
DC4.domain.local[192.168.2.4:123]:
ICMP: 0ms delay
NTP: -0.0011524s offset from DC1.domain.local
RefID: 80.84.77.86.rev.sfr.net [86.77.84.80]
Stratum: 2
Warning:
Reverse name resolution is best effort. It may not be
correct since RefID field in time packets differs across
NTP implementations and may not be using IP addresses.
Any help would be much appreciated. Thanks.
Craig BrandI suspected some issue with AV so uninstalled.
To resolve the Access Denied I followed these steps:
stop w32time
w32tm /unregister
reboot
regsvr32 /u w32time.dll
w32tm /register
sc query w32time -- you should see that the service is set to
shared mode -- this is presumably how it should be -- if you try to start right now, you'll get the expected 1290 SID-related error
reboot
w32time should now automatically start at boot up and be running -- that was my result -- it's running as shared, started on its own, and I can do the w32tm /query commands successfully
After rebooting the time service started.
I then repeated the steps:
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
w32tm /config /reliable:yes
net start w32time
w32tm /query /configuration
And all worked. I'll wait a short while to see if this fixes the issue. I also have am SA case with MS so will confirm fix when resolved.
Craig Brand -
How can i open windows in separate domains in air?
I need to partition my windows into separate domains in a desktop application. I have a MMOG that was running several .swf instances at a time that has been converted to AIR to take advantage of some of the AIR only api's. Now I have found it is not possible to open more than a single instance of an AIR app (wish someone would have said something BEFORE I spent 2 months upgrading this old Flex 3 app!)
Before I have fits trying to un-single the singletons (since it would not get me far anyway) would someone please tell me how to open AIR desktop windows in separate applicationDomains?You can't. Windows Media Player does not exist for the iPad.
What exactly are you trying to do?
If you want to play some .wmv files, then search the AppStore for "wmv player" and download a player app. -
Sand box Non-central adapter engine entry is shown under development rwb
Hi All,
Recently we had a sand box which is a sytem copy of our development server, and everything works fine now.
I have observed a strange issue here is, in the developement rwb under the Non-Central Adapter engines I see a entry as "Adapter Engine T49 (sand box host name)" the SID seen here is a sand box SID, and till today we never installed any non-central adapter engine either on dev or sand box, I am suprised to see this entry, can some one
please help me to understand why is this sand box entry is shown under development rwb and where can I set this or where how can I delete this entry.
Surprisingly I do not see the same non central adapter engine entry on sand box rwb.
All the servers are XI 3.0 (SP 19).
Thanking you in advance..
Regards
Sonali
Edited by: Sonali R on Sep 14, 2009 10:59 AMHi Sonali,
The adapter and integration server engines gets registered with the data in SLD. Please check SLD associations for all XI classes.
Best Regards
Raghu -
Setting up my own SAND BOX for HANDS ON / practicing BW
Dear friends,
I am learning SAP BW, and I need to practice some test cases to make myself comfortable.
I want to install SAP R/3 on a seperate external hard disk and configure to my system.
<b>Can anybody from <b>"BANGALORE"</b> tell me <b>who / where i can get this done?</b> How much is it going to cost (Approx) Some address & contact numbers would be really helpful.</b>
Thanks.<b></b>Even I am interested in setting up my own SAND BOX.
Can any body help us. -
How to reverse Transport requests from sand box to development client
Dear all,
I am doing some testing on Sand box, I made some transport requests from development to sandbox, which effected some settings in sandbox.
Now I want to reverse those transport request from sand box to development, unfortunately I didn't make any note of transport requests which I transported from Development to Sandbox.
Please educate me how to reverse transport requests from sand box to development.
your suggestions are highly appreciated
thank you
Venu GopalThere is no reverse, you have to create a new transport with the original settings.
Programs keep track of their versions and are easier to pull a previous version, configuration can be tougher, open all the folders in SE10 to see if you can determine the configuration changes. -
Access elements inside a dialog box/window using applescripts
Am new to applescript. I want to access elements inside a dialog box/window. I tried following code.
tell application "System Events" set procs to processes set windowName to {} repeat with proc in procs try if exists (window 1 of proc) then repeat with w in windows of proc if w's name contains "App Name" then copy w's name to the end of windowName copy properties of w to the end of windowName end if end repeat end if end try -- ignore errors end repeat end tell return windowName
But am only able to get the 4 elements from window: 1.Close 2.Minimize 3.Maximize 4.window title
Nothing from inside the window/dilog.
Can any one help me with this pls?Hi,
Like this :
tell application "System Events"
tell process "App Name"
tell (first window) to if exists then return UI elements
end tell
end tell -
I current have a two server domain, both Windows 2008 R2 and fully updated. The two servers are on subnet 10.0.1.0 /24
- Windows 2008 R2 Server A: 10.0.1.1 (DC, GC, FSMO, DNS)
- Windows 2008 R2 Server B: 10.0.1.2 (DC, GC)
AD Domain: COMPANY.LOCAL
I have a second connected subnet, 192.168.1.0 /24) which is routed to the 10.0.1.0/24 subnet and I would like to install a Windows 2012 R2 server onto a server on that subnet and make it a domain controller with AD-Integrated DNS and DHCP for the 192.168.1.0
/24 subnet.
- Windows 2012 R2 Server C: 192.168.1.1
What are the proper progression steps, in order to bring up the Windows 2012 R2 server and then add it to my COMPANY.LOCAL domain and then promote it do a DC/GC/AD-Integrated DNS server? Are they anything like the following:
1. Install Windows 2012 R2 server (Server C)
2. Point Windows 2012 R2 server DNS servers at Server's A and B
3. Perform AD prep to extend AD schema to support Windows 2012 R2 domain controllers
4. Promote Windows 2012 R2 server to domain controller (install local DNS service on Server C, during this step)
* Question: Will Windows automatically create a DNS zone for the Windows 2012 R2 subnet (192.168.1.0/24) AND also include the DNS zone from the previous Windows 2008 R2 domain (10.0.1.0 /24)? Or will I need to add the 10.0.1.0 /24 zone to the DNS
server on Server C, even though the DNS from the Windows 2008 R2 domain is AD integrated?Hi,
Regarding the issue here, please take a look into below articles:
System Requirements and Installation Information for Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn303418.aspx
Release Notes: Important Issues in Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn387077.aspx
Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)
http://technet.microsoft.com/en-us/library/jj574134.aspx
Here is an example for promoting Windows Server 2012 to a DC, see:
Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
As the server is promoted to a DC, DNS Zones will be replicated and synchronized to it automatically whenever the new one is added to an AD DS domain, bascially there is no special need to add zones, for more information, please see:
Understanding Active Directory Domain Services Integration
http://technet.microsoft.com/en-us/library/cc726034.aspx
Hope this may help
Best regards
Michael
If you have any feedback on our support, please click
here.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Hi
Anyone knows whether Windows 2008 R2 domain controllers with Windows 2003 forest functional level will still be Supported after Windows 2003 support ends in July 2015 ?
ThanksWhen Windows Server 2003 support ends, you should not have a Windows Server 2003 Domain Controller running if you would like to be supported by Microsoft. This means that there will be no reason to have a DFL or FFL that is lower than Windows Server 2008.
So, if you are keeping Windows Server 2003 FFL to keep DCs running Windows Server 2003 then this is not supported.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile
Maybe you are looking for
-
[SOLVED] I screwed up my kernel hooks... I think
I upgraded to the newest kernel and when I rebooted... failure. Here's what did manage to printout when I tried: Console: switching to colour frame buffer device 128x48 fb0: VESA VGA frame buffer device Linux agpgart interface v0.103 Serial: 8250/165
-
Does anybody else have this problem? When i'm developing in Jdev 10.1.3, when I double click a JSP the ide hangs up ('till i kill the process), i eats all my memory (about 680 MB!!!, i have 1GB). I just want to edit a jsp why is this happening. It is
-
Export to Word format crashes IIS worker process
I'm using CR for VS 2005 in a Web application. While on development machine, everything is acting normal. I export the report to Word format without any problem. However, after deployment to test environment, CR starts to cause problems. When I try t
-
Hi! I tried to create database by Database Configuration Assistant. The result is "ORA-12560:TMS:protocol adapter error" on level "Creating database files". Please help me!! Oracle 8.1.7 Windows 2000 P-III
-
Ccess PHP files (.ctp) in with Dreamweaver
Need to access PHP files (.ctp) in with Dreamweaver and SEO attributes. For example, want to "Insert" Meta Keywords. The files I am accessing have those fields "greyed-out" they are not available. Is there a special setup in Dreamwever to access d