Using NTLM authentication on an internal ITS?

Similar Messages

• Issue using Flash IDE with Mac OS and Windows Web Service using NTLM authentication?

  I have an existing application that I developed on a Windows machine using CS5.  It uses a local intranet web service written in .NET using NTLM authentication.  The web service does multiple things such as read data from an SQL database, provide the user's username, and test for write/read access to a local company fileshare.  When my company upgraded, I went to a Mac with Flash CC which is great.  However, Mac's don't handle HTTP Authorization Challenge Blocks like Windows machines.  In Safari, Chrome, etc. it will pop up a little username and password box and proceed on without issue.  The issue is in Flash development.  When running the exact same application in Flash testing all script access fails with HTTP Status 401 errors.  I have searched the AS3 documentation, but the only thing built in to handle http challenge requests is in AIR not Flash.  The server admin's and I have tried all method's of cross domain policy files and access changes with no luck at all.  Does anyone have a solution to this issue?

  Did you check Apple Support Boot Camp article?
  iMac displays a black screen during installation of Windows 7
  http://www.apple.com/support/bootcamp/
  Installation Guide
  Instructions for all features and settings.
  Boot Camp FAQGet answers to commonly asked Boot Camp questions.
  Windows 7 FAQAnswers to commonly asked Windows 7 questions.

• Using NTLM authentication

  Hi,
  Is there a way to get domain logged user name using NTLM authentication into JSF page.
  Please provide any solution on this ?

  Hi,
  Using the below code u can get windows username,but when i use the same code struts framework is not calling setter methods, can anyone help me.
  <%
  String auth = request.getHeader("Authorization");
  if (auth == null) {
  response.setStatus(response.SC_UNAUTHORIZED);
  response.setHeader("WWW-Authenticate", "NTLM");
  return;
  if (auth.startsWith("NTLM ")) {
  byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
  int off = 0, length, offset;
  String s;
  if (msg[8] == 1) {
  off = 18;
  byte z = 0;
  byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',
  (byte)'S', (byte)'P', z,
  (byte)2, z, z, z, z, z, z, z,
  (byte)40, z, z, z, (byte)1, (byte)130, z, z,
  z, (byte)2, (byte)2, (byte)2, z, z, z, z, //
  z, z, z, z, z, z, z, z};
  response.setStatus(response.SC_UNAUTHORIZED);
  response.setHeader("WWW-Authenticate", "NTLM "
  + new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
  return;
  else if (msg[8] == 3) {
  off = 30;
  length = msg[off+17]*256 + msg[off+16];
  offset = msg[off+19]*256 + msg[off+18];
  s = new String(msg, offset, length);
  //out.println(s + " ");
  else
  return;
  length = msg[off+1]*256 + msg[off];
  offset = msg[off+3]*256 + msg[off+2];
  s = new String(msg, offset, length);
  //out.println(s + " ");
  length = msg[off+9]*256 + msg[off+8];
  offset = msg[off+11]*256 + msg[off+10];
  s = new String(msg, offset, length);
  out.println("Hello <span style='position:relative; width:190;"
  + " height:10;filter:glow(Color=#009966,Strength=1)'>");
  out.println(s + "</SPAN>");
  %>

• How to use Web Filters methodology  with Internal ITS with NW2004s

  ITS 6.2 will no longer be supported going forward with the upcoming NW2004s. Only internal ITS will be supported with 2004s. However, since PAS APIs are not available with Internal ITS, Can any one give some clue on how we can use the Web Filters methodology for use with Internal ITS with 2004s.

  A long time ago, but yesterday i have had time to try again to setup the MacMini server properly. But no luck.
  sudo changeip -checkhostname
  gives me:
  Primary address          = 192.168.1.** (i don't know it's save enough to put this IP complete on the net)
  Current HostName      = server.beeldenstorm.be
  The DNS hostname is not available, please repair DNS and re-run this tool.
  dirserv:success           = "success"
  So their is something wrong. But how to repair the DNS?
  MacMini server is working properly on our local network, but outside not. I have done the port forwarding.
  Another problem is that i have read that for the server to work properly we have to use fix IP address.
  So, that's what i am doing. But in that way their is no internet connection at all.
  So, no updates and ... .
  Lookup and Ping test, outside our local network:
  http://beeldenstorm.be/doc/lookup-and-ping.pdf
  Why is this so irritating and are there soo many problems on forums?
  I know: because most of us are not network/server specialists.
  But Apple sells this server app like a app for everybody, easy to install?
  Thanks for help.

• InfoPath form failed to use NTLM authentication to load data - Invalid authorization specification

  I knew this might be discussed in other places but I've searched over the web but still do not have a clue how to fix my issue.
  I am using SharePoint 2010 and I created an InfoPath form that reads data from a database using data connection file (udcx). As explained in many other articles, I've set up my secure store correctly and created an application called 'InvestmentOperationAccess'
  with a windows service account and then export the udcx file and enabled the <udc:Authentication> tag  as flowing:
  <udc:Authentication><udc:SSO AppId='InvestmentOperationAccess' CredentialType='NTLM' /></udc:Authentication>
  Then I upload this file back to the data connection library and approved. But when I try to load the form in web broswer, I received the following error:
  05/15/2013 14:40:15.09 w3wp.exe (0x0C94) 0x263C InfoPath Forms Services Runtime - Data Connections eq8l Warning The following query failed: EntityMatrixView (User:
  xxxxx\xxx, Form Name: Template, IP: , Connection Target: , Request:xxxxxxxxx(URL of the list) Form ID: urn:schemas-microsoft-com:office:infopath:list:-AutoGen-2013-05-14T23:32:41:604Z
  Type: DataAdapterException, Exception Message: The form cannot connect to the data source. Invalid authorization specification
  In the meantime, I used SQL profile try to capture the credential it is used by nothing was passed to that SQL box.
  Then I created another application in my secure store with SQL login account and modify my udcx file to be 
  <udc:Authentication><udc:SSO AppId='InvestmentOperationSQLAccess' CredentialType='SQL' /></udc:Authentication>
  This time when I load the form, everything worked and in SQL profile I can see it is reading data using the SQL account I specified in secure store.
  In a nutshell, it is working with SQL authentication type but not NTLM, anyone could help me with that?

  Same problem here. Anyone has a solution for that?
  It seems one cannot use windows accounts with secure store and database access for info path data sources ...

• NTLM authentication fails to connect using webdav on osX

  We are having problems in our organization getting our macs connected via webdav using NTLM authentication.
  Our structure is as follows:
  Netapp/IBM nSeries gateway/filer model n6040 which is our FTP/CIFS/Webdav host.
  Windows Server 2008 R2 Domain Controller with Active Directory
  Windows 7, Mac osX clients (various versions).
  From the windows side, we are able to connect to our filer via FTP, CIFS, and http/Webdav after we authenticate using our AD credentials.  From the Mac side, we can authenticate and connect to our filer using FTP, CIFS (using Connect to Server "smb://ourfiler.com") and through a browser using the address of http://ourfiler.com.  This type of connection using webdav works with Firefox but not using Safari or Chrome but isn't adequate enough for our users since the browser based connection is read only.  However, when we try to Connect to Server via webdav using our server address of http://ourfiler.com:80, we never get past the "Enter your name and password for the server "ourfiler.com." 
  We tried a third party webdav client on our macs: Cyberduck, which also fails to connect using webdav.   We also tried a separate linux client and were able to connect without any problems.
  Since authetication for webdav works on windows and linux, we're thinking there is problem with osX itself.  Has anyone else had this problem or can anyone suggest any workarounds/solutions?

  Sorry for the late replies gentleman... for some reason I didn't get email alerts when you guys posted....
  Anyways, yes the DC is on a different subnet and no we don't have WINS.  The way I understand it is the client will contact the master browser in it's local subnet... all the master browsers in all other subnets contacts the Domain master browser ...
  and they share the server list this way... I mean it's a little more complicated than that....well to me at least...
  Can you try resolving the short name with the domain controller being on another subnet and you having a different master browser in your client subnet?
  What is the process the client goes thru when looking up Domain netbios name?  LIke for DNS, it's straight forward... the client looks at DNS server, then for the SRV records for the Site the client is in and get's domain controller.......   How
  does this work for netbios domain name?  There is NO WINS in the environment.
  Chau

• Oracle Single Sign-On: Use NTLM inside LAN

  hi,
  i want to configure oracle single sign-on to use NTLM authentication when accessing a protected resource from the LAN (specific IP-range). when a user is accessing a protected resource from the internet it should still show up the login-page.
  how can i achieve that?
  regards,
  matthias

  Hi Darsh,
  1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
  2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
  3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
  4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
  5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
  HTH.
  Ghassan

• Event ID 6038 LsaSrv NTLM authentication warning

  Searching the internets we haven't found any other references to this particular Event ID Warning message. 
  It's likely new in Windows Server 2012, we are part of an Active Directory that is at Forest Functional Level:
   Windows Server 2008, but out Child Domain is at Domain Functional Level:
   Windows Server 2012 (3 Domain Controllers in our Child Domain). 
  Clicking on the URL in the Description of the Event ID just link to a ‘Windows Server Future Resources’ placeholder page. 
  The full Event ID is pasted in below.
  We would like to know how to complete these checks, and if possible, raise our NTLM Authentication to Kerberos. 
  How are these tasks accomplished on Windows Server 2012 Domain Controllers? 
  Thanks in advance for any help! 
  Log Name:      System
  Source:        LsaSrv
  Date:         
  12/27/2012 6:00:01 PM
  Event ID:      6038
  Task Category: None
  Level:        
  Warning
  Keywords:      Classic
  User:         
  N/A
  Computer:      <server
  FQDN>
  Description:
  Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
  NTLM is a weaker authentication mechanism. Please check: 
        Which applications are using NTLM authentication?
        Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
        If NTLM must be supported, is Extended Protection configured? 
  Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.

  Thank you for your reply, your links above address Kerberos vs. NTLM specifically for IIS.
  I did more digging and found this TechNet link that deals with Kerberos vs. NTLM for Domain Controllers. 
  It looks to be the best/only article I can find from Microsoft on how to audit NTLM usage, and eventually get to the point of using the group policy settings - Network Security: Restrict NTLM. 
  So until they update/activate the URL in the 6038 Event ID description to something better/more concise, this TechNet link will have to do: 
  Auditing and restricting NTLM usage guide
  http://technet.microsoft.com/en-us/library/jj865674(v=ws.10).aspx
  Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
  This guide for the IT professional introduces the steps required to reduce NTLM usage in your environment by using available tools and the restrict NTLM audit and blocking policies, which were introduced in the Windows Server 2008 R2 and Windows 7 operating
  systems.
  With the advent of more secure authentication protocols, such as Kerberos, industry requests for the ability to better manage the NTLM protocol in their environments have increased. Reducing the usage of the NTLM protocol in an IT environment requires both
  the knowledge of deployed application requirements on NTLM and the strategies and steps necessary to configure computing environments to use other protocols. New tools and settings have been added to help you discover how NTLM is used in order to selectively
  restrict NTLM traffic.
  This guide only addresses how to collect and analyze events by using functionality found in the Windows operating environment.

• NTLM Authentication in the Outlook Anywhere

  I use Exchange Server 2007 sp1 RollUp 6 installed on Windows Server 2008. I need to use Outlook Anywhere from non-domain computers. I test Outlook Anywhere with Basic and NTLM Authentication and all works fine. But when I use NTLM authentucation, Outlook promt user credential every time when it start, even "remember password" was checked. The login and password are remembered in the network password of user, but Outlook prompt password again and again, when it starts. Exchange published by 443 port directly (without any listeners)!
  When I connect by VPN, and use TCP/IP connection to the server, Outlook remeber password withoun any problems, and did not ask password again.
  get-OutlookAnywhere:
  ServerName                 : SRVEXCH2
  SSLOffloading              : False
  ExternalHostname           : mail.my_domain.ru
  ClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods   : {Ntlm}
  MetabasePath               : IIS://srvexch2.net.local/W3SVC/1/ROOT/Rpc
  Path                       : C:\Windows\System32\RpcProxy
  Server                     : SRVEXCH2
  AdminDisplayName           :
  ExchangeVersion            : 0.1 (8.0.535.0)
  Name                       : srvexch2
  DistinguishedName          : CN=srvexch2,CN=HTTP,CN=Protocols,CN=SRVEXCH2,CN=Servers,CN=Exchange Administrative Group (
                               FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=S
                               ervices,CN=Configuration,DC=net,DC=local
  Identity                   : SRVEXCH2\srvexch2
  Guid                       : 2c24f11b-852c-4948-b236-3f37d071d500
  ObjectCategory             : net.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                : 18.02.2009 14:17:55
  WhenCreated                : 17.02.2009 14:53:36
  OriginatingServer          : dc1.net.local
  IsValid                    : True
  I have tried this cases, but they have not helped for this issue:
  1) Disable kernel mode authentication with this command: %systemroot%\system32\inetsrv\AppCmd.exe set config /section:system.webServer/security/authentication/windowsAuthentication /useKernelMode:false, I  also have unchecked Kernel mode authentication in the properties of Windows Authentication for Default Web site, \Rpc and \Autodiscovery virtual directories.
  2) Modify this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa lmcompatibilitylevel=3 and 2.
  3) Set NTLM instead of Kerberos on the security tab in the properties of Outlook.
  4) Install domain controller and global catalog roles on the Exchange Server.
  Somebody have any solution for this issue? May be Outlook Anywhere and NTLM do not work at all?

  Have you also seen this:
  You must provide Windows account credentials when you connect to Exchange Server 2003 by using the Outlook 2003 RPC over HTTP feature
  http://support.microsoft.com/kb/820281
  1.
  Click
  Start,
  click Run,
  type regedit in the Open
  box, and then press ENTER.
  2.
  Locate
  and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
  3.
  In
  the right pane, double-click lmcompatibilitylevel.
  4.
  In
  the Value data
  box, type a value of 2 or 3 that is appropriate for your environment, and
  then click OK.
  5.
  Quit
  Registry Editor.
  6.
  Restart
  your computer.
  LmCompatibilityLevel
  settings
  The
  LmCompatibilityLevel registry entry can be configured with the following
  values:
  LmCompatibilityLevel
  value of 0:
  Send LAN Manager (LM) response and NTLM response; never use NTLM version 2
  (NTLMv2) session security. Clients use LM and NTLM authentication, and
  never use NTLMv2 session security; domain controllers accept LM, NTLM, and
  NTLMv2 authentication.
  LmCompatibilityLevel
  value of 1:
  Use NTLMv2 session security, if negotiated. Clients use LM and NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers accept LM, NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 2:
  Send NTLM response only. Clients use only NTLM authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 3:
  Send NTLMv2 response only. Clients use NTLMv2 authentication, and use NTLMv2
  session security if the server supports it; domain controllers accept LM,
  NTLM, and NTLMv2 authentication.
  LmCompatibilityLevel
  value of 4:
  (Server Only) - Domain controllers refuse LM responses. Clients use NTLM
  authentication, and use NTLMv2 session security if the server supports it;
  domain controllers refuse LM authentication, and accept NTLM and NTLMv2
  authentication.
  LmCompatibilityLevel
  value of 5:
  (Server Only) - Domain controllers refuse LM and NTLM responses, and accept
  only NTLMv2 responses. Clients use NTLMv2 authentication, use NTLMv2
  session security if the server supports it; domain controllers refuse NTLM
  and LM authentication, and accept only NTLMv2 authentication.
  Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator

• Deep Linking and NTLM Authentication

  I have an app that uses NTLM Authentication. When I try to pass a parameter from a link in an email, the deep link page opens but the parameter doesn't get set. When i change the Authentication to 'Application Express', the parameter gets set. Is there a work-around for this?

  Scott,
  Thanks for your reply.
  You can see the app here;
  http://apex.oracle.com/pls/otn/f?p=48061
  Username = dev
  PSW = dev
  I want to bring up a specific employee from an email link like this;
  http://apex.oracle.com/pls/otn/f?p=48061:4:::::P4_EMPNO:7839
  The deep link and parameters work fine when I use 'Application Express' authentication.
  When I use NTLM authentication, P4_EMPNO never gets set.
  To see the code go into;
  workspace = danmar
  Username = dev
  PSW = dev
  Thanks for your help.
  Bob

• Setting up NTLM authentication

  Hi,
  I have a j2ee component deployed, I want to use NTLM authentication for logon,
  can some one explain how to Configure NTLM and use it.
  Regards
  Abhijith YS

  Hi
  It Requires some NTLM Proxy modules which contains iisproxy.xml and other files which sap is no longer providing, so I dont think this method can be used.
  Regards
  Abhijith YS

• Anyconnect - NTLM authentication on internal website

  Hi..
  I'm setting up a portal on the ASA - and I need the users to access an internal site with NTLM authentication.
  They all share the same password - but we need it to be single sign on.
  I can't get it working with the post codes..
  I have looking with live http headers in Firefox - but no help.
  Any hints???
  Best regards
  Tue

  Hi Jesper,
  the ~HTTP_REMOTE_USER was set by the NTLM PAS module. PAS is an proprietary addon for ITS 6.20 provided by SAP to allow external authentication via PAS modules. With Netweaver 2004 the integrated ITS no longer has anything to do with authentication. This is done by the webAS. WebAs does not support PAS but provide a similar technique call JAAS (Java Authentication and Authorization Service) which other than SAP PAS is a industrial standard. SAP Note 858138 points to SAP documentation, Teched Sessions and e-learning. I would suggest that you use this note as a starting point. I assume there is a NTLM JAAS module available but have no further information about it. Maybe this module passes the user ID to the called service.
  Best regards,
  Klaus

• Prerequisites for Using Windows NTLM Authentication

  Hi,
  One of the prerequisites for using Windows NTLM Authentication, mentioned on help.sap.com documentation, is:
  - The user’s Web browser must be a Microsoft Internet Explorer
  This means that users not using Internet Explorer can’t authenticate using other web browser (Firefox and Netscape).
  In PAM, SAP says that web browser based on mozzila 1.7.x is also supported, and from this version on, Firefox and Netscape, both, support NTLM.
  NTLM Authentication in portal, still be supported with IE web browser?
  Thanks and Regards,
  Paul

  Hi Paul,
  I suspect that although it may not be officially supported, it will work.  The main thing is that a frontend web server perform the NTLM authentication and pass the header variable back to the J2EE engine.  By the time the header gets back to the J2EE engine, I dont think the portal has any idea how the header REMOTE_USER was generated, just that it was.
  Not positive though, as I havent tested the scenario you describe below..just thought I'd throw in my two cents.
  Marty

• Public-facing on-premises SharePoint with NTLM authentication

  I've been searching for authentication best practices for public-facing SharePoint site but I didn't find any useful resources on the issue that is troubling me.
  Assume I set up a web application with Classic NTLM authentication. On that web application I enable
  Anonymous access. This means that users inside organization's network will be able to authenticate (actually use SSO) using organization's DC. They will be able to access and administer all content. All other anonymous users will be able to see
  published content only i.e. content which is permitted to anonymous users.
  My question is: Is this kind of setup a security issue because if a potential attacker hacks a WFE then he has direct access to DC?
  Is FBA maybe a better solution for public-facing sites? Or maybe use NTLM, but create a separate domain with one-way trust to organization's domain?

  There are many variations you can take with this - and really you need to consider more than just your content. For true separation:
  I would have a dedicated DC to manage service accounts.
  I would break up my DMZ behind firewall contexts with a reverse proxy publishing SharePoint at the edge.
  proxy/firewall -- SP Server -- Firewall -- SQL/DC
  For true separation you don't want to share any underlying infrastructure with internal either, although in reality logical separation is usually enough.
  Now you have to deal with internal user authentication and how to handle that. The first thing is I would have at minimum two webs available, your primary for editing and the extended version for public access.
  While a one way trust would work - you still do expose user info out to the public which you may not want. With this configuration you could configure people picker to only select from a particular OU to minimize this.
  Another option however is to look at using ADFS between your domains and create the trust there. You would have to configure the farm for claims auth to make this work, but this would eliminate the possibility of probing all the users in AD or the OU you expose.
  With the ADFS method when you update documents you user name is still tagged to content - however if you don't populate the user profiles this will be the only information available about any internal user.
  You may even want to go a step further and when you extend the public site, use forms authentication but don't provide any users. Then there is no authenticated access from the public URL. And with ADFS/Reverse Proxy may you even be able to configure some pre
  authentication for your internal users before they can even reach the internal SharePoint pages.
  I would strongly consider moving to SharePoint 2013 and looking at the cross site publishing (2010 and below have the content publishing - but stay away from that, when it works it's great, but when it doesn't it's a PITA to get back in sync). with cross site
  publishing you have an editing site and the publishing site pulls from the Search index and the permissions are completely separate.

• NTLM Authentication with a domain controller/active directory

  Hi,
  I have a requirement to do an NTLM authentication with the MS active directory.
  I am aware that JNDI doesn't support this protocol to communicate with the AD.
  I have looked into couple of online solutions available but that doesn't seem to meet my requirement. Most of the solutions like (Apache commons NTLMScheme/NTCredentials and java.net.Authenticator etc...) are used for only NTLM proxy authentication (where both username, password is sent to the proxy server which does the actual NTLM authentication with the Active Directory.)
  What I need is a solution in Java where I can directly contact Active directory for negotiation of challenge/response mechanism.
  Can any of you guys suggest any alternative to achieve this ?

  it really depends to be honest. I'd probably go something like this though:
  One Small physical server to act as a domain controller - you could put DHCP on this too
  One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined. 
  Then for your VM's create the following:
  1 x additional domain controller
  For remote desktop services:
  1 x Remote Desktop Session Host
  1 x Connection Broker
  1 x Gateway and web server
  For additional services
  1 or 2 x Exchange
  1 x sharepoint
  1 x IIS
  but it really depends what you want to achieve. 
  The benefit from Virtual machines is that you can keep separate virtual servers for separate applications. 
  If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance. 
  Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated. 
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn: