“SetACL.exe -on “\\computer\W32Time” -ot srv -actn ace -ace “n:domain\user;p:full”” bilgisayarında w32time servisine kullanıcısıya full yetki verilmiştir.Kullanıcının masautune bir batch file yapılarak bu servisi stop start etmek imkanı verilebilir. Aynı işlemi subinacl aracı kullanılarakta yapılabilir. “subinacl /service \\computer\W32Time /GRANT=domain\user=F
Category Archive: Active Directory
May
10
Prevent users saving files on desktop – Kullanıcıların masa üstüne yazmalarını engellemek
“Computer Configuration | Windows Settings | Security Settings | File System” Add file : %UserProfile%\Desktop Security’den kullanıcı yada gruba read-only yetki vermek yeterli olacakdır.
May
10
Unlock a Domain User Account vbs script
Set objUser = GetObject _ (”LDAP://CN=user3,OU=ocsusers,DC=caocs,DC=local“) objUser.IsAccountLocked = False objUser.SetInfo
May
08
NTDS performance counters missing
Thought I’d doc this for any others who run into this issue. I had to demote/promote a machine this morning and when it finished promoting I found it was missing all the NTDS\* counters in perfmon. I ran LODCTR /Q and saw that it looked wrong: C:\Windows\system32>lodctr /q:NTDS Performance Counter ID Queries [PERFLIB]: Base Index: …
Apr
15
Apr
14
Create a Saved Query that Displays Group Members
* Use ADSIEdit.msc (in the Windows Support Tools) and navigate to the group * View the properties of the group to reveal the distinguishedName attribute value and copy it to the clipboard (shown above) * Open ADUC, right-click Saved Queries and select New query * Enter a name for your query, “Accounting Group Members” * …
