( - or: How can I add [Active Directory] user accounts into some? clients’ local Administrators group without touching each client?)
This article describes the feature “Restricted Groups” in Group Policy. This feature enables you - as the administrator - to configure group memberships on the client computers or member servers. You can add user accounts to groups on client machines that are in the scope of the policy.
As there are many questions about this in the newsgroups, I will come up with an example that shows how to put a group of Active Directory users into the local Administrators group on the clients.
For this article, I assume that you already created a global security group containing all users that shall become local Administrators on some client computers. In my example, the group is called “localAdmins”. The target (= client) computers reside in a specific OU.
If you’re using the Group Policy Editor, you navigate to the OU where the client computers reside and right-click it. Choose “Properties” and “Group Policy” where you create a new Policy and click “Edit”. You then navigate to:
CompConf\Windows Settings\Security Settings\ and then right-click “Restricted Groups” and choose “Add Group”.
You simply add the created group by clicking “Browse..” or typing the group name into the box.
After clicking “OK”, another beautiful window opens up, where you can find two boxes. The upper box, saying “Members of this group”, the lower one saying “This group is a member of”.
If you added users or groups into the “Members of this group” box, you would advise the Restricted Groups feature to put the users and groups you selected into the localAdmins group. Restricted Groups would then replace the current members of the localAdmins group with the users and groups you filled into the box. Please recognize my words, it would replace them - just wipe existing users out of the localAdmins group.
As we do not want to add users or other groups to our group, but add our localAdmins group the local Administrators group on our clients, we have a look at the lower box - labeled “This group is member of”. We click “Add” and type in the name of the group, we want localAdmins to be member of. In this case, it “Administrators”. We then simply click “OK” and “Apply” and close all windows. “This group is member of” advices “Restricted Groups” to add our localAdmins group into the “Administrators” group of the clients. The existing group members will not be touched - it simply adds our group.
Notes
A few quick notes on compiling your own DRBD RPM for XenServer 6.0
1. Download the latest XenServer DDK ISO - Available from Citrix.com2. Mount or Extract the ISO - Import into XenServer as a VM3. Make sure you add a network connection4. SSH onto the VMYou need to install gcc and libxslt to compile DRBD> yum --enablerepo=base -y install gcc libxml2.i386 libxslt.i386> mkdir drbd> cd drbd> wget http://oss.linbit.com/drbd/8.4/drbd-8.4.1.tar.gz> tar -xvf drbd-8.4.1.tar.gz> cd drbd-8.4.1.tar.gz> ./configure> make km-rpm> make rpmRPM file are created in /usr/src/redhat/RPMS/i386/You need,drbd-km-2.6.32.12_0.7.1.xs6.0.0.529.170661xen-8.4.1-1.i386.rpmTo reset a Cisco router to factory default (removing the startup configuration file), perform these steps:
1. To erase the configuration file, issue the erase nvram: command. Reload the router by issuing the reload command. 2. If this does not solve the problem, attempt to break into ROM Monitor (ROMmon) by issuing the break sequence (usually Ctrl and break from the Hyperterminal) from a console connection.
Refer to:
Cisco Standard Break Key Combinations
You should see this ROMmon prompt:
3. Change the configure register value to ignore the startup configuration by issuing the confreg command, as shown in this example:rommon 1>
4. To reload the router, issue the reset command, as shown in this example:rommon 2> confreg 0x2142
5. After the router boots, issue the enable command at the Router > prompt.rommon 3> reset
The prompt changes to Router#, indicating that the router is now in privileged mode.
6. To enter config mode, issue the config terminal command.You should now see a Router(config)# prompt.
7. To change the configure register to recognize the startup configuration, issue the config-register command, as shown in this example:Router (config)# config-register 0x2102
To break out of configuration mode, press Cntl and Z.
To save the blank configuration, issue the copy-running config-startup config command.
notes
A session with Apple's telephone support came up with a solution. My wife hard established an iCloud account but had no signed in. Once she did so, the "plus" sign returned, she could add events by tapping +, double-tapping a date, and by using Siri.
Notes
If the Remote Procedure Call (RPC) service is not listed as a dependency for your Print Spooler Service, you need to inform XP that the Print Spooler service depends on the RPC service.Click Start, Run and in the box enter (including the important space after the equals sign):
sc config spooler depend= RPCSS
Click OK to assign the RPC service to the Print Spooler service, then be sure the RPC Service is running and start your Print Spooler Service.
Notes
Could Not Get Lock /var/lib/apt/lists/lock
Problem:Solution:
When i try to update software packages in Ubuntu i get following error
- E: Could Not Get Lock /var/lib/apt/lists/lock
Run Terminal and type these commands
- sudo rm /var/lib/apt/lists/lock
- sudo apt-get clean
- sudo apt-get update
Notes
Cisco PIX/ASA Causes SMTP Banner Corruption
Traffic inspection rules on a Cisco PIX or ASA firewall will sometimes cause the SMTP banner to appear corrupted.
When testing access to your mail server from outside, you may notice that the SMTP banner looks like this:
This is just a symptom of the problem, which is that the SMTP traffic inspection rule is interfering with the SMTP data stream. Another symptom would be to see email messages destined for this server seemingly stuck in the SMTP queue on a server outside the network. This can ultimately cause delayed and undeliverable mail, especially for larger messages, such as those with attachments.
The resolution for this problem is to disable the traffic inspection rule for SMTP/ESMTP on the Cisco PIX or ASA firewall.
On a PIX, this can be done from the command-line using the “no fixup protocol SMTP 25” command. It can also be disabled from the PIX Device Manager (PDM).
On an ASA, it’s a little different. From the command line (assuming your policy map is named “global_policy” and your class is named “inspection_default”):
CiscoASA(config)#policy-map global_policy
CiscoASA(config-pmap)#class inspection_default
CiscoASA(config-pmap-c)#no inspect esmtpFrom the Adaptive Security Device Manager (ASDM):
1. Go to Security Policy –> Open the inspection rule:
2. Go to the Rule Actions tab and uncheck the box next to ‘ESMTP’
3. Test from outside the PIX/ASA again by telnetting to port 25; your SMTP banner should now look like this (I have masked the name of the server for privacy).
That’s it. I have made it standard practice to just disable this inspection rule on all Cisco ASA firewalls that I deploy to avoid problems.
Notes
