Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«31 »
  • Locked thread
BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Zedlic posted:

I'm using WEP-PSK right now but I could switch to WPA if necessary. I actually tried setting up a GPO for only the laptops telling them to connect to the AP using WPA-PSK but it didn't give me the option of specifying the key itself. Maybe I'm missing something.

Do you know what hoops I need to jump through to fix this?

I've never had to do it personally, but if you look under Computer Config, Windows Settings, Security Settings, Wireless Network (IEEE 802.11) Policies you should see what you need:



Then you need to jump through a few hoops with importing a certificate on the clients (which you can also do through policy) which will supply the access key. Or maybe this is a situation where you should be using straight WPA2 and using LDAP for authentication, maybe with the computer system account credentials. Again, this isn't something I have had to do personally.

BangersInMyKnickers fucked around with this message at Mar 3, 2009 around 16:21

Adbot
ADBOT LOVES YOU

Zedlic
Mar 10, 2005

Ask me about being too much of a sperging idiot to understand what resisting arrest means.

BangersInMyKnickers posted:

I've never had to do it personally, but if you look under Computer Config, Windows Settings, Security Settings, Wireless Network (IEEE 802.11) Policies you should see what you need:



Then you need to jump through a few hoops with importing a certificate on the clients (which you can also do through policy) which will supply the access key. Or maybe this is a situation where you should be using straight WPA2 and using LDAP for authentication, maybe with the computer system account credentials. Again, this isn't something I have had to do personally.

I took the easy way out by plugging "net use x: //server/share" into a login script for all users. Apparently that's executed a bit later than drive map GPO's, so it worked.

ozmunkeh
Feb 28, 2008

hey guys what is happening in this thread


I only have XP clients on a 2003 domain so don't know if this is different in 2008 with Vista/7 clients. Whenever I have a wireless laptop acting funny with login scripts or Group Policy the thing that normally fixes it is this:

http://support.microsoft.com/kb/840669/en-us

quote:

Creating a Group Policy network start timeout policy
The GpNetworkStartTimeoutPolicyValue policy timeout can be specified in the registry in two locations:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon
* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

You can do this by adding a DWORD value of GpNetworkStartTimeoutPolicyValue with a number of seconds between 30 and 600.

Windows reads the Winlogon subkey first. Then, Windows reads the Policies subkey. The value in the Policies subkey supersedes any value in the Winlogon subkey. There is no user interface that you can use to set this Group Policy object (GPO). Therefore, you have to deploy a custom ADM file in order to set the GPO.

The value specified should be of sufficient duration to make sure that the connection is made. During the timeout period, Windows examines the connection status every two seconds and continues with system startup as soon as the connection is confirmed. Therefore, setting the value larger than the minimum value of 30 is recommended. However, be advised that if the system is legitimately disconnected, Windows will stall for the whole timeout period.

Note Examples of the system being legitimately disconnected include the network cable being disconnected or if the server is offline.

Mierdaan
Sep 14, 2004



Pillbug

ozmunkeh posted:

GpNetworkStartTimeoutPolicyValue

Hmm, interesting timing. I was just coming in here to post a question about GPO-created drive preferences. I just switched our users over to having them created this way instead of via the old logon script method, and we're having sporadic complaints of "I logged in but I have no drives mapped" from end users.

A logoff/logon, or a reboot tends to fix it, so I know it's no problem with the GPO itself, and no events are logged in the client's event log to indicate why the drive mappings aren't created... they just silently fail for reasons I don't understand. These aren't wireless clients, they're hardwired and don't really have any problems contacting either of our two DCs, so I'm a bit unsure about what to check as I'm not a Group Policy wizard.

Any thoughts? Is the KB ozmunkeh linked a good option to start with?

Bruegels Fuckbooks
Sep 14, 2004

Now, listen - I know the two of you are very different from each other in a lot of ways, but you have to understand that as far as Grandpa's concerned, you're both pieces of shit! Yeah. I can prove it mathematically.

I'm writing a script that captures environment information (e.g. windows update history, video adapter information, the like) using WMI over the network. I can't figure out how to get resolution and bit-depth information from dual-headed video-cards - I can only get the resolution, etc from the first monitor, not its sibling. I've tried win32_desktopmonitor, CMI_videocontroller, etc... pretty much a lot of bullshit. I'm inclined to think it cannot be done - I tried having processmonitor open and changing the resolution of a monitor and apparently within that timeframe Windows accessed the registry 50,000 times, and the information is stored in incredibly retarded ways (current control set doesn't tell me what loving monitor goes with what resolution or what video card), and the only reliable way I've found even of counting how many monitors are attached is querying Win32_PNPDevice for everything that starts with display, but I can't figure out how to associate resolution settings with PnP device id.

I would appreciate being able to find this information out using some dos command but since this script will be used remotely and I can't install new software on the machines I'm pretty much limited to WMI, even though it seems inadequate for this particular task.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



I know you can query the data from HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Control\Video\{BLAHRGH some stupid SID BLARGH}\0000 and 0001, but the trick will be querying for the active display adapter SID and resolving that. Not exactly sure about a direct WMI call that will give you the info.

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

BangersInMyKnickers posted:

Ideally you would want to make a WMI filter that only applies if it does not see the Symantec Antivirus program installed on a system. Unfortunately at this point we hit a limitation with WMI filters that makes life difficult: WMI filters cannot be used to detect the absence of something and return a true value to the filter falls within scope. For this kind of thing you will need to revert to a batch script that runs a reg query that looks for the indicator key and then catch the error level and execute the rest of the batch file from there, either by doing file manipulation, registry merges, or msiexec commands. Hopefully in future iteration of group policy you can customize a WMI filter to fall within scope on your choice of a true or false return instead of just true, but at this point the flexibility isn't there.
Here's how I got around this just recently.

Why I needed a negative result:

We have typically been using Office 2003 Basic edition on our computers. This is Outlook, Word, and Excel. More people need to view Powerpoint presentations than need to create them, so I had the (free) PowerPoint Viewer 2007 being pushed out to everyone. I also had the Office 2007 Compatibility Pack being pushed out to everyone, which allows them to view Office 2007 files in Office 2003.

We don't do upgrades here all at one time. What happens is that basically someone's needs change and their existing old machine can't do what they need to do effectively anymore, so our upgrades are piecemeal. As I get new machines, I get Office 2007 for them. On a recent one I noticed that Windows update had service packs for the compatibility pack and the viewer (which were both installed despite Office 2007 Standard, which includes Powerpoint, being installed). Now I wouldn't have cared since it didn't negatively affect things, even though it was redundant, but for some reason the service packs wouldn't install, and so it was always prompting for updates.

I wanted a way to have group policy NOT install these components if they weren't necessary. The compatibility pack shouldn't be installed if Office 2007 is installed (in my case, this means if Word 2007 and Excel 2007 are installed) and the Powerpoint viewer shouldn't be installed if Powerpoint 2007 is installed (but it should be installed if Office 2007 Basic was installed, or any other non-Powerpoint 2007 parts of office).

The solution:

I created a policy called NegativeValues. This policy will assign values on the machine that I can then check for in WMI filters for installing software. I'm not using a separate policy for each value because I am not using a WMI filter on the policy itself, I'm using item-level filtering within the policy.

Originally I was setting registry values, but then I found out that querying the registry through WMI is a pain in the rear end, so now I'm setting environment variables instead.

Computer Configuration -> Preferences -> Windows Settings -> Environment

These are easily queryable from WMI and don't take forever to process. I use the Replace action so that if the result of the item level targeting changes, the variable will be deleted (in theory; I have not tested this). I have it creating environment variables named NegativeValues_whatever but the name doesn't matter since you need to specify it in your WMI filter. You might want to make it something you and your other admins will recognize if you happen to be looking in the environment variables on any given system. The value doesn't matter because you're only really going to be checking for its existence. I just used 1.

On the common tab, you'll see a check box for item level targeting. Check that, click the targeting button, and then new item. Your choices here are a lot better than you can do with WMI alone, in my opinion, especially since you can use [multiple] WMI queries here if you want. In addition, you can negate any of these by changing it to IS NOT in the item options.

For my purposes, I did come up with a WMI query that could tell if an individual office component was installed, but it took about 10 minutes to run with the CPU maxed on a newer dual core machine (only uses one core though), so it really wasn't viable. I found it a lot to easier to just check for the existence (actually the lack of, using IS NOT) of the registry keys (HKLM\Software\Microsoft\Office\12\[Word|Excel|Powerpoint]) and it runs really fast.

Then I created a WMI filter, like Powerpoint2007Missing which consists of the following query:
code:
SELECT * FROM Win32_Environment WHERE Name = 'NegativeValues_Powerpoint2007'
and I apply that to the policy that installs Powerpoint Viewer 2007.

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

Is anyone having a problem with drive maps in Vista? I have a few Vista machines here where the drive mapping policy is not working. It works on all of the XP machines, it works on some of the Vista machines, but not others. It works on my machine, but I don't think it's a problem of access rights because when I log onto to one of the affected machines with my credentials, it still doesn't work.

The odd thing is, I've looked through the event log and I can't find any errors. I've run the results and I see no problems; as far as I can the policy is definitely being applied, but I have no errors at all. I'm stumped.

Mierdaan
Sep 14, 2004



Pillbug

Are you using the new Vista/Server2008 Group Policy Preference Objects, or old-school logon scripts? If the former, and the Vista computers have UAC turned on, you'll need to follow this KB to make it work.

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

Mierdaan posted:

Are you using the new Vista/Server2008 Group Policy Preference Objects, or old-school logon scripts? If the former, and the Vista computers have UAC turned on, you'll need to follow this KB to make it work.
I am using the preference object, UAC is on, and I've tried that solution. On my machine, UAC is turned on, but the registry entry doesn't exist and the policy works fine. On the other machines, UAC is turned on, and I tried to add that registry entry and it made no difference; still doesn't work.

Mierdaan
Sep 14, 2004



Pillbug

Same behavior for all users? Does local admin vs not make any difference?

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

Mierdaan posted:

Same behavior for all users? Does local admin vs not make any difference?
My user is a domain admin (domain admins by default are in local admins) and it seems not to make any difference. I haven't tried logging on a normal domain user to my workstation, but my user logging in to an affected one doesn't make any difference. I found out my printer preferences stopped working altogether, and I had them in the same policy as the drive settings so I separated them out but it too made no difference.

Here's some new info: the other machine I thought was affected is a laptop, and I just realized he wasn't on a wire. When I had him reboot connected via wire it worked fine.

So I think at the moment I'm down to this one machine. It's brand new (refurbed, but a new installation). I even took it off the domain and put it back on. I've tried gpupdate, both /force and /sync (over and over).

Mierdaan
Sep 14, 2004



Pillbug

Are you using 802.1x authentication on the wireless network? My google-fu is failing me right now but I seem to remember that the delay involved there can cause GP processing to fail over a wireless connection.

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

The laptop turned out not to be affected. The one that is is a desktop and is wired only; sorry for the confusion.

Model Camper
Feb 12, 2008

Just 'cause you got a rocking horse don't mean you can rock.

I'm trying to use the new RSAT Group Policy options on my domain and I noticed that those updates have been pushed out to some machines but not others. (All of our clients are Win XP, but I'm running the RSAT tools on a Vista machine.) I checked our WSUS server because I could've sworn that I had set the Client Side Extensions update to install on all our client machines.

Unfortunately, a large number of machines are reporting the update as Not Applicable. Is there any way to override that NA setting in WSUS to ensure that KB943729 is installed on all machines?

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Model Camper posted:

I'm trying to use the new RSAT Group Policy options on my domain and I noticed that those updates have been pushed out to some machines but not others. (All of our clients are Win XP, but I'm running the RSAT tools on a Vista machine.) I checked our WSUS server because I could've sworn that I had set the Client Side Extensions update to install on all our client machines.

Unfortunately, a large number of machines are reporting the update as Not Applicable. Is there any way to override that NA setting in WSUS to ensure that KB943729 is installed on all machines?

There was some goofiness with SP3 and WSUS, where installing SP3 before the CSE's cause WSUS to think the update was no longer applicable. The MS WSUS team said that issue was resolved months ago through once the CSE's were verified to be fully SP3 compatible. Revision 1.03 of KB943729 released was on 11/25/09, do you have this version of the KB?

Model Camper
Feb 12, 2008

Just 'cause you got a rocking horse don't mean you can rock.

BangersInMyKnickers posted:

There was some goofiness with SP3 and WSUS, where installing SP3 before the CSE's cause WSUS to think the update was no longer applicable. The MS WSUS team said that issue was resolved months ago through once the CSE's were verified to be fully SP3 compatible. Revision 1.03 of KB943729 released was on 11/25/09, do you have this version of the KB?

KB943729 shows up twice in my WSUS list with one saying it has expired, but I'm not seeing revision 103 (only revisions 100 and 101). This server synchronizes every evening... any reason why it wouldn't pick up 103?

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Model Camper posted:

KB943729 shows up twice in my WSUS list with one saying it has expired, but I'm not seeing revision 103 (only revisions 100 and 101). This server synchronizes every evening... any reason why it wouldn't pick up 103?

Which version of WSUS are you using? Is your upstream set to Microsoft or another WSUS server that might not be providing the update? I'm not too up on the inner-workings of WSUS, so if it is acting up I may not have anything more constructive for you than saying to dump the datastore and database and rebuild.

Model Camper
Feb 12, 2008

Just 'cause you got a rocking horse don't mean you can rock.

BangersInMyKnickers posted:

Which version of WSUS are you using? Is your upstream set to Microsoft or another WSUS server that might not be providing the update? I'm not too up on the inner-workings of WSUS, so if it is acting up I may not have anything more constructive for you than saying to dump the datastore and database and rebuild.

Currently running 3.0.6000.374, which as far as I can tell is just WSUS 3 without SP1. I'll update the SP and see if that makes any difference. It's the only update server we're running so the upstream is pointed at MS.

Runcible Cat
May 28, 2007

A post? Never!!

Pillbug

Quite possibly a stupid question, but can anyone think of a way to use GPs to make Outlook 2003 only pick up emails from Exchange during a designated time period? I've had a rummage round the editor and can't see anything that looks like I could set up a scheduled task in it....

Vulture Culture
Jul 14, 2003

I was never enjoying it. I only eat it for the nutrients.


Morlock posted:

Quite possibly a stupid question, but can anyone think of a way to use GPs to make Outlook 2003 only pick up emails from Exchange during a designated time period? I've had a rummage round the editor and can't see anything that looks like I could set up a scheduled task in it....
Exchange over MAPI is a push protocol. What are you hoping to accomplish?

Runcible Cat
May 28, 2007

A post? Never!!

Pillbug

Misogynist posted:

Exchange over MAPI is a push protocol. What are you hoping to accomplish?
Boss is pissed that managers on remote sites (connected over VPN) may be reading email when he wants them to be out on site working, so he wants it set up that they can't send or receive except at specified times. I think this is something that's best solved by actually, y'know, talking to them, but he disagrees and he's the boss. Since I already have them all in a "site managers" group with its own policy I was wondering if I could do it through that, since all I can seem to do in Exchange is set login hours rather than "login but no email" hours.

Lacc
Jul 12, 2004

Install fist, problem solved.

Morlock posted:

Boss is pissed that managers on remote sites (connected over VPN) may be reading email when he wants them to be out on site working, so he wants it set up that they can't send or receive except at specified times. I think this is something that's best solved by actually, y'know, talking to them, but he disagrees and he's the boss. Since I already have them all in a "site managers" group with its own policy I was wondering if I could do it through that, since all I can seem to do in Exchange is set login hours rather than "login but no email" hours.

That's pretty dumb but hey, so is my idea.
Set up a scheduled task to run ADModify to add a Deny Full Mailbox Access ACE to Mailbox Rights, then remove it in another task. You might actually have to do it with a similar hack in the end.

Runcible Cat
May 28, 2007

A post? Never!!

Pillbug

Lacc posted:

That's pretty dumb but hey, so is my idea.
Set up a scheduled task to run ADModify to add a Deny Full Mailbox Access ACE to Mailbox Rights, then remove it in another task. You might actually have to do it with a similar hack in the end.
I might at that. I was just thinking about a script in scheduled tasks on the local PCs to block incoming connections to Outlook in the Windows Firewall, so I suspect our minds work similarly....

(And yeah, he's going to give up the idea in a week tops, bet you. Sucks to be me, but he's got to see it not working to be convinced it won't.)

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Morlock posted:

I might at that. I was just thinking about a script in scheduled tasks on the local PCs to block incoming connections to Outlook in the Windows Firewall, so I suspect our minds work similarly....

(And yeah, he's going to give up the idea in a week tops, bet you. Sucks to be me, but he's got to see it not working to be convinced it won't.)

Outlook clients initiate the connection and the XP firewall won't do outbound filtering for you. You can mangle it together with an IPSec rule to prevent outbound traffic on the MAPI port and then toggle that (had to do something similar to block IRC traffic outbound from a terminal server), but I wouldn't recommend it.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Would setting the logon hours for this guy's AD user account and then configuring the machine to strictly enforce them get the job done?

Runcible Cat
May 28, 2007

A post? Never!!

Pillbug

BangersInMyKnickers posted:

Would setting the logon hours for this guy's AD user account and then configuring the machine to strictly enforce them get the job done?
No, I tried that first before boss got a little more specific about what he wanted. They need to be able to log on to the machines to check existing instructions and documentation etc. It's just new email that wants blocking....

Runcible Cat
May 28, 2007

A post? Never!!

Pillbug

BangersInMyKnickers posted:

Outlook clients initiate the connection and the XP firewall won't do outbound filtering for you. You can mangle it together with an IPSec rule to prevent outbound traffic on the MAPI port and then toggle that (had to do something similar to block IRC traffic outbound from a terminal server), but I wouldn't recommend it.
Hmmm - I can do timed rules on the Sonicwall that handles the VPN. Maybe a timed LAN-to-LAN block on the MAPI port?

I can see that going so, so horribly wrong though.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Morlock posted:

Hmmm - I can do timed rules on the Sonicwall that handles the VPN. Maybe a timed LAN-to-LAN block on the MAPI port?

I can see that going so, so horribly wrong though.

That seems like the simplest way to do it that you have some hope of managing down the road. If you were working with Vista you could have some more options when it comes to blocking inbound/outbound connections for just Outlook in the firewall, but I understand if you haven't upgraded yet.

Runcible Cat
May 28, 2007

A post? Never!!

Pillbug

BangersInMyKnickers posted:

That seems like the simplest way to do it that you have some hope of managing down the road. If you were working with Vista you could have some more options when it comes to blocking inbound/outbound connections for just Outlook in the firewall, but I understand if you haven't upgraded yet.
Nope, we're still XP-only, except my dual-boot XP/Vista laptop (for GP configuration, thanks for the first-post advice!). No plans to roll out Vista in the near future either; we might just go straight to 7.

Incidentally recent experimentation is showing that Outlook (2007 at least) doesn't pick up from Exchange automatically when blocked in the local Windows Firewall, though it does when you hit Send/Receive. I wonder if I could rely on user laziness in this matter?

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Morlock posted:

Incidentally recent experimentation is showing that Outlook (2007 at least) doesn't pick up from Exchange automatically when blocked in the local Windows Firewall, though it does when you hit Send/Receive. I wonder if I could rely on user laziness in this matter?

If a user isn't getting mail, odds are the first thing they will do is mash send/receive. I think you are better off blocking the port so it throws a CANNOT CONNECT error.

Runcible Cat
May 28, 2007

A post? Never!!

Pillbug

BangersInMyKnickers posted:

If a user isn't getting mail, odds are the first thing they will do is mash send/receive. I think you are better off blocking the port so it throws a CANNOT CONNECT error.
They have been told it's going to be blocked, and that tends to induce passivity. But you're right, it only takes one smartarse to try it and spread the word it works, so port blocking's the way to go. Oh lordy, time to mess around with 4 Sonicwalls web interfaces; why they won't let you do rules imports/exports I'll never know....

brc64
Mar 21, 2008

I wear my sunglasses at night.

I'm sick of dealing with WebEx for remote support when most of our clients have their own Windows 2003 or 2008 domain controllers and we can create a group policy object to help us utilize the Remote Assistance feature that's built into Windows. So I'm currently trying to test this out. In doing so, I've discovered that our internal network is apparently all kinds of hosed up. DFS hadn't been replicating for a while because somebody decided to put several 900 MB zip files in the share, and now it looks like sysvol is also having problems.

Here's the layout:
dc01 and as01 are domain controllers in the main office
in01 is a domain controller in the remote office (where I am)

I created the policy on dc01, specifically for a PC here that I'm testing with. When I reboot or do a gpupdate /force on the PC, I get an error in event log saying it can't find the path for the GPO. I check, sure enough, it's not there. I check \\domain\sysvol\domain.local\policies from dc01, the GUID is present. So my policies aren't replicating, swell.

I do some more digging, find that in01 is complaining that it's having problems replicating from as01. I verify the fqdn resolves, double-check that frs is running, that looks fine. From some searching I found the command ntfrsutl version as01.domain.local and that returns results (although apparently the major and minor version numbers are both 0 for NtFrsApi and NtFrs, which seems weird).

So at this point I'm a little stumped. I know that as01 has been through some hell recently, having been upgraded to 2003 SP2 then downgraded again to SP1 because SP2 broke some important software, so that may be contributing a little bit to the problem. Or maybe it's something completely different. Anyway, I really don't know what to check next. I just want to prove that this GPO works so that we can start rolling it out to other servers and I can stop using WebEx.

It'd probably be faster and easier to build a VM test network for this poo poo, but hey, troubleshooting NtFrs errors is good for me, right?

talk show ghost
Mar 2, 2006

by Ozma


What's with all the double negatives in group policy settings? It always makes me pause and think "is this going to do what I think or exactly the opposite"

"Change to false to disallow the allowing of disallowing not allowing the user to run task"

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



talk show ghost posted:

What's with all the double negatives in group policy settings? It always makes me pause and think "is this going to do what I think or exactly the opposite"

"Change to false to disallow the allowing of disallowing not allowing the user to run task"

It seems to mostly happen with settings that are disabled in the OS by default, but it still sucks and I wish Microsoft would clean up their templates.

BRC, you may want to bounce that FRS issue off Cidrick. I'm not too up on the diagnostic tools for troubleshooting replication issues but I think he is fairly experienced with it.

brc64
Mar 21, 2008

I wear my sunglasses at night.

talk show ghost posted:

What's with all the double negatives in group policy settings? It always makes me pause and think "is this going to do what I think or exactly the opposite"

"Change to false to disallow the allowing of disallowing not allowing the user to run task"
Yeah, I've always been annoyed by that. Of course, at this point it's probably too late to correct the wording and values, so we're pretty much stuck with it.

brc64
Mar 21, 2008

I wear my sunglasses at night.

Any idea if the servers would implode if I just, say, manually copied the policy folder I'm wanting to test with to the server that isn't getting it via replication?

pyrotherm
Oct 2, 2006


Does anyone here know if you can install RSAT on Windows7 RC?

I have been trying to do this, and have even downloaded the RSAT tool for Windows 7 from Microsoft's website:

http://www.microsoft.com/downloads/...43997d#filelist

All that this does, is give me an error stating: "This update is not applicable to your computer"

Any help with this would be greatly appreciated!

Briantist
Dec 5, 2003

The Professor does not approve of your post.

Lipstick Apathy

pyrotherm posted:

Does anyone here know if you can install RSAT on Windows7 RC?

I have been trying to do this, and have even downloaded the RSAT tool for Windows 7 from Microsoft's website:

http://www.microsoft.com/downloads/...43997d#filelist

All that this does, is give me an error stating: "This update is not applicable to your computer"

Any help with this would be greatly appreciated!

quote:

Remote Server Administration Tools for Windows 7 can be installed on computers that are running the Enterprise, Professional, or Ultimate editions of Windows 7.
I haven't used Win 7 RC yet so I don't know what it entails, but if it doesn't report as one of the above versions that's probably the reason.

Adbot
ADBOT LOVES YOU

Mierdaan
Sep 14, 2004



Pillbug

Any clue why I can't RDP into a Server 2008 terminal services server with NLA flipped on using an account from a trusted domain? Flipping off NLA or connecting using an account from the TS server's native domain with NLA enabled works fine. I get a "The Local Security Authority cannot be contacted" error in the first situation. My google-fu is failing me here.

  • Locked thread
«31 »