ICTCity

To be honest, there's a way to do this: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17918 But if you can simply use a trust, do it. If not, you must RESTORE one domain: http://www.microsoft.com/download/en/details.aspx?id=19188

No you cannot, you just can create a TRUST between the two domains, so they will be able to share infos.

Hi, do you have any minidump? They're located in C:\win\minidump\ Anyway, I really hope your problem is not SERVICES.EXE because it means you should reinstall windows server...

So, here we go :) RemoteApp is a role of server 2008 and is completely different from installing a software via GP :) I suggest you to read this article: http://technet.microsoft.com/en-us/library/cc730673(WS.10).aspx Specially from the middle. In our environment we had this scenario, but after months we moved to terminal services, users log on via RDP to the application server and they can access what they want. Of course you can manage this and the most interesting thing is that you can easily update programs, you must do it in just one server and not deploy an update to the clients.

This should be what you need: http://technet.microsoft.com/en-us/library/cc756952(WS.10).aspx

So, do it :)

You have to provide password for every application installed via GP? Regarding your last question it should be like this: "install at next logon" can create shortcuts because the GPO know WHICH user need the application and can actually put the link. If not, the software will be installed for computer not for a specific user. It's quite confusing... but it's microsoft :P

Check the DC's LOG AND client's LOG to see any error / warning regarding policies. It looks like there's a compatibility issue... those events are triggered at user logon.

This is the question: HOW can you tell a server to check the client's firewall status and report it to the SERVER'S LOG?! I really don't know HOW to do this, once you can understand why your server is checking the client's firewall status... you will be able to fix this issue.

You should have a policy or something else which centralize everything to your server. If a client has the firewall turned off, it isn't in the server's log.

Hi there, Before reading the last sentence I had many ideas, but now you must solve the biggest problem: ACCESS DENIED. First of all under GROUP POLICY MANAGEMENT (from domain controller), create a "NEW RESULTANT POLICY" from GROUP POLICY RESULTS. You must select a computer (a remote computer) and a user. After a while you have a result which tells you which policy has been applied and which has not been applied (denied policy). Here you can see if there are any other policy which are not applied correctly. The next step is: Open Group Policy management mmc, select the OU where the policy is applied, select the policy. On the right side, there are 4 tabs, select the last one (I think is DELEGATION), on the right corner (bottom), click ADVANCED. On the next windows, click ADVANCED again and add a new user (the user or group you want to allow), now check the box "APPLY GROUP POLICY" and everything related to "READ" (it should be already ok).

Hi, your server centralizes something? Log server? It looks like the clients must be contacted, maybe you have to check specific software. Tell me what that server do (did).

Yep, but this should prevent you from accessing your router on HTTP from the EXTERNAL (internet) network.

Ok, so assuming you have configured all the required parameters for routing from outside to inside, do the same for inside to inside.

But one time it worked, right?

There's some wrong with the DNS, try to flush your client: ipconfig /flushdns and restart your router to "flush" its cache. If the problem remains try the following: nslookup > all your domains Post results.

) you're welcome.

you are welcome.

Hi, there's a "simple" way to monitor ipsec: (from microsoft's KB): You can also install network monitor to see what is happening on your network. Regarding the bruteforce attemp, I suggest you to block every account after 3-5 attempts for 15-30 mins, this will not block brute force but MAYBE the attacker will be disappointed and he will find an easier target :)

Everything is ok here, BIND is a DNS server which reads the file bind.conf every X minutes and apply (if possible) modifications. You could check on google if there's a way to disable this notification (maybe by logging only errors or waring).

Hi, can please export the entire "set" of the error? It looks like the event ID is the number 3, but this is odd because of event ID 3 should be related to kerberos or spooler.

yep for each domain / IP. It's not a good thing you login via HTTP, try to set the HTTPS at least. Anyway, you should implement a maximum attempt (let's say 3) and then block for a while (10-20 mins) the account. I don't know if this can be made by phpmyadmin, just google a bit :)

You must configure a SCOPE on your DHCP for option 6 and 15 this will give yours clients DNS config and (with option 15) domain name. Let me know.

Everything works fine right now. For your internal problem follow this simple step: (on your DNS config): replace 192.168.0.2 with 122.61.186.232 Let me know.

Hi, there's a log located here: C:\WINDOWS\system32\Logfiles You must right click your FTP site > properties > select ENABLE LOGGING then you should select W3C format.