Roaming profile in problem

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

After i created the roaming profile in win2000 server AD domain users
and computers , when my user logged on, it has the following error. I
have shared the folder and make it full rights for everyone. I even
added the user to administrator groups. Pls help. Thanks


"Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the
profile will not be copied to the server when you logoff. Possible
causes of this error include network problems or insufficient security
rights."


Regards
Daniel
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1108600120.938700.24170@f14g2000cwb.googlegroups.com...
> After i created the roaming profile in win2000 server AD domain users
> and computers , when my user logged on, it has the following error. I
> have shared the folder and make it full rights for everyone. I even
> added the user to administrator groups. Pls help. Thanks
>
>
> "Windows cannot locate the server copy of your roaming profile and is
> attempting to log you on with your local profile. Changes to the
> profile will not be copied to the server when you logoff. Possible
> causes of this error include network problems or insufficient security
> rights."
>

How did you "create" the roaming profile?
(Hint: usually you DON'T "create" it but let it be created
when the user next logs on...)

Create parent directory on file server;
Set permissions to allow users to modify (or FC)
files and directories there.
Set properties in User's PROPERTY SHEE in
AD Users/Computers to POINT to that directory
you wish the user to use.

Log user ON and OFF.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, i've done all that, i don't create folders for user but they are
getting this error. They can logged on to domain even the home
directory is ok. What did i miss out ? Thanks

Rgds
Daniel
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1108653279.647851.213920@o13g2000cwo.googlegroups.com...
> Herb, i've done all that, i don't create folders for user but they are
> getting this error. They can logged on to domain even the home
> directory is ok. What did i miss out ? Thanks

Roaming profile top directories have always had to be created
(and permissioned) by the admin.

If they exist and are writable, and the computers are authenticating
themselves and the user then the files get added on the next logon/logoff
sequence.

You have to entere an EXISTING directory (for profiles)
in AD Users and Computers -- that directory is for ONE
user but you can use %UserName% to do it for multiple users
or copy one with this setting.


--
Herb Martin


>
> Rgds
> Daniel
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, how to know that my computer is being authenticated ? Thanks

Daniel


Herb Martin wrote:
> <danieltan@time.net.my> wrote in message
> news:1108653279.647851.213920@o13g2000cwo.googlegroups.com...
> > Herb, i've done all that, i don't create folders for user but they
are
> > getting this error. They can logged on to domain even the home
> > directory is ok. What did i miss out ? Thanks
>
> Roaming profile top directories have always had to be created
> (and permissioned) by the admin.
>
> If they exist and are writable, and the computers are authenticating
> themselves and the user then the files get added on the next
logon/logoff
> sequence.
>
> You have to entere an EXISTING directory (for profiles)
> in AD Users and Computers -- that directory is for ONE
> user but you can use %UserName% to do it for multiple users
> or copy one with this setting.
>
>
> --
> Herb Martin
>
>
> >
> > Rgds
> > Daniel
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1108700602.626100.140630@l41g2000cwc.googlegroups.com...
> Herb, how to know that my computer is being authenticated ? Thanks

It's a good question.

Probably the simplest procedure is to open a command
prompt and type "set l" (or just set if you cannot remember
the variable you want to see starts with an L: logonserver.

I don't think that this variable will ever be set to a DC
if your machine didn't authenticate and log the user on.

You can get more definite information about the computer's
secure channel with NLTest but that is overkill.

A general test (but it doesn't help that must when you already
have problems) is to try to USE your credentials against
a known available resource (file share) and if they don't
work but you can resolve the names and ping and stuff
then you are likely authenticated.

We are now full circle because you were having trouble
which made us suspect authentication.

Set L

....works pretty well for a quick look.



--
Herb Martin


>
> Daniel
>
>
> Herb Martin wrote:
> > <danieltan@time.net.my> wrote in message
> > news:1108653279.647851.213920@o13g2000cwo.googlegroups.com...
> > > Herb, i've done all that, i don't create folders for user but they
> are
> > > getting this error. They can logged on to domain even the home
> > > directory is ok. What did i miss out ? Thanks
> >
> > Roaming profile top directories have always had to be created
> > (and permissioned) by the admin.
> >
> > If they exist and are writable, and the computers are authenticating
> > themselves and the user then the files get added on the next
> logon/logoff
> > sequence.
> >
> > You have to entere an EXISTING directory (for profiles)
> > in AD Users and Computers -- that directory is for ONE
> > user but you can use %UserName% to do it for multiple users
> > or copy one with this setting.
> >
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > Rgds
> > > Daniel
> > >
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

danieltan@time.net.my wrote:
> After i created the roaming profile in win2000 server AD domain users
> and computers , when my user logged on, it has the following error. I
> have shared the folder and make it full rights for everyone. I even
> added the user to administrator groups. Pls help. Thanks
>
>
> "Windows cannot locate the server copy of your roaming profile and is
> attempting to log you on with your local profile. Changes to the
> profile will not be copied to the server when you logoff. Possible
> causes of this error include network problems or insufficient security
> rights."
>
>
> Regards
> Daniel

General tips:

1. Set up a share on the server. For example - d:\profiles, shared as
profiles$ to make it hidden from browsing.
2. Make sure the share permissions on profiles$ indicate everyone=full
control. Set the NTFS security to administrators, system, and users=full
control.
3. In the users' ADUC properties, specify \\server\profiles%\%username% in
the profiles field
4. Have each user log into the domain once from their usual workstation
(where their existing profile lives) and log out. The profile is now
roaming.

Notes:

* Make sure users understand that they should never log into multiple
computers at the same time when they have roaming profiles (unless you make
the profiles mandatory by renaming ntuser.dat to ntuser.man so they can't
change them). Explain that the
last one out
wins, when it comes to uploading the final, changed copy of the profile.

* Keep your profiles TINY. Redirect My Documents
to a subfolder of each user's home directory on the server - either via
group policy (folder redirection) or manually (less advisable). If you
aren't going to also redirect the desktop using policies, tell people that
they are not to store any files on the desktop or you will beat them with a
stick. Big profile=slow login/logout, and possible profile corruption.

* Note that user profiles are not compatible between different OS versions,
even between W2k/XP. Keep all your computers. Keep your workstations as
identical as possible - meaning, OS version is the same, SP level is the
same, app load is (as much as possible) the same.

* Do not let people store any data locally - all data belongs on the server.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, firstly if i can set L to a DC and get result then my computer is
authenticated ? also if USE and ping can be used then it is
authenticated also ? What are the components required to have in order
to have roaming profile works ?

Regards
Daniel
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Lanwench, what are those components need to have in order for roaming
profiles to be working ? Thanks for your info.

Rgds
Daniel
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, i just tested and set L does return name of the logon server and
also does the set command which indicates correct server name. what i
need to test next ?

Rgds
Daniel
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Lanwench, problem is the user folder not even created by the system
when user logged on and off. This is due to the error id 1521, DETAIL -
The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you. Can't
find any info abt this exact error on eventid.net. Possible is nework
problem or insufficient security rights. Any ideas now ?

Rgds
Daniel
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> Herb, firstly if i can set L to a DC and get result then my computer is
> authenticated ?

I think this is true -- were the the user not logged on
it would seem wrong to show a logon server.

NLTest is more definitive but difficult to use (contrary
command line switches.)

I was sort of hoping that someone would post a KB article
describing such tests. (Experience makes it pretty obvious
to me but that is NOT a good answer for someone trying to
learn.)

> also if USE and ping can be used then it is
> authenticated also ?

In no way does ping tell you this.

Ping FAILURE would make it unlikely that authentication
worked but even that is not reliable unless you are very
certain why ping failed.

For instance, any firewall including the XP-Win2003 built-in
firewall might block ping or IP might be broken a computer
still authenticate in some domains with another protocol but
this is less common today with IP required and few people
using other protocols.

> What are the components required to have in order
> to have roaming profile works ?

Authentication
Server with share, proper permissions on share and NTFS
Usually share and NTFS need to be Full Control for the
group or user to who will save a profile.
Network operation so that client can reach the share (timely
manner so that it doesn't timeout)

--
Herb Martin


>
> Regards
> Daniel
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

<danieltan@time.net.my> wrote in message
worknews:1108914155.799256.289670@c13g2000cwb.googlegroups.com...
> Herb, i just tested and set L does return name of the logon server and
> also does the set command which indicates correct server name. what i
> need to test next ?

Explictly use the share (as the affected user).

(logon as [test] user first to avoid accidentally using
admin credentials)

net use X: \\serverName\shareName


[If it fails, let's try specific authentication, which would
be necessary if we are not really authenticated on the domain,
OR if the server is not properly working in the domain***.]

net use Y: \\serverName\shareName * /user:DomainName\UserName

If neither of these works, then we likely have a problem with
the Server (in the domain) being authenticated.

If the first fails and the second works then we pretty much know
that the user wasn't fully authenticated and that the user CAN
authenticate and use the server resources.

Ok, let's assume that X: is connected (first worked).

Do these:

X:
cd \username
copy con t.txt
Type some test here
Anything will do
to FINISH you must hit <CTRL-Z><Enter>

If this works, you have proven the user can use the share
and has enough share AND NTFS permissions to create
a file.

If all that works then likely the profile will work.

***Forgot to mention this earlier: Server must be authenticated
properly and working in the domain (or a trusting domain with
trusts working.)

--
Herb Martin


>
> Rgds
> Daniel
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

The logonserver is the local machine if a DC cannot be found, e.g. the
computer name.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Herb Martin" <news@LearnQuick.com> wrote in message
news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
<danieltan@time.net.my> wrote in message
news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> Herb, firstly if i can set L to a DC and get result then my computer is
> authenticated ?

I think this is true -- were the the user not logged on
it would seem wrong to show a logon server.

NLTest is more definitive but difficult to use (contrary
command line switches.)

I was sort of hoping that someone would post a KB article
describing such tests. (Experience makes it pretty obvious
to me but that is NOT a good answer for someone trying to
learn.)

> also if USE and ping can be used then it is
> authenticated also ?

In no way does ping tell you this.

Ping FAILURE would make it unlikely that authentication
worked but even that is not reliable unless you are very
certain why ping failed.

For instance, any firewall including the XP-Win2003 built-in
firewall might block ping or IP might be broken a computer
still authenticate in some domains with another protocol but
this is less common today with IP required and few people
using other protocols.

> What are the components required to have in order
> to have roaming profile works ?

Authentication
Server with share, proper permissions on share and NTFS
Usually share and NTFS need to be Full Control for the
group or user to who will save a profile.
Network operation so that client can reach the share (timely
manner so that it doesn't timeout)

--
Herb Martin


>
> Regards
> Daniel
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> The logonserver is the local machine if a DC cannot be found, e.g. the
> computer name.
>

I was also leaving some wriggle room for
things like DC available, authenticates, then
DC does down (credentials might even expire.)

I wonder if there is a built-in and direct way to
tell if the machine and user are authenticated....

(Looking at the environment works for me, but
seems a bit indirect or non-specific.)

--
Herb Martin


>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> <danieltan@time.net.my> wrote in message
> news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > Herb, firstly if i can set L to a DC and get result then my computer is
> > authenticated ?
>
> I think this is true -- were the the user not logged on
> it would seem wrong to show a logon server.
>
> NLTest is more definitive but difficult to use (contrary
> command line switches.)
>
> I was sort of hoping that someone would post a KB article
> describing such tests. (Experience makes it pretty obvious
> to me but that is NOT a good answer for someone trying to
> learn.)
>
> > also if USE and ping can be used then it is
> > authenticated also ?
>
> In no way does ping tell you this.
>
> Ping FAILURE would make it unlikely that authentication
> worked but even that is not reliable unless you are very
> certain why ping failed.
>
> For instance, any firewall including the XP-Win2003 built-in
> firewall might block ping or IP might be broken a computer
> still authenticate in some domains with another protocol but
> this is less common today with IP required and few people
> using other protocols.
>
> > What are the components required to have in order
> > to have roaming profile works ?
>
> Authentication
> Server with share, proper permissions on share and NTFS
> Usually share and NTFS need to be Full Control for the
> group or user to who will save a profile.
> Network operation so that client can reach the share (timely
> manner so that it doesn't timeout)
>
> --
> Herb Martin
>
>
> >
> > Regards
> > Daniel
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb, if i use the net use command each at a time then it is
successful. If i use the first and after that the second net use
together , 2nd net use will reported error as multiple user logged in a
folder, cannot be the same user name. If one at a time both created a
mapped drive x and y. But the cd \ username , what does it means ?
inside the X drive it doesn't have any folder. But i can copy con t.txt
and put the file inside the map drive.

What do you mean by server must authenticated properly ? I've checked
the net and found the error code. But not sure what it means, any idea
? Thanks

SEC_E_DOWNGRADE_DETECTED, The system detected a possible attempt to
compromise security. Verify that the server that authenticated you can
be contacted.

http://msdn.microsoft.com/library/default.asp
url=/library/enus/secauthn/security/sspi_status_codes.asp

Regards
Daniel
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

> I wonder if there is a built-in and direct way to tell if the machine and
> user are authenticated....

That would be nice!

Can you whip something up in Perl?!? ;-)


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


"Herb Martin" <news@LearnQuick.com> wrote in message
news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> The logonserver is the local machine if a DC cannot be found, e.g. the
> computer name.
>

I was also leaving some wriggle room for
things like DC available, authenticates, then
DC does down (credentials might even expire.)

I wonder if there is a built-in and direct way to
tell if the machine and user are authenticated....

(Looking at the environment works for me, but
seems a bit indirect or non-specific.)

--
Herb Martin


>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> <danieltan@time.net.my> wrote in message
> news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > Herb, firstly if i can set L to a DC and get result then my computer is
> > authenticated ?
>
> I think this is true -- were the the user not logged on
> it would seem wrong to show a logon server.
>
> NLTest is more definitive but difficult to use (contrary
> command line switches.)
>
> I was sort of hoping that someone would post a KB article
> describing such tests. (Experience makes it pretty obvious
> to me but that is NOT a good answer for someone trying to
> learn.)
>
> > also if USE and ping can be used then it is
> > authenticated also ?
>
> In no way does ping tell you this.
>
> Ping FAILURE would make it unlikely that authentication
> worked but even that is not reliable unless you are very
> certain why ping failed.
>
> For instance, any firewall including the XP-Win2003 built-in
> firewall might block ping or IP might be broken a computer
> still authenticate in some domains with another protocol but
> this is less common today with IP required and few people
> using other protocols.
>
> > What are the components required to have in order
> > to have roaming profile works ?
>
> Authentication
> Server with share, proper permissions on share and NTFS
> Usually share and NTFS need to be Full Control for the
> group or user to who will save a profile.
> Network operation so that client can reach the share (timely
> manner so that it doesn't timeout)
>
> --
> Herb Martin
>
>
> >
> > Regards
> > Daniel
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:eiITfHSGFHA.3840@tk2msftngp13.phx.gbl...
> > I wonder if there is a built-in and direct way to tell if the machine
and
> > user are authenticated....
>
> That would be nice!

Maybe these are close enough:

nltest /whowill:Domain.Com UserName

nltest /finduser:UserName

> Can you whip something up in Perl?!? ;-)

Well, sure, though it wouldn't be direct but
just another hack <grin>

#Perl begins

$debug = 1; #set to 0 for less output
@services = `net start`;
foreach (@services) {
next unless /^\s+Net Logon\s*$/;
$dc = 1;
print if $debug;
last;
}

print "DC\n" if $dc && $debug;
print "not DC\n" if $dc && $debug;
if (defined($ENV{LOGONSERVER})) {
$logonServer = $ENV{LOGONSERVER};
$logonServer =~ s/.*\\+(.*)/$1/;
print "LogonServer: $logonServer\n" if $debug;
}
if (defined($ENV{COMPUTERNAME})) {
$computer = $ENV{COMPUTERNAME};
print "Computer: $computer\n" if $debug;
}

if ($dc || ($computer != $logonServer)) {
print "logged onto domain.\n";
exit 0;
} else { #User is
print "NOT logged onto domain.\n";
exit 1;
}

# Perl ends

--
Herb Martin


>
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> > The logonserver is the local machine if a DC cannot be found, e.g. the
> > computer name.
> >
>
> I was also leaving some wriggle room for
> things like DC available, authenticates, then
> DC does down (credentials might even expire.)
>
> I wonder if there is a built-in and direct way to
> tell if the machine and user are authenticated....
>
> (Looking at the environment works for me, but
> seems a bit indirect or non-specific.)
>
> --
> Herb Martin
>
>
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> > <danieltan@time.net.my> wrote in message
> > news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > > Herb, firstly if i can set L to a DC and get result then my computer
is
> > > authenticated ?
> >
> > I think this is true -- were the the user not logged on
> > it would seem wrong to show a logon server.
> >
> > NLTest is more definitive but difficult to use (contrary
> > command line switches.)
> >
> > I was sort of hoping that someone would post a KB article
> > describing such tests. (Experience makes it pretty obvious
> > to me but that is NOT a good answer for someone trying to
> > learn.)
> >
> > > also if USE and ping can be used then it is
> > > authenticated also ?
> >
> > In no way does ping tell you this.
> >
> > Ping FAILURE would make it unlikely that authentication
> > worked but even that is not reliable unless you are very
> > certain why ping failed.
> >
> > For instance, any firewall including the XP-Win2003 built-in
> > firewall might block ping or IP might be broken a computer
> > still authenticate in some domains with another protocol but
> > this is less common today with IP required and few people
> > using other protocols.
> >
> > > What are the components required to have in order
> > > to have roaming profile works ?
> >
> > Authentication
> > Server with share, proper permissions on share and NTFS
> > Usually share and NTFS need to be Full Control for the
> > group or user to who will save a profile.
> > Network operation so that client can reach the share (timely
> > manner so that it doesn't timeout)
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > Regards
> > > Daniel
> > >
> >
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Lanwench, i got it works already. Problem is the norton internet
security blocking it. I do all that being told and works. Thanks all
you guys .

Regards
Daniel


Lanwench [MVP - Exchange] wrote:
> danieltan@time.net.my wrote:
> > After i created the roaming profile in win2000 server AD domain
users
> > and computers , when my user logged on, it has the following error.
I
> > have shared the folder and make it full rights for everyone. I even
> > added the user to administrator groups. Pls help. Thanks
> >
> >
> > "Windows cannot locate the server copy of your roaming profile and
is
> > attempting to log you on with your local profile. Changes to the
> > profile will not be copied to the server when you logoff. Possible
> > causes of this error include network problems or insufficient
security
> > rights."
> >
> >
> > Regards
> > Daniel
>
> General tips:
>
> 1. Set up a share on the server. For example - d:\profiles, shared as
> profiles$ to make it hidden from browsing.
> 2. Make sure the share permissions on profiles$ indicate
everyone=full
> control. Set the NTFS security to administrators, system, and
users=full
> control.
> 3. In the users' ADUC properties, specify
\\server\profiles%\%username% in
> the profiles field
> 4. Have each user log into the domain once from their usual
workstation
> (where their existing profile lives) and log out. The profile is now
> roaming.
>
> Notes:
>
> * Make sure users understand that they should never log into multiple
> computers at the same time when they have roaming profiles (unless
you make
> the profiles mandatory by renaming ntuser.dat to ntuser.man so they
can't
> change them). Explain that the
> last one out
> wins, when it comes to uploading the final, changed copy of the
profile.
>
> * Keep your profiles TINY. Redirect My Documents
> to a subfolder of each user's home directory on the server - either
via
> group policy (folder redirection) or manually (less advisable). If
you
> aren't going to also redirect the desktop using policies, tell people
that
> they are not to store any files on the desktop or you will beat them
with a
> stick. Big profile=slow login/logout, and possible profile
corruption.
>
> * Note that user profiles are not compatible between different OS
versions,
> even between W2k/XP. Keep all your computers. Keep your workstations
as
> identical as possible - meaning, OS version is the same, SP level is
the
> same, app load is (as much as possible) the same.
>
> * Do not let people store any data locally - all data belongs on the
server.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Ah...nice. I'll have a play with that tomorrow. I'm thinking about
learning Perl. I just downloaded and installed ActivePerl...


I often use /whowill, but I'd forgotten about /finduser.

nltest is a real handy tool alright!!!


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Herb Martin" <news@LearnQuick.com> wrote in message
news:OvlnAYVGFHA.4088@TK2MSFTNGP09.phx.gbl...
"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:eiITfHSGFHA.3840@tk2msftngp13.phx.gbl...
> > I wonder if there is a built-in and direct way to tell if the machine
and
> > user are authenticated....
>
> That would be nice!

Maybe these are close enough:

nltest /whowill:Domain.Com UserName

nltest /finduser:UserName

> Can you whip something up in Perl?!? ;-)

Well, sure, though it wouldn't be direct but
just another hack <grin>

#Perl begins

$debug = 1; #set to 0 for less output
@services = `net start`;
foreach (@services) {
next unless /^\s+Net Logon\s*$/;
$dc = 1;
print if $debug;
last;
}

print "DC\n" if $dc && $debug;
print "not DC\n" if $dc && $debug;
if (defined($ENV{LOGONSERVER})) {
$logonServer = $ENV{LOGONSERVER};
$logonServer =~ s/.*\\+(.*)/$1/;
print "LogonServer: $logonServer\n" if $debug;
}
if (defined($ENV{COMPUTERNAME})) {
$computer = $ENV{COMPUTERNAME};
print "Computer: $computer\n" if $debug;
}

if ($dc || ($computer != $logonServer)) {
print "logged onto domain.\n";
exit 0;
} else { #User is
print "NOT logged onto domain.\n";
exit 1;
}

# Perl ends

--
Herb Martin


>
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> > The logonserver is the local machine if a DC cannot be found, e.g. the
> > computer name.
> >
>
> I was also leaving some wriggle room for
> things like DC available, authenticates, then
> DC does down (credentials might even expire.)
>
> I wonder if there is a built-in and direct way to
> tell if the machine and user are authenticated....
>
> (Looking at the environment works for me, but
> seems a bit indirect or non-specific.)
>
> --
> Herb Martin
>
>
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> > <danieltan@time.net.my> wrote in message
> > news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > > Herb, firstly if i can set L to a DC and get result then my computer
is
> > > authenticated ?
> >
> > I think this is true -- were the the user not logged on
> > it would seem wrong to show a logon server.
> >
> > NLTest is more definitive but difficult to use (contrary
> > command line switches.)
> >
> > I was sort of hoping that someone would post a KB article
> > describing such tests. (Experience makes it pretty obvious
> > to me but that is NOT a good answer for someone trying to
> > learn.)
> >
> > > also if USE and ping can be used then it is
> > > authenticated also ?
> >
> > In no way does ping tell you this.
> >
> > Ping FAILURE would make it unlikely that authentication
> > worked but even that is not reliable unless you are very
> > certain why ping failed.
> >
> > For instance, any firewall including the XP-Win2003 built-in
> > firewall might block ping or IP might be broken a computer
> > still authenticate in some domains with another protocol but
> > this is less common today with IP required and few people
> > using other protocols.
> >
> > > What are the components required to have in order
> > > to have roaming profile works ?
> >
> > Authentication
> > Server with share, proper permissions on share and NTFS
> > Usually share and NTFS need to be Full Control for the
> > group or user to who will save a profile.
> > Network operation so that client can reach the share (timely
> > manner so that it doesn't timeout)
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > Regards
> > > Daniel
> > >
> >
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:u9YQTGfGFHA.2420@TK2MSFTNGP14.phx.gbl...
> Ah...nice. I'll have a play with that tomorrow. I'm thinking about
> learning Perl. I just downloaded and installed ActivePerl...


Perl can be learned USEFULLY in stages.

Just enough to solve a some problems with
only a few lines of code, then later a bit more
on how to use libraries provided by other, etc.

Learning the regular expression syntax usally
presents a steep learning curve but this curve
puts you on a very useful plateau with just a
bit more effort. And the RegExes are generally
applicable to many other tools.

Regexes work similarly in grep, sed, awk,
many programmers' editors and so one. Once
you know the principles then it is easy to adapt
to small rule changes or increased features.

Even the built-in FindStr has the /R switch for
turning on RegEx capability -- meaning you can
benefit even on systems that have no Unix-like
tools. (Random workstations and servers etc.)

If you want help, then let me know.

The two class books are "Learning Perl" (14.75
on Amazon new&used) Programming Perl (18.72
new&used.)

"Learning Perl" is MUCH simpler and in my opinion
"Programming Perl" is MUCH better and an eventual
necessity for almost all Perl programmers.

But if you no nothing of programming then 'Learning'
takes more baby steps.

Another EXCELLENT book as you start to USE Perl
is "Perl Cookbook" which offers working "snippet"
programs and routines that no only solve a multitude
of useful problems but stand as superior examples of
how an expert programmer makes Perl simple yet
amazingly effective.

One of the best things about Perl is that 10 lines of
Perl often does more than 10-100 lines of C or VB.

Fewer lines almost always means faster to program,
easier to understand and test, but most of all FEWER
BUGS.



--
Herb Martin


>
> I often use /whowill, but I'd forgotten about /finduser.
>
> nltest is a real handy tool alright!!!
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:OvlnAYVGFHA.4088@TK2MSFTNGP09.phx.gbl...
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:eiITfHSGFHA.3840@tk2msftngp13.phx.gbl...
> > > I wonder if there is a built-in and direct way to tell if the machine
> and
> > > user are authenticated....
> >
> > That would be nice!
>
> Maybe these are close enough:
>
> nltest /whowill:Domain.Com UserName
>
> nltest /finduser:UserName
>
> > Can you whip something up in Perl?!? ;-)
>
> Well, sure, though it wouldn't be direct but
> just another hack <grin>
>
> #Perl begins
>
> $debug = 1; #set to 0 for less output
> @services = `net start`;
> foreach (@services) {
> next unless /^\s+Net Logon\s*$/;
> $dc = 1;
> print if $debug;
> last;
> }
>
> print "DC\n" if $dc && $debug;
> print "not DC\n" if $dc && $debug;
> if (defined($ENV{LOGONSERVER})) {
> $logonServer = $ENV{LOGONSERVER};
> $logonServer =~ s/.*\\+(.*)/$1/;
> print "LogonServer: $logonServer\n" if $debug;
> }
> if (defined($ENV{COMPUTERNAME})) {
> $computer = $ENV{COMPUTERNAME};
> print "Computer: $computer\n" if $debug;
> }
>
> if ($dc || ($computer != $logonServer)) {
> print "logged onto domain.\n";
> exit 0;
> } else { #User is
> print "NOT logged onto domain.\n";
> exit 1;
> }
>
> # Perl ends
>
> --
> Herb Martin
>
>
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net
> > http://forums.msresource.net
> >
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
> > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> > > The logonserver is the local machine if a DC cannot be found, e.g. the
> > > computer name.
> > >
> >
> > I was also leaving some wriggle room for
> > things like DC available, authenticates, then
> > DC does down (credentials might even expire.)
> >
> > I wonder if there is a built-in and direct way to
> > tell if the machine and user are authenticated....
> >
> > (Looking at the environment works for me, but
> > seems a bit indirect or non-specific.)
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > --
> > >
> > > Paul Williams
> > >
> > > http://www.msresource.net/
> > > http://forums.msresource.net/
> > >
> > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> > > <danieltan@time.net.my> wrote in message
> > > news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > > > Herb, firstly if i can set L to a DC and get result then my computer
> is
> > > > authenticated ?
> > >
> > > I think this is true -- were the the user not logged on
> > > it would seem wrong to show a logon server.
> > >
> > > NLTest is more definitive but difficult to use (contrary
> > > command line switches.)
> > >
> > > I was sort of hoping that someone would post a KB article
> > > describing such tests. (Experience makes it pretty obvious
> > > to me but that is NOT a good answer for someone trying to
> > > learn.)
> > >
> > > > also if USE and ping can be used then it is
> > > > authenticated also ?
> > >
> > > In no way does ping tell you this.
> > >
> > > Ping FAILURE would make it unlikely that authentication
> > > worked but even that is not reliable unless you are very
> > > certain why ping failed.
> > >
> > > For instance, any firewall including the XP-Win2003 built-in
> > > firewall might block ping or IP might be broken a computer
> > > still authenticate in some domains with another protocol but
> > > this is less common today with IP required and few people
> > > using other protocols.
> > >
> > > > What are the components required to have in order
> > > > to have roaming profile works ?
> > >
> > > Authentication
> > > Server with share, proper permissions on share and NTFS
> > > Usually share and NTFS need to be Full Control for the
> > > group or user to who will save a profile.
> > > Network operation so that client can reach the share (timely
> > > manner so that it doesn't timeout)
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > > Regards
> > > > Daniel
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Paul, i try nltest in windows2000 server but it doesnt have this
command. Where can i try it ?

Rgds
Daniel

ptwilliams wrote:
> Ah...nice. I'll have a play with that tomorrow. I'm thinking about
> learning Perl. I just downloaded and installed ActivePerl...
>
>
> I often use /whowill, but I'd forgotten about /finduser.
>
> nltest is a real handy tool alright!!!
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:OvlnAYVGFHA.4088@TK2MSFTNGP09.phx.gbl...
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:eiITfHSGFHA.3840@tk2msftngp13.phx.gbl...
> > > I wonder if there is a built-in and direct way to tell if the
machine
> and
> > > user are authenticated....
> >
> > That would be nice!
>
> Maybe these are close enough:
>
> nltest /whowill:Domain.Com UserName
>
> nltest /finduser:UserName
>
> > Can you whip something up in Perl?!? ;-)
>
> Well, sure, though it wouldn't be direct but
> just another hack <grin>
>
> #Perl begins
>
> $debug = 1; #set to 0 for less output
> @services = `net start`;
> foreach (@services) {
> next unless /^\s+Net Logon\s*$/;
> $dc = 1;
> print if $debug;
> last;
> }
>
> print "DC\n" if $dc && $debug;
> print "not DC\n" if $dc && $debug;
> if (defined($ENV{LOGONSERVER})) {
> $logonServer = $ENV{LOGONSERVER};
> $logonServer =~ s/.*\\+(.*)/$1/;
> print "LogonServer: $logonServer\n" if $debug;
> }
> if (defined($ENV{COMPUTERNAME})) {
> $computer = $ENV{COMPUTERNAME};
> print "Computer: $computer\n" if $debug;
> }
>
> if ($dc || ($computer != $logonServer)) {
> print "logged onto domain.\n";
> exit 0;
> } else { #User is
> print "NOT logged onto domain.\n";
> exit 1;
> }
>
> # Perl ends
>
> --
> Herb Martin
>
>
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net
> > http://forums.msresource.net
> >
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
> > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> > > The logonserver is the local machine if a DC cannot be found,
e.g. the
> > > computer name.
> > >
> >
> > I was also leaving some wriggle room for
> > things like DC available, authenticates, then
> > DC does down (credentials might even expire.)
> >
> > I wonder if there is a built-in and direct way to
> > tell if the machine and user are authenticated....
> >
> > (Looking at the environment works for me, but
> > seems a bit indirect or non-specific.)
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > --
> > >
> > > Paul Williams
> > >
> > > http://www.msresource.net/
> > > http://forums.msresource.net/
> > >
> > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> > > <danieltan@time.net.my> wrote in message
> > > news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > > > Herb, firstly if i can set L to a DC and get result then my
computer
> is
> > > > authenticated ?
> > >
> > > I think this is true -- were the the user not logged on
> > > it would seem wrong to show a logon server.
> > >
> > > NLTest is more definitive but difficult to use (contrary
> > > command line switches.)
> > >
> > > I was sort of hoping that someone would post a KB article
> > > describing such tests. (Experience makes it pretty obvious
> > > to me but that is NOT a good answer for someone trying to
> > > learn.)
> > >
> > > > also if USE and ping can be used then it is
> > > > authenticated also ?
> > >
> > > In no way does ping tell you this.
> > >
> > > Ping FAILURE would make it unlikely that authentication
> > > worked but even that is not reliable unless you are very
> > > certain why ping failed.
> > >
> > > For instance, any firewall including the XP-Win2003 built-in
> > > firewall might block ping or IP might be broken a computer
> > > still authenticate in some domains with another protocol but
> > > this is less common today with IP required and few people
> > > using other protocols.
> > >
> > > > What are the components required to have in order
> > > > to have roaming profile works ?
> > >
> > > Authentication
> > > Server with share, proper permissions on share and NTFS
> > > Usually share and NTFS need to be Full Control for the
> > > group or user to who will save a profile.
> > > Network operation so that client can reach the share (timely
> > > manner so that it doesn't timeout)
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > > Regards
> > > > Daniel
> > > >
> > >
> > >
> > >
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks! I'll take a look at those books.

I'm probably going to put it off to the summer -enjoying ADSI via VBS at the
moment. But a lot of people are telling me Perl is the way forward...


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Herb Martin" <news@LearnQuick.com> wrote in message
news:eHBcuIhGFHA.3376@TK2MSFTNGP14.phx.gbl...
"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:u9YQTGfGFHA.2420@TK2MSFTNGP14.phx.gbl...
> Ah...nice. I'll have a play with that tomorrow. I'm thinking about
> learning Perl. I just downloaded and installed ActivePerl...


Perl can be learned USEFULLY in stages.

Just enough to solve a some problems with
only a few lines of code, then later a bit more
on how to use libraries provided by other, etc.

Learning the regular expression syntax usally
presents a steep learning curve but this curve
puts you on a very useful plateau with just a
bit more effort. And the RegExes are generally
applicable to many other tools.

Regexes work similarly in grep, sed, awk,
many programmers' editors and so one. Once
you know the principles then it is easy to adapt
to small rule changes or increased features.

Even the built-in FindStr has the /R switch for
turning on RegEx capability -- meaning you can
benefit even on systems that have no Unix-like
tools. (Random workstations and servers etc.)

If you want help, then let me know.

The two class books are "Learning Perl" (14.75
on Amazon new&used) Programming Perl (18.72
new&used.)

"Learning Perl" is MUCH simpler and in my opinion
"Programming Perl" is MUCH better and an eventual
necessity for almost all Perl programmers.

But if you no nothing of programming then 'Learning'
takes more baby steps.

Another EXCELLENT book as you start to USE Perl
is "Perl Cookbook" which offers working "snippet"
programs and routines that no only solve a multitude
of useful problems but stand as superior examples of
how an expert programmer makes Perl simple yet
amazingly effective.

One of the best things about Perl is that 10 lines of
Perl often does more than 10-100 lines of C or VB.

Fewer lines almost always means faster to program,
easier to understand and test, but most of all FEWER
BUGS.



--
Herb Martin


>
> I often use /whowill, but I'd forgotten about /finduser.
>
> nltest is a real handy tool alright!!!
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:OvlnAYVGFHA.4088@TK2MSFTNGP09.phx.gbl...
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:eiITfHSGFHA.3840@tk2msftngp13.phx.gbl...
> > > I wonder if there is a built-in and direct way to tell if the machine
> and
> > > user are authenticated....
> >
> > That would be nice!
>
> Maybe these are close enough:
>
> nltest /whowill:Domain.Com UserName
>
> nltest /finduser:UserName
>
> > Can you whip something up in Perl?!? ;-)
>
> Well, sure, though it wouldn't be direct but
> just another hack <grin>
>
> #Perl begins
>
> $debug = 1; #set to 0 for less output
> @services = `net start`;
> foreach (@services) {
> next unless /^\s+Net Logon\s*$/;
> $dc = 1;
> print if $debug;
> last;
> }
>
> print "DC\n" if $dc && $debug;
> print "not DC\n" if $dc && $debug;
> if (defined($ENV{LOGONSERVER})) {
> $logonServer = $ENV{LOGONSERVER};
> $logonServer =~ s/.*\\+(.*)/$1/;
> print "LogonServer: $logonServer\n" if $debug;
> }
> if (defined($ENV{COMPUTERNAME})) {
> $computer = $ENV{COMPUTERNAME};
> print "Computer: $computer\n" if $debug;
> }
>
> if ($dc || ($computer != $logonServer)) {
> print "logged onto domain.\n";
> exit 0;
> } else { #User is
> print "NOT logged onto domain.\n";
> exit 1;
> }
>
> # Perl ends
>
> --
> Herb Martin
>
>
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net
> > http://forums.msresource.net
> >
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
> > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> > > The logonserver is the local machine if a DC cannot be found, e.g. the
> > > computer name.
> > >
> >
> > I was also leaving some wriggle room for
> > things like DC available, authenticates, then
> > DC does down (credentials might even expire.)
> >
> > I wonder if there is a built-in and direct way to
> > tell if the machine and user are authenticated....
> >
> > (Looking at the environment works for me, but
> > seems a bit indirect or non-specific.)
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > --
> > >
> > > Paul Williams
> > >
> > > http://www.msresource.net/
> > > http://forums.msresource.net/
> > >
> > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> > > <danieltan@time.net.my> wrote in message
> > > news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > > > Herb, firstly if i can set L to a DC and get result then my computer
> is
> > > > authenticated ?
> > >
> > > I think this is true -- were the the user not logged on
> > > it would seem wrong to show a logon server.
> > >
> > > NLTest is more definitive but difficult to use (contrary
> > > command line switches.)
> > >
> > > I was sort of hoping that someone would post a KB article
> > > describing such tests. (Experience makes it pretty obvious
> > > to me but that is NOT a good answer for someone trying to
> > > learn.)
> > >
> > > > also if USE and ping can be used then it is
> > > > authenticated also ?
> > >
> > > In no way does ping tell you this.
> > >
> > > Ping FAILURE would make it unlikely that authentication
> > > worked but even that is not reliable unless you are very
> > > certain why ping failed.
> > >
> > > For instance, any firewall including the XP-Win2003 built-in
> > > firewall might block ping or IP might be broken a computer
> > > still authenticate in some domains with another protocol but
> > > this is less common today with IP required and few people
> > > using other protocols.
> > >
> > > > What are the components required to have in order
> > > > to have roaming profile works ?
> > >
> > > Authentication
> > > Server with share, proper permissions on share and NTFS
> > > Usually share and NTFS need to be Full Control for the
> > > group or user to who will save a profile.
> > > Network operation so that client can reach the share (timely
> > > manner so that it doesn't timeout)
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > > Regards
> > > > Daniel
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:eU93DhkGFHA.576@TK2MSFTNGP15.phx.gbl...
> Thanks! I'll take a look at those books.
>
> I'm probably going to put it off to the summer -enjoying ADSI via VBS at
the
> moment. But a lot of people are telling me Perl is the way forward...

Maybe closer is that "Perl is A way" (not even
the way.)

One of the Perl maxims for the language itself
is, "There is more than one way to do it...."

Really. The language offers so many resources
that this is the standard prologue to the answer
when someone asks "What's the best way to...?"

--
Herb Martin


"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:eU93DhkGFHA.576@TK2MSFTNGP15.phx.gbl...
> Thanks! I'll take a look at those books.
>
> I'm probably going to put it off to the summer -enjoying ADSI via VBS at
the
> moment. But a lot of people are telling me Perl is the way forward...
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:eHBcuIhGFHA.3376@TK2MSFTNGP14.phx.gbl...
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:u9YQTGfGFHA.2420@TK2MSFTNGP14.phx.gbl...
> > Ah...nice. I'll have a play with that tomorrow. I'm thinking about
> > learning Perl. I just downloaded and installed ActivePerl...
>
>
> Perl can be learned USEFULLY in stages.
>
> Just enough to solve a some problems with
> only a few lines of code, then later a bit more
> on how to use libraries provided by other, etc.
>
> Learning the regular expression syntax usally
> presents a steep learning curve but this curve
> puts you on a very useful plateau with just a
> bit more effort. And the RegExes are generally
> applicable to many other tools.
>
> Regexes work similarly in grep, sed, awk,
> many programmers' editors and so one. Once
> you know the principles then it is easy to adapt
> to small rule changes or increased features.
>
> Even the built-in FindStr has the /R switch for
> turning on RegEx capability -- meaning you can
> benefit even on systems that have no Unix-like
> tools. (Random workstations and servers etc.)
>
> If you want help, then let me know.
>
> The two class books are "Learning Perl" (14.75
> on Amazon new&used) Programming Perl (18.72
> new&used.)
>
> "Learning Perl" is MUCH simpler and in my opinion
> "Programming Perl" is MUCH better and an eventual
> necessity for almost all Perl programmers.
>
> But if you no nothing of programming then 'Learning'
> takes more baby steps.
>
> Another EXCELLENT book as you start to USE Perl
> is "Perl Cookbook" which offers working "snippet"
> programs and routines that no only solve a multitude
> of useful problems but stand as superior examples of
> how an expert programmer makes Perl simple yet
> amazingly effective.
>
> One of the best things about Perl is that 10 lines of
> Perl often does more than 10-100 lines of C or VB.
>
> Fewer lines almost always means faster to program,
> easier to understand and test, but most of all FEWER
> BUGS.
>
>
>
> --
> Herb Martin
>
>
> >
> > I often use /whowill, but I'd forgotten about /finduser.
> >
> > nltest is a real handy tool alright!!!
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:OvlnAYVGFHA.4088@TK2MSFTNGP09.phx.gbl...
> > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > news:eiITfHSGFHA.3840@tk2msftngp13.phx.gbl...
> > > > I wonder if there is a built-in and direct way to tell if the
machine
> > and
> > > > user are authenticated....
> > >
> > > That would be nice!
> >
> > Maybe these are close enough:
> >
> > nltest /whowill:Domain.Com UserName
> >
> > nltest /finduser:UserName
> >
> > > Can you whip something up in Perl?!? ;-)
> >
> > Well, sure, though it wouldn't be direct but
> > just another hack <grin>
> >
> > #Perl begins
> >
> > $debug = 1; #set to 0 for less output
> > @services = `net start`;
> > foreach (@services) {
> > next unless /^\s+Net Logon\s*$/;
> > $dc = 1;
> > print if $debug;
> > last;
> > }
> >
> > print "DC\n" if $dc && $debug;
> > print "not DC\n" if $dc && $debug;
> > if (defined($ENV{LOGONSERVER})) {
> > $logonServer = $ENV{LOGONSERVER};
> > $logonServer =~ s/.*\\+(.*)/$1/;
> > print "LogonServer: $logonServer\n" if $debug;
> > }
> > if (defined($ENV{COMPUTERNAME})) {
> > $computer = $ENV{COMPUTERNAME};
> > print "Computer: $computer\n" if $debug;
> > }
> >
> > if ($dc || ($computer != $logonServer)) {
> > print "logged onto domain.\n";
> > exit 0;
> > } else { #User is
> > print "NOT logged onto domain.\n";
> > exit 1;
> > }
> >
> > # Perl ends
> >
> > --
> > Herb Martin
> >
> >
> > >
> > >
> > > --
> > >
> > > Paul Williams
> > >
> > > http://www.msresource.net
> > > http://forums.msresource.net
> > >
> > >
> > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
> > > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > > news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> > > > The logonserver is the local machine if a DC cannot be found, e.g.
the
> > > > computer name.
> > > >
> > >
> > > I was also leaving some wriggle room for
> > > things like DC available, authenticates, then
> > > DC does down (credentials might even expire.)
> > >
> > > I wonder if there is a built-in and direct way to
> > > tell if the machine and user are authenticated....
> > >
> > > (Looking at the environment works for me, but
> > > seems a bit indirect or non-specific.)
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > > --
> > > >
> > > > Paul Williams
> > > >
> > > > http://www.msresource.net/
> > > > http://forums.msresource.net/
> > > >
> > > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > > news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> > > > <danieltan@time.net.my> wrote in message
> > > > news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > > > > Herb, firstly if i can set L to a DC and get result then my
computer
> > is
> > > > > authenticated ?
> > > >
> > > > I think this is true -- were the the user not logged on
> > > > it would seem wrong to show a logon server.
> > > >
> > > > NLTest is more definitive but difficult to use (contrary
> > > > command line switches.)
> > > >
> > > > I was sort of hoping that someone would post a KB article
> > > > describing such tests. (Experience makes it pretty obvious
> > > > to me but that is NOT a good answer for someone trying to
> > > > learn.)
> > > >
> > > > > also if USE and ping can be used then it is
> > > > > authenticated also ?
> > > >
> > > > In no way does ping tell you this.
> > > >
> > > > Ping FAILURE would make it unlikely that authentication
> > > > worked but even that is not reliable unless you are very
> > > > certain why ping failed.
> > > >
> > > > For instance, any firewall including the XP-Win2003 built-in
> > > > firewall might block ping or IP might be broken a computer
> > > > still authenticate in some domains with another protocol but
> > > > this is less common today with IP required and few people
> > > > using other protocols.
> > > >
> > > > > What are the components required to have in order
> > > > > to have roaming profile works ?
> > > >
> > > > Authentication
> > > > Server with share, proper permissions on share and NTFS
> > > > Usually share and NTFS need to be Full Control for the
> > > > group or user to who will save a profile.
> > > > Network operation so that client can reach the share (timely
> > > > manner so that it doesn't timeout)
> > > >
> > > > --
> > > > Herb Martin
> > > >
> > > >
> > > > >
> > > > > Regards
> > > > > Daniel
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

It's part of the support tools. Install them from the \SUPPORT folder on
your Windows Installation Media.


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

<danieltan@time.net.my> wrote in message
news:1109232727.057706.268490@z14g2000cwz.googlegroups.com...
Paul, i try nltest in windows2000 server but it doesnt have this
command. Where can i try it ?

Rgds
Daniel

ptwilliams wrote:
> Ah...nice. I'll have a play with that tomorrow. I'm thinking about
> learning Perl. I just downloaded and installed ActivePerl...
>
>
> I often use /whowill, but I'd forgotten about /finduser.
>
> nltest is a real handy tool alright!!!
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:OvlnAYVGFHA.4088@TK2MSFTNGP09.phx.gbl...
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:eiITfHSGFHA.3840@tk2msftngp13.phx.gbl...
> > > I wonder if there is a built-in and direct way to tell if the
machine
> and
> > > user are authenticated....
> >
> > That would be nice!
>
> Maybe these are close enough:
>
> nltest /whowill:Domain.Com UserName
>
> nltest /finduser:UserName
>
> > Can you whip something up in Perl?!? ;-)
>
> Well, sure, though it wouldn't be direct but
> just another hack <grin>
>
> #Perl begins
>
> $debug = 1; #set to 0 for less output
> @services = `net start`;
> foreach (@services) {
> next unless /^\s+Net Logon\s*$/;
> $dc = 1;
> print if $debug;
> last;
> }
>
> print "DC\n" if $dc && $debug;
> print "not DC\n" if $dc && $debug;
> if (defined($ENV{LOGONSERVER})) {
> $logonServer = $ENV{LOGONSERVER};
> $logonServer =~ s/.*\\+(.*)/$1/;
> print "LogonServer: $logonServer\n" if $debug;
> }
> if (defined($ENV{COMPUTERNAME})) {
> $computer = $ENV{COMPUTERNAME};
> print "Computer: $computer\n" if $debug;
> }
>
> if ($dc || ($computer != $logonServer)) {
> print "logged onto domain.\n";
> exit 0;
> } else { #User is
> print "NOT logged onto domain.\n";
> exit 1;
> }
>
> # Perl ends
>
> --
> Herb Martin
>
>
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net
> > http://forums.msresource.net
> >
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:%23hHvvf4FFHA.2180@TK2MSFTNGP12.phx.gbl...
> > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > news:eZS4PC4FFHA.3888@TK2MSFTNGP12.phx.gbl...
> > > The logonserver is the local machine if a DC cannot be found,
e.g. the
> > > computer name.
> > >
> >
> > I was also leaving some wriggle room for
> > things like DC available, authenticates, then
> > DC does down (credentials might even expire.)
> >
> > I wonder if there is a built-in and direct way to
> > tell if the machine and user are authenticated....
> >
> > (Looking at the environment works for me, but
> > seems a bit indirect or non-specific.)
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > --
> > >
> > > Paul Williams
> > >
> > > http://www.msresource.net/
> > > http://forums.msresource.net/
> > >
> > > "Herb Martin" <news@LearnQuick.com> wrote in message
> > > news:unSbSA3FFHA.1392@tk2msftngp13.phx.gbl...
> > > <danieltan@time.net.my> wrote in message
> > > news:1108908702.154362.35980@g14g2000cwa.googlegroups.com...
> > > > Herb, firstly if i can set L to a DC and get result then my
computer
> is
> > > > authenticated ?
> > >
> > > I think this is true -- were the the user not logged on
> > > it would seem wrong to show a logon server.
> > >
> > > NLTest is more definitive but difficult to use (contrary
> > > command line switches.)
> > >
> > > I was sort of hoping that someone would post a KB article
> > > describing such tests. (Experience makes it pretty obvious
> > > to me but that is NOT a good answer for someone trying to
> > > learn.)
> > >
> > > > also if USE and ping can be used then it is
> > > > authenticated also ?
> > >
> > > In no way does ping tell you this.
> > >
> > > Ping FAILURE would make it unlikely that authentication
> > > worked but even that is not reliable unless you are very
> > > certain why ping failed.
> > >
> > > For instance, any firewall including the XP-Win2003 built-in
> > > firewall might block ping or IP might be broken a computer
> > > still authenticate in some domains with another protocol but
> > > this is less common today with IP required and few people
> > > using other protocols.
> > >
> > > > What are the components required to have in order
> > > > to have roaming profile works ?
> > >
> > > Authentication
> > > Server with share, proper permissions on share and NTFS
> > > Usually share and NTFS need to be Full Control for the
> > > group or user to who will save a profile.
> > > Network operation so that client can reach the share (timely
> > > manner so that it doesn't timeout)
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > > Regards
> > > > Daniel
> > > >
> > >
> > >
> > >
> >
> >
> >
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom