September 2004 - Posts
My Book has been released last week, it was pretty exciting to hold the first one in my hand. MS-Press and the fellow authors did a great job - thanks for everyone involved.
Unfortunately the conference I proposed some interesting talks appears to already cover similar contents. I don't believe it since most of my proposed content is either unknown or not well dokumented and published, but however ...
Another short update on the Dial-Up Tab of Active Directory-Users and -Computers (see my blog from 7th of Sept) - the Hotfix in the KB 837490 is not necessary if you have Windows XP Service Pack 2 installed.
I rewrote the issue at http://www.windowsserverfaq.de/faq/DialInTab.asp .
I spent some time recently to look at a issue I found in DSACLS and in Active Directory-Users and -Computers. If you create a computer object and assing some user or group account permissions to join that computer to the domain there are ACEs which cause issues. Since it's quite long I posted some infos here: http://www.windowsserverfaq.de/faq/CompACLs.asp
Microsoft Windows XP - die Expertentipps
I recently worked on a book for Microsoft Press, and got the final note now that it'll hit the stores in the week of the 20th September. I'm very excited to receive the first one printed, and I'll even read it since I've seen that there's (also) a lot of interesting stuff in the chapters which I wasn't involved in and had not time to read them yet.
It's written by some german MVPs, it's in german so for the international folks a great opportunity to learn that language ;-)
Seriously, it's focused for the advanced home user and presents tipps and tricks around Windows XP, and it covers expecially the new security features of Service Pack 2 (imagine the work we had - we wrote the book in the same time when the SP2 was finalized, so we had to adjust a lot. It was a coincidence that we finished the book just a couple days after RTM of SP2, so it's propable one of the first books covering the final release). As Windows Server MVP I provided a lot of tipps and took care of the chapters about user and account security and homenetworking and internet.
I spent the most time yesterday to extend an offer for AD and DNS presentations at european IT event later this year. I hope that the responsible people will be interested, since I want to cover a lot of AD and DNS issues I had in my deployments and there wasn't a lot of help for those scenarious on the web. Some content will cover a practical approach to migrate DNS infrastructures while getting rid of not needed records and still keep all applications happy during the migration, a lot of security best practices for DNS / DHCP / AD, real-life experiences and recommendations on extending the schema, and lots more.
Keep your fingers crossed for me and stay tuned.
I recognized today that one of the major by-designs of the ADUC Dial-In Tab is now in the public Knowledge Base:
837490 The Dial-in tab does not appear when you use the Active Directory Users and Computers snap-in to view the properties for a domain user on a Windows XP-based computer
This fixes the issue with XP-Clients that the Adminpak does not contain the Dial-In Tab. Those settings had to be done using Remote Desktop Publishing (RDP - formaly known as Terminal Services Administration Mode). Using the fix mentioned in the KB the Dial-In Tab is now available on XP Clients.
Other issues of my "favorite" tab:
You are not able to delegate rights - if you don't have full administrative access then clicking on the tab displays an error message "Could not load the Dial-in profile for this user because: Access is denied." and the page appears empty with just a message "Dial-in page initialization failed." This is fixed (see below - don't stop reading here) but not in the public KB, call PSS and request the following fix:
822542 Delegated administrator not able to open the dial-in tab
After you implemented that fix, delegated administrators are able to receive the tab, and enabled and disabled fields based on the delegated rights work.
However, there's still an issue: If you don't have delegated rights for the full Dial-In Tab, you are able to change the stuff you have rights to in the GUI, but it won't take the changes when you hit Apply or OK. My issue is that a customer wanted the msRadiusCallbackNumber delegated - their helpdesk should not be allowed to decide whether or not a user had Dial-In Rights, but to change the Callback-Number if needed. We have a open case on this, if anyone else needs delegated permissions within this tab (and has preferably a support contract with MS) let me know - as far as I know right now this will not be fixed for a single customer.