I'm doing some research to implement Domain Isolation in my LAN to prevent
unauthorized computers (notebooks, wi-fi devices) to connect to Windows 2003
servers, navigate the internet, etc.
My first questions are:

I have a group in Active Directory (Win2003) used to assign folder
permissions. I am looking for a way to get a list of all NTFS folders that
include this group in their ACL. The input would be the AD group name and
the output would be all NTFS folders showing this group in the ...

Windows file sharing seems to be available on all the network adapters.
When a VPN technology is used, it would be best to limit the access to
file share through only VPN network adapter.  Is this  possible  ?

A few questions---
a) Can i have a single PKI hierarchy spanning multiple forests ? Meaning can
a single standalone root CA create certs for issuing / subordinate enterprise
CA's which are located in different AD Forests ?

Is it possible to use a migrated account (with sid history) to access a web
server via basic authentication?
In the NTFS ACL of the web's directory only the original source account has
read permissions, not the migrated user. Should the migrated user get access

Would it be safe for me to remove  Domain users group from servers local
users group? I understand the purporse of this group on the workstations side
but not sure why it would be in the server that has joined Domain.
If no local security restrictions are in place then any domain ...

For purpose of testing, I'm trying to setup two distinct 3-tier PKI
hierarchies based on Win2003EE. When formed, they will be connected over
Bridge CA in order to test interoperability (particulary constraints between
domains). Considering that I have recently started to explore ...

I am trying to install a software that requires that the password be less
than 8 characters, which the security policy should only be applied to the
local machine only which is the server that I am trying to install the
application on.

Does any vendor make an application that passively listens to all ethernet
segments on a computer, and then notifies the administrator if any
unauthorized IP or ethernet Mac address shows up on any segment?   You would
obviously need to feed into such an application the IPs and Mac ...

Does anybody know of an existing script/package to generate a report
like this:
We need a copy of an OS account audit report. This report will include
a status review of all currently open accounts on all Windows servers,

I cannot map a drive from one server to another.
start \\x.x.x.x\c$  will work
but start \\netbiosname\c$ will fail and giove me an error
on the client server trying to make a mapping to the remote server I get

I've set up a simple win 2k3 SP2/R2 server on a VM in our CC.
No AD, just a simple server with terminal server installed.
Administrators can access the RDP (as usual), but users can't.
Since this behavior is almost the same with network shares I think I

Reposting this issue.  It was recommended that I post to this group from
someone in the AD group.
We have three DC's, all running Windows Server 2003 w/SP2.  DC1 is unstable,
and needs to be demoted before there is a serious hardware failure.  DC2 and

I am trying to build new PKI based on Windows Server 2008 AD CS.
Is it possible to have AD CS on Windows Server 2008 servers in Windows
Server 2003 Active Directory domain? Or do I need to upgrade Active
Directory to 2008 first and then build PKI?

I'm now meeting a need to set different USB access privileges for different
RDP session users. I have being looking for a lot of resources, but I can't
find any solution. Could someone kindly do me a favor?
BTW, I have read this