In working with group policies, I've run into some frustrating test conditions where the policies I set just weren't getting set on the target computers.

Checking into the event log, the issue appears to be that the clock on my vmware machine was too far out of sync with the time on the WolfTech domain controllers for a session to be established, and so the workstation service principal couldn't log in and get the list of gpo's it should apply.

Be careful what you wish for!

E-mail notifications have been added to this site, as some folks were missing them from our earlier blogs/drupal sites.  You'll see a link for "subscriptions" at the bottom of most content.

I'm working to clean up and standardize our OU=OIT in the WolfTech active directory.

I've created under "Management Objects" a "People Groups" container, for holding groups representing teams or other assemblies of humans or human analogs.

Microsoft's Internet Information Server (IIS) uses a local computer account, IUSR_servername to provide access to the filesystem and other resources for anonymous web users.  We've had some problems getting the permissions correct for this acount.

I'd like to propose the following scheme, based on the recommendations from Microsoft's IIS 6.0 Security Best Practices

Tomorrow is International Talk like a Pirate day

I have some content filters in place on the ISO blog that I will be testing in honor of this most sacred and special of days.  Please don't page anyone to report problems with our site tomorrow, it's all part of a scheduled, planned test.

Yesterday Kevin and I met with Danny and Harry and discussed how to address the proliferation of OU admins in the WolfTech domain from within OIT.  We now have 11 OIT OUs,  (OIT-AC, OIT-ComTech-CMS, OIT-OCC, ISO_PROV,ISO_SHS,ISO_RnD, TSS_CS, TSS_LSS, TSS-DS, TSS-SC not to mention ITD-DSP), which is causing problems because being an OU admin in WolfTech implies a level of communication with the rest of the admin community that simply isn't present in most cases.

FYI, I've adjusted the software firewall on license02 so that the new Nagii can monitor it properly.

Folks,

I added a drupal module, JTooltips, to the ISO blog.  I'm trying to make our site "richer" without adding a lot of work to content creation.  It shouldn't impact access, just AJAX things up a bit, but if people hate it, it's easy enough to turn off.

John

In order to reduce duplicate calls for ComTech, improve our security practices, and generally speed up request processing for QIP access, ComTech has created a QIP role named "oit-iso-tech"

This role provides access to QIP objects, and members can easily be added or removed from the role.  The initial membership of this role will be the staff in ISO-PROV and ISO-SHS (those that do production QIP work in ISO)