RE: Remote Installation Services, DoOldStyleDomainJoin=Yes
- From: "gherkin" <gherkin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 28 Nov 2005 03:16:07 -0800
Did anyone find the solution?
Thanks
"Steven Wang [MSFT]" wrote:
> Hi Rich,
>
> Sorry for my delayed response due to the complexity of this issue. I hope
> this has not caused you too much inconvenience.
>
> I have created a test environment and performed a lot of research. Based
> on my research, the security policy setting "Add workstations to domain"
> may be the cause of this issue.
>
> This security setting determines which groups or users can add workstations
> to a domain. By default, any authenticated user has this right and can
> create up to 10 computer accounts in the domain. After implementing the
> Windows Server 2003 Security Guide: Enterprise Client: Domain
> Controller.inf, this security setting is configured as Administrators,
> that's to say, only the users which has the domain administrators privilege
> can add workstations to the domain.
>
> You may refer to the following steps to change this security setting to see
> whether the issue can be resolved:
>
> 1. On one of the Domain Controllers, open Domain Controller Security Policy
> in Administrative Tools.
> 2. Navigate to Security Settings\Local Policies\User Rights Assignment.
> 3. On the right pane, double click on the "Add workstations to domain"
> setting.
> 4. Click Add User or Group button to add the Authenticated Users, and then
> click OK.
> 5. Click Start, click Run, type "gpupdate /force", and then click OK, and
> if you are prompted, restart the DC.
>
> Regarding the difference between using "DomainAdmin=" and using "
> DoOldStyleDomainJoin=Yes ", when we configure DoOldStyleDomainJoin=Yes, it
> will force unattended setup to override the Windows security and join the
> domain using the old Windows NT 4.0 style domain join. This means, if you
> have a computer account pre-created in the domain, you do not need to
> provide domain account credentials to join the computer account to the
> domain.
>
> Hope the above information helps. If the issue persists after performing
> the above steps, please help me to collect the GP Results on one of the
> Domain Controllers and send it to me at v-stwang@xxxxxxxxxxxxxx To collect
> the GP Results, please refer to the following steps:
>
> 1. Type the following command in command prompt on one problematic
> workstation, and then press ENTER:
> "gpresult -Z > C:\gpresult_z.txt" (without the quotation marks)
>
> 2. This creates a list of the implemented policies on the computer in the
> following text file: C:\gpresult_z.txt. Please send this file to me.
>
> If you have any question or concern, please feel free to let me know. I am
> glad to be of assistance.
>
> Have a nice day!
>
> Steven Wang
> Microsoft CSS Online Newsgroup Support
>
> --------------------
> >X-Tomcat-ID: 265180798
> >References: <80690FAF-6C3A-4CD7-9F1D-3B42C480D121@xxxxxxxxxxxxx>
> <H46YZvwyFHA.3772@xxxxxxxxxxxxxxxxxxxxx>
> <3B4884E5-A29C-4717-BB1B-036276FC56CA@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain
> >Content-Transfer-Encoding: 7bit
> >From: v-stwang@xxxxxxxxxxxxxxxxxxxx (Steven Wang [MSFT])
> >Organization: Microsoft
> >Date: Fri, 07 Oct 2005 12:43:05 GMT
> >Subject: RE: Remote Installation Services, DoOldStyleDomainJoin=Yes
> >X-Tomcat-NG: microsoft.public.windows.group_policy
> >Message-ID: <cQwdsyzyFHA.780@xxxxxxxxxxxxxxxxxxxxx>
> >Newsgroups: microsoft.public.windows.group_policy
> >Lines: 178
> >Path: TK2MSFTNGXA01.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.group_policy:10947
> >NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
> >
> >Hello Rich,
> >
> >Thanks for your prompt reply and let me know the detailed information.
> >
> >This is a quick note to let you know that I am researching your issue and
> >will get back to you as soon as possible. I appreciate your patience.
> >
> >Have a great weekend!
> >
> >Steven Wang
> >Microsoft CSS Online Newsgroup Support
> >
> >--------------------
> >>Thread-Topic: Remote Installation Services, DoOldStyleDomainJoin=Yes
> >>thread-index: AcXLFxPE0slvZMnAT0Kf7ifHNGNYEA==
> >>X-WBNR-Posting-Host: 195.67.90.253
> >>From: "=?Utf-8?B?cmljaG9vMjAwMEBub2VtYWlsLnBvc3RhbGlhcw==?="
> ><richoo2000@xxxxxxxxxxxxxxxxx>
> >>References: <80690FAF-6C3A-4CD7-9F1D-3B42C480D121@xxxxxxxxxxxxx>
> ><H46YZvwyFHA.3772@xxxxxxxxxxxxxxxxxxxxx>
> >>Subject: RE: Remote Installation Services, DoOldStyleDomainJoin=Yes
> >>Date: Fri, 7 Oct 2005 01:14:02 -0700
> >>Lines: 136
> >>Message-ID: <3B4884E5-A29C-4717-BB1B-036276FC56CA@xxxxxxxxxxxxx>
> >>MIME-Version: 1.0
> >>Content-Type: text/plain;
> >> charset="Utf-8"
> >>Content-Transfer-Encoding: 8bit
> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>Content-Class: urn:content-classes:message
> >>Importance: normal
> >>Priority: normal
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>Newsgroups: microsoft.public.windows.group_policy
> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.group_policy:10943
> >>X-Tomcat-NG: microsoft.public.windows.group_policy
> >>
> >>If i use
> >>[Identification]
> >> JoinDomain=%MACHINEDOMAIN%
> >> DomainAdmin=%USERNAME%
> >> DomainAdminPassword=%DPASSWORD%
> >>
> >>Is works, so the permissions is OK.
> >>-------------------------------------------
> >>Domain policy is Built on the template
> >>Enterprise Client. Domain Controller.inf
> >>-------------------------------------------
> >>So i just want to know what i need to open in this policy to enable
> >>DoOldStyleDomainJoin.
> >>And what the diffrens is between the solution above and DoOldStyle is.
> >>
> >>
> >>
> >>
> >>
> >>"Steven Wang [MSFT]" skrev:
> >>
> >>> Hello Rich,
> >>>
> >>> Thank you for posting.
> >>>
> >>> From your post, my understanding of this issue is: The client
> >workstations
> >>> cannot be joined into the domain through the RIS installation. If this
> >is
> >>> not correct, please feel free to let me know.
> >>>
> >>> Based on my research, this issue may be caused by various factors,
> >>> therefore, we may need to perform some test and collect more
> information
> >to
> >>> narrow down the root cause of this issue. First, I suggest we refer to
> >the
> >>> following KB article to make sure the permissions are set correctly for
> >the
> >>> OU:
> >>>
> >>> Rights Needed for Remote Installation Server to Create Machine Accounts
> >>> http://support.microsoft.com/?id=224294
> >>>
> >>> Meantime, please help me to collect some information so that I can
> >perform
> >>> further research on this specific issue:
> >>>
> >>> 1. What is the DC Policy setting you have implemented before this issue
> >>> occurs, and how the policy setting be configured?
> >>>
> >>> 2. Please send the %windir%\debug\Netsetup.log and Setuperr.log files
> on
> >>> the client workstation to me at v-stwang@xxxxxxxxxxxxxx
> >>>
> >>> 3. Please send the RIPREP.SIF you are using to me.
> >>>
> >>> More Information:
> >>> -------------------------
> >>> Customizing RIS Installations
> >>>
> >http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-u
> s
> >>> /prbc_cai_silp.asp
> >>>
> >>> How to Modify the Default Group Policy for Remote Installation Services
> >>> http://support.microsoft.com/?id=316663
> >>>
> >>> Should you have any question or concern, please feel free to let me
> >know.
> >>> I am glad to be of assistance.
> >>>
> >>> Have a nice day!
> >>>
> >>> Steven Wang (MSFT)
> >>> Microsoft CSS Online Newsgroup Support
> >>>
> >>> Get Secure! - www.microsoft.com/security
> >>> =====================================================
> >>> This newsgroup only focuses on SBS technical issues. If you have issues
> >>> regarding other Microsoft products, you'd better post in the
> >corresponding
> >>> newsgroups so that they can be resolved in an efficient and timely
> >manner.
> >>> You can locate the newsgroup here:
> >>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >>>
> >>> When opening a new thread via the web interface, we recommend you check
> >the
> >>> "Notify me of replies" box to receive e-mail notifications when there
> >are
> >>> any updates in your thread. When responding to posts via your
> >newsreader,
> >>> please "Reply to Group" so that others may learn and benefit from your
> >>> issue.
> >>>
> >>> Microsoft engineers can only focus on one issue per thread. Although we
> >>> provide other information for your reference, we recommend you post
> >>> different incidents in different threads to keep the thread clean. In
> >doing
> >>> so, it will ensure your issues are resolved in a timely manner.
> >>>
> >>> For urgent issues, you may want to contact Microsoft CSS directly.
> >Please
> >>> check http://support.microsoft.com for regional support phone numbers.
> >>>
> >>> Any input or comments in this thread are highly appreciated.
> >>> =====================================================
> >>> This posting is provided "AS IS" with no warranties, and confers no
> >rights.
> >>>
> >>> --------------------
> >>> >Thread-Topic: Remote Installation Services, DoOldStyleDomainJoin=Yes
> >>> >thread-index: AcXKcPvySIP8YiZdSiuAPwhWrGwG7Q==
> >>> >X-WBNR-Posting-Host: 195.67.90.253
> >>> >From: "=?Utf-8?B?cmljaG9vMjAwMEBub2VtYWlsLnBvc3RhbGlhcw==?="
> >>> <richoo2000@xxxxxxxxxxxxxxxxx>
> >>> >Subject: Remote Installation Services, DoOldStyleDomainJoin=Yes
> >>> >Date: Thu, 6 Oct 2005 05:25:06 -0700
> >>> >Lines: 12
> >>> >Message-ID: <80690FAF-6C3A-4CD7-9F1D-3B42C480D121@xxxxxxxxxxxxx>
> >>> >MIME-Version: 1.0
> >>> >Content-Type: text/plain;
> >>> > charset="Utf-8"
> >>> >Content-Transfer-Encoding: 8bit
> >>> >X-Newsreader: Microsoft CDO for Windows 2000
> >>> >Content-Class: urn:content-classes:message
> >>> >Importance: normal
> >>> >Priority: normal
> >>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>> >Newsgroups: microsoft.public.windows.group_policy
> >>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.group_policy:10921
> >>> >X-Tomcat-NG: microsoft.public.windows.group_policy
> >>> >
> >>> >Hello.
> >>> >After implementing DC Policy on all my 2003 Dc, my Ris installation
> >>> doesn’t
> >>> >work correct. The Ris installation can not join the domin correctly.
> >Fail
> >>> on
> >>> >the client Setuperr.log Error: NetSetup: Join domain xxxxxxxx in full
> >>> >unattended mode failed. Setup will proceed to join the default
> >workgroup.
> >>> >
> >>> >The problem is that the feature DoOldStyleDomainJoin=Yes
> doesn’t
> >work
> >>> after
> >>> >the policy’s.
> >>> >How can I enable this so I can install my clients, without to
> implement
> >>> the
> >>> >domain admin and password in the SIF files?
> >>> >DC’s 2003 Sp1, Ris 2003 Sp1 Member Server, XP SP2 Eng clients.
> >>> >
> >>> >
> >>>
> >>>
> >>
> >
> >
>
>
.
- Prev by Date: Re: Remote Desktop with GPO
- Next by Date: Mulitple Group Policies or not?
- Previous by thread: Re: Remote Desktop with GPO
- Next by thread: RE: Remote Installation Services, DoOldStyleDomainJoin=Yes
- Index(es):
Relevant Pages
|
