Re: Windows 2003 DC Demotion / Promotion

Windows Server 2003 SP1 introduces rights that give an administrator
independent
control over local and remote permissions for starting COM servers,
activating COM server settings, and accessing COM servers.

Some people reset to the default settings and the errors stop, you can try
that if you wan to:
Open the Component Services and change the COM Security by editing the
default permissions.
In some cases the service account don't have the remote access checkbox
checked and is needed. If that is the case give the service account remote
access permissions to the COM Applications and rebooted the DC.
Description of the changes to DCOM security settings after you install
Windows Server 2003 Service Pack 1
http://support.microsoft.com/default.aspx?scid=kb;EN-US;903220
Some firewalls may reject network traffic that originates from Windows
Server 2003 Service Pack 1-based computers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;899148
Availability of Windows Server 2003 Post-Service Pack 1 COM+ 1.5 Hotfix
Rollup Package 6
http://support.microsoft.com/kb/897667/en-us

--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

<joshelson@xxxxxxxxx> wrote in message
news:1156350231.468748.166430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Jorge,

Thanks for the quick response and the information. I am having COM+
issues on the DC, and none of the conventional resolutions I'm aware of
has resolved the issue.

The primary symptom is a massive number (thousands a day) of COM+ event
viewer messages that look like:


Event Type: Error
Event Source: COM
Event Category: None
Event ID: 10022
Date: 8/23/2006
Time: 11:16:33 AM
User: N/A
Computer: DC01
Description:
The machine-default access security descriptor for the COM Server
application C:\WINNT\Explorer.EXE is invalid. It contains Access
Control Entries with permissions that are invalid. The requested action
was therefore not performed. This security permission can be corrected
using the Component Services administrative tool.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


I should mention that this machine went down hard after a UPS failure
during a power outage, so I'm a bit uncomfortable with the state of the
machine (though it's still limping by without COM+ being functional).

There are a number of online resources that attempt to address this
issue, but none seem to work (not even the COM+ rebuild procedure).

I don't really want to use the forceremoval options unless I have to,
but wanted to prepare for the contingency.

Josh

Jorge Silva wrote:
Inline
Can I do this simply with Domain Administrator rights in the child
domain, or does this require me to have Enterprise Administrator
rights?
- Domain Admin rights.

Do rights required for the demotion portion change if I use
the /forceremoval option?
-You need to logon the server to use the force removal switch, but
careful,
you'll manually have to remove the entries from AD.
Can you explain us why are you asking this questions, or what type of
issues
are you having?



--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

<joshelson@xxxxxxxxx> wrote in message
news:1156348049.422721.284400@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Quick question (and one I probably should remember from the MCSE...).

I have a Windows 2000 mode forest / root, with a child domain running
Windows 2003 native mode.

I have an ailing DC in this child domain, and I'd like to demote him,
rebuild and then promote him.

Can I do this simply with Domain Administrator rights in the child
domain, or does this require me to have Enterprise Administrator
rights? Do rights required for the demotion portion change if I use
the /forceremoval option?

Thanks!

Josh




.

Relevant Pages

  • Re: Fax in Win2k3
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... Please do not send email directly to this alias. ... > The first DC was a win2k standard server. ... >>> The message always indicates to talk to my fax administrator, ...
    (microsoft.public.win2000.fax)
  • Re: you need permission to perform this action
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... configure the global permissions for administrators. ... folder, because some folder permissions are changed by design, that's ... I did have the Administrator take ownership of the system32 folder, ...
    (microsoft.public.windows.server.general)
  • Re: Ownsership and Rights
    ... Full Controll set up for bothe the NTFS and for the share. ... Also, when I am logged into the server as Administrator, and I check the ... Effective Permissions does not work as well. ... That I'm working on has share rights of Everyone, ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem sending emails
    ... you may want to review the security you've put into place and undo it to see ... The 5.7.1 event you're seeing is usually a permissions related issue on the ... SMTP virtual server. ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.exchange.connectivity)
  • Re: Administrator not the Administrator ??
    ... Please post the ipconfig/all from the server. ... > I seem to be able to chage permissions in files and folders no problem. ... we had to re install the Snap in for GP as it ... >>>>> where, as the administrator, I though I had full control. ...
    (microsoft.public.windows.server.sbs)