Re: Could NOT change mail address after windows server 2003 sp1
rw
SP1 and Exchange?
I'm familiar with this entry as a mechanism to control the load order for
device drivers, and I'm curious how the SDDL entry relates to the problem.
The addition of accounts to the "Distributed COM Users" group makes perfect
sense. How did you determine the need to additionally set this registry
value? Registry security auditing or Regmon logging perhaps?
Thanks
"PaulD" <nospam> wrote in message
news:uCZ3RpwR...@tk2msftngp13.phx.gbl...
>I created fix. Attached utility gives additional permissions on SCM for
>"Distributed COM Users"
> i.e. apply fix, add your exchange admins to this group
> there is no need to reboot computer after fix applied.
>
> alternatively you can apply this reg file. then you should reboot computer
> and add your exchange admins to new group
> ----
> REGEDIT4
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\Security]
> "Security"=hex:01,00,14,80,cc,00,00,00,d8,00,00,00,14,00,00,00,44,00,00,00,02,\
>
> 00,30,00,02,00,00,00,02,80,14,00,3f,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
>
> 00,00,02,89,14,00,00,00,00,10,01,01,00,00,00,00,00,01,00,00,00,00,02,00,88,\
>
> 00,06,00,00,00,00,00,18,00,15,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
>
> 32,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
>
> 00,14,00,15,00,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,15,00,\
>
> 02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,35,00,02,00,01,01,00,\
>
> 00,00,00,00,05,12,00,00,00,00,00,18,00,3f,00,0f,00,01,02,00,00,00,00,00,05,\
>
> 20,00,00,00,20,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,\
> 00,00,05,12,00,00,00
> ----
>
>
PaulD
to enumerate services status remotely.
In Win2003 SP1 Auth. users does not have this ability anymore.
I create utility SCMFix.exe(see attach above), this utility changes DACL for
SCM by adding "DCOM Users" to this DACL.
>>How did you determine the need to additionally set this registry value?
SCMFix.exe + regmon.exe :)
"rw" <r...@whatever.com> wrote in message
news:%23yDHdE8...@tk2msftngp13.phx.gbl...
PaulD
http://groups-beta.google.com/group/microsoft.public.exchange.admin/browse_thread/thread/358ce7ceec14fa79/db5a2dd3c2ce1811&rnum=4&hl=en#db5a2dd3c2ce1811
apply, reboot server, add exchange admins to "DCOM Users" group. this fixes
initial issue
http://groups-beta.google.com/group/microsoft.public.exchange.admin/browse_thread/thread/a9f04d79c2dd6010/35f6018f53327512&rnum=1&hl=en#35f6018f53327512
----
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\Security]
"Security"=hex:01,00,14,80,cc,00,00,00,d8,00,00,00,14,00,00,00,44,00,00,00,02,\
00,30,00,02,00,00,00,02,80,14,00,3f,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,89,14,00,00,00,00,10,01,01,00,00,00,00,00,01,00,00,00,00,02,00,88,\
00,06,00,00,00,00,00,18,00,15,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
32,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,14,00,15,00,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,15,00,\
02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,35,00,02,00,01,01,00,\
00,00,00,00,05,12,00,00,00,00,00,18,00,3f,00,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00
----
"PaulD" <nospam> wrote in message
news:uCiQAKWS...@TK2MSFTNGP12.phx.gbl...
tmos
Thanks :-))
tmos
Ο χρήστης "PaulD" έγγραψε:
> I created fix. Attached utility gives additional permissions on SCM for
> "Distributed COM Users"
> i.e. apply fix, add your exchange admins to this group
> there is no need to reboot computer after fix applied.
>
> alternatively you can apply this reg file. then you should reboot computer
> and add your exchange admins to new group
> ----
> REGEDIT4
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\Security]
> "Security"=hex:01,00,14,80,cc,00,00,00,d8,00,00,00,14,00,00,00,44,00,00,00,02,\
> 00,30,00,02,00,00,00,02,80,14,00,3f,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
> 00,00,02,89,14,00,00,00,00,10,01,01,00,00,00,00,00,01,00,00,00,00,02,00,88,\
> 00,06,00,00,00,00,00,18,00,15,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
> 32,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
> 00,14,00,15,00,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,15,00,\
> 02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,35,00,02,00,01,01,00,\
> 00,00,00,00,05,12,00,00,00,00,00,18,00,3f,00,0f,00,01,02,00,00,00,00,00,05,\
> 20,00,00,00,20,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,\
> 00,00,05,12,00,00,00
> ----
>
> Ben Winzenz [Exchange MVP] wrote:
> > You should probably open an incident with Microsoft PSS then. I'd suspect
> > this is either a new bug or something that isn't very common. Doing a web
> > search didn't return any productive information.
> >
> > --
> > Ben Winzenz
> > Exchange MVP
> > MessageOne
> >
> >
> > "tmos" <tm...@discussions.microsoft.com> wrote in message
> > news:ACB7DF0D-1086-476F...@microsoft.com...
> > >I 've just re-aplied Ex2003 sp1 but there is no difference :-)))
> > >
> > > tmos
> > >
> > > ? ??????? "Ben Winzenz [Exchange MVP]" ???????:
> > >
> > >> Arghh - missed it in your first post. Suspect here of course would be
> > >> Windows 2003 Sp1. First, it has the Windows firewalll - check to see
> > >> if
> > >> that is on. If it is, try disabling it. Second, have you run the SCW
> > >> (Security Configuration Wizard) on the Exchange server? You might also
> > >> try
> > >> re-applying Exchange 2003 Sp1.
> > >>
> > >> --
> > >> Ben Winzenz
> > >> Exchange MVP
> > >> MessageOne
> > >>
> > >>
> > >> "tmos" <tm...@discussions.microsoft.com> wrote in message
> > >> news:DC82CC06-4E79-418A...@microsoft.com...
> > >> > No errors or warnings in any log, client workstation or exchange
> > >> > server.
> > >> >
> > >> > Regards
> > >> > tmos
> > >> >
> > >> >
> > >> >
> > >> > ? ??????? "Ben Winzenz [Exchange MVP]" ???????:
> > >> >
> > >> >> What errors do you see in the event logs (specifically the
> > >> >> application
> > >> >> log
> > >> >> and system log). That sounds really funky - there should be some
> > >> >> info
> > >> >> being
> > >> >> logged that will give clues as to what is going on.
> > >> >>
> > >> >> --
> > >> >> Ben Winzenz
> > >> >> Exchange MVP
> > >> >> MessageOne
> > >> >>
> > >> >>
> > >> >> "tmos" <tm...@discussions.microsoft.com> wrote in message
> > >> >> news:514F3FDE-50D8-4DB3...@microsoft.com...
> > >> >> > Exchange Server 20003 SP1 on Server 2003 Enterprise
> > >> >> > After upgrade to Win Server 2003 SP1 only users who are members of
> > >> >> > Local
> > >> >> > Administrators Group (in Exchange 2003 server) can change an email
> > >> >> > address.
> > >> >> > They can create new mail enabled users (with default addresses)
> > >> >> >
> > >> >> > The error message is
> > >> >> > An Exchange Server could not be found in the domain
> > >> >> > Check if the Microsoft System Attendant service is running on the
> > >> >> > Exchange
> > >> >> > Server
> > >> >> >
> > >> >> > ID no: c10308a2
> > >> >> > Microsoft Active Directory - Exchange Extension
> > >> >> >
> > >> >> >
> > >> >>
> > >> >>
> > >> >>
> > >>
> > >>
> > >>
>
>
>
>