Assuming the trust between DCs already exists-
In ADUC, make sure to enable advanced options in the view menu or the security tab will not show up on a computers properties.
From the Security tab of a computer’s properties in ADUC, Add the other domain user(s) (ie: domain2/domain users) then tic the checkbox for Allowed to Authenticate permission.
Thought I had this posted a long time ago and was going to reference it and…. hmm.
So here it goes (again?)
Win7 RSAT (Remote Server Admin Tools)
Then they can be turned on for the mmc/snap-in via Turn On/Off Windows Features or via cmdline:
dism /online /enable-feature /featurename:RemoteServerAdministrationTools
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-AdministrativeCenter
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-NIS
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-LDS
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-Powershell
You can grant access to a share/folder using a computer account (or a Global Security Group containing the computer accounts you wish to have access)
as a batch file:
Net Share SharedFolderName=C:\FolderName /grant:”DOMAIN\COMPUTERACCOUNT$”,CHANGE
echo y | cacls c:\SharedFolderName /c /g “DOMAIN\COMPUTERACCOUNT$”:C
The $ suffix indicaties this is a computer account.
This would give Change access to any process/service that COMPUTERACCOUNT runs as SYSTEM, but would not give any access to processes created by users logged onto COMPUTERACCOUNT.
I’ve not tested this, but when I installed an instance of SQL Server ’08r2 I chose to run it all as system processes.. My thought is the network share above would allow me to have the database on the share (with rights granted via the sql svr’s system process) without needing to grant access to any particular users to the share and only accessible from specified PCs. I take it as well that this method is probably breaking a few security rules..
Another nice little MS internal utility that went public. RDP Connection Manager adds easy management/overview of all your systems. Thanks to David Bolton for the post/heads-up.
Download it from MS.
/usr/sbin/lpadmin -p tms-copier-room18-01 -E -v lpd://tms-copier-room18-01 -P /Library/Printers/PPDs/Contents/Resources/en.lproj/CNR5050X1.PPD.gz -o printer-is-shared=false -D “tms-copier-room18-01 (Office)”
In Applescript you’ll need to use double quotes, etc.
do shell script “/usr/sbin/lpadmin -p tms-copier-room18-01 -E -v lpd://tms-copier-room18-01 -P /Library/Printers/PPDs/Contents/Resources/en.lproj/CNR5050X1.PPD.gz -o printer-is-shared=false -D ”tms-copier-room18-01 (Office)”“
If you have spaces in the driver name or elsewhere, be sure to preface them with a space. The below example uses a fictitious canon imagerunner example (the real ppd is not named as such)
do shell script “/usr/sbin/lpadmin -p Canon_Imagerunner -E -v lpd://tms-copier-room18-01 -P /Library/Printers/PPDs/Contents/Resources/en.lproj/Canon Imagerunner 4100.gz -o printer-is-shared=false -D ”tms-copier-room18-01 (Office)”“
to delete a printer, use the -x command.
/usr/sbin/lpadmin -x “name of printer”
Be sure to checkout the full list of options via the lpadmin man page. From terminal:
and remember, the do shell script command uses sh as the default shell, not bash.
If you want to do an automatic install of all the updates for a particular Mac, you can do it easily in the background using ARD. Gather up the system you want to update then execute a unix command: softwareupdate -i -a and specify to run it as the root user even if you have not enabled the root user account on the workstation. It takes a while but the results window pretty much updates after each title install — it’ll even tell you if the remote system needs restarting.
If you want to do it manaully (perhaps via a remote ssh login), log in as an administrative user, and type: sudo softwareupdate -i -a. You’ll be prompted to enter your admin level password. If you wish, this can also be done locally via a terminal window.
To see all the command options, type man softwareupdate in a Terminal window.