[NTSysADM] RE: Active Directory LDAP MaxPageSize limit

[Joseph L. Casale]

I wonder what they will ask for when that great piece of kit encounters ranged 
retrieval:)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, June 16, 2016 1:45 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Active Directory LDAP MaxPageSize limit

This is a very bad idea.

Fix the application.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
Sent: Thursday, June 16, 2016 3:31 PM
To: 'ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] Active Directory LDAP MaxPageSize limit

I've had a request to increase the LDAP MaxPageSize to 5000 (from 1000) due to 
an application limitation - DC's are 2012 (non-R2). I see the hard coded limit 
is 2.

The environment in question is fairly small, and the DC's are multi CPU VM's 
with 8GB RAM and there are under 2000 user objects currently, so I assume my 
change will have pretty much zero impact on my DC's, yes?

Dave
Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to 
complia...@ochin.org, delete this email and 
destroy all copies.

[NTSysADM] RE: OT: WAM replacement

[Joseph L. Casale]

My day job has me working for an IAM software vendor. My interests here don’t 
represent my day job usually so I keep the two distinct. Seems to me if you’re 
a Ping shop already you’d be best served remaining that way, and I don’t thing 
ForgeRock (the only real open source IAM product I know of) has anything WAM 
specific versus IAM.

Keep us posted, I am interested to know what you find.
jlc

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Christopher Bodnar
Sent: Thursday, June 16, 2016 12:53 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] OT: WAM replacement

Anyone out there gone through the exercise of looking to replace any of the 
larger WAM suites (CA SiteMinder, IBM ITAM, Oracle OAM, etc….)? Specifically 
looking at PingAccess or F5 Big-IP APM?  We are a PingFederate shop, and had a 
presentation on PingAccess that was pretty impressive. Also if any openSource 
solutions fall into this category.

Thanks


Christopher Bodnar
Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image001.png@01D1326B.600058E0]

The Guardian Life Insurance Company of America

www.guardianlife.com




- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

Re: [NTSysADM] Active Directory LDAP MaxPageSize limit

[Ed Ziots]

Seems reasonable

Ed
On Jun 16, 2016 3:34 PM, "Dave Lum"  wrote:

> I’ve had a request to increase the LDAP MaxPageSize to 5000 (from 1000)
> due to an application limitation – DC’s are 2012 (non-R2). I see the hard
> coded limit is 2.
>
>
>
> The environment in question is fairly small, and the DC’s are multi CPU
> VM’s with 8GB RAM and there are under 2000 user objects currently, so I
> assume my change will have pretty much zero impact on my DC’s, yes?
>
>
>
> Dave
> Attention: Information contained in this message and or attachments is
> intended only for the recipient(s) named above and may contain confidential
> and or privileged material that is protected under State or Federal law. If
> you are not the intended recipient, any disclosure, copying, distribution
> or action taken on it is prohibited. If you believe you have received this
> email in error, please contact the sender with a copy to
> complia...@ochin.org, delete this email and destroy all copies.
>

[NTSysADM] RE: Active Directory LDAP MaxPageSize limit

[Rupprecht, James R.]

+1 for Michael's comment.

Paging is a core concept for LDAP directories. Applications that do not 
understand how to do that properly will probably also do lots of other 'bad' 
things to your directory.

If the application cannot be fixed and your management insists on moving 
forward with it broken I would recommend pointing the application to an 
instance of LDS on a separate system. At least then if when it abuses the 
directory service it will not be service impacting for your users.

/jim

-
James Rupprecht
IT Architect, Enterprise Systems
The University of Kansas Information Technology
Office: +1 785 864-0116
E-mail: jimruppre...@ku.edu
Lync: jimruppre...@ku.edu



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, June 16, 2016 2:45 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Active Directory LDAP MaxPageSize limit

This is a very bad idea.

Fix the application.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
Sent: Thursday, June 16, 2016 3:31 PM
To: 'ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] Active Directory LDAP MaxPageSize limit

I've had a request to increase the LDAP MaxPageSize to 5000 (from 1000) due to 
an application limitation - DC's are 2012 (non-R2). I see the hard coded limit 
is 2.

The environment in question is fairly small, and the DC's are multi CPU VM's 
with 8GB RAM and there are under 2000 user objects currently, so I assume my 
change will have pretty much zero impact on my DC's, yes?

Dave
Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to 
complia...@ochin.org, delete this email and 
destroy all copies.

Re: [NTSysADM] Reminders for SSL certs (and other things)

[Andrew S. Baker]

I'm not sure why you suggested that Outlook is clunky for that, but in a number
of places we've worked, we have used shared mailboxes for this very thing.
Sometimes, there are just no good canned, pre-built tools…
Regards,




ASB
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…

GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A















On Thu, Jun 16, 2016 11:47 AM, Jonathan Raper jra...@nwnit.com wrote:
We have no desire to implement PRTG or Nagios, as we have a management system in
place (Zenoss). It does alert on some of the certs, but only if the device is
monitored/managed. Some devices we do not want monitored for various
reasons….but when the cert expires, it’s a problem. Unfortunately management
won’t justify the expense and overhead of 1-3 years of monitoring for an issue
that only crops up every 1 to 3 years….



I'm really looking for something like some kind of reminder system that we can
go in and add/remove/update items, seeing a list of all items, but then when
something comes up, we get an alert 3 weeks, 2 weeks, 1 week out, etc. and
something we can put other things in - like contract dates, equipment
acquisition dates, renewals, etc.



Thanks,



Jonathan



Thanks,









Jonathan L Raper, A+, MCSA, MCSE, FCC Licensed Technician, VCA-DCV, VCA-Cloud

Senior Solutions Engineer

Corporation

336.232.5244 Cisco Single Number Reach

7025 Albert Pick Road, Suite 302, Greensboro, NC 27409

www.NWNIT.com





NWN helps customers solve business problems through technology





-Original Message-

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kurt Buff

Sent: Wednesday, June 15, 2016 7:47 PM

To: ntsysadm 

Subject: Re: [NTSysADM] Reminders for SSL certs (and other things)



We use PRTG to monitor certs and send email alerts x number of days ahead of
expiration.



I'm not a huge fan of PRTG, but it does get the job done.



Kurt



On Wed, Jun 15, 2016 at 10:39 AM, Jonathan Raper  wrote:

> Hi all,

>

>

>

> We’ve been bitten by an internal cert or two expiring that caught us

> off guard. We’re rying to come up with a way to have centrally

> managed reminder system in place to make sure this doesn’t happen

> again. This is for a large-ish network with a handful of people who

> could be managing this at any given time.

>

>

>

> An Excel spreadsheet just doesn’t scale well for this, and Outlook

> tasks seems kind of clumsy.

>

>

>

> Obviously paid certs you generally get a reminder because GoDaddy

> wants the revenue, and Web server certs generate an event in the event

> log, but not every SSL cert is going to generate an event…..and not

> every cert is a paid cert….

>

>

>

> We also have some other events and contracts that we’d like reminders

> for – so this isn’t exclusive to SSL certs, though that is a driving factor.

>

>

>

> How are you all handling this? An application? A web-based “aaS”

> reminder system of some sort?

>

>

>

> Thanks,

>

>

>

> Jonathan

>

> NOTE: This message and any attachments is intended solely for the use

> of the individual or entity to which it is addressed and may contain

> information that is non-public, proprietary, legally privileged,

> confidential, and/or exempt from disclosure. If you are not the

> intended recipient, you are hereby notified that any use,

> dissemination, distribution, or copying of this communication is

> strictly prohibited. If you have received this communication in error,

> please notify the original sender immediately by telephone or return

> email and destroy or delete this message along with any attachments
immediately.





NOTE: This message and any attachments is intended solely for the use of the
individual or entity to which it is addressed and may contain information that
is non-public, proprietary, legally privileged, confidential, and/or exempt from
disclosure. If you are not the intended recipient, you are hereby notified that
any use, dissemination, distribution, or copying of this communication is
strictly prohibited. If you have received this communication in error, please
notify the original sender immediately by telephone or return email and destroy
or delete this message along with any attachments immediately.

Re: [NTSysADM] Reminders for SSL certs (and other things)

[Ferguson, Chris]

We use share point notifications against inventory lists. We're converting 
these lists into our LANDesk asset management to report, notify, and ticket on 
the same things. This enables management to report for budget needs, notify 
SA's of upcoming needed tasks, and assign tickets to SA's when tasks are ready 
to begin. Really, any ticketing system with embedded Asset or Endpoint 
management should be able to provide this.

However, for SSL certs, I rely on DigiCerts lifecycle management to handle my 
SSL needs.  Since I also use them as my provider, it just made sense.  They 
monitor for expiration and notify whomever I command them to about upcoming 
expiration. They monitor certs across the enterprise as I scoped Not just 
certs sourced by them. Great utility.  Time saver.

On Jun 16, 2016, at 4:24 PM, Jonathan Raper 
> wrote:

Owners are not Google fans…..so that would be frowned upon.

But good idea!

Thanks,

Jonathan

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall
Sent: Thursday, June 16, 2016 2:06 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Reminders for SSL certs (and other things)


Free Google accounts have a calendar...
On Jun 16, 2016 1:51 PM, "Jonathan Raper" 
> wrote:
We have no desire to implement PRTG or Nagios, as we have a management system 
in place (Zenoss). It does alert on some of the certs, but only if the device 
is monitored/managed. Some devices we do not want monitored for various 
reasons….but when the cert expires, it’s a problem. Unfortunately management 
won’t justify the expense and overhead of 1-3 years of monitoring for an issue 
that only crops up every 1 to 3 years….

I'm really looking for something like some kind of reminder system that we can 
go in and add/remove/update items, seeing a list of all items, but then when 
something comes up, we get an alert 3 weeks, 2 weeks, 1 week out, etc. and 
something we can put other things in - like contract dates, equipment 
acquisition dates, renewals, etc.

Thanks,

Jonathan

Thanks,




Jonathan L Raper, A+, MCSA, MCSE, FCC Licensed Technician, VCA-DCV, VCA-Cloud
Senior Solutions Engineer
 Corporation
336.232.5244 Cisco Single Number Reach
7025 Albert Pick Road, Suite 302, Greensboro, NC 27409
www.NWNIT.com


  NWN helps customers solve business problems through technology


-Original Message-
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Kurt Buff
Sent: Wednesday, June 15, 2016 7:47 PM
To: ntsysadm >
Subject: Re: [NTSysADM] Reminders for SSL certs (and other things)

We use PRTG to monitor certs and send email alerts x number of days ahead of 
expiration.

I'm not a huge fan of PRTG, but it does get the job done.

Kurt

On Wed, Jun 15, 2016 at 10:39 AM, Jonathan Raper 
> wrote:
> Hi all,
>
>
>
> We’ve been bitten by an internal cert or two expiring that caught us
> off guard. We’re rying to come up with a way to have  centrally
> managed reminder system in place to make sure this doesn’t happen
> again. This is for a large-ish network with a handful of people who
> could be managing this at any given time.
>
>
>
> An Excel spreadsheet just doesn’t scale well for this, and Outlook
> tasks seems kind of clumsy.
>
>
>
> Obviously paid certs you generally get a reminder because GoDaddy
> wants the revenue, and Web server certs generate an event in the event
> log, but not every SSL cert is going to generate an event…..and not
> every cert is a paid cert….
>
>
>
> We also have some other events and contracts that we’d like reminders
> for – so this isn’t exclusive to SSL certs, though that is a driving factor.
>
>
>
> How are you all handling this? An application? A web-based “aaS”
> reminder system of some sort?
>
>
>
> Thanks,
>
>
>
> Jonathan
>
> NOTE: This message and any attachments is intended solely for the use
> of the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, legally privileged,
> confidential, and/or exempt from disclosure. If you are not the
> intended recipient, you are hereby notified that any use,
> dissemination, distribution, or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify the original sender immediately by telephone or return
> email and destroy or delete this message along with any attachments 
> immediately.


NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is 

[NTSysADM] Heads up if you use NPS and certificates for authentication

[Ken Cornetet]

We had a major problem that was a real head scratcher today. Due to Microsoft's 
acceleration of deprecating SHA1 hashed certificates, we updated the 
certificate templates on our domain CA and renewed our master certificate so 
that it would have a SHA256 hash.

We use NPS (network policy server) to supply Radius based authentication for 
wireless clients (EAP-TLS and computer certificates). Almost immediately after 
making the change, all of our wireless clients dropped and would not reconnect.

After several hours of head-scratching and googling, we managed to figure out 
that even though the new root certificate was being pushed to the NPS servers 
(it showed up in the certificates MMC), windows was not using it for 
authentication.

The fix is to run "certutil -enterprise -addstore NTAuth CertFile.cer" (where 
CertFile.cer is an export file of the new root certificate). You also need to 
restart the NPS service.

RE: [NTSysADM] Reminders for SSL certs (and other things)

[Jonathan Raper]

Owners are not Google fans…..so that would be frowned upon.

But good idea!

Thanks,

Jonathan

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Richard Stovall
Sent: Thursday, June 16, 2016 2:06 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Reminders for SSL certs (and other things)


Free Google accounts have a calendar...
On Jun 16, 2016 1:51 PM, "Jonathan Raper" 
> wrote:
We have no desire to implement PRTG or Nagios, as we have a management system 
in place (Zenoss). It does alert on some of the certs, but only if the device 
is monitored/managed. Some devices we do not want monitored for various 
reasons….but when the cert expires, it’s a problem. Unfortunately management 
won’t justify the expense and overhead of 1-3 years of monitoring for an issue 
that only crops up every 1 to 3 years….

I'm really looking for something like some kind of reminder system that we can 
go in and add/remove/update items, seeing a list of all items, but then when 
something comes up, we get an alert 3 weeks, 2 weeks, 1 week out, etc. and 
something we can put other things in - like contract dates, equipment 
acquisition dates, renewals, etc.

Thanks,

Jonathan

Thanks,




Jonathan L Raper, A+, MCSA, MCSE, FCC Licensed Technician, VCA-DCV, VCA-Cloud
Senior Solutions Engineer
 Corporation
336.232.5244 Cisco Single Number Reach
7025 Albert Pick Road, Suite 302, Greensboro, NC 27409
www.NWNIT.com


  NWN helps customers solve business problems through technology


-Original Message-
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Kurt Buff
Sent: Wednesday, June 15, 2016 7:47 PM
To: ntsysadm >
Subject: Re: [NTSysADM] Reminders for SSL certs (and other things)

We use PRTG to monitor certs and send email alerts x number of days ahead of 
expiration.

I'm not a huge fan of PRTG, but it does get the job done.

Kurt

On Wed, Jun 15, 2016 at 10:39 AM, Jonathan Raper 
> wrote:
> Hi all,
>
>
>
> We’ve been bitten by an internal cert or two expiring that caught us
> off guard. We’re rying to come up with a way to have  centrally
> managed reminder system in place to make sure this doesn’t happen
> again. This is for a large-ish network with a handful of people who
> could be managing this at any given time.
>
>
>
> An Excel spreadsheet just doesn’t scale well for this, and Outlook
> tasks seems kind of clumsy.
>
>
>
> Obviously paid certs you generally get a reminder because GoDaddy
> wants the revenue, and Web server certs generate an event in the event
> log, but not every SSL cert is going to generate an event…..and not
> every cert is a paid cert….
>
>
>
> We also have some other events and contracts that we’d like reminders
> for – so this isn’t exclusive to SSL certs, though that is a driving factor.
>
>
>
> How are you all handling this? An application? A web-based “aaS”
> reminder system of some sort?
>
>
>
> Thanks,
>
>
>
> Jonathan
>
> NOTE: This message and any attachments is intended solely for the use
> of the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, legally privileged,
> confidential, and/or exempt from disclosure. If you are not the
> intended recipient, you are hereby notified that any use,
> dissemination, distribution, or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify the original sender immediately by telephone or return
> email and destroy or delete this message along with any attachments 
> immediately.


NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender 

RE: [NTSysADM] Reminders for SSL certs (and other things)

[Jonathan Raper]

We actually do have Service Now, and have been told that this functionality 
exists in it, however because we are part of a MSP, the MSP owns Service Now 
and any changes or new features have to be cleared by 
them.whichtakes.a.looong...time..

So, we might have a solution, we just don't know it yet, and even if we do, we 
don't know when we'll be able to use it

Thanks,

Jonathan

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Matthew Topper
Sent: Thursday, June 16, 2016 1:57 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Reminders for SSL certs (and other things)

We treat certs or other similar things that need renewals like other and put 
them into our ticketing system with an expiration date.  This triggers an email 
when the expiration is coming up. Our ticket tracking system has a section that 
pretty much acts like an asset tracker.

Does your company have some kind of system for things like fixed assets you 
might be able to use?  It doesn't necessarily have to be IT exclusive.


Matthew Topper

> -Original Message-
> From: listsad...@lists.myitforum.com
> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
> Sent: Thursday, June 16, 2016 11:48 AM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [NTSysADM] Reminders for SSL certs (and other things)
>
> We have no desire to implement PRTG or Nagios, as we have a management
> system in place (Zenoss). It does alert on some of the certs, but only
> if the device is monitored/managed. Some devices we do not want
> monitored for various reasons….but when the cert expires, it’s a
> problem. Unfortunately management won’t justify the expense and
> overhead of 1-3 years of monitoring for an issue that only crops up every 1 
> to 3 years….
>
> I'm really looking for something like some kind of reminder system
> that we can go in and add/remove/update items, seeing a list of all
> items, but then when something comes up, we get an alert 3 weeks, 2
> weeks, 1 week out, etc. and something we can put other things in -
> like contract dates, equipment acquisition dates, renewals, etc.
>
> Thanks,
>
> Jonathan
>
> Thanks,
>
>
>
>
> Jonathan L Raper, A+, MCSA, MCSE, FCC Licensed Technician, VCA-DCV,
> VCA- Cloud Senior Solutions Engineer  Corporation
> 336.232.5244 Cisco Single Number Reach
> 7025 Albert Pick Road, Suite 302, Greensboro, NC 27409 www.NWNIT.com
>
>
>   NWN helps customers solve business problems through technology
>
>
> -Original Message-
> From: listsad...@lists.myitforum.com
> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> Sent: Wednesday, June 15, 2016 7:47 PM
> To: ntsysadm 
> Subject: Re: [NTSysADM] Reminders for SSL certs (and other things)
>
> We use PRTG to monitor certs and send email alerts x number of days
> ahead of expiration.
>
> I'm not a huge fan of PRTG, but it does get the job done.
>
> Kurt
>
> On Wed, Jun 15, 2016 at 10:39 AM, Jonathan Raper 
> wrote:
> > Hi all,
> >
> >
> >
> > We’ve been bitten by an internal cert or two expiring that caught us
> > off guard. We’re rying to come up with a way to have  centrally
> > managed reminder system in place to make sure this doesn’t happen
> > again. This is for a large-ish network with a handful of people who
> > could be managing this at any given time.
> >
> >
> >
> > An Excel spreadsheet just doesn’t scale well for this, and Outlook
> > tasks seems kind of clumsy.
> >
> >
> >
> > Obviously paid certs you generally get a reminder because GoDaddy
> > wants the revenue, and Web server certs generate an event in the
> > event log, but not every SSL cert is going to generate an
> > event…..and not every cert is a paid cert….
> >
> >
> >
> > We also have some other events and contracts that we’d like
> > reminders for – so this isn’t exclusive to SSL certs, though that is a 
> > driving factor.
> >
> >
> >
> > How are you all handling this? An application? A web-based “aaS”
> > reminder system of some sort?
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Jonathan
> >
> > NOTE: This message and any attachments is intended solely for the
> > use of the individual or entity to which it is addressed and may
> > contain information that is non-public, proprietary, legally
> > privileged, confidential, and/or exempt from disclosure. If you are
> > not the intended recipient, you are hereby notified that any use,
> > dissemination, distribution, or copying of this communication is
> > strictly prohibited. If you have received this communication in
> > error, please notify the original sender immediately by telephone or
> > return email and destroy or delete this message along with any
> > attachments
> immediately.
>
>
> NOTE: This message and any attachments is intended solely for the use
> of the individual or entity to which it is addressed and may contain
> 

[NTSysADM] RE: Reminders for SSL certs (and other things)

[Jonathan Raper]

We've thought about it. Just was wondering what others were doing before going 
down that route.

Thanks,

Jonathan

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Doug Barrett
Sent: Thursday, June 16, 2016 1:17 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Shared Outlook calendar that's updated when a cert/contract/renewal is updated, 
by the person doing the updating?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 11:18 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Thanks, but this ISN'T just about certs. Monitoring is not the solution I am 
looking for. We're also looking to manage reminders for non technical items, 
like other renewals, contracts, etc.

Jonathan

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Neil Standley
Sent: Thursday, June 16, 2016 12:03 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

The PRTG free license comes with 100 sensors, and if you're monitoring Windows 
boxes you can install remote probes to monitor all sorts of things. Otherwise 
you can monitor using SNMP.

You just need a system to run it and access to the resource you wish to monitor.



Neil Standley
Cascadia Infotek

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 8:45 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Unfortunately it is not that simple. Multiple sites, and some are internal 
certs for dev environments, some are on network equipment that is internal, one 
is on a hosted environment in a co-lo that is purely internal, but we don't 
manage the system, only the cert

And we have a management system in place (Zenoss), and it does alert on some of 
the certs, but only if the device is monitored/managed. Some devices we do not 
want monitored for various reasonsbut when the cert expires, it's a 
problem. Unfortunately management won't justify the expense and overhead of 1-3 
years of monitoring for an issue that only crops up every 1 to 3 years

Thanks,

Jonathan
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond
Sent: Thursday, June 16, 2016 9:20 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

You might look at how you could centralize where these certs are installed 
(e.g. a load balancer/reverse proxy) so you only have one place to check as 
opposed to having things scattered around.

Thanks,
Brian Desmond

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Wednesday, June 15, 2016 12:40 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Reminders for SSL certs (and other things)

Hi all,

We've been bitten by an internal cert or two expiring that caught us off guard. 
We're rying to come up with a way to have  centrally managed reminder system in 
place to make sure this doesn't happen again. This is for a large-ish network 
with a handful of people who could be managing this at any given time.

An Excel spreadsheet just doesn't scale well for this, and Outlook tasks seems 
kind of clumsy.

Obviously paid certs you generally get a reminder because GoDaddy wants the 
revenue, and Web server certs generate an event in the event log, but not every 
SSL cert is going to generate an event.and not every cert is a paid cert

We also have some other events and contracts that we'd like reminders for - so 
this isn't exclusive to SSL certs, though that is a driving factor.

How are you all handling this? An application? A web-based "aaS" reminder 
system of some sort?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and 

[NTSysADM] RE: Active Directory LDAP MaxPageSize limit

[Michael B. Smith]

This is a very bad idea.

Fix the application.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Dave Lum
Sent: Thursday, June 16, 2016 3:31 PM
To: 'ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] Active Directory LDAP MaxPageSize limit

I've had a request to increase the LDAP MaxPageSize to 5000 (from 1000) due to 
an application limitation - DC's are 2012 (non-R2). I see the hard coded limit 
is 2.

The environment in question is fairly small, and the DC's are multi CPU VM's 
with 8GB RAM and there are under 2000 user objects currently, so I assume my 
change will have pretty much zero impact on my DC's, yes?

Dave
Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to 
complia...@ochin.org, delete this email and 
destroy all copies.

[NTSysADM] Active Directory LDAP MaxPageSize limit

[Dave Lum]

I've had a request to increase the LDAP MaxPageSize to 5000 (from 1000) due to 
an application limitation - DC's are 2012 (non-R2). I see the hard coded limit 
is 2.

The environment in question is fairly small, and the DC's are multi CPU VM's 
with 8GB RAM and there are under 2000 user objects currently, so I assume my 
change will have pretty much zero impact on my DC's, yes?

Dave
Attention: Information contained in this message and or attachments is intended 
only for the recipient(s) named above and may contain confidential and or 
privileged material that is protected under State or Federal law. If you are 
not the intended recipient, any disclosure, copying, distribution or action 
taken on it is prohibited. If you believe you have received this email in 
error, please contact the sender with a copy to complia...@ochin.org, delete 
this email and destroy all copies.

[NTSysADM] RE: Reminders for SSL certs (and other things)

[Melvin Backus]

While it's likely overkill, since its free you might look at Spiceworks. If you 
add the renewals, etc., as vendors you can define renewal frequency, etc., and 
it'll give you alerts beforehand. You don't have to use all the other stuff.  
There's even a free hosted version but I don't know if that supports all the 
stuff the on-premise install does.


--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 12:18 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Thanks, but this ISN'T just about certs. Monitoring is not the solution I am 
looking for. We're also looking to manage reminders for non technical items, 
like other renewals, contracts, etc.

Jonathan

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Neil Standley
Sent: Thursday, June 16, 2016 12:03 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

The PRTG free license comes with 100 sensors, and if you're monitoring Windows 
boxes you can install remote probes to monitor all sorts of things. Otherwise 
you can monitor using SNMP.

You just need a system to run it and access to the resource you wish to monitor.



Neil Standley
Cascadia Infotek

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 8:45 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Unfortunately it is not that simple. Multiple sites, and some are internal 
certs for dev environments, some are on network equipment that is internal, one 
is on a hosted environment in a co-lo that is purely internal, but we don't 
manage the system, only the cert

And we have a management system in place (Zenoss), and it does alert on some of 
the certs, but only if the device is monitored/managed. Some devices we do not 
want monitored for various reasonsbut when the cert expires, it's a 
problem. Unfortunately management won't justify the expense and overhead of 1-3 
years of monitoring for an issue that only crops up every 1 to 3 years

Thanks,

Jonathan
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond
Sent: Thursday, June 16, 2016 9:20 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

You might look at how you could centralize where these certs are installed 
(e.g. a load balancer/reverse proxy) so you only have one place to check as 
opposed to having things scattered around.

Thanks,
Brian Desmond

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Wednesday, June 15, 2016 12:40 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Reminders for SSL certs (and other things)

Hi all,

We've been bitten by an internal cert or two expiring that caught us off guard. 
We're rying to come up with a way to have  centrally managed reminder system in 
place to make sure this doesn't happen again. This is for a large-ish network 
with a handful of people who could be managing this at any given time.

An Excel spreadsheet just doesn't scale well for this, and Outlook tasks seems 
kind of clumsy.

Obviously paid certs you generally get a reminder because GoDaddy wants the 
revenue, and Web server certs generate an event in the event log, but not every 
SSL cert is going to generate an event.and not every cert is a paid cert

We also have some other events and contracts that we'd like reminders for - so 
this isn't exclusive to SSL certs, though that is a driving factor.

How are you all handling this? An application? A web-based "aaS" reminder 
system of some sort?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
NOTE: This message 

[NTSysADM] OT: WAM replacement

[Christopher Bodnar]

Anyone out there gone through the exercise of looking to replace any of the 
larger WAM suites (CA SiteMinder, IBM ITAM, Oracle OAM, etc)? Specifically 
looking at PingAccess or F5 Big-IP APM?  We are a PingFederate shop, and had a 
presentation on PingAccess that was pretty impressive. Also if any openSource 
solutions fall into this category.

Thanks


Christopher Bodnar
Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com


[cid:image001.png@01D1326B.600058E0]

The Guardian Life Insurance Company of America

www.guardianlife.com





-
This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law.  If 
the reader of this message is not the intended recipient, you are notified that 
any use, dissemination, distribution, copying, or communication of this message 
is strictly prohibited.  If you have received this message in error, please 
notify the sender immediately by return e-mail and delete the message and any 
attachments.  Thank you.

RE: [NTSysADM] RE: Reminders for SSL certs (and other things)

[Michael B. Smith]

Crontab required tabs, because dates could have spaces in them.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Thursday, June 16, 2016 1:58 PM
To: ntsysadm
Subject: Re: [NTSysADM] RE: Reminders for SSL certs (and other things)

Hmmm..


Do you remember - does crontab use spaces or tabs? :)

The day is still now, on my FreeBSD boxen...

Kurt

On Thu, Jun 16, 2016 at 10:42 AM, Michael B. Smith  
wrote:
> "Back in the day" we used cron for this, several careers back. Same idea as a 
> scheduled task...of course, the issue is remembering to transfer those 
> scheduled tasks when you move to a new piece of hardware or OS.
>
> The shared mailbox is a really good idea.
>
> -Original Message-
> From: listsad...@lists.myitforum.com 
> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> Sent: Thursday, June 16, 2016 1:26 PM
> To: ntsysadm
> Subject: Re: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
> For reminders of those kinds of things, we've made a shared mailbox for a 
> team calendar in Exchange, and set up meeting reminders in it that with 
> members of our team as attendees. We also use that for keeping track of 
> on-call rotation, vacation days and other things needing reminders. Everyone 
> on the team has delegate access on the calendar, so they can set up reminders 
> as necessary.
>
> Other than that, if you have a tools box that's permanent, I could see a 
> scheduled task that sends emails with a batch file, or some other home-grown 
> solution.
>
> Kurt
>
> On Thu, Jun 16, 2016 at 9:17 AM, Jonathan Raper  wrote:
>> Thanks, but this ISN’T just about certs. Monitoring is not the 
>> solution I am looking for. We’re also looking to manage reminders for 
>> non technical items, like other renewals, contracts, etc.
>>
>>
>>
>> Jonathan
>>
>>
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Neil Standley
>> Sent: Thursday, June 16, 2016 12:03 PM
>> To: ntsysadm@lists.myitforum.com
>>
>>
>> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>>
>>
>>
>> The PRTG free license comes with 100 sensors, and if you’re 
>> monitoring Windows boxes you can install remote probes to monitor all sorts 
>> of things.
>> Otherwise you can monitor using SNMP.
>>
>>
>>
>> You just need a system to run it and access to the resource you wish 
>> to monitor.
>>
>>
>>
>>
>>
>>
>>
>> Neil Standley
>> Cascadia Infotek
>>
>>
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Jonathan Raper
>> Sent: Thursday, June 16, 2016 8:45 AM
>> To: ntsysadm@lists.myitforum.com
>> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>>
>>
>>
>> Unfortunately it is not that simple. Multiple sites, and some are 
>> internal certs for dev environments, some are on network equipment 
>> that is internal, one is on a hosted environment in a co-lo that is 
>> purely internal, but we don’t manage the system, only the cert….
>>
>>
>>
>> And we have a management system in place (Zenoss), and it does alert 
>> on some of the certs, but only if the device is monitored/managed.
>> Some devices we do not want monitored for various reasons….but when 
>> the cert expires, it’s a problem. Unfortunately management won’t 
>> justify the expense and overhead of
>> 1-3 years of monitoring for an issue that only crops up every 1 to 3 years….
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Jonathan
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Brian Desmond
>> Sent: Thursday, June 16, 2016 9:20 AM
>> To: ntsysadm@lists.myitforum.com
>> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>>
>>
>>
>> You might look at how you could centralize where these certs are 
>> installed (e.g. a load balancer/reverse proxy) so you only have one 
>> place to check as opposed to having things scattered around.
>>
>>
>>
>> Thanks,
>>
>> Brian Desmond
>>
>>
>>
>> w – 312.625.1438 | c – 312.731.3132
>>
>>
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Jonathan Raper
>> Sent: Wednesday, June 15, 2016 12:40 PM
>> To: ntsysadm@lists.myitforum.com
>> Subject: [NTSysADM] Reminders for SSL certs (and other things)
>>
>>
>>
>> Hi all,
>>
>>
>>
>> We’ve been bitten by an internal cert or two expiring that caught us 
>> off guard. We’re rying to come up with a way to have  centrally 
>> managed reminder system in place to make sure this doesn’t happen 
>> again. This is for a large-ish network with a handful of people who 
>> could be managing this at any given time.
>>
>>
>>
>> An Excel spreadsheet just doesn’t scale well for this, and Outlook 
>> tasks seems kind of clumsy.
>>
>>
>>
>> Obviously paid certs you generally get a reminder because GoDaddy 
>> wants the revenue, and Web 

RE: [NTSysADM] Reminders for SSL certs (and other things)

[Richard Stovall]

Free Google accounts have a calendar...
On Jun 16, 2016 1:51 PM, "Jonathan Raper"  wrote:

> We have no desire to implement PRTG or Nagios, as we have a management
> system in place (Zenoss). It does alert on some of the certs, but only if
> the device is monitored/managed. Some devices we do not want monitored for
> various reasons….but when the cert expires, it’s a problem. Unfortunately
> management won’t justify the expense and overhead of 1-3 years of
> monitoring for an issue that only crops up every 1 to 3 years….
>
> I'm really looking for something like some kind of reminder system that we
> can go in and add/remove/update items, seeing a list of all items, but then
> when something comes up, we get an alert 3 weeks, 2 weeks, 1 week out, etc.
> and something we can put other things in - like contract dates, equipment
> acquisition dates, renewals, etc.
>
> Thanks,
>
> Jonathan
>
> Thanks,
>
>
>
>
> Jonathan L Raper, A+, MCSA, MCSE, FCC Licensed Technician, VCA-DCV,
> VCA-Cloud
> Senior Solutions Engineer
>  Corporation
> 336.232.5244 Cisco Single Number Reach
> 7025 Albert Pick Road, Suite 302, Greensboro, NC 27409
> www.NWNIT.com
>
>
>   NWN helps customers solve business problems through technology
>
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:
> listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> Sent: Wednesday, June 15, 2016 7:47 PM
> To: ntsysadm 
> Subject: Re: [NTSysADM] Reminders for SSL certs (and other things)
>
> We use PRTG to monitor certs and send email alerts x number of days ahead
> of expiration.
>
> I'm not a huge fan of PRTG, but it does get the job done.
>
> Kurt
>
> On Wed, Jun 15, 2016 at 10:39 AM, Jonathan Raper  wrote:
> > Hi all,
> >
> >
> >
> > We’ve been bitten by an internal cert or two expiring that caught us
> > off guard. We’re rying to come up with a way to have  centrally
> > managed reminder system in place to make sure this doesn’t happen
> > again. This is for a large-ish network with a handful of people who
> > could be managing this at any given time.
> >
> >
> >
> > An Excel spreadsheet just doesn’t scale well for this, and Outlook
> > tasks seems kind of clumsy.
> >
> >
> >
> > Obviously paid certs you generally get a reminder because GoDaddy
> > wants the revenue, and Web server certs generate an event in the event
> > log, but not every SSL cert is going to generate an event…..and not
> > every cert is a paid cert….
> >
> >
> >
> > We also have some other events and contracts that we’d like reminders
> > for – so this isn’t exclusive to SSL certs, though that is a driving
> factor.
> >
> >
> >
> > How are you all handling this? An application? A web-based “aaS”
> > reminder system of some sort?
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Jonathan
> >
> > NOTE: This message and any attachments is intended solely for the use
> > of the individual or entity to which it is addressed and may contain
> > information that is non-public, proprietary, legally privileged,
> > confidential, and/or exempt from disclosure. If you are not the
> > intended recipient, you are hereby notified that any use,
> > dissemination, distribution, or copying of this communication is
> > strictly prohibited. If you have received this communication in error,
> > please notify the original sender immediately by telephone or return
> > email and destroy or delete this message along with any attachments
> immediately.
>
>
> NOTE: This message and any attachments is intended solely for the use of
> the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, legally privileged,
> confidential, and/or exempt from disclosure. If you are not the intended
> recipient, you are hereby notified that any use, dissemination,
> distribution, or copying of this communication is strictly prohibited. If
> you have received this communication in error, please notify the original
> sender immediately by telephone or return email and destroy or delete this
> message along with any attachments immediately.
>

Re: [NTSysADM] RE: Reminders for SSL certs (and other things)

[Kurt Buff]

Hmmm..


Do you remember - does crontab use spaces or tabs? :)

The day is still now, on my FreeBSD boxen...

Kurt

On Thu, Jun 16, 2016 at 10:42 AM, Michael B. Smith
 wrote:
> "Back in the day" we used cron for this, several careers back. Same idea as a 
> scheduled task...of course, the issue is remembering to transfer those 
> scheduled tasks when you move to a new piece of hardware or OS.
>
> The shared mailbox is a really good idea.
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Kurt Buff
> Sent: Thursday, June 16, 2016 1:26 PM
> To: ntsysadm
> Subject: Re: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
> For reminders of those kinds of things, we've made a shared mailbox for a 
> team calendar in Exchange, and set up meeting reminders in it that with 
> members of our team as attendees. We also use that for keeping track of 
> on-call rotation, vacation days and other things needing reminders. Everyone 
> on the team has delegate access on the calendar, so they can set up reminders 
> as necessary.
>
> Other than that, if you have a tools box that's permanent, I could see a 
> scheduled task that sends emails with a batch file, or some other home-grown 
> solution.
>
> Kurt
>
> On Thu, Jun 16, 2016 at 9:17 AM, Jonathan Raper  wrote:
>> Thanks, but this ISN’T just about certs. Monitoring is not the
>> solution I am looking for. We’re also looking to manage reminders for
>> non technical items, like other renewals, contracts, etc.
>>
>>
>>
>> Jonathan
>>
>>
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Neil Standley
>> Sent: Thursday, June 16, 2016 12:03 PM
>> To: ntsysadm@lists.myitforum.com
>>
>>
>> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>>
>>
>>
>> The PRTG free license comes with 100 sensors, and if you’re monitoring
>> Windows boxes you can install remote probes to monitor all sorts of things.
>> Otherwise you can monitor using SNMP.
>>
>>
>>
>> You just need a system to run it and access to the resource you wish
>> to monitor.
>>
>>
>>
>>
>>
>>
>>
>> Neil Standley
>> Cascadia Infotek
>>
>>
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Jonathan Raper
>> Sent: Thursday, June 16, 2016 8:45 AM
>> To: ntsysadm@lists.myitforum.com
>> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>>
>>
>>
>> Unfortunately it is not that simple. Multiple sites, and some are
>> internal certs for dev environments, some are on network equipment
>> that is internal, one is on a hosted environment in a co-lo that is
>> purely internal, but we don’t manage the system, only the cert….
>>
>>
>>
>> And we have a management system in place (Zenoss), and it does alert
>> on some of the certs, but only if the device is monitored/managed.
>> Some devices we do not want monitored for various reasons….but when
>> the cert expires, it’s a problem. Unfortunately management won’t
>> justify the expense and overhead of
>> 1-3 years of monitoring for an issue that only crops up every 1 to 3 years….
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Jonathan
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Brian Desmond
>> Sent: Thursday, June 16, 2016 9:20 AM
>> To: ntsysadm@lists.myitforum.com
>> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>>
>>
>>
>> You might look at how you could centralize where these certs are
>> installed (e.g. a load balancer/reverse proxy) so you only have one
>> place to check as opposed to having things scattered around.
>>
>>
>>
>> Thanks,
>>
>> Brian Desmond
>>
>>
>>
>> w – 312.625.1438 | c – 312.731.3132
>>
>>
>>
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com]
>> On Behalf Of Jonathan Raper
>> Sent: Wednesday, June 15, 2016 12:40 PM
>> To: ntsysadm@lists.myitforum.com
>> Subject: [NTSysADM] Reminders for SSL certs (and other things)
>>
>>
>>
>> Hi all,
>>
>>
>>
>> We’ve been bitten by an internal cert or two expiring that caught us
>> off guard. We’re rying to come up with a way to have  centrally
>> managed reminder system in place to make sure this doesn’t happen
>> again. This is for a large-ish network with a handful of people who
>> could be managing this at any given time.
>>
>>
>>
>> An Excel spreadsheet just doesn’t scale well for this, and Outlook
>> tasks seems kind of clumsy.
>>
>>
>>
>> Obviously paid certs you generally get a reminder because GoDaddy
>> wants the revenue, and Web server certs generate an event in the event
>> log, but not every SSL cert is going to generate an event…..and not
>> every cert is a paid cert….
>>
>>
>>
>> We also have some other events and contracts that we’d like reminders
>> for – so this isn’t exclusive to SSL certs, though that is a driving factor.
>>
>>
>>
>> How are you all 

RE: [NTSysADM] Reminders for SSL certs (and other things)

[Matthew Topper]

We treat certs or other similar things that need renewals like other and put 
them into our ticketing system with an expiration date.  This triggers an email 
when the expiration is coming up. Our ticket tracking system has a section that 
pretty much acts like an asset tracker.

Does your company have some kind of system for things like fixed assets you 
might be able to use?  It doesn't necessarily have to be IT exclusive.


Matthew Topper

> -Original Message-
> From: listsad...@lists.myitforum.com
> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
> Sent: Thursday, June 16, 2016 11:48 AM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [NTSysADM] Reminders for SSL certs (and other things)
> 
> We have no desire to implement PRTG or Nagios, as we have a management
> system in place (Zenoss). It does alert on some of the certs, but only if the
> device is monitored/managed. Some devices we do not want monitored for
> various reasons….but when the cert expires, it’s a problem. Unfortunately
> management won’t justify the expense and overhead of 1-3 years of
> monitoring for an issue that only crops up every 1 to 3 years….
> 
> I'm really looking for something like some kind of reminder system that we
> can go in and add/remove/update items, seeing a list of all items, but then
> when something comes up, we get an alert 3 weeks, 2 weeks, 1 week out,
> etc. and something we can put other things in - like contract dates,
> equipment acquisition dates, renewals, etc.
> 
> Thanks,
> 
> Jonathan
> 
> Thanks,
> 
> 
> 
> 
> Jonathan L Raper, A+, MCSA, MCSE, FCC Licensed Technician, VCA-DCV, VCA-
> Cloud Senior Solutions Engineer  Corporation
> 336.232.5244 Cisco Single Number Reach
> 7025 Albert Pick Road, Suite 302, Greensboro, NC 27409 www.NWNIT.com
> 
> 
>   NWN helps customers solve business problems through technology
> 
> 
> -Original Message-
> From: listsad...@lists.myitforum.com
> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> Sent: Wednesday, June 15, 2016 7:47 PM
> To: ntsysadm 
> Subject: Re: [NTSysADM] Reminders for SSL certs (and other things)
> 
> We use PRTG to monitor certs and send email alerts x number of days ahead
> of expiration.
> 
> I'm not a huge fan of PRTG, but it does get the job done.
> 
> Kurt
> 
> On Wed, Jun 15, 2016 at 10:39 AM, Jonathan Raper 
> wrote:
> > Hi all,
> >
> >
> >
> > We’ve been bitten by an internal cert or two expiring that caught us
> > off guard. We’re rying to come up with a way to have  centrally
> > managed reminder system in place to make sure this doesn’t happen
> > again. This is for a large-ish network with a handful of people who
> > could be managing this at any given time.
> >
> >
> >
> > An Excel spreadsheet just doesn’t scale well for this, and Outlook
> > tasks seems kind of clumsy.
> >
> >
> >
> > Obviously paid certs you generally get a reminder because GoDaddy
> > wants the revenue, and Web server certs generate an event in the event
> > log, but not every SSL cert is going to generate an event…..and not
> > every cert is a paid cert….
> >
> >
> >
> > We also have some other events and contracts that we’d like reminders
> > for – so this isn’t exclusive to SSL certs, though that is a driving factor.
> >
> >
> >
> > How are you all handling this? An application? A web-based “aaS”
> > reminder system of some sort?
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Jonathan
> >
> > NOTE: This message and any attachments is intended solely for the use
> > of the individual or entity to which it is addressed and may contain
> > information that is non-public, proprietary, legally privileged,
> > confidential, and/or exempt from disclosure. If you are not the
> > intended recipient, you are hereby notified that any use,
> > dissemination, distribution, or copying of this communication is
> > strictly prohibited. If you have received this communication in error,
> > please notify the original sender immediately by telephone or return
> > email and destroy or delete this message along with any attachments
> immediately.
> 
> 
> NOTE: This message and any attachments is intended solely for the use of
> the individual or entity to which it is addressed and may contain information
> that is non-public, proprietary, legally privileged, confidential, and/or 
> exempt
> from disclosure. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this communication
> in error, please notify the original sender immediately by telephone or return
> email and destroy or delete this message along with any attachments
> immediately.

RE: [NTSysADM] Reminders for SSL certs (and other things)

[Jonathan Raper]

We have no desire to implement PRTG or Nagios, as we have a management system 
in place (Zenoss). It does alert on some of the certs, but only if the device 
is monitored/managed. Some devices we do not want monitored for various 
reasons….but when the cert expires, it’s a problem. Unfortunately management 
won’t justify the expense and overhead of 1-3 years of monitoring for an issue 
that only crops up every 1 to 3 years….

I'm really looking for something like some kind of reminder system that we can 
go in and add/remove/update items, seeing a list of all items, but then when 
something comes up, we get an alert 3 weeks, 2 weeks, 1 week out, etc. and 
something we can put other things in - like contract dates, equipment 
acquisition dates, renewals, etc.

Thanks,

Jonathan

Thanks,




Jonathan L Raper, A+, MCSA, MCSE, FCC Licensed Technician, VCA-DCV, VCA-Cloud
Senior Solutions Engineer
 Corporation
336.232.5244 Cisco Single Number Reach
7025 Albert Pick Road, Suite 302, Greensboro, NC 27409
www.NWNIT.com


  NWN helps customers solve business problems through technology


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Wednesday, June 15, 2016 7:47 PM
To: ntsysadm 
Subject: Re: [NTSysADM] Reminders for SSL certs (and other things)

We use PRTG to monitor certs and send email alerts x number of days ahead of 
expiration.

I'm not a huge fan of PRTG, but it does get the job done.

Kurt

On Wed, Jun 15, 2016 at 10:39 AM, Jonathan Raper  wrote:
> Hi all,
>
>
>
> We’ve been bitten by an internal cert or two expiring that caught us
> off guard. We’re rying to come up with a way to have  centrally
> managed reminder system in place to make sure this doesn’t happen
> again. This is for a large-ish network with a handful of people who
> could be managing this at any given time.
>
>
>
> An Excel spreadsheet just doesn’t scale well for this, and Outlook
> tasks seems kind of clumsy.
>
>
>
> Obviously paid certs you generally get a reminder because GoDaddy
> wants the revenue, and Web server certs generate an event in the event
> log, but not every SSL cert is going to generate an event…..and not
> every cert is a paid cert….
>
>
>
> We also have some other events and contracts that we’d like reminders
> for – so this isn’t exclusive to SSL certs, though that is a driving factor.
>
>
>
> How are you all handling this? An application? A web-based “aaS”
> reminder system of some sort?
>
>
>
> Thanks,
>
>
>
> Jonathan
>
> NOTE: This message and any attachments is intended solely for the use
> of the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, legally privileged,
> confidential, and/or exempt from disclosure. If you are not the
> intended recipient, you are hereby notified that any use,
> dissemination, distribution, or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify the original sender immediately by telephone or return
> email and destroy or delete this message along with any attachments 
> immediately.


NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

RE: [NTSysADM] RE: Reminders for SSL certs (and other things)

[Michael B. Smith]

"Back in the day" we used cron for this, several careers back. Same idea as a 
scheduled task...of course, the issue is remembering to transfer those 
scheduled tasks when you move to a new piece of hardware or OS.

The shared mailbox is a really good idea.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Thursday, June 16, 2016 1:26 PM
To: ntsysadm
Subject: Re: [NTSysADM] RE: Reminders for SSL certs (and other things)

For reminders of those kinds of things, we've made a shared mailbox for a team 
calendar in Exchange, and set up meeting reminders in it that with members of 
our team as attendees. We also use that for keeping track of on-call rotation, 
vacation days and other things needing reminders. Everyone on the team has 
delegate access on the calendar, so they can set up reminders as necessary.

Other than that, if you have a tools box that's permanent, I could see a 
scheduled task that sends emails with a batch file, or some other home-grown 
solution.

Kurt

On Thu, Jun 16, 2016 at 9:17 AM, Jonathan Raper  wrote:
> Thanks, but this ISN’T just about certs. Monitoring is not the 
> solution I am looking for. We’re also looking to manage reminders for 
> non technical items, like other renewals, contracts, etc.
>
>
>
> Jonathan
>
>
>
> From: listsad...@lists.myitforum.com 
> [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Neil Standley
> Sent: Thursday, June 16, 2016 12:03 PM
> To: ntsysadm@lists.myitforum.com
>
>
> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
>
>
> The PRTG free license comes with 100 sensors, and if you’re monitoring 
> Windows boxes you can install remote probes to monitor all sorts of things.
> Otherwise you can monitor using SNMP.
>
>
>
> You just need a system to run it and access to the resource you wish 
> to monitor.
>
>
>
>
>
>
>
> Neil Standley
> Cascadia Infotek
>
>
>
> From: listsad...@lists.myitforum.com 
> [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Jonathan Raper
> Sent: Thursday, June 16, 2016 8:45 AM
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
>
>
> Unfortunately it is not that simple. Multiple sites, and some are 
> internal certs for dev environments, some are on network equipment 
> that is internal, one is on a hosted environment in a co-lo that is 
> purely internal, but we don’t manage the system, only the cert….
>
>
>
> And we have a management system in place (Zenoss), and it does alert 
> on some of the certs, but only if the device is monitored/managed. 
> Some devices we do not want monitored for various reasons….but when 
> the cert expires, it’s a problem. Unfortunately management won’t 
> justify the expense and overhead of
> 1-3 years of monitoring for an issue that only crops up every 1 to 3 years….
>
>
>
> Thanks,
>
>
>
> Jonathan
>
> From: listsad...@lists.myitforum.com 
> [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Brian Desmond
> Sent: Thursday, June 16, 2016 9:20 AM
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
>
>
> You might look at how you could centralize where these certs are 
> installed (e.g. a load balancer/reverse proxy) so you only have one 
> place to check as opposed to having things scattered around.
>
>
>
> Thanks,
>
> Brian Desmond
>
>
>
> w – 312.625.1438 | c – 312.731.3132
>
>
>
> From: listsad...@lists.myitforum.com 
> [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Jonathan Raper
> Sent: Wednesday, June 15, 2016 12:40 PM
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] Reminders for SSL certs (and other things)
>
>
>
> Hi all,
>
>
>
> We’ve been bitten by an internal cert or two expiring that caught us 
> off guard. We’re rying to come up with a way to have  centrally 
> managed reminder system in place to make sure this doesn’t happen 
> again. This is for a large-ish network with a handful of people who 
> could be managing this at any given time.
>
>
>
> An Excel spreadsheet just doesn’t scale well for this, and Outlook 
> tasks seems kind of clumsy.
>
>
>
> Obviously paid certs you generally get a reminder because GoDaddy 
> wants the revenue, and Web server certs generate an event in the event 
> log, but not every SSL cert is going to generate an event…..and not 
> every cert is a paid cert….
>
>
>
> We also have some other events and contracts that we’d like reminders 
> for – so this isn’t exclusive to SSL certs, though that is a driving factor.
>
>
>
> How are you all handling this? An application? A web-based “aaS” 
> reminder system of some sort?
>
>
>
> Thanks,
>
>
>
> Jonathan
>
> NOTE: This message and any attachments is intended solely for the use 
> of the individual or entity to which it is addressed and may contain 
> information that is non-public, proprietary, legally privileged, 
> confidential, and/or exempt from 

Re: [NTSysADM] RE: Reminders for SSL certs (and other things)

[Kurt Buff]

For reminders of those kinds of things, we've made a shared mailbox
for a team calendar in Exchange, and set up meeting reminders in it
that with members of our team as attendees. We also use that for
keeping track of on-call rotation, vacation days and other things
needing reminders. Everyone on the team has delegate access on the
calendar, so they can set up reminders as necessary.

Other than that, if you have a tools box that's permanent, I could see
a scheduled task that sends emails with a batch file, or some other
home-grown solution.

Kurt

On Thu, Jun 16, 2016 at 9:17 AM, Jonathan Raper  wrote:
> Thanks, but this ISN’T just about certs. Monitoring is not the solution I am
> looking for. We’re also looking to manage reminders for non technical items,
> like other renewals, contracts, etc.
>
>
>
> Jonathan
>
>
>
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Neil Standley
> Sent: Thursday, June 16, 2016 12:03 PM
> To: ntsysadm@lists.myitforum.com
>
>
> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
>
>
> The PRTG free license comes with 100 sensors, and if you’re monitoring
> Windows boxes you can install remote probes to monitor all sorts of things.
> Otherwise you can monitor using SNMP.
>
>
>
> You just need a system to run it and access to the resource you wish to
> monitor.
>
>
>
>
>
>
>
> Neil Standley
> Cascadia Infotek
>
>
>
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Jonathan Raper
> Sent: Thursday, June 16, 2016 8:45 AM
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
>
>
> Unfortunately it is not that simple. Multiple sites, and some are internal
> certs for dev environments, some are on network equipment that is internal,
> one is on a hosted environment in a co-lo that is purely internal, but we
> don’t manage the system, only the cert….
>
>
>
> And we have a management system in place (Zenoss), and it does alert on some
> of the certs, but only if the device is monitored/managed. Some devices we
> do not want monitored for various reasons….but when the cert expires, it’s a
> problem. Unfortunately management won’t justify the expense and overhead of
> 1-3 years of monitoring for an issue that only crops up every 1 to 3 years….
>
>
>
> Thanks,
>
>
>
> Jonathan
>
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Brian Desmond
> Sent: Thursday, June 16, 2016 9:20 AM
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)
>
>
>
> You might look at how you could centralize where these certs are installed
> (e.g. a load balancer/reverse proxy) so you only have one place to check as
> opposed to having things scattered around.
>
>
>
> Thanks,
>
> Brian Desmond
>
>
>
> w – 312.625.1438 | c – 312.731.3132
>
>
>
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
> On Behalf Of Jonathan Raper
> Sent: Wednesday, June 15, 2016 12:40 PM
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] Reminders for SSL certs (and other things)
>
>
>
> Hi all,
>
>
>
> We’ve been bitten by an internal cert or two expiring that caught us off
> guard. We’re rying to come up with a way to have  centrally managed reminder
> system in place to make sure this doesn’t happen again. This is for a
> large-ish network with a handful of people who could be managing this at any
> given time.
>
>
>
> An Excel spreadsheet just doesn’t scale well for this, and Outlook tasks
> seems kind of clumsy.
>
>
>
> Obviously paid certs you generally get a reminder because GoDaddy wants the
> revenue, and Web server certs generate an event in the event log, but not
> every SSL cert is going to generate an event…..and not every cert is a paid
> cert….
>
>
>
> We also have some other events and contracts that we’d like reminders for –
> so this isn’t exclusive to SSL certs, though that is a driving factor.
>
>
>
> How are you all handling this? An application? A web-based “aaS” reminder
> system of some sort?
>
>
>
> Thanks,
>
>
>
> Jonathan
>
> NOTE: This message and any attachments is intended solely for the use of the
> individual or entity to which it is addressed and may contain information
> that is non-public, proprietary, legally privileged, confidential, and/or
> exempt from disclosure. If you are not the intended recipient, you are
> hereby notified that any use, dissemination, distribution, or copying of
> this communication is strictly prohibited. If you have received this
> communication in error, please notify the original sender immediately by
> telephone or return email and destroy or delete this message along with any
> attachments immediately.
>
> NOTE: This message and any attachments is intended solely for the use of the
> individual or entity to which it is addressed and may contain information
> that is 

[NTSysADM] RE: Reminders for SSL certs (and other things)

[Doug Barrett]

Shared Outlook calendar that's updated when a cert/contract/renewal is updated, 
by the person doing the updating?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 11:18 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Thanks, but this ISN'T just about certs. Monitoring is not the solution I am 
looking for. We're also looking to manage reminders for non technical items, 
like other renewals, contracts, etc.

Jonathan

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Neil Standley
Sent: Thursday, June 16, 2016 12:03 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

The PRTG free license comes with 100 sensors, and if you're monitoring Windows 
boxes you can install remote probes to monitor all sorts of things. Otherwise 
you can monitor using SNMP.

You just need a system to run it and access to the resource you wish to monitor.



Neil Standley
Cascadia Infotek

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 8:45 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Unfortunately it is not that simple. Multiple sites, and some are internal 
certs for dev environments, some are on network equipment that is internal, one 
is on a hosted environment in a co-lo that is purely internal, but we don't 
manage the system, only the cert

And we have a management system in place (Zenoss), and it does alert on some of 
the certs, but only if the device is monitored/managed. Some devices we do not 
want monitored for various reasonsbut when the cert expires, it's a 
problem. Unfortunately management won't justify the expense and overhead of 1-3 
years of monitoring for an issue that only crops up every 1 to 3 years

Thanks,

Jonathan
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond
Sent: Thursday, June 16, 2016 9:20 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

You might look at how you could centralize where these certs are installed 
(e.g. a load balancer/reverse proxy) so you only have one place to check as 
opposed to having things scattered around.

Thanks,
Brian Desmond

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Wednesday, June 15, 2016 12:40 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Reminders for SSL certs (and other things)

Hi all,

We've been bitten by an internal cert or two expiring that caught us off guard. 
We're rying to come up with a way to have  centrally managed reminder system in 
place to make sure this doesn't happen again. This is for a large-ish network 
with a handful of people who could be managing this at any given time.

An Excel spreadsheet just doesn't scale well for this, and Outlook tasks seems 
kind of clumsy.

Obviously paid certs you generally get a reminder because GoDaddy wants the 
revenue, and Web server certs generate an event in the event log, but not every 
SSL cert is going to generate an event.and not every cert is a paid cert

We also have some other events and contracts that we'd like reminders for - so 
this isn't exclusive to SSL certs, though that is a driving factor.

How are you all handling this? An application? A web-based "aaS" reminder 
system of some sort?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or 

Re: [NTSysADM] GPanswers.com » Never a dull moment with Group Policy (or what to do about MS16-072):

[Eric Wittersheim]

Thanks Susan.

On Thu, Jun 16, 2016 at 11:36 AM, Susan Bradley 
wrote:

> GPanswers.com » Never a dull moment with Group Policy (or what to do about
> MS16-072):
>
> http://www.gpanswers.com/never-a-dull-moment-with-group-policy-or-what-to-do-about-ms16-072/
>
>
> --
>
>
>
>
>

[NTSysADM] GPanswers.com » Never a dull moment with Group Policy (or what to do about MS16-072):

[Susan Bradley]

GPanswers.com » Never a dull moment with Group Policy (or what to do 
about MS16-072):

http://www.gpanswers.com/never-a-dull-moment-with-group-policy-or-what-to-do-about-ms16-072/


--

 

[NTSysADM] RE: Reminders for SSL certs (and other things)

[Jonathan Raper]

Thanks, but this ISN'T just about certs. Monitoring is not the solution I am 
looking for. We're also looking to manage reminders for non technical items, 
like other renewals, contracts, etc.

Jonathan

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Neil Standley
Sent: Thursday, June 16, 2016 12:03 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

The PRTG free license comes with 100 sensors, and if you're monitoring Windows 
boxes you can install remote probes to monitor all sorts of things. Otherwise 
you can monitor using SNMP.

You just need a system to run it and access to the resource you wish to monitor.



Neil Standley
Cascadia Infotek

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 8:45 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Unfortunately it is not that simple. Multiple sites, and some are internal 
certs for dev environments, some are on network equipment that is internal, one 
is on a hosted environment in a co-lo that is purely internal, but we don't 
manage the system, only the cert

And we have a management system in place (Zenoss), and it does alert on some of 
the certs, but only if the device is monitored/managed. Some devices we do not 
want monitored for various reasonsbut when the cert expires, it's a 
problem. Unfortunately management won't justify the expense and overhead of 1-3 
years of monitoring for an issue that only crops up every 1 to 3 years

Thanks,

Jonathan
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond
Sent: Thursday, June 16, 2016 9:20 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

You might look at how you could centralize where these certs are installed 
(e.g. a load balancer/reverse proxy) so you only have one place to check as 
opposed to having things scattered around.

Thanks,
Brian Desmond

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Wednesday, June 15, 2016 12:40 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Reminders for SSL certs (and other things)

Hi all,

We've been bitten by an internal cert or two expiring that caught us off guard. 
We're rying to come up with a way to have  centrally managed reminder system in 
place to make sure this doesn't happen again. This is for a large-ish network 
with a handful of people who could be managing this at any given time.

An Excel spreadsheet just doesn't scale well for this, and Outlook tasks seems 
kind of clumsy.

Obviously paid certs you generally get a reminder because GoDaddy wants the 
revenue, and Web server certs generate an event in the event log, but not every 
SSL cert is going to generate an event.and not every cert is a paid cert

We also have some other events and contracts that we'd like reminders for - so 
this isn't exclusive to SSL certs, though that is a driving factor.

How are you all handling this? An application? A web-based "aaS" reminder 
system of some sort?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, 

[NTSysADM] RE: Reminders for SSL certs (and other things)

[Neil Standley]

The PRTG free license comes with 100 sensors, and if you're monitoring Windows 
boxes you can install remote probes to monitor all sorts of things. Otherwise 
you can monitor using SNMP.

You just need a system to run it and access to the resource you wish to monitor.



Neil Standley
Cascadia Infotek

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Raper
Sent: Thursday, June 16, 2016 8:45 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

Unfortunately it is not that simple. Multiple sites, and some are internal 
certs for dev environments, some are on network equipment that is internal, one 
is on a hosted environment in a co-lo that is purely internal, but we don't 
manage the system, only the cert

And we have a management system in place (Zenoss), and it does alert on some of 
the certs, but only if the device is monitored/managed. Some devices we do not 
want monitored for various reasonsbut when the cert expires, it's a 
problem. Unfortunately management won't justify the expense and overhead of 1-3 
years of monitoring for an issue that only crops up every 1 to 3 years

Thanks,

Jonathan
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond
Sent: Thursday, June 16, 2016 9:20 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

You might look at how you could centralize where these certs are installed 
(e.g. a load balancer/reverse proxy) so you only have one place to check as 
opposed to having things scattered around.

Thanks,
Brian Desmond

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Wednesday, June 15, 2016 12:40 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Reminders for SSL certs (and other things)

Hi all,

We've been bitten by an internal cert or two expiring that caught us off guard. 
We're rying to come up with a way to have  centrally managed reminder system in 
place to make sure this doesn't happen again. This is for a large-ish network 
with a handful of people who could be managing this at any given time.

An Excel spreadsheet just doesn't scale well for this, and Outlook tasks seems 
kind of clumsy.

Obviously paid certs you generally get a reminder because GoDaddy wants the 
revenue, and Web server certs generate an event in the event log, but not every 
SSL cert is going to generate an event.and not every cert is a paid cert

We also have some other events and contracts that we'd like reminders for - so 
this isn't exclusive to SSL certs, though that is a driving factor.

How are you all handling this? An application? A web-based "aaS" reminder 
system of some sort?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

[NTSysADM] RE: Reminders for SSL certs (and other things)

[Jonathan Raper]

Unfortunately it is not that simple. Multiple sites, and some are internal 
certs for dev environments, some are on network equipment that is internal, one 
is on a hosted environment in a co-lo that is purely internal, but we don't 
manage the system, only the cert

And we have a management system in place (Zenoss), and it does alert on some of 
the certs, but only if the device is monitored/managed. Some devices we do not 
want monitored for various reasonsbut when the cert expires, it's a 
problem. Unfortunately management won't justify the expense and overhead of 1-3 
years of monitoring for an issue that only crops up every 1 to 3 years

Thanks,

Jonathan
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian Desmond
Sent: Thursday, June 16, 2016 9:20 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Reminders for SSL certs (and other things)

You might look at how you could centralize where these certs are installed 
(e.g. a load balancer/reverse proxy) so you only have one place to check as 
opposed to having things scattered around.

Thanks,
Brian Desmond

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper
Sent: Wednesday, June 15, 2016 12:40 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Reminders for SSL certs (and other things)

Hi all,

We've been bitten by an internal cert or two expiring that caught us off guard. 
We're rying to come up with a way to have  centrally managed reminder system in 
place to make sure this doesn't happen again. This is for a large-ish network 
with a handful of people who could be managing this at any given time.

An Excel spreadsheet just doesn't scale well for this, and Outlook tasks seems 
kind of clumsy.

Obviously paid certs you generally get a reminder because GoDaddy wants the 
revenue, and Web server certs generate an event in the event log, but not every 
SSL cert is going to generate an event.and not every cert is a paid cert

We also have some other events and contracts that we'd like reminders for - so 
this isn't exclusive to SSL certs, though that is a driving factor.

How are you all handling this? An application? A web-based "aaS" reminder 
system of some sort?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

[NTSysADM] RE: Reminders for SSL certs (and other things)

[Brian Desmond]

You might look at how you could centralize where these certs are installed 
(e.g. a load balancer/reverse proxy) so you only have one place to check as 
opposed to having things scattered around.

Thanks,
Brian Desmond

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Raper
Sent: Wednesday, June 15, 2016 12:40 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Reminders for SSL certs (and other things)

Hi all,

We've been bitten by an internal cert or two expiring that caught us off guard. 
We're rying to come up with a way to have  centrally managed reminder system in 
place to make sure this doesn't happen again. This is for a large-ish network 
with a handful of people who could be managing this at any given time.

An Excel spreadsheet just doesn't scale well for this, and Outlook tasks seems 
kind of clumsy.

Obviously paid certs you generally get a reminder because GoDaddy wants the 
revenue, and Web server certs generate an event in the event log, but not every 
SSL cert is going to generate an event.and not every cert is a paid cert

We also have some other events and contracts that we'd like reminders for - so 
this isn't exclusive to SSL certs, though that is a driving factor.

How are you all handling this? An application? A web-based "aaS" reminder 
system of some sort?

Thanks,

Jonathan
NOTE: This message and any attachments is intended solely for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified 
that any use, dissemination, distribution, or copying of this communication is 
strictly prohibited. If you have received this communication in error, please 
notify the original sender immediately by telephone or return email and destroy 
or delete this message along with any attachments immediately.

[NTSysADM] % of common updates files for all Windows OS

[Liby Philip Mathew]

Hi
Just a simple query,
Any idea what will be the percentage of common files (updates) applicable to 
all OS/Office when MS releases a set on Tuesday?
For instance, I believe that the below one file is the only file required to 
update MRT for all versions of Windows 8, 8.1, 10 and Windows Server 2012, 2012 
R2x64 Edition.

Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows 
Server 2012, 2012 R2x64 Edition - June 2016 (KB890830)

TIA
Mathew

Disclaimer

[The information contained in this e-mail message and any attached files are 
intended solely for the use of the individual or entity to whom they are 
addressed. This transmission may contain information that is confidential, Path 
Solutions Private, or exempt from disclosure under applicable law and/or Path 
Solutions information security policy. The receiver of this communication shall 
not transmit any part of this message unless the email subject clearly classify 
it as “Public” or a written permission has been given by the information assets 
owner. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies, any disclosure, copying, distribution, or 
use of the information contained herein is STRICTLY PROHIBITED. Path Solutions 
accepts no responsibility for any errors, omissions, computer viruses and other 
defects.]

P Protect our planet: Do not print this email unless necessary.