Re: [NTSysADM] Welcome a brand new CTP to the family

[Andrew S. Baker]

Congrats, Mr. Rankin

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Feb 1, 2018 at 9:07 AM, Webster  wrote:

> Our very own James Rankin is a brand-new CTP. Welcome to the family James.
>
>
>
> https://www.citrix.com/blogs/2018/02/01/welcome-ctp-class-of-2018/
>
> https://www.citrix.com/community/ctp/awardees.html
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional Fellow | iGel Tech Community Insider |
> Parallels VIPP
>
> http://www.CarlWebster.com
> 
>
> The Accidental Citrix Admin
>
>
>

Re: [NTSysADM] OT - IP/Cloud Phones

[Andrew S. Baker]

I've used 8x8 in various configurations since about 2004 (when they were
focused on the residential market as "Packet8").

Make sure you test, test, test whichever vendor you use in as real-world
conditions as possible. I've seen 8x8 struggle for midsized orgs
(200-300 users, 5-10 offices).   Their most recent software release
(earlier this month) is considerably more stable than the previous edition.

You must have sufficient bandwidth.  It must be quality bandwidth (low
latency and jitter).Your LAN(s) should be well configured, and QoS is
very helpful.

Test, test, test.

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Wed, Jan 31, 2018 at 8:28 AM, Bud Durland  wrote:

> First,  apologies for the OT post, but I´m sure there are people in this
> group that have crossed this bridge before me.  Our purchasing guy is
> evaluating keeping our on-prem phone system vs. going with a cloud provider
> like 8x8.  I'm looking for input from anyone who has real-world experience
> making the change, or changing (back) from cloud to on-prem.  Please
> contact me off-list with war stories or on-line references.
>
> Thanks
>
> --
>
> Bud Durland   |   Director Of Information Technology
> Direct: 518.324.4850 | Cell: 518.726.0967 | Fax: 518.561.0017 |
> b...@mrpcap.com
> 1 Plant St., Plattsburgh, NY 12901
> Website |  Twitter |  LinkedIn |  YouTube
>
>
>
>
>
>
> NOTE -- This message contains legally privileged and confidential
> information and is intended only for the individual named.
> If you are not the named addressee you should not disseminate, distribute
> or copy this e-mail.
> Please notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete
> this e-mail from your system. Thank you.
>
>
>
>

Re: [NTSysADM] Are the Meltdown/Spectre reg keys needed for workstations?

[Andrew S. Baker]

*>>If I’m a IT director, CTO, etc., who’s looking at a refresh cycle on
some chunk of my machines in 12 months or 24 months*

​Maybe 12 months,​ but not 24 months -- especially if your competitors are
moving ahead with their projects and mitigating their risk as best as they
can in the meantime.


Regards,

 *ASB*



On Wed, Jan 10, 2018 at 2:21 PM, Melvin Backus 
wrote:

> If I’m a IT director, CTO, etc., who’s looking at a refresh cycle on some
> chunk of my machines in 12 months or 24 months, that might make me hold off
> ordering 50K vulnerable PCs until the 24 month period instead. Skip one
> cycle, double up on the next.  Even if I only shift one refresh cycle,
> that’s a huge chunk of my inventory that is no longer vulnerable for
> whatever my cycle time is.  If you do 20% per year, that means those new
> unprotected PCs are in your system for 4 years.
>
>
>
> Maybe it won’t matter for those who need to add hardware, but it’s the
> ones with options that would be in the mix.
>
>
>
> While they aren’t a determining factor from a numbers perspective, home
> users who’ve been thinking about an upgrade, might put it off for a year or
> so hoping there will be a fix. I suppose if they can actually fix the whole
> issue with a microcode update it wouldn’t matter.
>
>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>
> ¯\_(ツ)_/¯
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Jonathan Link
> *Sent:* Wednesday, January 10, 2018 1:57 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Are the Meltdown/Spectre reg keys needed for
> workstations?
>
>
>
> Seems unlikely...  I mean, if you need a computer, you need a cpu, right?
>
>
>
> On Wed, Jan 10, 2018 at 1:24 PM, Melvin Backus 
> wrote:
>
> That’s going to put a real dent in chip sales I suspect. I know I’d
> personally be holding off any purchases until new non-vulnerable chips are
> available if I have any choice.
>
>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>
> ¯\_(ツ)_/¯
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Michael B. Smith
> *Sent:* Wednesday, January 10, 2018 1:10 PM
>
>
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for
> workstations?
>
>
>
> If they have, I’m not aware of it. I expect it’s too late even for the
> next-gen chips, given how long it takes to design a new chip and fab it.
>
>
>
> Maybe some time in 2019?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Heaton,
> Joseph@Wildlife
> *Sent:* Wednesday, January 10, 2018 11:11 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for
> workstations?
>
>
>
> My question to that statement, is:  Have any of the chip manufacturers
> given a timeframe of when new, fixed, processors will be released?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Michael B.
> Smith
> *Sent:* Tuesday, January 9, 2018 6:26 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for
> workstations?
>
>
>
> Not going to happen. It’s going to require new processors.
>
>
>
> Everything being released is a mitigation, not a “fix”.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Ed Ziots
> *Sent:* Tuesday, January 9, 2018 4:27 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Are the Meltdown/Spectre reg keys needed for
> workstations?
>
>
>
> It would be nice if intel and amd released.processor or bios.firmware
> update to.fix the flaw.once and all.
>
>
>
> On Jan 9, 2018 2:24 PM, "Michael Leone"  wrote:
>
> Here's something (more) I am confused about. Suppose I have Win 7 and Win
> 10 workstations, and I have properly patched the OS. Do I *also* need to
> issue the 2 (or is it 3) registry entries?
>
>
>
> I *thought* the registry entries were only for servers, but I have seen
> other statements that say that the Meltdown/Spectre fixes are *not* enabled
> until you issue the registry entries.
>
>
>
> So without the reg entries, you are effectively unpatched? The patches are
> there, but dormant?
>
>
>
> (neither of my home PCs have BIOS updates issued - one is for a very old
> Dell Optiplex 755 that I only use to connect to a NAS, and the other is one
> I assembled from parts back in 2011. Neither has has had a BIOS upgrade
> released in years. Ah, the joy )
>
>
>
>
>

Re: [NTSysADM] New blog post: Windows Speculative Execution Client/Server Patches/Mitigations/Detection Summary

[Andrew S. Baker]

They may not.   It all depends on how they handle context switching for
kernel mode access.

This is going to be very interesting at the CPU maker level, too...

The GPU vendors may not be out of the woods, either.

Regards,

 *ASB*



On Thu, Jan 4, 2018 at 10:41 AM, Jack Kramer  wrote:

> It wouldn’t surprise me if Apple actually ends up with a speed advantage
> after all this shakes out given their kernel architecture. The Mach guys
> are finally going to have a win of sorts.
>
> 
> Jack Kramer
>
>
> On Jan 4, 2018, at 10:09 AM, Michael B. Smith 
> wrote:
>
> None.
>
>
>
> Microsoft says it’s “minimal but dependent on customer workload”. This is
> confirmed by what I’ve seen posted on twitter so far. A couple of
> percentage points.
>
>
>
> Linux is seeing a minimum of 5% performance reduction and as high as 23%
> (so far). It may, for once, finally be true to say: Windows is faster than
> Linux. J
>
>
>
> (Paul Thurrott is gloating about this on twitter.)
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Joseph L.
> Casale
> *Sent:* Thursday, January 4, 2018 9:54 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] New blog post: Windows Speculative Execution
> Client/Server Patches/Mitigations/Detection Summary
>
>
>
> Which article quantifies the performance degradation?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Ed Ziots
> *Sent:* Thursday, January 4, 2018 9:34 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] New blog post: Windows Speculative Execution
> Client/Server Patches/Mitigations/Detection Summary
>
>
>
> Yeah this one is going to be a nasty one but looks like cloud service
> providers are patching for it now. But saw there might be a 30 percebt
> performance hit with windows.. is pretty ugly..
>
>
>
> Nice job intel.. way to mess it up again.
>
>
>
> Ed
>
>
>
> On Jan 4, 2018 8:54 AM, "Michael B. Smith"  wrote:
>
> New blog post: #Windows Speculative Execution Client/Server
> Patches/Mitigations/Detection Summary
>
> http://www.essential.exchange/2018/01/04/windows-
> speculative-execution-client-server-patches-mitigations-detection-summary/
>
>
>
> Not intended to be comprehensive, but as of the morning of 4-January, all
> the worthwhile information I can find published by Microsoft on the
> Speculative Execution issue…
>
>

Re: [NTSysADM] Advice: RAID-1 with SSD for home use?

[Andrew S. Baker]

My desktop at home has mirrored drives, but none of my laptops do, and none
of the systems for family members do.

My daughter has had two drive failures on different systems over the past 5
or so years -- both on laptops -- but as her data is stored on our SAN,
there was no real data loss to speak of.

I wouldn't bother with mirrored SSD.

Oh, and my wife keeps hundreds[1] of browser windows open as well.

Regards,

 *ASB*


​[1] aggregated across all open browsers.  50+ is considered light browsing
for her.



On Wed, Dec 27, 2017 at 11:38 AM, Michael Leone  wrote:

> I have a non-business question. My GF needs a new PC; her current Dell
> is like 8 years old, and is really slow with her Google Chrome and 30+
> tabs open (yes, I've told her to try not keeping so many tabs open;
> no, she won't change her behavior ...)
>
> Anyways, I'm looking at a HP Pavillion 570-p30 (that's an I7-7700 CPU,
> 16G RAM, 256G SSD). Her current machine (Dell Studio XPS 8000) does
> have mirrored SATA boot drives (I ordered it that way). I did it for
> safety, not backup (we do backups to an external HD via scheduled task
> and SyncToy).
>
> It doesn't appear that I can do that with this HP machine, doesn't
> looks like there's enough SSD connectors, although I haven't been able
> to confirm that.
>
> My question - do I even really need to mirror the boot drive?  Do you
> folks do mirrored drives at home? Or am I just being overly cautious?
> (I don't have one on my own desktop, just a single SSD boot drive. I
> do have mirrored data storage drives, for photos, etc. Again for
> safety).
>
> (at work, it would never occur to me to spec out a server that didn't
> have mirrored boot dives. But this isn't a server ...)
>
>
>

Re: [NTSysADM] Remove original message in reply

[Andrew S. Baker]

It is generally advisable that you don't quote him verbatim, but rather
internalize the lesson of his proverb, and make use of more nuanced means
to communicate the same thing.

When all else fails, hire a competent consultant to accomplish the
above...  (since everyone seems to take advice better from consultants than
internal staff)

Regards,

 *ASB*


On Fri, Dec 15, 2017 at 2:12 AM, Jon Harris  wrote:

> I believe he was totally correct but when dealing with lawyers or
> management you can’t quote him and retain your position.
>
>
>
> Jon
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Micheal Espinola Jr
> *Sent:* Thursday, December 14, 2017 11:30 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Remove original message in reply
>
>
>
> I should have included the full proper quote for those that are new to it:
>
>
>
> "There are seldom technological solutions for behavioral problems" -- Ed
> Crowley
>
>
>
> On Dec 13, 2017 3:34 PM, "Micheal Espinola Jr" 
> wrote:
>
> Technically, yea you could do it.  But you'd have to be very careful and
> clever.  You'd be modifying multiple Content-Type containers (text/plain,
> text/html, etc).
>
>
>
> More importantly (to me), is what is the business need for this?
>
>
> --
> Espi
>
>
>
>
>
> On Wed, Dec 13, 2017 at 8:58 AM, Sean Chapman 
> wrote:
>
> Hey all,
>
> I got tasked with finding out how to not include the original message in
> reply for email (using Office 365)  I know this is possible in Outlook but
> its not available for outlook online or mobile.  Does anyone know of a way
> to get this done?  I was thinking maybe some crazy exchange transport rule
> or possibly some hardware like barracuda or mimecast etc?
>
> Thanks!
>
>
>
>
>
>
>
>
>
> 
>
> The information contained in this communication and all accompanying
> documents from Coilcraft may be confidential and/or legally privileged, and
> is intended only for the use of the recipient(s) named above. If you are
> not the intended recipient you are hereby notified that any review,
> disclosure, copying, distribution or the taking of any action in reliance
> on the contents of this transmitted information is strictly prohibited. If
> you have received this communication in error, please return it to the
> sender immediately and destroy the original message or accompanying
> materials and any copy thereof. If you have any questions concerning this
> message, please contact the sender.
>
>
>

Re: [NTSysADM] Remove original message in reply

[Andrew S. Baker]

Exactly.  DLP can offer some assistance at the technical controls, but
ultimately, people have to understand the policy and apply it.   Technology
can only help somewhat.

Regards,

 *ASB*


On Thu, Dec 14, 2017 at 12:21 PM, Michael B. Smith 
wrote:

> Do this with Compliance Rules/Policies that prohibit the IP.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Sean Chapman
> *Sent:* Thursday, December 14, 2017 8:34 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Remove original message in reply
>
>
>
> There have been cases where very long email chains containing intellectual
> property information has been discussed and these go on for months at a
> time in some cases back and forth.  New people are added to conversations
> and some people are removed and the owners believe that it’s a good idea to
> limit previous information.
>
> I fully agree that this does not seem like a good idea but its already
> been implemented via GPO for our desktops with outlook and they are not
> backing down so unfortunately I have to do what the owners demand since
> they sign the checks.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Micheal
> Espinola Jr
> *Sent:* Wednesday, December 13, 2017 5:35 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Remove original message in reply
>
>
>
> Technically, yea you could do it.  But you'd have to be very careful and
> clever.  You'd be modifying multiple Content-Type containers (text/plain,
> text/html, etc).
>
>
>
> More importantly (to me), is what is the business need for this?
>
>
> --
> Espi
>
>
>
>
>
> On Wed, Dec 13, 2017 at 8:58 AM, Sean Chapman 
> wrote:
>
> Hey all,
>
> I got tasked with finding out how to not include the original message in
> reply for email (using Office 365)  I know this is possible in Outlook but
> its not available for outlook online or mobile.  Does anyone know of a way
> to get this done?  I was thinking maybe some crazy exchange transport rule
> or possibly some hardware like barracuda or mimecast etc?
>
> Thanks!
>
>
>
>
>
>
>
>
>
> 
>
> The information contained in this communication and all accompanying
> documents from Coilcraft may be confidential and/or legally privileged, and
> is intended only for the use of the recipient(s) named above. If you are
> not the intended recipient you are hereby notified that any review,
> disclosure, copying, distribution or the taking of any action in reliance
> on the contents of this transmitted information is strictly prohibited. If
> you have received this communication in error, please return it to the
> sender immediately and destroy the original message or accompanying
> materials and any copy thereof. If you have any questions concerning this
> message, please contact the sender.
>
>
>

Re: [NTSysADM] AADConnect Update

[Andrew S. Baker]

Thanks, MBS

Regards,

 *ASB*

On Wed, Dec 13, 2017 at 7:47 PM, Michael B. Smith 
wrote:

> This is cross-posted to the exchange list and the ntsysadmin list.
>
>
>
> If you are running hybrid with Azure or Office 365, you need to update
> AADConnect.
>
>
>
> See: https://dirteam.com/sander/2017/12/13/azure-ad-connect-
> version-1-1-654-0-addresses-a-critical-security-vulnerability/
>
>
>
> If you want to understand the vulnerability better, see:
>
>
>
> http://www.essential.exchange/2008/10/22/admincount-
> adminsdholder-sdprop-and-you/
>
>
>

[NTSysADM] Just another day in the life of a Network Engineer

[Andrew S. Baker]

https://www.linkedin.com/pulse/what-its-like-network-engineer-ron-buchalski/

Regards,

 *ASB*

Re: [NTSysADM] DBA question

[Andrew S. Baker]

+3 (1 for each previous response)

Regards,

 *ASB* * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Wed, Dec 6, 2017 at 9:05 AM, Erik Goldoff  wrote:

> this sounds more like
> a)  I don't want to
>   or
> b)  I don't want to pay for this
>instead of
> c) it cannot be done
>
> Best Practice for Security and Auditing should be a topic for discussion,
> especially considering your statement of dealing with 'highly sensitive
> data".  Also should be raised through the chain of command, for support or
> risk acceptance by high level management, IMNSHO
>
> Erik
>
> On Tue, Dec 5, 2017 at 12:10 PM, Tom Miller 
> wrote:
>
>> Hi All,
>>
>> I have a question regarding Oracle DBA database level access.
>>
>> The DBA lead where I work states that it is nonsensical for individual
>> DBAs to use a name DBA-admin account for them.  This is a potential issue:
>> we are dealing with highly sensitive data and even within the DBA staff
>> group, we want to restrict access, if possible.  We use logging, but
>> triggering an access to particular tables would not be too helpful, as it
>> would only tell us that the DBA account access them.
>>
>> Anyone have any thoughts or suggestions?
>>
>> Thanks,
>> Tom
>>
>
>

Re: [NTSysADM] Need to encrypt a folder on a server that does not have a TPM chip

[Andrew S. Baker]

Consider https://www.veracrypt.fr/en/Home.html

This will provide disk level or partition level encryption.   I would
recommend partition level, and just have SQL installed to the appropriate
partition  (or, at the very least, the databases)

Regards,

 *ASB*


On Fri, Dec 1, 2017 at 1:04 PM, Eric Wittersheim <eric.wittersh...@gmail.com
> wrote:

> Thanks ASB,  but we are not running Enterprise and I have been told that
> the encryption that is offered in our version of SQL won't cover the
> requirements.  I totally agree with you about this, I can only do what I'm
> asked.
>
> On Dec 1, 2017 12:00 PM, "Andrew S. Baker" <asbz...@gmail.com> wrote:
>
>> Why do you need it on a folder level, and not just use SQL TDE to encrypt
>> the SQL database itself?
>>
>> I don't know that I would be comfortable relying on any database server
>> that had to rely on a 3rd party encrypted folder where the database was
>> residing.
>>
>> Regards,
>>
>>  *ASB*
>>  *https://about.me/Andrew.S.Baker <https://about.me/Andrew.S.Baker>*
>>
>>  *Providing CyberSecurity and IT Operations Consulting for the SMB
>> market…*
>>
>> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>>
>>
>>
>> On Fri, Dec 1, 2017 at 12:41 PM, Eric Wittersheim <
>> eric.wittersh...@gmail.com> wrote:
>>
>>> All,
>>>
>>> I have a request that I hope some of you might be able to point me in
>>> the right direction.  I have a SQL 2008 r2 server running on Windows 2008
>>> R2 that I need to have a DB located in an encrypted folder.  The server
>>> does not have a TPM chip and we don't want to use a USB stick so Bitlocker
>>> is not looking like an option.  Because it is a SQL DB I don't think EFS
>>> would be a good option either.  Have any of you had any experience with any
>>> 3rd party applications that can perform encryption on a folder level?
>>>
>>> Thanks,
>>>
>>> Eric
>>>
>>
>>

Re: [NTSysADM] Need to encrypt a folder on a server that does not have a TPM chip

[Andrew S. Baker]

Why do you need it on a folder level, and not just use SQL TDE to encrypt
the SQL database itself?

I don't know that I would be comfortable relying on any database server
that had to rely on a 3rd party encrypted folder where the database was
residing.

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Fri, Dec 1, 2017 at 12:41 PM, Eric Wittersheim <
eric.wittersh...@gmail.com> wrote:

> All,
>
> I have a request that I hope some of you might be able to point me in the
> right direction.  I have a SQL 2008 r2 server running on Windows 2008 R2
> that I need to have a DB located in an encrypted folder.  The server does
> not have a TPM chip and we don't want to use a USB stick so Bitlocker is
> not looking like an option.  Because it is a SQL DB I don't think EFS would
> be a good option either.  Have any of you had any experience with any 3rd
> party applications that can perform encryption on a folder level?
>
> Thanks,
>
> Eric
>

Re: [NTSysADM] DHCP role

[Andrew S. Baker]

Yes.  EXPORT then IMPORT

Regards,

 *ASB*



On Thu, Nov 30, 2017 at 6:40 PM, Heaton, Joseph@Wildlife <
joseph.hea...@wildlife.ca.gov> wrote:

> You can just do a backup on the old, and restore on the new, as well,
> right?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Andrew S. Baker
> *Sent:* Thursday, November 30, 2017 2:33 PM
> *To:* ntsysadm <ntsysadm@lists.myitforum.com>
>
> *Subject:* Re: [NTSysADM] DHCP role
>
>
>
> You can quickly import DHCP on a new machine running the same version of
> Windows using NETSH
>
>
>
> https://technet.microsoft.com/en-us/library/dd759224(v=ws.11).aspx
>
>
> Regards,
>
>  *ASB*
>
>
>
>
>
> On Thu, Nov 30, 2017 at 12:46 PM, David Lum <d...@theitgarage.com> wrote:
>
> I've pulled DHCP off all our DC's and it wasn't too tough for the network
> team to accomodate. Using DHCP failover took a bit more work for us to
> perfect.  Using failover you by definiton copy the confif to the new
> serverstand up new dhcp server, config as failover, then stand down
> DHCP on the domain controller and decondigure failover once the new server
> is confirmed to hand out IP's. (Assuming Win DHCP servers).
>
>
>
> Totally worth it in our opinion.
>
> Dave
>
>
> On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife <
> joseph.hea...@wildlife.ca.gov> wrote:
>
> Problem with that, is that I’d really like to keep the same IP for the
> DHCP server.  My network team has that in all their switches around the
> state as ip-helper entries.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Webster
> *Sent:* Thursday, November 30, 2017 7:45 AM
>
>
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] DHCP role
>
>
>
> I would migrate DHCP first.
>
>
>
> Webster
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Heaton,
> Joseph@Wildlife
> *Sent:* Thursday, November 30, 2017 9:00 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] DHCP role
>
>
>
> That’s what we’re doing as well.  Not sure why, but our service account is
> member of DNSUpdateProxy, but also a member of DNSAdmins.  Anyone have an
> idea why that group?  I didn’t set this up initially, I’m just trying to
> get things in best practices, and address a current issue I’m working
> through, of replacing a DC, that happens to be our main DHCP server.  My
> thoughts at the moment, are to add a new DC, with only DC roles.  Then,
> DCpromo the old DC (with DHCP), then migrate DHCP to a new server, that is
> only a member server, not a DC.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Mark
> Gottschalk
> *Sent:* Wednesday, November 29, 2017 6:21 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] DHCP role
>
>
>
> https://blogs.technet.microsoft.com/stdqry/2012/04/
> 03/dhcp-server-in-dcs-and-dns-registrations/
> https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
>
> This is what we've done with DHCP on DC.  Have a user "DHCP_user" in
> Protected User group, DNSUpdateProxy group. Use this for alternate
> credentials.
>
> Note that first article says:
> *"A common error is to think that the DHCP Server service running in a DC
> will use its service account security context to register records in DNS if
> no alternate credentials are configured, and then there is security risk.
> In fact, this is not the behavior of the DHCP Server in a DC.*
>
> *If the DHCP Server service detects that it is running in a domain
> controller, and no alternate credentials for DNS registrations have been
> configured, then it decides to not do any registrations for DHCP clients
> and logs event DHCP/1056."*
>
> It also starts with:
> *"One common deployment scenario for the DHCP Server service is to have it
> installed in domain controllers. When this scenario is used it is necessary
> to define the alternate credentials to be used by DHCP when doing DNS
> registrations on behalf of the DHCP clients."*
>
> If you can separate them with no downside, go for it.  However, running
> DHCP on a DC appears to be accounted for and can be addressed by above.
>
> -- Mark
>
>
>
>
> From:"Heaton, Joseph@Wildlife" <joseph.hea...@wildlife.ca.gov>
> To:'NT System Admin Issues Discussion list

Re: [NTSysADM] DHCP role

[Andrew S. Baker]

You can quickly import DHCP on a new machine running the same version of
Windows using NETSH

https://technet.microsoft.com/en-us/library/dd759224(v=ws.11).aspx

Regards,

 *ASB*



On Thu, Nov 30, 2017 at 12:46 PM, David Lum  wrote:

> I've pulled DHCP off all our DC's and it wasn't too tough for the network
> team to accomodate. Using DHCP failover took a bit more work for us to
> perfect.  Using failover you by definiton copy the confif to the new
> serverstand up new dhcp server, config as failover, then stand down
> DHCP on the domain controller and decondigure failover once the new server
> is confirmed to hand out IP's. (Assuming Win DHCP servers).
>
> Totally worth it in our opinion.
>
> Dave
>
> On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife <
> joseph.hea...@wildlife.ca.gov> wrote:
>
> Problem with that, is that I’d really like to keep the same IP for the
> DHCP server.  My network team has that in all their switches around the
> state as ip-helper entries.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Webster
> *Sent:* Thursday, November 30, 2017 7:45 AM
>
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] DHCP role
>
>
>
> I would migrate DHCP first.
>
>
>
> Webster
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Heaton,
> Joseph@Wildlife
> *Sent:* Thursday, November 30, 2017 9:00 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] DHCP role
>
>
>
> That’s what we’re doing as well.  Not sure why, but our service account is
> member of DNSUpdateProxy, but also a member of DNSAdmins.  Anyone have an
> idea why that group?  I didn’t set this up initially, I’m just trying to
> get things in best practices, and address a current issue I’m working
> through, of replacing a DC, that happens to be our main DHCP server.  My
> thoughts at the moment, are to add a new DC, with only DC roles.  Then,
> DCpromo the old DC (with DHCP), then migrate DHCP to a new server, that is
> only a member server, not a DC.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Mark
> Gottschalk
> *Sent:* Wednesday, November 29, 2017 6:21 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] DHCP role
>
>
>
> https://blogs.technet.microsoft.com/stdqry/2012/04/
> 03/dhcp-server-in-dcs-and-dns-registrations/
> https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
>
> This is what we've done with DHCP on DC.  Have a user "DHCP_user" in
> Protected User group, DNSUpdateProxy group. Use this for alternate
> credentials.
>
> Note that first article says:
> *"A common error is to think that the DHCP Server service running in a DC
> will use its service account security context to register records in DNS if
> no alternate credentials are configured, and then there is security risk.
> In fact, this is not the behavior of the DHCP Server in a DC.*
>
> *If the DHCP Server service detects that it is running in a domain
> controller, and no alternate credentials for DNS registrations have been
> configured, then it decides to not do any registrations for DHCP clients
> and logs event DHCP/1056."*
>
> It also starts with:
> *"One common deployment scenario for the DHCP Server service is to have it
> installed in domain controllers. When this scenario is used it is necessary
> to define the alternate credentials to be used by DHCP when doing DNS
> registrations on behalf of the DHCP clients."*
>
> If you can separate them with no downside, go for it.  However, running
> DHCP on a DC appears to be accounted for and can be addressed by above.
>
> -- Mark
>
>
>
>
> From:"Heaton, Joseph@Wildlife" 
> To:'NT System Admin Issues Discussion list' <
> ntsysadm@lists.myitforum.com>
> Date:11/29/2017 02:49 PM
> Subject:[NTSysADM] DHCP role
> Sent by:"listsad...@lists.myitforum.com"  --
>
>
>
> Is it still best practice to have DHCP NOT on a DC?  I’ve been reading a
> bunch of stuff, but everything I’m reading refers to Server 2003 or older.
>
>
>
> Joe Heaton
>
> Information Technology Operations Branch
>
> Data and Technology Division
>
> CA Department of Fish and Wildlife
>
> 1700 9th Street, 3rd Floor
>
> Sacramento, CA  95811
>
> Desk:  916-323-1284 <(916)%20323-1284>
>
>
>
>

Re: [NTSysADM] OS in the CPU

[Andrew S. Baker]

Sure, but there are lots of ways to lose jobs -- many of which have nothing
to do with your own personal actions.

InfoSec currently lends itself more to employment than unemployment.

Regards,

 *ASB*



On Mon, Nov 20, 2017 at 12:05 PM, Jonathan Link <jonathan.l...@gmail.com>
wrote:

> More like job insecurity. Missing an exploit might be a career ending
> event, even if it is heretofore an unknown exploit.
>
> On Mon, Nov 20, 2017 at 11:54 AM Melvin Backus <melvin.bac...@byers.com>
> wrote:
>
>> Some call them opportunities, we in IT call them job security. J
>>
>>
>>
>> --
>> There are 10 kinds of people in the world...
>>  those who understand binary and those who don't.
>>
>>
>>
>> ¯\_(ツ)_/¯
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
>> myitforum.com] *On Behalf Of *Kurt Buff
>> *Sent:* Monday, November 20, 2017 11:34 AM
>> *To:* ntsysadm <ntsysadm@lists.myitforum.com>
>> *Subject:* Re: [NTSysADM] OS in the CPU
>>
>>
>>
>> There are always more problems:
>>
>> https://www.thezdi.com/blog/2017/10/04/vmware-escapology-
>> how-to-houdini-the-hypervisor
>>
>> https://www.youtube.com/watch?v=uRemWLNBSZg
>>
>>
>>
>> On Mon, Nov 20, 2017 at 8:05 AM, Andrew S. Baker <asbz...@gmail.com>
>> wrote:
>>
>> But wait!   There's more...
>>
>>
>>
>> https://www.youtube.com/watch?v=KrksBdWcZgQ
>>
>>
>>
>>
>>
>> ​(I see your "solution" and raise you two more problems)​
>>
>>
>> Regards,
>>
>>  *ASB*
>>
>>
>>
>>
>>
>> On Sun, Nov 19, 2017 at 12:28 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>>
>> The OS in question (minix), isn't in the main CPU - it's in the CPU of
>> the management engine, which is completely separate, and doesn't, or at
>> least shouldn't, affect system performance.
>> https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Hardware
>>
>> That actually makes it worse, since as long as the machine is connect to
>> power, even though putatively "off", the management engine is available.
>> That is, if it's been configured. This is an enterprise feature, so the ME
>> is usually not active in consumer-grade computers.
>>
>> But, if it's present and turned on, then it's pretty risky:
>> https://www.theregister.co.uk/2017/11/09/chipzilla_come_
>> closer_closer_listen_dump_ime/
>>
>> But there's some hope, of a sort - Google is on the case:
>> http://www.tomshardware.com/news/google-removing-minix-
>> management-engine-intel,35876.html
>>
>> Kurt
>>
>>
>>
>> On Sun, Nov 19, 2017 at 6:34 AM, Andrew S. Baker <asbz...@gmail.com>
>> wrote:
>>
>> No wonder our machines don't seem as fast as we think they *could* be...
>>They're busy running more stuff than we thought:
>>
>>
>>
>> http://www.zdnet.com/article/minix-intels-hidden-in-chip-
>> operating-system/
>>
>>
>>
>> The security implications are also pretty staggering...
>>
>> Regards,
>>
>>  *ASB*
>>
>>
>>
>>
>>
>>
>>
>

Re: [NTSysADM] OS in the CPU

[Andrew S. Baker]

But wait!   There's more...

https://www.youtube.com/watch?v=KrksBdWcZgQ


​(I see your "solution" and raise you two more problems)​

Regards,

 *ASB*


On Sun, Nov 19, 2017 at 12:28 PM, Kurt Buff <kurt.b...@gmail.com> wrote:

> The OS in question (minix), isn't in the main CPU - it's in the CPU of the
> management engine, which is completely separate, and doesn't, or at least
> shouldn't, affect system performance.
> https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Hardware
>
> That actually makes it worse, since as long as the machine is connect to
> power, even though putatively "off", the management engine is available.
> That is, if it's been configured. This is an enterprise feature, so the ME
> is usually not active in consumer-grade computers.
>
> But, if it's present and turned on, then it's pretty risky:
> https://www.theregister.co.uk/2017/11/09/chipzilla_come_
> closer_closer_listen_dump_ime/
>
> But there's some hope, of a sort - Google is on the case:
> http://www.tomshardware.com/news/google-removing-minix-
> management-engine-intel,35876.html
>
> Kurt
>
> On Sun, Nov 19, 2017 at 6:34 AM, Andrew S. Baker <asbz...@gmail.com>
> wrote:
>
>> No wonder our machines don't seem as fast as we think they *could* be...
>>They're busy running more stuff than we thought:
>>
>> http://www.zdnet.com/article/minix-intels-hidden-in-chip-ope
>> rating-system/
>>
>> The security implications are also pretty staggering...
>>
>> Regards,
>>
>>  *ASB*
>>
>>
>

[NTSysADM] OS in the CPU

[Andrew S. Baker]

No wonder our machines don't seem as fast as we think they *could* be...
 They're busy running more stuff than we thought:

http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/

The security implications are also pretty staggering...

Regards,

 *ASB*

Re: [NTSysADM] Looking for a global VPN solution - looking for input

[Andrew S. Baker]

>From all that I saw/read, it does look like very effective technology.

But, it's already on the way out, which could hurt from a time/investment
standpoint (as if Microsoft is the only vendor that creates this problem
for us...)

Just saying.

It worked out for me, in this instance.  :)

Regards,

 *ASB*



On Thu, Nov 16, 2017 at 5:03 PM, Michael B. Smith <mich...@smithcons.com>
wrote:

> Actually Direct Access is da bomb! And I think they did a great job on it.
>
>
>
> HOWEVER – they overestimated how quickly IPv6 would be deployed in the
> enterprise (as did most) and underestimated (as did most) the impact of
> handheld/BYOD.
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Andrew S. Baker
> *Sent:* Thursday, November 16, 2017 3:37 PM
>
> *To:* ntsysadm
> *Subject:* Re: [NTSysADM] Looking for a global VPN solution - looking for
> input
>
>
>
> I'm glad I didn't spend too much time on DirectAccess...
>
>
> Regards,
>
>  *ASB*
>
>
>
> On Mon, Nov 13, 2017 at 9:08 PM, Michael B. Smith <mich...@smithcons.com>
> wrote:
>
> So just a data point to consider.
>
> Microsoft is kinda moving away from DirectAccess.
>
> Many of the security functionalities added in Server 2016 won't work with
> DA.
>
> Instead you need to be using their Automatic VPN. The endpoint isn't very
> relevant, although they push RRAS.
>
> For example, WIP doesn't work properly with DA. Only with AVPN.
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kurt Buff
>
> Sent: Monday, November 13, 2017 8:19 PM
> To: ntsysadm
> Subject: Re: [NTSysADM] Looking for a global VPN solution - looking for
> input
>
> Arg - that should be "seeking commercial services"..
>
> And, once I bring recommendations, it might well be that we just fall back
> to a DirectAccess server in each office, with our without a multi-site
> configuration, potentially with an SSP VPN appliance also at each office
> for backup and contractors, and call it good.
>
> Kurt
>
> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
> > I'm not sure either, but that's the task I've been given - not
> > necessarily to implement at this stage, but to scope out the
> > alternatives and come up with some possibilities.
> >
> > It's also why I'm seeing recommendations on commercial services, so
> > that our implementation requirements are minimized.
> >
> > Kurt
> >
> > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale
> > <jcas...@activenetwerx.com> wrote:
> >> I've done a lot of openvpn setups in a myriad of formats, site to site,
> hub and spoke, client etc.
> >> It works well and there are even some lesser documented features that
> do some neat stuff but you are now rolling your solution and marinating it
> manually.
> >> Not sure how well that will scale unless you have a skilled team.
> >>
> >>> -Original Message-
> >>> From: listsad...@lists.myitforum.com
> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> >>> Sent: Monday, November 13, 2017 5:22 PM
> >>> To: ntsysadm <NTSysADM@lists.myitforum.com>
> >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for
> >>> input
> >>>
> >>> All,
> >>>
> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our
> >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto
> >>> Global Protect) as primary for our overseas offices and secondary
> >>> for the US (Sonicwall).
> >>>
> >>> 2) In the US office, we also have contractors/consultants needing to
> >>> use our SSL VPN for access to various resources, and that will
> >>> likely expand to our overseas offices soon. Differentiation and
> >>> securing resources is even more important here than in 1).
> >>>
> >>> 3) We also stand up IPSec tunnels for vendors/partners as needed
> >>> (lab to lab), for interoperability/compatibility testing.
> >>>
> >>> We're looking to get into a solution that will take care of at least
> >>> the first two (and ideally the third as well), so that we don't have
> >>> so many platforms to support, and so that we can make sure that
> >>> staff in the field get the fasted connection available.
> >>>
> >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog),
> >>> and OpenVPN (commercial client offering), but don't have much of an
> >>> opinion on them, as info about them is a bit thin.
> >>>
> >>> Anyone have experience with solutions like this, and care to comment?
> >>>
> >>> Thanks,
> >>>
> >>> Kurt
> >>>
> >>
>
>
>
>

Re: [NTSysADM] Looking for a global VPN solution - looking for input

[Andrew S. Baker]

I'm glad I didn't spend too much time on DirectAccess...

Regards,

 *ASB*


On Mon, Nov 13, 2017 at 9:08 PM, Michael B. Smith 
wrote:

> So just a data point to consider.
>
> Microsoft is kinda moving away from DirectAccess.
>
> Many of the security functionalities added in Server 2016 won't work with
> DA.
>
> Instead you need to be using their Automatic VPN. The endpoint isn't very
> relevant, although they push RRAS.
>
> For example, WIP doesn't work properly with DA. Only with AVPN.
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kurt Buff
> Sent: Monday, November 13, 2017 8:19 PM
> To: ntsysadm
> Subject: Re: [NTSysADM] Looking for a global VPN solution - looking for
> input
>
> Arg - that should be "seeking commercial services"..
>
> And, once I bring recommendations, it might well be that we just fall back
> to a DirectAccess server in each office, with our without a multi-site
> configuration, potentially with an SSP VPN appliance also at each office
> for backup and contractors, and call it good.
>
> Kurt
>
> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff  wrote:
> > I'm not sure either, but that's the task I've been given - not
> > necessarily to implement at this stage, but to scope out the
> > alternatives and come up with some possibilities.
> >
> > It's also why I'm seeing recommendations on commercial services, so
> > that our implementation requirements are minimized.
> >
> > Kurt
> >
> > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale
> >  wrote:
> >> I've done a lot of openvpn setups in a myriad of formats, site to site,
> hub and spoke, client etc.
> >> It works well and there are even some lesser documented features that
> do some neat stuff but you are now rolling your solution and marinating it
> manually.
> >> Not sure how well that will scale unless you have a skilled team.
> >>
> >>> -Original Message-
> >>> From: listsad...@lists.myitforum.com
> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> >>> Sent: Monday, November 13, 2017 5:22 PM
> >>> To: ntsysadm 
> >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for
> >>> input
> >>>
> >>> All,
> >>>
> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our
> >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto
> >>> Global Protect) as primary for our overseas offices and secondary
> >>> for the US (Sonicwall).
> >>>
> >>> 2) In the US office, we also have contractors/consultants needing to
> >>> use our SSL VPN for access to various resources, and that will
> >>> likely expand to our overseas offices soon. Differentiation and
> >>> securing resources is even more important here than in 1).
> >>>
> >>> 3) We also stand up IPSec tunnels for vendors/partners as needed
> >>> (lab to lab), for interoperability/compatibility testing.
> >>>
> >>> We're looking to get into a solution that will take care of at least
> >>> the first two (and ideally the third as well), so that we don't have
> >>> so many platforms to support, and so that we can make sure that
> >>> staff in the field get the fasted connection available.
> >>>
> >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog),
> >>> and OpenVPN (commercial client offering), but don't have much of an
> >>> opinion on them, as info about them is a bit thin.
> >>>
> >>> Anyone have experience with solutions like this, and care to comment?
> >>>
> >>> Thanks,
> >>>
> >>> Kurt
> >>>
> >>
>
>
>

Re: [NTSysADM] WOW!!! I had no idea I was going to be honored

[Andrew S. Baker]

Very well deserved.  Well done, my friend.

Regards,

 *ASB*



On Tue, Oct 24, 2017 at 12:17 PM, Webster  wrote:

> https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-
> classification/
>
>
>
> Deeply, deeply humbled and honored
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional | iGel Tech Community Insider | Parallels
> VIPP
>
> http://www.CarlWebster.com
> 
>
> The Accidental Citrix Admin
>
>
>
>
>

Re: [NTSysADM] RE: 2008 R2 Hyper V guests OoM

[Andrew S. Baker]

So, the monitoring agent is corrupt? :)

Sounds like a government agent (of too many countries to mention)

Regards,

 *ASB*


On Tue, Oct 17, 2017 at 7:56 AM, Kennedy, Jim <kennedy...@elyriaschools.org>
wrote:

> So yea, it is the SIEM. It is a really slow leak but my get-process dump
> over time pointed it out.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kennedy, Jim
> *Sent:* Monday, October 16, 2017 3:08 PM
> *To:* ntsysadm
> *Subject:* RE: [NTSysADM] RE: 2008 R2 Hyper V guests OoM
>
>
>
> I have a SIEM on each of them. The vendor is trustworthy, no reports of
> anyone else having this issue and the agent upgrades don’t coincide with
> this happening. Although an upgrade to Windows could certainly impact it.
>
>
>
> There was an upgrade to the SCOM agent that does line up pretty good with
> when this started. But you would think the world would be screaming if that
> were the case. I disabled the SCOM agent on all the 2008 R2 boxes for now.
> So far it has been fine, but still a tad too soon to blame that.
>
>
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Andrew S. Baker
> *Sent:* Monday, October 16, 2017 2:54 PM
> *To:* ntsysadm
> *Subject:* Re: [NTSysADM] RE: 2008 R2 Hyper V guests OoM
>
>
>
> I was thinking antimalware myself.
>
>
>
> In fact, antimalware, some other agent software, and malware, are the
> three things that come to mind for this scenario -- especially if the
> devices experiencing the problem are not logged on to the console.
>
>
> Regards,
>
>  *ASB*
>  *https://about.me/Andrew.S.Baker <https://about.me/Andrew.S.Baker>*
>
>  *Providing CyberSecurity and IT Operations Consulting for the SMB
> market…*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
>
>
> On Thu, Oct 12, 2017 at 6:50 PM, Richard Stovall <rich...@gmail.com>
> wrote:
>
> I seem to remember Vipre causing that occasionally, in its early
> incarnations.
>
>
>
> On Tue, Oct 10, 2017 at 10:12 AM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
>
> Still having this issue, and it has spread to many of my 2008 R2 servers
> including non hyper V guests.  They all start with this:
>
>
>
> The server was unable to allocate from the system nonpaged pool because
> the pool was empty.
>
>
>
> Full on hangs, so I can’t get in to see what ate the memory. Not seeing
> anything in real time looking like too many handles.
>
>
>
> Any ideas here gang?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kennedy, Jim
> *Sent:* Monday, September 11, 2017 1:25 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] RE: 2008 R2 Hyper V guests OoM
>
>
>
> So yea, that is exactly what I did.  TYVM sir.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Michael B.
> Smith
> *Sent:* Monday, September 11, 2017 12:59 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] RE: 2008 R2 Hyper V guests OoM
>
>
>
> Don’t run overcommitted in production.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Kennedy,
> Jim
> *Sent:* Monday, September 11, 2017 12:20 PM
> *To:* 'ntsysadm@lists.myitforum.com'
> *Subject:* [NTSysADM] 2008 R2 Hyper V guests OoM
>
>
>
> Just started a couple of weeks ago. I suspect an August update so I may
> cross post this later over on Patch Management.
>
>
>
> 2012 R2 Hyper V host (2 of them) with a mixture of 2008 R2 and 2012 R2
> guests.  Only the 2008 R2’s are exhibiting this behavior, they are all low
> usage machines. They are all set to dynamic memory and have been running
> for years without issue. One is only an FTP server that accepts 4
> connections a night for an automated data transfer. And the incoming
> connections are IP restricted on our ASA, so it isn’t like it is getting
> flooded with hacking attempts. These boxes are varied in their use FTP,
> internal only web server, RDP Gateway, generic file server……
>
>
>
> They crash shortly after a 2019 from srv.  “The server was unable to
> allocate from the system nonpaged pool because the pool was empty.”
>
>
>
> Setting them to a fixed memory on the slightly larger than what I would
> expect them to need seems to have fixed it. Any other ideas?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

Re: [NTSysADM] RE: 2008 R2 Hyper V guests OoM

[Andrew S. Baker]

I was thinking antimalware myself.

In fact, antimalware, some other agent software, and malware, are the three
things that come to mind for this scenario -- especially if the devices
experiencing the problem are not logged on to the console.

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Oct 12, 2017 at 6:50 PM, Richard Stovall  wrote:

> I seem to remember Vipre causing that occasionally, in its early
> incarnations.
>
> On Tue, Oct 10, 2017 at 10:12 AM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
>
>> Still having this issue, and it has spread to many of my 2008 R2 servers
>> including non hyper V guests.  They all start with this:
>>
>>
>>
>> The server was unable to allocate from the system nonpaged pool because
>> the pool was empty.
>>
>>
>>
>> Full on hangs, so I can’t get in to see what ate the memory. Not seeing
>> anything in real time looking like too many handles.
>>
>>
>>
>> Any ideas here gang?
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] *On Behalf Of *Kennedy, Jim
>> *Sent:* Monday, September 11, 2017 1:25 PM
>> *To:* ntsysadm@lists.myitforum.com
>> *Subject:* [NTSysADM] RE: 2008 R2 Hyper V guests OoM
>>
>>
>>
>> So yea, that is exactly what I did.  TYVM sir.
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com ] *On Behalf Of *Michael B.
>> Smith
>> *Sent:* Monday, September 11, 2017 12:59 PM
>> *To:* ntsysadm@lists.myitforum.com
>> *Subject:* [NTSysADM] RE: 2008 R2 Hyper V guests OoM
>>
>>
>>
>> Don’t run overcommitted in production.
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com ] *On Behalf Of *Kennedy, Jim
>> *Sent:* Monday, September 11, 2017 12:20 PM
>> *To:* 'ntsysadm@lists.myitforum.com'
>> *Subject:* [NTSysADM] 2008 R2 Hyper V guests OoM
>>
>>
>>
>> Just started a couple of weeks ago. I suspect an August update so I may
>> cross post this later over on Patch Management.
>>
>>
>>
>> 2012 R2 Hyper V host (2 of them) with a mixture of 2008 R2 and 2012 R2
>> guests.  Only the 2008 R2’s are exhibiting this behavior, they are all low
>> usage machines. They are all set to dynamic memory and have been running
>> for years without issue. One is only an FTP server that accepts 4
>> connections a night for an automated data transfer. And the incoming
>> connections are IP restricted on our ASA, so it isn’t like it is getting
>> flooded with hacking attempts. These boxes are varied in their use FTP,
>> internal only web server, RDP Gateway, generic file server……
>>
>>
>>
>> They crash shortly after a 2019 from srv.  “The server was unable to
>> allocate from the system nonpaged pool because the pool was empty.”
>>
>>
>>
>> Setting them to a fixed memory on the slightly larger than what I would
>> expect them to need seems to have fixed it. Any other ideas?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>

Re: [NTSysADM] More on Kaspersky

[Andrew S. Baker]

As long as State Actors play a role here, there's no timetable for "gets
better"

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Oct 16, 2017 at 1:16 PM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> I suspect it's going to get a lot worse before it gets better.  To add to
> what Susan said; defend accordingly.
>
> --
> Espi
>
>
> On Mon, Oct 16, 2017 at 1:36 AM, Michael B. Smith 
> wrote:
>
>> An interesting read, I thought. Especially this:
>>
>>
>>
>> The NSA bans its analysts from using Kaspersky anti-virus at the agency,
>> in large part because the agency has exploited anti-virus software for its
>> own foreign hacking operations and knows the same technique is used by its
>> adversaries.
>>
>> The Israeli hack itself would be reason enough for the NSA or any other
>> intelligence agency to ban Kaspersky products. It happens to other
>> anti-virus packages, too. Recently, the South Korean military discovered it
>> had been hacked, presumably by North Korean intelligence, using Hauri
>> anti-virus software.
>>
>>
>>
>> YMMV.
>>
>>
>>
>> http://windowsitpro.com/security/if-kaspersky-bothers-you-
>> so-must-its-rivals
>>
>>
>>
>
>

Re: [NTSysADM] This pleases me...

[Andrew S. Baker]

Congrats, Kurt... belated though it is.

Regards,

 *ASB*


On Fri, Oct 6, 2017 at 9:24 PM, Kurt Buff  wrote:

> It's a good start
> https://www.giac.org/certified-professional/kurt-buff/162966
>
> Passed with 85%, in 1h 12m.
>
>
>

[NTSysADM] More about Kaspersky

[Andrew S. Baker]

https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html?emc=eta1

Ouch

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

Re: [NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[Andrew S. Baker]

Hehe...

The big question I have, is this:  *Did the Avast acquisition facilitate or
cause this problem? *

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Sep 18, 2017 at 4:25 PM, James Rankin  wrote:

> Ironic that my predilection for the free version of this, which doesn’t
> auto-update, has prevented me from being a victim of this J
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Micheal Espinola Jr
> *Sent:* 18 September 2017 20:46
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] CCleaner found to be backdoored for downloads
> between August 15 and September 12
>
>
>
> CORRECTION for Google search:
>
>
>
> https://www.google.com/search?q=ccleaner+infection
> 
>
>
> --
> Espi
>
>
>
>
>
> On Mon, Sep 18, 2017 at 12:35 PM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
> https://www.bleepingcomputer.com/how-to/security/ccleaner-
> malware-incident-what-you-need-to-know-and-how-to-remove/
>
>
>
> https://www.google.com/search?q=ccleanup+infection
>
>
> --
> Espi
>
>
>
>
>

Re: [NTSysADM] Building a test domain

[Andrew S. Baker]

You're welcome.

I saw this message just fine.

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker <https://about.me/Andrew.S.Baker>*

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Wed, Sep 13, 2017 at 2:19 PM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

> Thanks, Andrew. I think that confirms it's the mail client I use, which
> seems odd. I never had the issue using Outlook until a couple of months
> ago. (I'm sending this via Web Browser instead of Outlook.)
>
> On Wed, Sep 13, 2017 at 12:53 PM, Andrew S. Baker <asbz...@gmail.com>
> wrote:
>
>> I haven't seen your official reply as yet.  Just the test messages.
>>
>> Regards,
>>
>>  *ASB*
>>  *https://about.me/Andrew.S.Baker <https://about.me/Andrew.S.Baker>*
>>
>>  *Providing CyberSecurity and IT Operations Consulting for the SMB
>> market…*
>>
>> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>>
>>
>>
>> On Wed, Sep 13, 2017 at 11:05 AM, Charles F Sullivan <
>> charles.sulliva...@bc.edu> wrote:
>>
>>> Thanks for the replies to that message and sorry for hijacking the
>>> thread, but it looks like you guys saw that last message where I was just
>>> checking, but not the one where I was replying to Joseph's post about
>>> building a test AD.
>>>
>>> I have a gmail higher ed account. I usually use Outlook for the account.
>>> I switched over to Web Mail to send the last message and apparently that's
>>> the difference.
>>>
>>> On Wed, Sep 13, 2017 at 10:16 AM, Michael B. Smith <
>>> mich...@smithcons.com> wrote:
>>>
>>>> We see you
>>>>
>>>>
>>>>
>>>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>>>> orum.com] *On Behalf Of *Charles F Sullivan
>>>> *Sent:* Wednesday, September 13, 2017 10:03 AM
>>>> *To:* ntsysadm@lists.myitforum.com
>>>> *Subject:* Re: [NTSysADM] Building a test domain
>>>>
>>>>
>>>>
>>>> I got a bounce message when I replied to this. I seem to have this
>>>> problem on here and the Patch Mgmt list the last few months. I'm trying a
>>>> different mail client now. Can someone let me know if this goes through?
>>>>
>>>>
>>>>
>>>> I get "Sorry, you do not have permission to post to the
>>>> ntsysadm@lists.myitforum.com mailing list".
>>>>
>>>>
>>>>
>>>> On Tue, Sep 12, 2017 at 5:31 PM, Heaton, Joseph@Wildlife <
>>>> joseph.hea...@wildlife.ca.gov> wrote:
>>>>
>>>> For a quick build of a test domain, completely separate from a
>>>> production domain, would you take a vReplica of the production domain
>>>> controller, then revive that in the test area?  Sounds great, but I have
>>>> huge trepidation about it.
>>>>
>>>>
>>>>
>>>> Joe Heaton
>>>>
>>>> Information Technology Operations Branch
>>>>
>>>> Data and Technology Division
>>>>
>>>> CA Department of Fish and Wildlife
>>>>
>>>> 1700 9th Street, 3rd Floor
>>>>
>>>> Sacramento, CA  95811
>>>>
>>>> Desk:  916-323-1284 <(916)%20323-1284>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Charlie Sullivan
>>>>
>>>> Sr. Windows Systems Administrator
>>>>
>>>> Boston College
>>>>
>>>> 197 Foster St. Room 367
>>>> <https://maps.google.com/?q=197+Foster+St.+Room+367%0D+Brighton,+MA+02135%0D+617=gmail=g>
>>>>
>>>> Brighton, MA 02135
>>>> <https://maps.google.com/?q=197+Foster+St.+Room+367%0D+Brighton,+MA+02135%0D+617=gmail=g>
>>>>
>>>> 617-552-4318 <(617)%20552-4318>
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Charlie Sullivan
>>>
>>> Sr. Windows Systems Administrator
>>>
>>> Boston College
>>>
>>> 197 Foster St. Room 367
>>> <https://maps.google.com/?q=197+Foster+St.+Room+367%0D+%0D+Brighton,+MA+02135%0D+%0D+617=gmail=g>
>>>
>>> Brighton, MA 02135
>>> <https://maps.google.com/?q=197+Foster+St.+Room+367%0D+%0D+Brighton,+MA+02135%0D+%0D+617=gmail=g>
>>>
>>> 617-552-4318 <(617)%20552-4318>
>>>
>>
>>
>
>
> --
>
> Charlie Sullivan
>
> Sr. Windows Systems Administrator
>
> Boston College
>
> 197 Foster St. Room 367
> <https://maps.google.com/?q=197+Foster+St.+Room+367%0D+Brighton,+MA+02135+%3Chttps://maps.google.com/?q%3D197%2BFoster%2BSt.%2BRoom%2B367%250D%2BBrighton,%2BMA%2B02135%250D%2B617%26entry%3Dgmail%26source%3Dg%3E%0D+617=gmail=g>
>
> Brighton, MA 02135
> <https://maps.google.com/?q=197+Foster+St.+Room+367%0D+Brighton,+MA+02135+%3Chttps://maps.google.com/?q%3D197%2BFoster%2BSt.%2BRoom%2B367%250D%2BBrighton,%2BMA%2B02135%250D%2B617%26entry%3Dgmail%26source%3Dg%3E%0D+617=gmail=g>
>
> 617-552-4318 <(617)%20552-4318>
>

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

[Andrew S. Baker]

Take a look at Cylance and WebRoot.

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Sep 14, 2017 at 12:31 PM, Michael Leone  wrote:

> We use Kaspersky for our AV needs, and to be honest, it's worked out
> well for us. It's certainly caught things that McAfee, our previous AV
> solution, didn't. However, they have this slight problem with being a
> covert arm of the Russian government, apparently ..
>
> So we need to drop them, as the federal agencies are doing.
>
> There are lots of reviews, such as av-test.org, that we are looking
> at. But tell me, who do you have? And - more importantly - if you had
> your say in the matter, would you keep them?
>
> We're an sort of enterprise level organization, maybe 1K users, bunch
> of laptops issued to remote users. So far, all Win 7 for workstations,
> but obviously that will change in the future. Servers are all Win
> 2008/2012 R2 (so far). So we need something with a centralized
> console, to push out rules, updates, etc.
>
> We use Proofpoint as an email gateway, so it does mail scanning. We
> have Checkpoint firewalls for managing that sort of traffic.
>
> Thoughts?  I know I've heard good things about ESET and Sophos, among
> others. Just soliciting some real world opinions, along with our own
> research.
>
>
>

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

[Andrew S. Baker]

Hehe...

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Fri, Sep 15, 2017 at 11:09 AM, Michael B. Smith 
wrote:

> Finland and Russia are side by side. Russia’s #2 city (Saint Petersburg)
> is only about 75 miles from the Finland border.  There are probably as many
> FSB (KGB) agents at F-Secure as there are at Kaspersky. J
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *geoff_taylor geoff_taylor
> *Sent:* Friday, September 15, 2017 9:05 AM
> *To:* ntsysadm
> *Subject:* Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?
>
>
>
> I like the offerings of F-Secure.  They are Finnish so somewhat removed
> from the Kremlin.  Full disclosure, in other lives I sold both McAfee and
> F-Secure products, and I have used a myriad of others, principally Symantec.
>
> gt
>
> -- Original Message --
> From: Eric Wittersheim 
> Date: September 15, 2017 at 8:02 AM
>
> We went from ESET to Sophos. The product is good but their support is not.
> I have had a lot better luck with the Win clients than my Mac clients as
> well. If they could get support fully staffed and trained I would have no
> problems with them.
>
>
>
> On Fri, Sep 15, 2017 at 6:47 AM, James M. Pulver < jmp...@cornell.edu>
> wrote:
>
> I've always liked ESET, and when we dropped Symantec, ESET was quoted to
> be the least expensive of a bunch we looked at. The ERA appliance is great,
> but a self install on Linux was buggy as hell. Glad I moved to the Virtual
> Appliance. Their tech support is B+ in my opinion. Upgraded to an A- as
> they don't run screaming from Linux. Some of the best I've dealt with, the
> main failing is no real route back to devs if there's a bug, but in terms
> of using what's there and being aware of work-arounds - they're among the
> best I've ever interacted with.
>
> They seem to be pretty effective, but then so was Symantec in our
> environment - we don't give out admin, and seem to have enough e-mail
> screening via Office 365 and central IT to really limit ransomware,
> followed by decent user culture of asking before clicking so there's not a
> lot of chances for it to step in. It does kill a few "driveby" unwanted
> applications for us, but we haven't (knock on wood) seen much real malware
> anyway.
>
> So if you have to tick the box for AV, like we do, ESET is a pretty good
> choice IMO. The other obvious "tick the box" one would be Windows Defender
> if you don't have to be cross platform. However, I think ESET is more
> effective - but as others said, that's not a high bar.
>
> I should point out, even the "traditional AV" isn't traditional AV anymore
> - ESET isn't just scanning against signatures. They have HIPS as well as
> behavior analysis and the like.
>
> James Pulver
> CLASSE Computer Group
> Cornell University
>
> On 09/14/2017 12:31 PM, Michael Leone wrote:
>
> We use Kaspersky for our AV needs, and to be honest, it's worked out
> well for us. It's certainly caught things that McAfee, our previous AV
> solution, didn't. However, they have this slight problem with being a
> covert arm of the Russian government, apparently ..
>
> So we need to drop them, as the federal agencies are doing.
>
> There are lots of reviews, such as av-test.org, that we are looking
> at. But tell me, who do you have? And - more importantly - if you had
> your say in the matter, would you keep them?
>
> We're an sort of enterprise level organization, maybe 1K users, bunch
> of laptops issued to remote users. So far, all Win 7 for workstations,
> but obviously that will change in the future. Servers are all Win
> 2008/2012 R2 (so far). So we need something with a centralized
> console, to push out rules, updates, etc.
>
> We use Proofpoint as an email gateway, so it does mail scanning. We
> have Checkpoint firewalls for managing that sort of traffic.
>
> Thoughts? I know I've heard good things about ESET and Sophos, among
> others. Just soliciting some real world opinions, along with our own
> research.
>
>
>
>
>
>
>
>

[NTSysADM] Looking to engage a professional services team

[Andrew S. Baker]

Good morning, folks:

I am looking to engage a professional services team that has some
experience in Azure Government.   A team that has immediate cycles would be
best.

Please contact me offline at: *aba...@brainwavecc.com*

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

Re: [NTSysADM] Building a test domain

[Andrew S. Baker]

I haven't seen your official reply as yet.  Just the test messages.

Regards,

 *ASB*
 *https://about.me/Andrew.S.Baker *

 *Providing CyberSecurity and IT Operations Consulting for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Wed, Sep 13, 2017 at 11:05 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

> Thanks for the replies to that message and sorry for hijacking the thread,
> but it looks like you guys saw that last message where I was just checking,
> but not the one where I was replying to Joseph's post about building a test
> AD.
>
> I have a gmail higher ed account. I usually use Outlook for the account. I
> switched over to Web Mail to send the last message and apparently that's
> the difference.
>
> On Wed, Sep 13, 2017 at 10:16 AM, Michael B. Smith 
> wrote:
>
>> We see you
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] *On Behalf Of *Charles F Sullivan
>> *Sent:* Wednesday, September 13, 2017 10:03 AM
>> *To:* ntsysadm@lists.myitforum.com
>> *Subject:* Re: [NTSysADM] Building a test domain
>>
>>
>>
>> I got a bounce message when I replied to this. I seem to have this
>> problem on here and the Patch Mgmt list the last few months. I'm trying a
>> different mail client now. Can someone let me know if this goes through?
>>
>>
>>
>> I get "Sorry, you do not have permission to post to the
>> ntsysadm@lists.myitforum.com mailing list".
>>
>>
>>
>> On Tue, Sep 12, 2017 at 5:31 PM, Heaton, Joseph@Wildlife <
>> joseph.hea...@wildlife.ca.gov> wrote:
>>
>> For a quick build of a test domain, completely separate from a production
>> domain, would you take a vReplica of the production domain controller, then
>> revive that in the test area?  Sounds great, but I have huge trepidation
>> about it.
>>
>>
>>
>> Joe Heaton
>>
>> Information Technology Operations Branch
>>
>> Data and Technology Division
>>
>> CA Department of Fish and Wildlife
>>
>> 1700 9th Street, 3rd Floor
>>
>> Sacramento, CA  95811
>>
>> Desk:  916-323-1284 <(916)%20323-1284>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Charlie Sullivan
>>
>> Sr. Windows Systems Administrator
>>
>> Boston College
>>
>> 197 Foster St. Room 367
>> 
>>
>> Brighton, MA 02135
>> 
>>
>> 617-552-4318 <(617)%20552-4318>
>>
>
>
>
> --
>
> Charlie Sullivan
>
> Sr. Windows Systems Administrator
>
> Boston College
>
> 197 Foster St. Room 367
> 
>
> Brighton, MA 02135
> 
>
> 617-552-4318 <(617)%20552-4318>
>

Re: [NTSysADM] Win2012 R2 and offline files

[Andrew S. Baker]

https://serverfault.com/questions/658892/issue-with-offline-availability-of-roaming-profiles

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Fri, Sep 1, 2017 at 8:49 AM, Michael Leone  wrote:

> Here we use redirected folders (not the whole profile, just the
> Documents and Desktop parts). And so, we also have offline files
> configured (in case the server with the desktop and documents
> disappears for a bit, at least the clients can still work with a local
> copy of their stuff, until the server comes back and it syncs.
>
> Been set that way for years, all was well. Then, we upgraded one of
> those file servers to Win2012 R2, and it stopped working. Went to
> check, and the option to make files available for offline use was
> turned off (on the server). It's still on for my 3 other file servers,
> but they're all Win2008 R2.
>
> I haven't seen anything that says that making files available offline
> is broken on Win2012R2. Did we just miss that option, or did my (now
> former) boss turn it off for some technical reason?
>
> Anybody using redirected folders and offline file with a Win2012 R2
> server? It all Just Works, right? We set all that via Group Policy,
> and all clients are Win 7.
>
> This is just an oversight on somebody's part here, yes? Offline files
> are still the recommended way to go, when using redirected home
> folders, and Desktop and Documents?
>
> Thanks
>
>
>

Re: [NTSysADM] Performance issues working on large shared files over VPN

[Andrew S. Baker]

How many users are you talking about?

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Aug 24, 2017 at 2:30 PM, David Tobias  wrote:

> Hi all-
>
>
>
> As a junior sysadmin I’ve been tasked with reviewing a solution to the
> following problem. Users that work from home (traditionally out of state
> from where our file server is located) are experiencing performance issues
> when having to VPN in and work on larger files (traditionally shared Excel
> workbooks that can range from 15MB to 45MB in size). As anticipated, users
> are experiencing performance issues, time-outs, and instability when having
> to open and work on these workbooks across the VPN. Users on the LAN in the
> same location where the file server is operate normally without issue, as
> expected.
>
>
>
> A few suggestions that have been tossed around have been setting up some
> type of VDI solution to present them with a virtualized desktop where they
> can go to work on the files. Immediate downside is that we don’t have an
> infrastructure for this in place and it may be overkill if this is just
> affecting a few users working on a few files.
>
>
>
> We’ve also discussed about setting up a SharePoint or Teams site as a
> collaboration area for them to work (not going across VPN) but there are
> concerns about hosting files with sensitive information as well as for
> users needing potentially needing to store more and more files as time goes
> on leading to a split of our files being located on a file server as well
> as on an online site.
>
>
>
> This is still a very early stage project and nothing is necessarily off
> the table at this point. Would very much enjoy hearing from others who may
> have had to deal with a similar situation and how they worked through it.
>
>
>
> Appreciate this great list!
>
>
>
> Thank you.
>
>
>
> ~Dave
> CONFIDENTIALITY NOTICE: This communication and its attachments may contain
> non-public, confidential, or legally privileged information including
> HIPAA-protected PHI. The interception, use or disclosure of such
> information is prohibited. If you are not the intended recipient, or have
> received this information in error, please notify the sender immediately by
> reply email and delete all copies of this message and attachments without
> reading, saving, or further distributing them.
>

Re: [NTSysADM] Re: scheduling iSCSI connections

[Andrew S. Baker]

It really seems like an effort to solve the wrong problem.

Why not just ensure that end-users don't have direct access to the device
which is handling backups, or to the back-end storage location of the
backups?

It's not like malware cannot lurk and wait for access...

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Sun, Aug 13, 2017 at 5:30 PM, J- P  wrote:

> While its possible , it is less likely as most infections are due to users
> clicking on or opening something , which will not occur off hours.
>
> And in reality the window would be shorter since  it uses CBT,  so on
> average the backups are about 10 minutes for most servers, with the
> exception of Exchange it usually takes about 45 min.
>
>
> I could theoretically install a new server (off domain) and run the backup
> software on that server which would solve the problem- lets see if I can
> sell them that idea.
>
>
> thanks
>
>
>
>
>
>
> --
> *From:* listsad...@lists.myitforum.com 
> on behalf of Brian Desmond 
> *Sent:* Sunday, August 13, 2017 12:06 PM
>
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] RE: scheduling iSCSI connections
>
>
> So what happens if your ransomware scenario occurs while the backup is
> running? That invalidates all your backups at that point as well.
>
>
>
> Perhaps I’m thinking of something else but all the backup toolsets I’ve
> worked with all push the data over the network to a central system that
> interacts with the backend storage/media.
>
>
>
> Thanks,
>
> Brian
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *J- P
> *Sent:* Saturday, August 12, 2017 10:39 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Re: scheduling iSCSI connections
>
>
>
> not sure I follow, the backup runs to a "local disk  iscsi target" then
> replicates offsite- - but I'm  assuming (God forbid) ransomware hits the
> host then it would also encrypt  the  "local iscsi disk" -
>
>
>
> tia
>
>
>
>
> --
>
> *From:* listsad...@lists.myitforum.com 
> on behalf of Brian Desmond 
> *Sent:* Saturday, August 12, 2017 5:51 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] RE: scheduling iSCSI connections
>
>
>
> Wouldn’t your backup tool be responsible for doing this? This seems very
> likely to fail in some way, shape, or form at some point.
>
>
>
> Thanks,
> Brian
>
>
>
>
>
> Thanks,
>
> Brian Desmond
>
>
>
> w – 312.625.1438 <(312)%20625-1438> | c – 312.731.3132 <(312)%20731-3132>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *J- P
> *Sent:* Friday, August 11, 2017 12:59 PM
> *To:* NT 
> *Subject:* [NTSysADM] scheduling iSCSI connections
>
>
>
> Is it possible to schedule iSCSI connections  (connect at 11pm, disconnect
> 6 am)
>
>
>
> We currently backup our hyper-v guests to our NAS which is presented to
> the host via iSCSI,
>
>
>
> The goal is  to achieve the equivalent  of ejecting a tape after backup is
> complete, in case of a ransomware infection.
>
>
>
> We do also have it offsite, however, I'd much rather restore 6tb locally
> than over the wire.
>
>
>
> Any thoughts feedback are greatly appreciated
>
>
>
>
>
>
>

[NTSysADM] Indoor Clouds

[Andrew S. Baker]

When is a cloud not a cloud?

http://searchdatacenter.techtarget.com/news/450423974/Azure-Stack-scale-limits-could-delay-launch-for-some-enterprises

When it's in your rack.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

[NTSysADM] Data Leakage via Carbon Black

[Andrew S. Baker]

Ouch...

https://blog.barkly.com/carbon-black-accused-of-customer-data-leak

What we are seeing in the implications of using features that make use of
3rd party services, without understanding the ramifications of how the
feature (or the 3rd party service) works.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

[NTSysADM] An acquisition I can live with?!?

[Andrew S. Baker]

https://www.digicert.com/news/digicert-to-acquire-symantec-website-security-business/

Yeah, I think so...

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

Re: Huzzah! Re: [NTSysADM] RPC not available on remote machine while doing DFSR config

[Andrew S. Baker]

I didn't think to ask about WAN accelerators, but they are suspect in WAN
related Microsoft networking...

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Jul 27, 2017 at 6:53 PM, Kurt Buff  wrote:

> It turns out that our Riverbed WAN accelerators were the problem.
>
> Don't know why that would be, but while working with MSFT support, I
> turned off the optimization for the Riverbed at each end, and it went
> through with nary a hiccup.
>
> This worked without a flaw, creating one Replication Group, and then
> creating many Replicated Folders under that RG, between two servers, and
> it's supposed to be one-way replication, which I'll test tomorrow. It also
> sets up the connection schedule, using the local time for the receiving
> computer
>
> However, I might not have gotten the connection schedule correct, because
> when I check the schedule in the GUI, it's set up for full speed
> replication 24x7, when it should be 512kbits/sec during the receiving
> computer's business hours. I'm going to let that cook overnight to see if
> that updates itself.
>
> This was a fun project, modulo the frustration with getting the script
> past the errors induced by the Riverbeds.
>
> I'm not real proud of the script, as it does no error checking, no
> prompting for user input, etc., but it got the job done. I've stripped out
> the comments and write-host stuff for the sake of brevity, and wanted to
> share it with y'all. Hope someone finds it useful.
>
> Kurt
>
> Tab-Delimited CSV, with header and one entry
>
> --Begin NewDFSr.csv--
> GroupNameSourceComputerFolderNameSourcePrimaryMember
> SourceContentPathSourceStagingPathQuotaInMBDestinationComputer
> DestinationContentPathDestinationReadOnly
> US2AU-Engineeringusfs01pTC-39.3TRUE
> K:\Engineering\TestCandidates\Folder1\CurrentVersions10240
> aufs01pE:\Engineering\TestCandidates\Folder1\CurrentVersionsTRUE
> --End NewDFSR.csv--
>
> --Begin Script--
> $NewDFSR = import-csv -Delimiter "`t" c:\Batchfiles\data\NewDFSR.csv
> $NewGroupName = "US2AU-Engineering"
> New-DfsReplicationGroup -GroupName $NewGroupName
> Add-DfsrMember -GroupName $NewGroupName -ComputerName usfs01p, aufs01p
> Add-DfsrConnection -GroupName $NewGroupName -SourceComputerName
> $SourceComputer -DestinationComputerName $DestinationComputer
>
> Foreach ($Line in $NewDFSR)
>{
> $SourceComputer = $Line.SourceComputer
> $FolderName = $Line.FolderName
> $SourceContentPath = $Line.SourceContentPath
> $SourceStagingPathQuotaInMB = $Line.SourceStagingPathQuotaInMB
> $SourcePrimaryMember = [System.Convert]::ToBoolean($
> Line.SourcePrimaryMember)
> $DestinationComputer = $Line.DestinationComputer
> $DestinationContentPath = $Line.DestinationContentPath
> $DestinationReadOnly = [System.Convert]::ToBoolean($
> Line.DestinationReadOnly)
> New-DfsReplicatedFolder -GroupName $NewGroupName -FolderName
> $FolderName
> Set-DfsrMembership -GroupName $NewGroupName -FolderName $FolderName
> -ComputerName $SourceComputer -ContentPath $SourceContentPath
> -PrimaryMember $SourcePrimaryMember -StagingPathQuotaInMB
> $SourceStagingPathQuotaInMB -Force
> Set-DfsrMembership -GroupName $NewGroupName -FolderName $FolderName
> -ComputerName $DestinationComputer -ContentPath $DestinationContentPath
> -ReadOnly $DestinationReadOnly -Force
> }
>
> Set-DfsrConnectionSchedule -GroupName $NewGroupName -SourceComputerName
> $SourceComputer -DestinationComputerName $DestinationComputer -Day
> 1,2,3,4,5 -BandwidthDetail "ff
> ff"
> Update-DfsrConfigurationFromAD -ComputerName $SourceComputer,$
> DestinationComputer
> --End Script--
>
>
>
> On Mon, Jul 24, 2017 at 3:30 PM, Michael B. Smith 
> wrote:
>
>> And do you have errors in the DFS specific event logs?
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] *On Behalf Of *Michael B. Smith
>> *Sent:* Monday, July 24, 2017 6:22 PM
>> *To:* ntsysadm@lists.myitforum.com
>> *Subject:* RE: [NTSysADM] RPC not available on remote machine while
>> doing DFSR config
>>
>>
>>
>> 609 ms? Wow.
>>
>>
>>
>> I suspect that is a hint. Let’s do a bit more:
>>
>>
>>
>>rpcping -s aufs01p –i 100 –v 3
>>
>>
>>
>> and see what that tells us….
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com ] *On Behalf Of *Kurt Buff
>> *Sent:* Monday, July 24, 2017 5:33 PM
>> *To:* ntsysadm
>> *Subject:* Re: [NTSysADM] RPC not available on remote machine while
>> doing DFSR config
>>
>>
>>
>> I believe so:
>>
>> From my 

Re: [NTSysADM] this file cannot be previewed because of an error with the following previewer

[Andrew S. Baker]

Why not keep all the office apps at the same level?

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Jul 27, 2017 at 12:22 PM, J- P  wrote:

> Hi all,
>
>
> We have a 2008rs rds  where the previewing of office files is not working
> in outlook
>
>
> I have gone into all the office settings
>
> (File info advanced  save thumbnails)
>
> (File trust center , settings, attachment handler,, attachment and
> document Previewers )
>
> (cleared outlook temp security folder)
>
> All settings double check and confirmed yet it still gives this message
>
>
> "this file cannot be previewed because of an error with the following
> previewer;
>
>
> One thing to note is that  (for compatibility reasons with an in-house DB)
> Outlook is 2010 and Word and Excel are 2013
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Jean-Paul Natola
>
>

Re: [NTSysADM] DNS providers

[Andrew S. Baker]

Who do you have now?

EasyDNS
DNS Made Easy
DynDNS
CloudFlare

...are all viable option.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Tue, Jul 11, 2017 at 8:22 AM, Kennedy, Jim 
wrote:

>
>
> Looking for recommendations for public DNS providers.  Our current
> provider is getting a bit flakey.  We are not huge, don’t need anything
> fancy, just reliable and reasonably responsive.
>

Re: [NTSysADM] Perhaps of general interest...

[Andrew S. Baker]

*>>Yes, but I prefer to "own" my software, not rent it. That way we
can upgrade at need, rather than when the vendor says so, and will probably
spend far less money doing so.*

Most people do.   But that is getting harder and harder to do each year.

(Because enough people are fine with a utilities model)

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>*

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Jul 6, 2017 at 2:06 PM, Kurt Buff <kurt.b...@gmail.com> wrote:

> Yes, but I prefer to "own" my software, not rent it. That way we can
> upgrade at need, rather than when the vendor says so, and will
> probably spend far less money doing so.
>
> The "own" in quotes merely points to not paying monthly rental - we
> all know that commercial software is only licensed, not truly sold.
>
> I just don't want to be a piggybank for the software publishers - I
> don't mind paying for good functionality, nor paying for ongoing
> support.
>
> On Thu, Jul 6, 2017 at 10:51 AM, Andrew S. Baker <asbz...@gmail.com>
> wrote:
> > Many big vendors today are pushing a cloud strategy, as it more readily
> > facilitates ongoing revenue and supporting a smaller number of disparate
> > configurations.
> >
> > Regards,
> >
> >  ASB
> >  http://XeeMe.com/AndrewBaker
> >
> >  Providing Expert Technology Consulting Services for the SMB market…
> >
> >  GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
> >
> >
> >
> > On Sun, Jul 2, 2017 at 6:26 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
> >>
> >> Very interesting.
> >>
> >> MSFT is shoving very, very hard to push everyone into their cloud, and
> >> this fits their strategy...
> >>
> >> On Sun, Jul 2, 2017 at 2:41 PM, Michael B. Smith <mich...@smithcons.com
> >
> >> wrote:
> >> >
> >> > https://techcrunch.com/2017/07/02/microsoft-is-laying-off-
> thousands-of-staff/?ncid=rss
> >> >
> >> >
> >>
> >>
> >
>
>
>

Re: [NTSysADM] Perhaps of general interest...

[Andrew S. Baker]

Many big vendors today are pushing a cloud strategy, as it more readily
facilitates ongoing revenue and supporting a smaller number of disparate
configurations.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Sun, Jul 2, 2017 at 6:26 PM, Kurt Buff  wrote:

> Very interesting.
>
> MSFT is shoving very, very hard to push everyone into their cloud, and
> this fits their strategy...
>
> On Sun, Jul 2, 2017 at 2:41 PM, Michael B. Smith 
> wrote:
> > https://techcrunch.com/2017/07/02/microsoft-is-laying-off-
> thousands-of-staff/?ncid=rss
> >
> >
>
>
>

Re: [NTSysADM] RE: Does Separating Data and Log Files Make Your Server More Reliable?

[Andrew S. Baker]

It definitely had a performance impact -- for heavy transactional databases
in particular.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Jun 26, 2017 at 1:39 PM, Webster  wrote:

> From the comments, I gather it is not about speed, nor performance, nor
> reliability. At least that is how I am reading the article and comments.
>
>
>
>
>
> Webster
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kennedy, Jim
> *Sent:* Monday, June 26, 2017 11:55 AM
> *To:* NT Issues (ntsysadm@lists.myitforum.com) <
> ntsysadm@lists.myitforum.com>
> *Subject:* [NTSysADM] RE: Does Separating Data and Log Files Make Your
> Server More Reliable?
>
>
>
> I never viewed it as a reliability decision, but as a speed/performance
> decision.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Webster
> *Sent:* Monday, June 26, 2017 12:30 PM
> *To:* NT Issues (ntsysadm@lists.myitforum.com)
> *Subject:* [NTSysADM] Does Separating Data and Log Files Make Your Server
> More Reliable?
>
>
>
> I had always been told to separate everything in SQL Server.
>
>
>
> https://www.brentozar.com/archive/2017/06/separating-
> data-log-files-make-server-reliable/
>
>
>
>
>
> Webster
>

Re: [NTSysADM] Thank you, NSA...

[Andrew S. Baker]

​All of those issues may be factors, but at some point people get old
enough to make their own decisions and cannot rely on a permanent
mitigating factor from earlier years...​

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>*

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Fri, Jun 23, 2017 at 2:35 PM, Kent, Mark <ken...@buffalostate.edu> wrote:

> Is it their fault or the fault of the people who are designing such
> systems for not clearly explaining what it is that their systems are
> harvesting and disseminating?  Or the failure of parenting or those in
> leadership roles not properly coaching or helping people?  We created this
> world, not them.
>
>
>
> Mark Kent
>
> Manager, Client Systems Engineering
>
> Technology Support Services
>
> Resources for Information, Technology and Education (RITE)
>
> http://rite.buffalostate.edu
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Michael B. Smith
> *Sent:* Friday, June 23, 2017 1:48 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Thank you, NSA...
>
>
>
> While it SHOULD, I’m not convinced it will.
>
>
>
> Especially the millennial generation really doesn’t care about privacy.
> They are happy to give up phone numbers, email addresses, physical
> addresses online – not only their own, but also those of friends and
> family. Because: ease of use. Look at Alexa and Echo. “Appliances” sitting
> in the home that can hear every word said.
>
>
>
> It’s endemic.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Andrew S.
> Baker
> *Sent:* Friday, June 23, 2017 1:32 PM
> *To:* ntsysadm
> *Subject:* Re: [NTSysADM] Thank you, NSA...
>
>
>
> Our nation-state is not the only one creating problems like this.
>
>
>
> You have to believe that combination of nation-state actors with organized
> crime is creating a situation that might become very unmanageable in the
> near future, and almost certainly change the way we look at internet usage
> and cybersecurity.
>
>
> Regards,
>
>  *ASB*
>  *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>*
>
>  *Providing Expert Technology Consulting Services for the SMB market…*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
>
>
> On Thu, Jun 22, 2017 at 11:01 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>
> https://www.nytimes.com/2017/06/22/technology/ransomware-
> attack-nsa-cyberweapons.html
>
> A Cyberattack ‘the World Isn’t Ready For’
>
> NEWARK — There have been times over the last two months when Golan
> Ben-Oni has felt like a voice in the wilderness.
>
> On April 29, someone hit his employer, IDT Corporation, with two
> cyberweapons that had been stolen from the National Security Agency.
> Mr. Ben-Oni, the global chief information officer at IDT, was able to
> fend them off, but the attack left him distraught.
>
> In 22 years of dealing with hackers of every sort, he had never seen
> anything like it. Who was behind it? How did they evade all of his
> defenses? How many others had been attacked but did not know it?
>
> Since then, Mr. Ben-Oni has been sounding alarm bells, calling anyone
> who will listen at the White House, the Federal Bureau of
> Investigation, the New Jersey attorney general’s office and the top
> cybersecurity companies in the country to warn them about an attack
> that may still be invisibly striking victims undetected around the
> world.
>
> And he is determined to track down whoever did it.
>
> “I don’t pursue every attacker, just the ones that piss me off,” Mr.
> Ben-Oni told me recently over lentils in his office, which was strewn
> with empty Red Bull cans. “This pissed me off and, more importantly,
> it pissed my wife off, which is the real litmus test.”
>
> Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged
> computers at hospitals in England, universities in China, rail systems
> in Germany, even auto plants in Japan. No doubt it was destructive.
> But what Mr. Ben-Oni had witnessed was much worse, and with all eyes
> on the WannaCry destruction, few seemed to be paying attention to the
> attack on IDT’s systems — and most likely others around the world.
>
> The strike on IDT, a conglomerate with headquarters in a nondescript
> gray building here with views of the Manhattan skyline 15 miles away,
> was similar to WannaCry in one way: Hackers locked up IDT data and
> deman

Re: [NTSysADM] Thank you, NSA...

[Andrew S. Baker]

Our nation-state is not the only one creating problems like this.

You have to believe that combination of nation-state actors with organized
crime is creating a situation that might become very unmanageable in the
near future, and almost certainly change the way we look at internet usage
and cybersecurity.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Jun 22, 2017 at 11:01 PM, Kurt Buff  wrote:

> https://www.nytimes.com/2017/06/22/technology/ransomware-
> attack-nsa-cyberweapons.html
>
> A Cyberattack ‘the World Isn’t Ready For’
>
> NEWARK — There have been times over the last two months when Golan
> Ben-Oni has felt like a voice in the wilderness.
>
> On April 29, someone hit his employer, IDT Corporation, with two
> cyberweapons that had been stolen from the National Security Agency.
> Mr. Ben-Oni, the global chief information officer at IDT, was able to
> fend them off, but the attack left him distraught.
>
> In 22 years of dealing with hackers of every sort, he had never seen
> anything like it. Who was behind it? How did they evade all of his
> defenses? How many others had been attacked but did not know it?
>
> Since then, Mr. Ben-Oni has been sounding alarm bells, calling anyone
> who will listen at the White House, the Federal Bureau of
> Investigation, the New Jersey attorney general’s office and the top
> cybersecurity companies in the country to warn them about an attack
> that may still be invisibly striking victims undetected around the
> world.
>
> And he is determined to track down whoever did it.
>
> “I don’t pursue every attacker, just the ones that piss me off,” Mr.
> Ben-Oni told me recently over lentils in his office, which was strewn
> with empty Red Bull cans. “This pissed me off and, more importantly,
> it pissed my wife off, which is the real litmus test.”
>
> Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged
> computers at hospitals in England, universities in China, rail systems
> in Germany, even auto plants in Japan. No doubt it was destructive.
> But what Mr. Ben-Oni had witnessed was much worse, and with all eyes
> on the WannaCry destruction, few seemed to be paying attention to the
> attack on IDT’s systems — and most likely others around the world.
>
> The strike on IDT, a conglomerate with headquarters in a nondescript
> gray building here with views of the Manhattan skyline 15 miles away,
> was similar to WannaCry in one way: Hackers locked up IDT data and
> demanded a ransom to unlock it.
>
> But the ransom demand was just a smoke screen for a far more invasive
> attack that stole employee credentials. With those credentials in
> hand, hackers could have run free through the company’s computer
> network, taking confidential information or destroying machines.
>
> Worse, the assault, which has never been reported before, was not
> spotted by some of the nation’s leading cybersecurity products, the
> top security engineers at its biggest tech companies, government
> intelligence analysts or the F.B.I., which remains consumed with the
> WannaCry attack.
>
> Were it not for a digital black box that recorded everything on IDT’s
> network, along with Mr. Ben-Oni’s tenacity, the attack might have gone
> unnoticed.
>
> Scans for the two hacking tools used against IDT indicate that the
> company is not alone. In fact, tens of thousands of computer systems
> all over the world have been “backdoored” by the same N.S.A. weapons.
> Mr. Ben-Oni and other security researchers worry that many of those
> other infected computers are connected to transportation networks,
> hospitals, water treatment plants and other utilities.
>
> An attack on those systems, they warn, could put lives at risk. And
> Mr. Ben-Oni, fortified with adrenaline, Red Bull and the house beats
> of Deadmau5, the Canadian record producer, said he would not stop
> until the attacks had been shut down and those responsible were behind
> bars.
>
> “The world is burning about WannaCry, but this is a nuclear bomb
> compared to WannaCry,” Mr. Ben-Oni said. “This is different. It’s a
> lot worse. It steals credentials. You can’t catch it, and it’s
> happening right under our noses.”
>
> And, he added, “The world isn’t ready for this.”
>
> Targeting the Nerve Center
>
> Mr. Ben-Oni, 43, a Hasidic Jew, is a slight man with smiling eyes, a
> thick beard and a hacker’s penchant for mischief. He grew up in the
> hills of Berkeley, Calif., the son of Israeli immigrants.
>
> Even as a toddler, Mr. Ben-Oni’s mother said, he was not interested in
> toys. She had to take him to the local junkyard to scour for
> typewriters that he would eventually dismantle on the living room
> floor. As a teenager, he aspired to become a rabbi but spent most of
> his free time hacking computers at the University of California,
> 

Re: [NTSysADM] Ransonware protection

[Andrew S. Baker]

+5 for Cylance.   Bromium is decent, too.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Jun 12, 2017 at 9:05 AM, Webster  wrote:

> Ones I have personal experience with at customer sites:
>
>
>
> Cylance
>
> Bromium (headed by former CTO of Citrix)
>
> Citrix XenServer with BitDefender Hypervisor Introspection (HVI)
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional
>
> http://www.CarlWebster.com
> 
>
> The Accidental Citrix Admin
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Tom Miller
> *Sent:* Monday, June 12, 2017 7:35 AM
> *To:* NTSysADM@lists.myitforum.com
> *Subject:* [NTSysADM] Ransonware protection
>
>
>
> Hi All,
>
>
>
> What would you recommend as specific software solutions to protect against
> Ransomware?  In my company we use:
>
>
>
> -  Sonicwall firewalls, and the gateway security component is enabled and
> is supposed to help block/prevent.
>
> - Symantec AV.  Not specific to ransom-ware but appears to be reactive.
>
>
>
> I'm looking at additional layers of security, such as the Barracuda e-mail
> filter.  I used that at past jobs and that reduced the "infected" e-mails
> considerably.
>
>
>
> I also have used Malwarebytes enterprise.  That has an anti-ransomeware
> component.  I used that in a past job and was not impressed.  Malwarebytes
> sold is an an "enterprise" solution, but it was a stand alone product, had
> not integration with the management console, no configuration and no
> notifications.  It appeared to be a rush to market.
>
>
>
> Sophos supposedly has a similar solution specific to Malwarebytes but I
> have not looked at it yet.
>
>
>
> Internally, we also have targeted employee training and use a service to
> send "fake" messages from Amazon/UPS, etc to let them know that they need
> to be vigilant when reviewing messages from outside the company.
>
>
>
> Thoughts appreciated.
>

Re: [NTSysADM] Ransonware protection

[Andrew S. Baker]

Take a look at *Cylance *(www.cylance.com) and have them give you a demo.

They have a super solid product that is excellent against even unknown
malware (ransomware is not special in this sense).  They gave a most
impressive live demo at the Gartner Security & Risk Management Summit today.

At the mail gateway, Barracuda is a good idea, but also check out *Mimecast*
.

And I agree that any security awareness training will be helpful.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, Jun 12, 2017 at 8:35 AM, Tom Miller  wrote:

> Hi All,
>
> What would you recommend as specific software solutions to protect against
> Ransomware?  In my company we use:
>
> -  Sonicwall firewalls, and the gateway security component is enabled and
> is supposed to help block/prevent.
> - Symantec AV.  Not specific to ransom-ware but appears to be reactive.
>
> I'm looking at additional layers of security, such as the Barracuda e-mail
> filter.  I used that at past jobs and that reduced the "infected" e-mails
> considerably.
>
> I also have used Malwarebytes enterprise.  That has an anti-ransomeware
> component.  I used that in a past job and was not impressed.  Malwarebytes
> sold is an an "enterprise" solution, but it was a stand alone product, had
> not integration with the management console, no configuration and no
> notifications.  It appeared to be a rush to market.
>
> Sophos supposedly has a similar solution specific to Malwarebytes but I
> have not looked at it yet.
>
> Internally, we also have targeted employee training and use a service to
> send "fake" messages from Amazon/UPS, etc to let them know that they need
> to be vigilant when reviewing messages from outside the company.
>
> Thoughts appreciated.
>

Re: [NTSysADM] What is the argument for Windows Server Core/NanoServer over Linux?

[Andrew S. Baker]

​Agreed.  It is a risk/reward consideration.

If you cannot afford to get breached, then this is far less costly than a
breach.

Often, people belatedly realize that they could have afforded to do
something differently than they initially considered.​

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Sat, Jun 3, 2017 at 6:57 PM, Kurt Buff  wrote:

> Until I implement, I can't say for sure just how practical it is or
> isn't, but it seems to me that if your org is under any kind of
> regulatory regime (HIPAA, SarbOx, JSOX, etc.) that at least the Domain
> Admins should be doing this.
>
> Kurt
>
> On Sat, Jun 3, 2017 at 2:34 PM, Katherine M. Moss
>  wrote:
> > Seemingly only practical, though in the most high security situations. I
> > can’t imagine that too many of us will bother with it since it’s more
> > administrative overhead than most probably care to deal with.
> >
> >
> >
> > Sent from Mail for Windows 10
> >
> >
> >
> > From: Michael B. Smith
> > Sent: Saturday, June 3, 2017 17:33
> > To: ntsysadm@lists.myitforum.com
> > Subject: RE: [NTSysADM] What is the argument for Windows Server
> > Core/NanoServer over Linux?
> >
> >
> >
> > Interesting read. Thanks.
> >
> > -Original Message-
> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com]
> > On Behalf Of Kurt Buff
> > Sent: Friday, June 2, 2017 9:49 PM
> > To: ntsysadm
> > Subject: Re: [NTSysADM] What is the argument for Windows Server
> > Core/NanoServer over Linux?
> >
> > Sorry - my bad. They are Privileged Access Workstations:
> > https://docs.microsoft.com/en-us/windows-server/identity/
> securing-privileged-access/privileged-access-workstations
> > https://gallery.technet.microsoft.com/Privileged-Access-53a4673a
> >
> > Kurt
> >
> > On Fri, Jun 2, 2017 at 10:12 AM, Katherine M. Moss
> >  wrote:
> >> What are those again?
> >>
> >> -Original Message-
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> >> Sent: Friday, June 02, 2017 1:03 PM
> >> To: ntsysadm 
> >> Subject: Re: [NTSysADM] What is the argument for Windows Server
> >> Core/NanoServer over Linux?
> >>
> >> It's also a push to start implementing PAWs - Protected Access
> >> Workstations - which is how I'm going to configure my next machine.
> >>
> >> Kurt
> >>
> >> On Fri, Jun 2, 2017 at 9:34 AM, Katherine M. Moss
> >>  wrote:
> >>> I prefer remote management, actually. The insane thing is how easy it
> is
> >>> to build out Nano servers. That another reason; not having a local GUI
> will
> >>> prevent me from always using RDP; trying to move away from that as
> much as
> >>> possible.
> >>>
> >>> -Original Message-
> >>> From: listsad...@lists.myitforum.com
> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Matt Stork
> >>> Sent: Friday, June 02, 2017 11:38 AM
> >>> To: ntsysadm@lists.myitforum.com
> >>> Subject: RE: [NTSysADM] What is the argument for Windows Server
> >>> Core/NanoServer over Linux?
> >>>
> >>> Running Core and Nano does not mean running without a GUI, they mean
> >>> running without a GUI locally.  The majority of the server management
> GUI
> >>> tools can connect to a remote server (Core, Nano or Desktop), it is a
> matter
> >>> of having your firewall and authentication setup to allow this.  The
> >>> transition is difficult but unless we wish to fall like the mainframe
> people
> >>> who refused to adapt, this is technology we must learn.
> >>>
> >>> Nano is new but Core has been around since Server 2008.  I would not
> call
> >>> that new.
> >>> -Matt
> >>>
> >>> -Original Message-
> >>> From: listsad...@lists.myitforum.com
> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Katherine M.
> >>> Moss
> >>> Sent: Friday, June 02, 2017 9:18 AM
> >>> To: ntsysadm@lists.myitforum.com
> >>> Subject: RE: [NTSysADM] What is the argument for Windows Server
> >>> Core/NanoServer over Linux?
> >>>
> >>> That’s the difficulty I’m having; currently, I’m the only one in my
> group
> >>> who sees any benefit to the ASP.net platform, for instance (I’m a
> DNNizen,
> >>> and trying to rise in prominence in that community, for example). Why
> run
> >>> ASP.NET when you can run Wordpress, they say. Why run IIS when PHP
> was born
> >>> on Apache, they say. The other issue I have is that when dealing with
> >>> creatures of habbit, it’s hard to get people to look at current stats.
> I
> >>> tend to use what works, not what the market tells me I should, for the
> most
> >>> part. Does it have to do with what you were brought up with? Plus
> because
> >>> Core and Nano are new; so I think in my case the issue is getting
> people who
> >>> 

Re: [NTSysADM] What is the argument for Windows Server Core/NanoServer over Linux?

[Andrew S. Baker]

Thanks, Kurt.   This is a good read.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Fri, Jun 2, 2017 at 9:48 PM, Kurt Buff  wrote:

> Sorry - my bad. They are Privileged Access Workstations:
> https://docs.microsoft.com/en-us/windows-server/identity/
> securing-privileged-access/privileged-access-workstations
> https://gallery.technet.microsoft.com/Privileged-Access-53a4673a
>
> Kurt
>
> On Fri, Jun 2, 2017 at 10:12 AM, Katherine M. Moss
>  wrote:
> > What are those again?
> >
> > -Original Message-
> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kurt Buff
> > Sent: Friday, June 02, 2017 1:03 PM
> > To: ntsysadm 
> > Subject: Re: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >
> > It's also a push to start implementing PAWs - Protected Access
> Workstations - which is how I'm going to configure my next machine.
> >
> > Kurt
> >
> > On Fri, Jun 2, 2017 at 9:34 AM, Katherine M. Moss <
> km...@winterhillsolutions.com> wrote:
> >> I prefer remote management, actually. The insane thing is how easy it
> is to build out Nano servers. That another reason; not having a local GUI
> will prevent me from always using RDP; trying to move away from that as
> much as possible.
> >>
> >> -Original Message-
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Matt Stork
> >> Sent: Friday, June 02, 2017 11:38 AM
> >> To: ntsysadm@lists.myitforum.com
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >> Running Core and Nano does not mean running without a GUI, they mean
> running without a GUI locally.  The majority of the server management GUI
> tools can connect to a remote server (Core, Nano or Desktop), it is a
> matter of having your firewall and authentication setup to allow this.  The
> transition is difficult but unless we wish to fall like the mainframe
> people who refused to adapt, this is technology we must learn.
> >>
> >> Nano is new but Core has been around since Server 2008.  I would not
> call that new.
> >> -Matt
> >>
> >> -Original Message-
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Katherine M. Moss
> >> Sent: Friday, June 02, 2017 9:18 AM
> >> To: ntsysadm@lists.myitforum.com
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >> That’s the difficulty I’m having; currently, I’m the only one in my
> group who sees any benefit to the ASP.net platform, for instance (I’m a
> DNNizen, and trying to rise in prominence in that community, for example).
> Why run ASP.NET when you can run Wordpress, they say. Why run IIS when
> PHP was born on Apache, they say. The other issue I have is that when
> dealing with creatures of habbit, it’s hard to get people to look at
> current stats. I tend to use what works, not what the market tells me I
> should, for the most part. Does it have to do with what you were brought up
> with? Plus because Core and Nano are new; so I think in my case the issue
> is getting people who are used to one thing to get used to another. There’s
> that saying, use the right tool for the job, so how to ensure that you
> choose the right one when both can perform equally well? I’m an explorer,
> so it’s easy for me to say, let’s try something new and fun.
> >>
> >>
> >>
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F
> >> Sullivan
> >> Sent: Friday, June 02, 2017 9:50 AM
> >> To: ntsysadm@lists.myitforum.com
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >>
> >>
> >> Yes, people usually do run Linux servers without a GUI. What I meant
> was that you can use Windows Server Core or Nano to avoid the Windows GUI,
> thus not having to use Linux to get those benefits.
> >>
> >>
> >>
> >> As someone else said, it depends on what the application is as to what
> platform is more appropriate. I think that’s the real answer.
> >>
> >>
> >>
> >> From: listsad...@lists.myitforum.com
> >> 
> >> [mailto:listsad...@lists.myitforum.com
> >>  ] On Behalf Of Rene de Haas
> >> Sent: Thursday, June 1, 2017 6:49 PM
> >> To: ntsysadm@lists.myitforum.com 
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >>
> >>
> >> You can run linux without a gui.
> >>
> >>
> >>
> >> Op 1 jun. 2017 11:54 p.m. schreef "Charles F Sullivan" <
> charles.sulliva...@bc.edu 

Re: [NTSysADM] Windows Storage Spaces VS. RAID

[Andrew S. Baker]

I haven't spent a whole lot of time looking at them, but at one client,
I've seen two instances (out of about 9 or 10) where they appeared to be
created properly but would not allow more than 170GB of info to be written
to the volume in question.

This is on Windows 2012 R2.

I'm currently not that big of a fan until I see more.  The Windows 2016
storage implementation seems better, but we'll see.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Wed, May 31, 2017 at 9:52 AM, Katherine M. Moss <
km...@winterhillsolutions.com> wrote:

> Hi all,
>
> I’m looking for some open minded folks on here who can possibly provide
> validation for both sides of this argument. I tend to prefer storage spaces
> simply because they are so simple to configure and they don’t require a set
> of eyes to read BIOS screens. I know some people on the other hand who are
> either creatures of habbit, or they don’t see the benefits of storage
> spaces, or they see it as inferior to RAID. What do you guys think? I am
> familiar with Dell configurations if that matters.
>

Re: [NTSysADM] WAN acceleration for small office

[Andrew S. Baker]

WAN accelerators are not cheap.

Have you looked at the capacity/performance of the RDS servers?

Have you considered QoS for the RDS traffic?


Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Wed, May 24, 2017 at 9:51 PM, Tom Miller  wrote:

> I have a few staff in a remote office in Florida who spend most of their
> day working in RDS at our main site in Virginia.  We have decent bandwidth
> at both locations and decent firewalls, no issues there.   The Florida
> staff complain of latency/laggy experience in RDS.  I am wondering if these
> folks would be a fit for a WAN accelerator.  I have not used them in a few
> years, last experience was with Riverbeds.
>
>
> Any suggestions for something that won't cost a fortune like a Riverbed?
> I have SonicWall firewalls and they can take advantage of a SonicWall
> appliance, which I might also look at.
>
> Thanks,
> Tom
>

Re: [NTSysADM] recommended SNMP Monitoring tools

[Andrew S. Baker]

Have you seen this?

http://axence.net/en/nvision

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Tue, May 23, 2017 at 1:56 PM, Jimmy Tran  wrote:

> Hi All,
>
>
>
> I know there are a lot of options out available so I’m hoping you guys can
> provide some recommendations on software you guys prefer. The requirement I
> have is to be able to monitor hardware on physical servers (ESXi Included),
> NAS and Firewalls from different sites. Would be great if they all report
> back to one management console. Pricing is a factor so the lower the cost
> the better.
>
> Thanks,
>
>
>
> Jimmy
>

Re: [NTSysADM] Updating old WIN 7 laptop - THANKS!

[Andrew S. Baker]

Congrats

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, May 22, 2017 at 9:07 AM, Richard McClary 
wrote:

> Greetings!
>
>
>
> I had the laptop I had to rebuild from the “Rescue” disk.  It was at a
> version on which Windows Update appeared to fail.  I received 7 replies,
> two of which were wonderful!
>
>
>
> This site:  http://wu.krelay.de/en/  had a nice matrix of KB’s to upload
> in which order, as well as links to both the 32-bit and the 64-bit
> versions.  Those all applied in less than 10 minutes.
>
>
>
> Windows Update took about a day-and-a-half to download and apply about 300
> patches (many of which required other updates earlier).
>
>
>
> Now feeling far more protected,  link to the MS Media Creator Tool
> https://www.microsoft.com/en-gb/software-download/windows10
> 
> had Windows 10 up and running in perhaps a half-hour.
>
>
>
> So, I now have a functional (and hopefully up-to-date) Win 10 laptop for
> doing bill work, etc in my kitchen.
>
>
>
> Thanks, guys!
>
> --
>
> richard
>
>
>
>
> The information contained in this e-mail, and any attachments hereto, is
> from The American Society for the Prevention of Cruelty to Animals®
> (ASPCA®) and is intended only for use by the addressee(s) named herein and
> may contain privileged and/or confidential information. If you are not the
> intended recipient(s) of this e-mail, you are hereby notified that any
> dissemination, distribution, copying or use of the contents of this e-mail,
> and any attachments hereto, is strictly prohibited unless authorized by the
> sender. If you have received this e-mail in error, please immediately
> notify the sender by reply email and permanently delete this e-mail and any
> printout thereof.
>

Re: [NTSysADM] Security hole in Intel ME

[Andrew S. Baker]

This is HUGE.

And, no doubt, this being actively exploited and has been for some time.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Tue, May 2, 2017 at 12:08 AM, Kurt Buff  wrote:

> https://semiaccurate.com/2017/05/01/remote-security-exploit-
> 2008-intel-platforms/
>  First a little bit of background. SemiAccurate has known about this
>  vulnerability for literally years now, it came up in research we were
> doing
>  on hardware backdoors over five years ago. What we found was scary on a
>  level that literally kept us up at night. For obvious reasons we couldn’t
>  publish what we found out but we took every opportunity to beg anyone who
>  could even tangentially influence the right people to do something about
>  this security problem. SemiAccurate explained the problem to literally
>  dozens of “right people” to seemingly no avail. We also strongly hinted
>  that it existed at every chance we had.
> ...
>  The problem is quite simple, the ME controls the network ports and has
>  DMA access to the system. It can arbitrarily read and write to any memory
>  or storage on the system, can bypass disk encryption once it is unlocked
>  (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify
>  this capability yet), read and write to the screen, and do all of this
>  completely unlogged. Due to the network access abilities, it can also send
>  whatever it finds out to wherever it wants, encrypted or not.
> ...
>  The short version is that every Intel platform with AMT, ISM, and
>  SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely
>  exploitable security hole in the ME (Management Engine) not CPU
>  firmware. If this isn’t scary enough news, even if your machine
>  doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable,
>  just not over the network. For the moment. From what SemiAccurate
>  gathers, there is literally no Intel box made in the last 9+ years
>  that isn’t at risk. This is somewhere between nightmarish and
>  apocalyptic.[/QUOTE]
>
> https://security-center.intel.com/advisory.aspx?intelid=
> INTEL-SA-00075=en-fr
>
> You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors
>
> Intel's mitigation guide:
> https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%
> 20Mitigation%20Guide%20-%20Rev%201.1.pdf
>
> According to Intel:
>
>  There is an escalation of privilege vulnerability in Intel® Active
>  Management Technology (AMT), Intel® Standard Manageability (ISM),
>  and Intel® Small Business Technology versions firmware versions
>  6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an
>  unprivileged attacker to gain control of the manageability features
>  provided by these products.  This vulnerability does not exist on
>  Intel-based consumer PCs.
>
>
>

Re: [NTSysADM] Two Factor Authentication

[Andrew S. Baker]

I would recommend Duo Security as an option that is fairly easy to
implement, and fairly comprehensive.

They even offer up to 10-user for free.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Mon, May 1, 2017 at 8:42 AM, CSSU NetAdmin  wrote:

> Does anyone have suggestions for two-factor authentication for Windows
> 2012 R2 RDP?
>
> Thanks!
>

Re: [NTSysADM] Beware browser password managers

[Andrew S. Baker]

It is now the IoET or the IoIT

Evil or Insecure -- your choice.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>*

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Thu, Apr 6, 2017 at 11:37 AM, Kurt Buff <kurt.b...@gmail.com> wrote:

> True enough, especially the IoT:
> http://www.theregister.co.uk/2017/04/04/iot_garage_door_startup_bad_pr/
>
> Kurt
>
> On Thu, Apr 6, 2017 at 4:27 AM, Andrew S. Baker <asbz...@gmail.com> wrote:
> > Beware the internet.
> >
> > Regards,
> >
> >  ASB
> >  http://XeeMe.com/AndrewBaker
> >
> >  Providing Expert Technology Consulting Services for the SMB market…
> >
> >  GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
> >
> >
> >
> > On Tue, Apr 4, 2017 at 10:23 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
> >>
> >> I've used PasswordSafe for years. Nothing's perfect, but I've always
> >> been leery of browser-based password managers, local or cloudy
> >>
> >> Google breaks LastPass (again)
> >> http://bugs.chromium.org/p/project-zero/issues/detail?id=1225=6
> >>
> >> From the 22nd, regarding earlier vulns in many/all browser password
> >> managers
> >>
> >> http://www.networkworld.com/article/3183675/security/stop-
> using-password-manager-browser-extensions.html
> >>
> >> Kurt
> >>
> >>
> >
>
>
>

Re: [NTSysADM] Beware browser password managers

[Andrew S. Baker]

Beware the internet.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Tue, Apr 4, 2017 at 10:23 PM, Kurt Buff  wrote:

> I've used PasswordSafe for years. Nothing's perfect, but I've always
> been leery of browser-based password managers, local or cloudy
>
> Google breaks LastPass (again)
> http://bugs.chromium.org/p/project-zero/issues/detail?id=1225=6
>
> From the 22nd, regarding earlier vulns in many/all browser password
> managers
> http://www.networkworld.com/article/3183675/security/stop-
> using-password-manager-browser-extensions.html
>
> Kurt
>
>
>

Re: [NTSysADM] Re: Problems running VBS script from CMD file in Win 2008 R2 [SOLVED}

[Andrew S. Baker]

Thanks for the follow-up.  That's an interesting resolution that I haven't
had to touch in years!   And not for something like this...

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Wed, Apr 5, 2017 at 9:51 AM, Michael Leone  wrote:

> I needed to increase the IRPStackSize registry entry (to 22), and then it
> all Just Worked.
>
> On Thu, Mar 23, 2017 at 11:22 AM, Michael Leone 
> wrote:
>
>> I'll admit, I know practically nothing about VBS (altho I do understand
>> PowerShell ...).
>>
>> Anyway, we have a vendor provided set of scripts that suspend, and then
>> resume, an application, so we can back it up. (it's EMC SourceOne mail
>> archiving). We use Networker as a backup program. So years ago I wrote
>> small batch files that run the suspend and resume scripts.
>>
>> C:\Windows\SYSWow64\cscript "name.vbs"
>>
>> And it Just Worked. That was like 4-5 years ago.
>>
>> Last week I upgraded the Networker client software to the latest version.
>> And the backup is failing. Do a test run, I see this, in the Networker log:
>>
>> CScript Error: Initialization of the Windows Script Host failed. (Not
>> enough storage is available to process this command. )
>>
>> Oddly, if I execute the CMD file from a shell prompt, it all Just Works.
>> I do not see this error. So it's only when it executes via Networker, that
>> I see this problem.
>>
>> I've been searching the Interwebs, but not seem to be finding anything
>> relevant to my issue.
>>
>> Anyone have any hints? I'll open a case with Networker, but it might be a
>> Windows issue (some environment settings), so I thought I would ask here.
>>
>> Anyone?
>>
>>
>

Re: [NTSysADM] Google vs Symantec

[Andrew S. Baker]

That's what nostalgia, inertia and Gartner will do for you.

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>*

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



On Fri, Mar 24, 2017 at 9:14 PM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> It continues to amaze me that Symantec has such a significant presence in
> the security community.
>
> --
> Espi
>
>
> On Fri, Mar 24, 2017 at 10:30 AM, Andrew S. Baker <asbz...@gmail.com>
> wrote:
>
>> This situation bears watching...
>>
>> https://arstechnica.com/security/2017/03/google-takes-symant
>> ec-to-the-woodshed-for-mis-issuing-3-https-certs/
>>
>> https://www.helpnetsecurity.com/2017/03/24/google-symantec-certificates/
>>
>> https://www.theregister.co.uk/2017/03/24/google_slaps_symant
>> ec_for_sloppy_certs_slow_show_of_snafus/
>>
>>
>> Symantec is complaining that Google is exaggerating, and while I think
>> that Google can take a hard line on remediation of any sort -- for other
>> people -- I also have no love lost for Symantec and their sloppy way of
>> doing various things (in my experience)
>>
>> Let's see where this goes.  To the courts!
>>
>> Regards,
>>
>>  *ASB*
>>  *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>*
>>
>>  *Providing Expert Technology Consulting Services for the SMB market…*
>>
>> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>>
>>
>>
>

[NTSysADM] Google vs Symantec

[Andrew S. Baker]

This situation bears watching...

https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-3-https-certs/


https://www.helpnetsecurity.com/2017/03/24/google-symantec-certificates/

https://www.theregister.co.uk/2017/03/24/google_slaps_symantec_for_sloppy_certs_slow_show_of_snafus/


Symantec is complaining that Google is exaggerating, and while I think that
Google can take a hard line on remediation of any sort -- for other people
-- I also have no love lost for Symantec and their sloppy way of doing
various things (in my experience)

Let's see where this goes.  To the courts!

Regards,

 *ASB*
 *http://XeeMe.com/AndrewBaker *

 *Providing Expert Technology Consulting Services for the SMB market…*

* GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

Re: [EXTERNAL]Re: [NTSysADM] AWS East Outage

[Andrew S. Baker]

Well, the lack (or insufficient number of these warnings) is what makes things
complex.
Let's face it: Rapid organic growth is the bane of every infrastructure…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Fri, Mar 3, 2017 9:55 AM, Micheal Espinola Jr michealespin...@gmail.com 
wrote:
What an amazing learning event.  You would think that dependency-related
functions/warning would be inherent in such a complex system.
--
Espi

On Thu, Mar 2, 2017 at 12:11 PM, Kennedy, Jim <kennedy...@elyriaschools.org> 
wrote:
So the facts are out. Short version, basically someone fat fingered a command
and deleted a bunch of really important servers.





https://aws.amazon.com/message/41926/





From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com] 
On Behalf Of Melvin Backus
Sent:  Thursday, March 2, 2017 9:47 AM
To:  ntsysadm@lists.myitforum.com
Subject:  RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage



That’s probably what caused the problem to being with. All that conversion and
somebody missed a decimal point.



--
There are 10 kinds of people in the world...
those who understand binary and those who don't.



From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com] 
On Behalf Of David McSpadden
Sent:  Thursday, March 2, 2017 7:17 AM
To:  ntsysadm@lists.myitforum.com
Subject:  RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage



I believe it was an US-Converted-Metric S-ton IMHO.





From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com] 
On Behalf Of Richard Stovall
Sent:  Thursday, March 2, 2017 7:05 AM
To:  ntsysadm@lists.myitforum.com
Subject:  [EXTERNAL]Re: [NTSysADM] AWS East Outage



Is that a metric S-ton, or the other kind?



The is a difference.



On Mar 2, 2017 2:38 AM, "Don Ely" <don@gmail.com> wrote:

It is pretty trivial if you're setup correctly, but the setup takes an S-Ton of
work and testing...



On Wed, Mar 1, 2017 at 3:30 PM Michael B. Smith <mich...@smithcons.com> wrote:

I have to say, what surprised me most about this outage was the lack of failover
to alternate datacenters for some pretty big names.



I have no idea how this works in AWS, but in Azure it’s fairly trivial; I would
expect the same of AWS.



From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com] 
On Behalf Of Andrew S. Baker
Sent:  Wednesday, March 1, 2017 12:22 PM


To:  ntsysadm@lists.myitforum.com
Subject:  Re: [NTSysADM] AWS East Outage



If not S3, then what?



You're always going to be relying on someone else's something.


Some data center provider (okay, so you might run your own)

Some power provider

Some Internet provider



It's not like they have internet outages every week, and it's not like various
organizations relying upon them haven't had outages for their own reasons.



Technology breaks, which is why we RAID, cluster, backup, failover and farm our
systems, devices and data centers.



  Regards,

  

  ASB  
http://XeeMe.com/AndrewBaker

  Providing Expert Technology Consulting Services for the SMB market…



 GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

  



Sent with Mixmax  





On Wed, Mar 1, 2017 8:37 AM, J- P jnat...@hotmail.com  wrote:

https://techcrunch.com/2017/03/01/the-day-amazon-s3-storage-stood-still/



Would / should you hold your IT vendor responsible for relying on S3?






Jean-Paul Natola







From:  listsad...@lists.myitforum.com  <listsad...@lists.myitforum.com> on
behalf of Andrew S. Baker <asbz...@gmail.com>
Sent:  Tuesday, February 28, 2017 5:36 PM
To:  ntsysadm@lists.myitforum.com
Subject:  Re: [NTSysADM] AWS East Outage  



Indeed.



  Regards,

  

ASB

 GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

  



Sent with Mixmax  







On Tue, Feb 28, 2017 3:56 PM, David McSpadden dav...@imcu.com  wrote:

So the normal question 'is the Internet down?' Is valid today?

Sent from my iPhone


On Feb 28, 2017, at 3:44 PM, Andrew S. Baker <asbz...@gmail.com> wrote:

Notice:  This email is from an outside source.  Please do not open any
attachments, click on any hyperlinks, or respond without first confirming the
authenticity of the email.



Indeed.



It's like someone broke the whole Internet.   Or, at least, 80% of it.



  Regards,

  

  ASB  
http://XeeMe.com/AndrewBaker

  Providing Expert Technology Consulting Services for the SMB market…



 GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

  



Sent with Mixmax  





On Tue, Feb 28, 2017 2:13 PM, Kennedy, Jim kennedy...@elyriaschools.org  wrote:

Learning very quickly how many vendors we have that are using AWS.  Lots is the
first word that comes to mind.



From:  listsad...@lists.myitforum.com  [mai

Re: [NTSysADM] AWS East Outage

[Andrew S. Baker]

>>I have to say, what surprised me most about this outage was the lack of
failover to alternate datacenters for some pretty big names.

Including Amazon itself. 
>From the beginning of this event until 11:37AM PST, we were unable to update 
>the
individual services’ status on the AWS Service Health Dashboard (SHD) because of
a dependency the SHD administration console has on Amazon S3. Instead, we used
the AWS Twitter feed (@AWSCloud) and SHD banner text to communicate status until
we were able to update the individual services’ status on the SHD.  We
understand that the SHD provides important visibility to our customers during
operational events and we have changed the SHD administration console to run
across multiple AWS regions.



The more I work with large orgs, the less these discrepancies and inadequacies
surprise me.  Who wants to pay for redundancy for systems that already have
99.95% uptime?


Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Wed, Mar 1, 2017 6:25 PM, Michael B. Smith mich...@smithcons.com  wrote:
I have to say, what surprised me most about this outage was the lack of failover
to alternate datacenters for some pretty big names.



I have no idea how this works in AWS, but in Azure it’s fairly trivial; I would
expect the same of AWS.



From:  listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Andrew S. Baker
Sent:  Wednesday, March 1, 2017 12:22 PM
To:  ntsysadm@lists.myitforum.com
Subject:  Re: [NTSysADM] AWS East Outage



If not S3, then what?



You're always going to be relying on someone else's something.


Some data center provider (okay, so you might run your own)

Some power provider

Some Internet provider



It's not like they have internet outages every week, and it's not like various
organizations relying upon them haven't had outages for their own reasons.



Technology breaks, which is why we RAID, cluster, backup, failover and farm our
systems, devices and data centers.



Regards,



  ASB  
http://XeeMe.com/AndrewBaker

  Providing Expert Technology Consulting Services for the SMB market…



 GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842

  



Sent with Mixmax  





On Wed, Mar 1, 2017 8:37 AM, J- P jnat...@hotmail.com  wrote:

https://techcrunch.com/2017/03/01/the-day-amazon-s3-storage-stood-still/



Would / should you hold your IT vendor responsible for relying on S3?






Jean-Paul Natola







From:  listsad...@lists.myitforum.com  <listsad...@lists.myitforum.com> on
behalf of Andrew S. Baker <asbz...@gmail.com>
Sent:  Tuesday, February 28, 2017 5:36 PM
To:  ntsysadm@lists.myitforum.com
Subject:  Re: [NTSysADM] AWS East Outage  



Indeed.



Regards,



ASB

 GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842





Sent with Mixmax  







On Tue, Feb 28, 2017 3:56 PM, David McSpadden dav...@imcu.com  wrote:

So the normal question 'is the Internet down?' Is valid today?

Sent from my iPhone


On Feb 28, 2017, at 3:44 PM, Andrew S. Baker <asbz...@gmail.com> wrote:

Notice:  This email is from an outside source.  Please do not open any
attachments, click on any hyperlinks, or respond without first confirming the
authenticity of the email.





Indeed.



It's like someone broke the whole Internet.   Or, at least, 80% of it.



Regards,



ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…



 GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842





Sent with Mixmax  





On Tue, Feb 28, 2017 2:13 PM, Kennedy, Jim kennedy...@elyriaschools.org  wrote:

Learning very quickly how many vendors we have that are using AWS.  Lots is the
first word that comes to mind.



From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com] 
On Behalf Of Charles F Sullivan
Sent:  Tuesday, February 28, 2017 1:57 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] AWS East Outage



Any of your organizations being affected by this? The few services we have moved
there so far are down.

http://bgr.com/2017/02/28/internet-outage-amazon-web-services/





Charlie Sullivan

Sr. Windows Systems Administrator

Boston College

197 Foster St. Room 367

Brighton, MA 02135



This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed. If you are not one of the
named recipient(s) or otherwise have reason to believe that you have received
this message in error, please notify the sender and delete this message
immediately from your computer. Any other use, retention, dissemination,
forwarding, printing, or copying of this email is strictly 

Re: [NTSysADM] AWS East Outage

[Andrew S. Baker]

If not S3, then what?
You're always going to be relying on someone else's something.
Some data center provider (okay, so you might run your own)Some power provider
Some Internet provider
It's not like they have internet outages every week, and it's not like various
organizations relying upon them haven't had outages for their own reasons.
Technology breaks, which is why we RAID, cluster, backup, failover and farm our
systems, devices and data centers.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Wed, Mar 1, 2017 8:37 AM, J- P jnat...@hotmail.com  wrote:
https://techcrunch.com/2017/03/01/the-day-amazon-s3-storage-stood-still/


Would / should you hold your IT vendor responsible for relying on S3?







Jean-Paul Natola






From:  listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf
of Andrew S. Baker <asbz...@gmail.com>
Sent:  Tuesday, February 28, 2017 5:36 PM
To:  ntsysadm@lists.myitforum.com
Subject:  Re: [NTSysADM] AWS East Outage  Indeed.  
Regards,







ASB
GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Tue, Feb 28, 2017 3:56 PM, David McSpadden dav...@imcu.com  wrote:
So the normal question 'is the Internet down?' Is valid today?

Sent from my iPhone  
On Feb 28, 2017, at 3:44 PM, Andrew S. Baker <asbz...@gmail.com> wrote:

Notice:  This email is from an outside source.  Please do not open any
attachments, click on any hyperlinks, or respond without first confirming the
authenticity of the email.




Indeed.  
It's like someone broke the whole Internet.   Or, at least, 80% of it.  
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Tue, Feb 28, 2017 2:13 PM, Kennedy, Jim kennedy...@elyriaschools.org  wrote:
Learning very quickly how many vendors we have that are using AWS.  Lots is the
first word that comes to mind.



From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com] 
On Behalf Of Charles F Sullivan
Sent:  Tuesday, February 28, 2017 1:57 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] AWS East Outage



Any of your organizations being affected by this? The few services we have moved
there so far are down.

http://bgr.com/2017/02/28/internet-outage-amazon-web-services/





Charlie Sullivan

Sr. Windows Systems Administrator

Boston College

197 Foster St. Room 367

Brighton, MA 02135



This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed. If you are not one of the
named recipient(s) or otherwise have reason to believe that you have received
this message in error, please notify the sender and delete this message
immediately from your computer. Any other use, retention, dissemination,
forwarding, printing, or copying of this email is strictly prohibited.


Please consider the environment before printing this email.

Re: [NTSysADM] AWS East Outage

[Andrew S. Baker]

Indeed.
Regards,







ASB
GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Tue, Feb 28, 2017 3:56 PM, David McSpadden dav...@imcu.com  wrote:
So the normal question 'is the Internet down?' Is valid today?

Sent from my iPhone  
On Feb 28, 2017, at 3:44 PM, Andrew S. Baker <asbz...@gmail.com> wrote:

Notice:  This email is from an outside source.  Please do not open any
attachments, click on any hyperlinks, or respond without first confirming the
authenticity of the email.




Indeed.  
It's like someone broke the whole Internet.   Or, at least, 80% of it.  
Regards,







  ASB  
http://XeeMe.com/AndrewBaker

  Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
  

  





Sent with Mixmax  





On Tue, Feb 28, 2017 2:13 PM, Kennedy, Jim kennedy...@elyriaschools.org  wrote:
Learning very quickly how many vendors we have that are using AWS.  Lots is the
first word that comes to mind.



From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com] 
On Behalf Of Charles F Sullivan
Sent:  Tuesday, February 28, 2017 1:57 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] AWS East Outage



Any of your organizations being affected by this? The few services we have moved
there so far are down.

http://bgr.com/2017/02/28/internet-outage-amazon-web-services/





Charlie Sullivan

Sr. Windows Systems Administrator

Boston College

197 Foster St. Room 367

Brighton, MA 02135



This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed. If you are not one of the
named recipient(s) or otherwise have reason to believe that you have received
this message in error, please notify the sender and delete this message
immediately from your computer. Any other use, retention, dissemination,
forwarding, printing, or copying of this email is strictly prohibited.


Please consider the environment before printing this email.

Re: [NTSysADM] AWS East Outage

[Andrew S. Baker]

Indeed.
It's like someone broke the whole Internet.   Or, at least, 80% of it.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Tue, Feb 28, 2017 2:13 PM, Kennedy, Jim kennedy...@elyriaschools.org  wrote:
Learning very quickly how many vendors we have that are using AWS.  Lots is the
first word that comes to mind.



From:  listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Charles F Sullivan
Sent:  Tuesday, February 28, 2017 1:57 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] AWS East Outage



Any of your organizations being affected by this? The few services we have moved
there so far are down.

http://bgr.com/2017/02/28/internet-outage-amazon-web-services/





Charlie Sullivan

Sr. Windows Systems Administrator

Boston College

197 Foster St. Room 367

Brighton, MA 02135

Re: [NTSysADM] Turns out that the SHA1 break today was small potatoes

[Andrew S. Baker]

Yes, that was a big one -- and the final verdict is not necessarily known due
to the eternal nature of the cached internet.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Thu, Feb 23, 2017 10:58 PM, Kurt Buff kurt.b...@gmail.com  wrote:
Here's the real news, though it seems to be fixed...
https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/

Kurt

Re: [NTSysADM] Documenting Citrix XenApp and XenDesktop 7.8+ with Microsoft PowerShell V2.0

[Andrew S. Baker]

Awesome, Webster…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Thu, Feb 23, 2017 6:28 AM, Webster webs...@carlwebster.com  wrote:
FINALLY! After 14 months of work and almost 29,000 lines of PowerShell:




http://carlwebster.com/documenting-citrix-xenapp-xendesktop-7-x-microsoft-powershell-v2-0/

Documenting Citrix XenApp and XenDesktop 7.x with Microsoft PowerShell V2.0 |
Carl Webster  carlwebster.com  FINALLY! After 14 months of development, almost
29,000 lines of PowerShell, many hours of my time and with the help of almost
200 testers, we are pleased t  



Thanks







  Carl Webster

  Consultant and Citrix Technology Professional

  http://www.CarlWebster.com

Re: [NTSysADM] Question re job interview

[Andrew S. Baker]

Congrats…
A - for recognizing good advice and taking itB - for executing well and getting
hiredC - for coming back here and closing the loop

Great work ethic and professionalism all the way around.
May your success continue.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Tue, Feb 21, 2017 7:55 AM, Graeme Carstairs loonyto...@gmail.com  wrote:
Just thought I would let you know
I went with Eric's advise and gave my presentation at the interview despit
timing it at 8 minutes it actually lasted 15 minutes at the interview
They thanked me for a presentation said it showed I understood the topics and
could communicate effectively
And I got the job
Thanks guys

On Thu, 2 Feb 2017 at 19:27, Kurt Buff  wrote:
Erik has some good advice, but I'd take a close look at the published
job description, and cast your discussion in terms that would fit
that, as you would to your next two layers of management.

For sure, 10 minutes isn't much time, as that's a huge subject, so
you'll of necessity need to do a rather broad overview, but take your
time and practice speaking/enunciating clearly.

I wouldn't make your submission a verbatim transcript of your talk;
just give the outline - unless they're specifically looking for that,
which seems unlikely.

Kurt

On Thu, Feb 2, 2017 at 7:09 AM, Graeme Carstairs  wrote:
> hi,
>
> having just been made redundant I have been applying for al sorts of IT
> roles, whatI have been doing for the last 15 years (designing, implementing
> and supporting windows server based networks for small to large
> enterprises).
>
> I have just received my first interview confirmation, and they have asked
> that I submit in advance and give on the day a 10 minute presentation on the
> topic "Discuss Data Management, availability and Disaster Recovery"
>
> Now I have never been asked to do this before well more not on such a wide
> topic.
>
> anyone got any suggestions on what I can base it around, I am not looking
> for anyone to do it for me just some topics or ideas on what to do it on?
>
> TIA
>
>
> --
>
>
> e-mail :- loonyto...@gmail.com


-- 
Graeme Carstairs
e-mail :- loonyto...@gmail.com

Re: [NTSysADM] Blocking AD Client Traffic to a Certain Site

[Andrew S. Baker]

>> So far the consensus seems tobe that AD clients rarely cross sites when the
sites are defined correctlyand DNS is clean.
I can't think of a time when I've seen AD clients cross sites when everything
was up, and the sites were defined correctly.
As for the firewall, I wouldn't do it.  It's operationally kludgy, prone to
complexity when you need it to be altered, and likely to be poorly documented
and forgotten.
Most importantly, the correct configuration will preclude the need for it.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Wed, Feb 8, 2017 10:35 AM, Charles F Sullivan charles.sulliva...@bc.edu 
wrote:
Yes, that's the way I understand it. However, I have wondered if maybe this

doesn't always work as it should. On the other hand, if others are doing

this and not seeing clients crossing sites when they shouldn't, that's good

enough for me.




Because our AD has now and always has had just one site, I’m relying on

feedback from others who have multiple sites. So far the consensus seems to

be that AD clients rarely cross sites when the sites are defined correctly

and DNS is clean. If that's true, I'll report to management that it should

happen only rarely.




Even more importantly, I wanted to hear what others think of relying on a

firewall to keep *all* client traffic from crossing sites (DCs would freely

communicate across sites). I think it's a bad idea, but I'm going to be

pressed for a reason other than the reconfiguration necessary in a disaster

scenario.







-Original Message-

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]

On Behalf Of Brian Desmond

Sent: Wednesday, February 8, 2017 9:43 AM

To: ntsysadm@lists.myitforum.com

Subject: RE: [NTSysADM] Blocking AD Client Traffic to a Certain Site




AD will match the most specific subnet so in this case the 10.0.0.0/16

subnet will match anyone who is 10.0.X.X. IP.




Thanks,

Brian Desmond




(w) 312.625.1438 | (c) 312.731.3132




-Original Message-

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]

On Behalf Of Kurt Buff

Sent: Tuesday, February 7, 2017 6:55 PM

To: ntsysadm 

Subject: Re: [NTSysADM] Blocking AD Client Traffic to a Certain Site




And there's your problem, if you didn't typo your response.




10.0.0.0/8 overlaps with (actually includes) 10.0.0.0/16




That's why some clients will go to your second site (AWS) at random.




You probably need to list out your subnets more carefully for your main

site.




Kurt




On Tue, Feb 7, 2017 at 11:33 AM, Charles F Sullivan

 wrote:

> I’ve only been able to do very limited testing.

>

>

>

> - I had about 8 member servers in a site which were actually all

> in

> the same subnet as each of and the one DC we had for testing, let’s

> call the subnet 198.168.17.0/24. In that site I included the usual private

> ranges:

> 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8

>

> - At AWS I had a subnet with one DC and just a couple of member

> servers in the 10.0.0.0/16 subnet, which was defined as the only AWS site.

>

> Note that the AWS subnet is a subset of one that I defined at the main

> site, but this absolutely is supported by MS and others have told me

> that this works for them. Despite all of this I did see one member

> server in the main site use the AWS DC after a reboot even though the

> local DC was clearly present and being used by the other member

> servers. So that means 1 out 8 member servers I had for testing

> crossed sites. This made me wonder how often it might happen in our

> production environment where there are thousands of member computers.

>

>

>

> I do have to say that I recently got to test this again, this time

> having 5 DCs at the main site and 2 at AWS. Again, I had just a

> handful of member servers and a workstation and this time I didn’t see

> any of them using an AWS DC. The AWS admin didn’t see his one member

> server use anything besides an AWS DC.

>

>

>

> From: listsad...@lists.myitforum.com

> [mailto:listsad...@lists.myitforum.com]

> On Behalf Of Michael B. Smith

> Sent: Tuesday, February 7, 2017 1:32 PM

> To: ntsysadm@lists.myitforum.com

> Subject: RE: [NTSysADM] Blocking AD Client Traffic to a Certain Site

>

>

>

> Doesn’t make sense to me.

>

>

>

> The only reason you should have cross-site connections at this point

> is because you don’t have all of the relevant subnets defined in ADS

>

>

>

> From: listsad...@lists.myitforum.com

> [mailto:listsad...@lists.myitforum.com]

> On Behalf Of Charles F Sullivan

> Sent: Tuesday, February 7, 2017 11:40 AM

> To: ntsysadm@lists.myitforum.com

> Subject: [NTSysADM] Blocking AD Client Traffic to a Certain Site

>

>

>

> I’d like to get some ideas and 

Re: [NTSysADM] DHCP 2012 R2 failover

[Andrew S. Baker]

I haven't seen any requirement for 2012 DFL/FFL, and I have seen it deployed
in at least one site with 2008 R2 DFL/FFL.

What's New in DHCP By using the DHCP Server service, the process of
configuring TCP/IP on DHCP clients is automatic. technet.microsoft.com  



Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Mon, Feb 6, 2017 12:58 PM, Christopher Bodnar christopher_bod...@glic.com 
wrote:
Does this require 2012 DFL or FFL? Or will it work on 2008 R2 DFL/FFL?





Thanks





Christopher Bodnar  
Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture
and Engineering Services 

  Tel 610-807-6459  
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com  



  

The Guardian Life Insurance Company of America

www.guardianlife.com  










- This message, and any attachments to
it, may contain information that is privileged, confidential, and exempt from
disclosure under applicable law. If the reader of this message is not the
intended recipient, you are notified that any use, dissemination, distribution,
copying, or communication of this message is strictly prohibited. If you have
received this message in error, please notify the sender immediately by return
e-mail and delete the message and any attachments. Thank you.

Re: [NTSysADM] Exchange sending via IPv6

[Andrew S. Baker]

So, make sure you document that change, and be prepared to revert it if
something else seems to be amiss -- before you contact the Exchange support
team…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Fri, Feb 3, 2017 9:43 AM, Michael B. Smith mich...@smithcons.com  wrote:
All I can tell you is that it isn’t supported. And what that means, in this
case, is that it may or may not work, but it was never tested nor validated by
the
 Exchange Product Group.



From:  listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
 
On Behalf Of Kelsey, John
Sent:  Friday, February 3, 2017 9:30 AM
To:  'ntsysadm@lists.myitforum.com'
Subject:  RE: [NTSysADM] Exchange sending via IPv6



Setting the smart host property to use the IP address instead of the hostname
didn’t help.



Disabling the IP Helper service on the Exchange server appears to have fixed
it.  However…I’m not sure what the consequences of that will be or if that is
advised?



From:
 listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com]
 
On Behalf Of Michael B. Smith
Sent:  Friday, February 03, 2017 9:21 AM
To:  ntsysadm@lists.myitforum.com
Subject:  RE: [NTSysADM] Exchange sending via IPv6



This is 2017 and it doesn’t speak IPv6?



Yes, Exchange starting with 2013 will definitely prefer IPv6 over IPv4.



From:
 listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com]
 
On Behalf Of Kelsey, John
Sent:  Friday, February 3, 2017 8:15 AM
To:  'ntsysadm@lists.myitforum.com'
Subject:  RE: [NTSysADM] Exchange sending via IPv6



Yes, the Sophos appliance is set as a smart host.  I’m currently using the FQDN
of the appliance.  I’ll try using its IPv4 address.



Thanks!





From:
 listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com]
 
On Behalf Of Kurt Buff
Sent:  Thursday, February 02, 2017 11:57 PM
To:  ntsysadm
Subject:  Re: [NTSysADM] Exchange sending via IPv6



Are you using the Sophos appliance as a smarthost? Are you using the FQDN of the
appliance, or its IPv4 address? If the former, try the latter.

I'd verify the vendor's claim, BTW - "netsh trace" is your friend:
https://msdn.microsoft.com/en-us/library/windows/desktop/dd569142(v=vs.85).aspx

and
https://blogs.msdn.microsoft.com/canberrapfe/2012/03/30/capture-a-network-trace-without-installing-anything-capture-a-network-trace-of-a-reboot/



Kurt



On Thu, Feb 2, 2017 at 8:13 PM, Kelsey, John  wrote:

Working on a new Exchange 2013 install.  Outbound emails are failing and our
front-end email appliance vendor (Sophos) says its failing because Exchange is
sending the outbound
 emails using its ipv6 address instead of its ipv4 address
and the Sophos appliance doesn’t understand ipv6 ( I know, right?)



I don’t see any obvious place to configure this in Exchange, and I know that
disabling ipv6 in Exchange is
 baad.



So can I force Exchange to send only using its ipv4 address somehow?



Thanks all.





***
John C. Kelsey, MCSE, CCNA
Network Architect
Penn Highlands Healthcare
(: 
 814.375.3073
2  :  
 814.375.4005
*:  
 jckel...@phhealthcare.org
***





This email and any attached files are sensitive in nature and intended solely 
for the intended recipient(s). If you are not the named recipient you should 
not read, distribute, copy or alter this email. Any views or opinions expressed 
in this email are those of the author and do not represent those of Penn 
Highlands Healthcare or its affiliates.. Warning: Although precautions have 
been taken to make sure no viruses are present in this email, the company 
cannot accept responsibility for any loss or damage that arise from the use of 
this email or attachments.



This email and any attached files are sensitive in nature and intended solely 
for the intended recipient(s). If you are not the named recipient you should 
not read, distribute, copy or alter this email. Any views or opinions expressed 
in this email are those of the author and do not represent those of Penn 
Highlands Healthcare or its affiliates.. Warning: Although precautions have 
been taken to make sure no viruses are present in this email, the company 
cannot accept responsibility for any loss or damage that arise from the use of 
this email or attachments.

This email and any attached files are sensitive in nature and intended solely 
for the intended recipient(s). If you are not the named recipient you should 
not read, distribute, copy or alter this email. Any views or opinions expressed 
in this email are those of the author and do not represent those of Penn 
Highlands Healthcare or its affiliates.. Warning: Although precautions have 
been taken to make sure no viruses are present in this email, the company 
cannot accept responsibility 

Re: [NTSysADM] Synology

[Andrew S. Baker]

I order things through VARs and avoid potential grief with manufacturers, etc.
I can give you the name of a VAR if you'd like…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax  





On Thu, Feb 2, 2017 9:43 AM, Heaton, Joseph@Wildlife 
joseph.hea...@wildlife.ca.gov  wrote:
We’re looking to replace our existing NAS in our field offices, and we’re trying
to get some info from our Synology rep.  However, he doesn’t seem to be very
interested in helping us out.  Has anyone else had issues with Synology sales
reps?  Anyone have a good sales rep that I could reach out to, and see if
there’s someone else in my area I could speak with?



Thanks,



Joe Heaton

Information Technology Operations Branch

Data and Technology Division

CA Department of Fish and Wildlife

1700 9th  Street, 3rd  Floor

Sacramento, CA  95811

Desk:  (916) 323-1284



Every Californian should conserve water.  Find out how at:



SaveOurWater.com  · Drought.CA.gov

Re: [NTSysADM] Adding *only* reboot right for domain user to a local host, remotely ...

[Andrew S. Baker]

I see a fun weekend ahead.
It seems that you have about 3 hours to test before you leave (as of my email).
I'd be more willing to gamble on whatever limited testing results could be
obtained vs an internet answer, if the "ideal" goal is to be achieved.

>>Simply add account(s) in question to this policy and they will be able to
reboot servers remotely.
Yes, but what about the logging on and applying updates part of the equation?
 Do they already have rights for this??
It might be faster (and probably even more desirable) to change the WSUS policy
for the systems in question to patch and reboot themselves on Sunday afternoon,
and change it back on Monday.[Seriously, there is no fundamental difference
between trusting servers to apply Microsoft patches to themselves vs allowing
users who don't normally have access to do the same, other than that I see less
chance for mishaps in the former scenario.]


Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Fri, Jan 20, 2017 12:42 PM, Michael Leone oozerd...@gmail.com
wrote:
(I really wish my boss wouldn't ask about this type of stuff at noon on a
Friday, when I have to leave by 4PM ...)
Anyway, what he wants to do: he wants our techs to be able to use a domain
account, log into domain member servers, run Windows Update, *and* then be able
to tell it to reboot.And he does NOT want to add this domain account to local
Administrators group.
(don't ask, it's a long story)
I *think* I can do this with a GPO

Computer Configuration > Policies > Windows Settings > Security
Settings > Local Policies > User Right Assignment > Force shutdown from a remote
system

Simply add account(s) in question to this policy and they will be able to reboot
servers remotely.



Problem is, I haven't tested this yet, and he (ideally) wants this in place so
the techs can install windows updates on Sunday. And no way do I want to roll
this out to all production servers, without testing it first (which I don't have
time to do, before I have to leave today)

Is this the best way to give a domain user only the right to reboot a server,
without giving them any other rights? (I have a GPO that assigns WSUS settings
via OU and group membership; I could either add it to that one, or make a new,
and assign it to that same OU and group membership)

Re: [NTSysADM] Environment variable editing

[Andrew S. Baker]

Changing the user variables should suffice, unless there are some details to
the requirements that we are not privy to…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Thu, Jan 19, 2017 12:34 AM, Liby Philip Mathew lmat...@path-solutions.com
wrote:
Mine is a dynamic development environment. So the developers needs to change the
settings as per their requirement.



Regards

Liby















From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of James Rankin

Sent: Wednesday, January 18, 2017 12:50 PM

To: ntsysadm@lists.myitforum.com

Subject: Re: [NTSysADM] Environment variable editing



Can I ask why you would need to do that?



Sent from my slightly schizophrenic, but rather cool, BlackBerry Android

From: mailto:lmat...@path-solutions.com

Sent: 18 January 2017 9:38 a.m.

To: mailto:ntsysadm@lists.myitforum.com

Reply to: mailto:ntsysadm@lists.myitforum.com

Subject: [NTSysADM] Environment variable editing



HI,

I am trying to allow users to edit their environment variable both users &
system on the laptop on which they don’t have local administrator privilege. Is
there a way that I can let the users edit the variable using GP?

I am not looking for pushing the variable using GP from the DC, but trying to
allow the users to do it as per their requirement.

TIA



Regards

Liby















Disclaimer



[The information contained in this e-mail message and any attached files are
intended solely for the use of the individual or entity to whom they are
addressed. This transmission may contain information that is confidential, Path
Solutions Private, or exempt from disclosure under applicable law and/or Path
Solutions information security policy. The receiver of this communication shall
not transmit any part of this message unless the email subject clearly classify
it as “Public” or a written permission has been given by the information assets
owner. If you have received this e-mail in error, please notify the sender
immediately and delete all copies, any disclosure, copying, distribution, or use
of the information contained herein is STRICTLY PROHIBITED. Path Solutions
accepts no responsibility for any errors, omissions, computer viruses and other
defects.]



P Protect our planet: Do not print this email unless necessary.

Disclaimer



[The information contained in this e-mail message and any attached files are
intended solely for the use of the individual or entity to whom they are
addressed. This transmission may contain information that is confidential, Path
Solutions Private, or exempt from disclosure under applicable law and/or Path
Solutions information security policy. The receiver of this communication shall
not transmit any part of this message unless the email subject clearly classify
it as “Public” or a written permission has been given by the information assets
owner. If you have received this e-mail in error, please notify the sender
immediately and delete all copies, any disclosure, copying, distribution, or use
of the information contained herein is STRICTLY PROHIBITED. Path Solutions
accepts no responsibility for any errors, omissions, computer viruses and other
defects.]



P Protect our planet: Do not print this email unless necessary.

Re: [NTSysADM] Serial device servers

[Andrew S. Baker]

I have only recently started to look at the following option, and have no
comment on it as yet.

8 Port Serial Console Terminal Server (B094-008-2E-M-F) | Tripp Lite

 Access all of your serial-based equipment from any location through a single,
highly secure gateway.

 tripplite.com
 

I've been using the following USB options for my home office and for several
small remote networks that I manage.  No complaints.

Amazon.com: Asunflower Ftdi USB to Serial / Rs232 Console Rollover Cable for
Cisco Routers…

 Amazon.com: Asunflower Ftdi USB to Serial / Rs232 Console Rollover Cable for
Cisco Routers - Rj45: Computers & Accessories

 amazon.com
 


Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Mon, Jan 16, 2017 10:03 AM, NP bitfarme...@gmail.com
wrote:
Looking for any recommendations on Ethernet attached serial port device servers
for remote access/management.  I’m tired of having to track someone down to get
a laptop plugged in at remote sites.  We try to keep a laptop in the rack but
it’s just not a reliable solution and you still have to find someone to move the
cable around between devices.  I’ve used a lot of smaller single port devices
over the years.  There’s just a lot of options out there a many of them will
break the bank, especially for something that hopefully never gets used. What
are you all using out there?  Rack mount preferred, 8 ports.

Thanks

Re: [NTSysADM] Problems installing RSAT on WIn 7 SP1

[Andrew S. Baker]

You're actually troubleshooting via email -- which has to be slower than many
alternatives…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Tue, Jan 3, 2017 2:28 PM, Michael Leone oozerd...@gmail.com
wrote:
On Tue, Jan 3, 2017 at 12:52 PM, Webster   wrote:
Did you try that troubleshooter link? That worked for me.




Not yet, I don't have time to troubleshoot this too much, I have too much to do,
and I need the machine to stay up  ... soon, I hope. Its still saying 136
updates. I told it to do the first 15, so I can do it in stages. They were all
Office 2010 updates ...

Re: [NTSysADM] RE: Opinions on reasonably inexpensive NAS storage

[Andrew S. Baker]

Agreed.   I run them in my home office, and recommend them to SMB customers
without question.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Wed, Dec 21, 2016 4:41 AM, Micheal Espinola Jr michealespin...@gmail.com
wrote:
+1 for production trust as well.
--
Espi

On Tue, Dec 20, 2016 at 4:27 PM, Jonathan Link <jonathan.l...@gmail.com>  wrote:
I trust Synology in production.  I used two in production for two years. 
Changed gigs and am trying to get them into my current one.
On Tue, Dec 20, 2016 at 7:18 PM, Andrew S. Baker <asbz...@gmail.com>  wrote:
Given the cost of the FreeNAS boxes, I'd just get the Synology devices.  More
functionality for the price.
Qnap is a second option, although I haven't used them in 6 or 7 years now.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Tue, Dec 20, 2016 2:07 PM, Hood, Jeff jeff.h...@austinenergy.com
wrote:
FreeNas Mini or MiniXL from iXsystems



Available on Amazon with Prime. Just about much storage as your wallet can
tolerate. I’ll be getting a Mini early next year.





--Jeff



From:  listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com]On
Behalf Of Jon Harris
Sent:  Tuesday, December 20, 2016 1:02 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] RE: Opinions on reasonably inexpensive NAS storage



I too am interested for personal use, very different from Jesse’s but same type
of device.  I will not go back to Netgear.  The last one I bought did not even
last a month before the crashes started.



Thank you,



Jon Harris



From:listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com]On
Behalf Of Jesse Rink
Sent:  Tuesday, December 20, 2016 1:44 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] Opinions on reasonably inexpensive NAS storage



In the past, we’ve used a lot of Netgear ReadyNAS models for cheap (sub $1,800)
entry level NAS storage, mostly for the purpose of backup storage with Veeam. 
Been very popular in the
past with our SMB sized customers.  Lately some of my team/engineers have
noticed various problems/crashes with the Netgear units so I’m curious what
other options out there people have had good success with.   These are
situations where a customer doesn’t
want to spend a lot of money of disk storage, so enterprise class storage is
completely out.   Think along the lines of, 4 or 8 disks, SATA, no SAN
connectivity, just NAS…



Thoughts?



Jesse Rink

Source One Technology, Inc.

HP Partner

262 993 2231



Website |Blog |LinkedIn |Twitter

Re: [NTSysADM] RE: Opinions on reasonably inexpensive NAS storage

[Andrew S. Baker]

Given the cost of the FreeNAS boxes, I'd just get the Synology devices.  More
functionality for the price.
Qnap is a second option, although I haven't used them in 6 or 7 years now.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Tue, Dec 20, 2016 2:07 PM, Hood, Jeff jeff.h...@austinenergy.com
wrote:
FreeNas Mini or MiniXL from iXsystems



Available on Amazon with Prime. Just about much storage as your wallet can
tolerate. I’ll be getting a Mini early next year.





--Jeff



From:  listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]On
Behalf Of Jon Harris
Sent:  Tuesday, December 20, 2016 1:02 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] RE: Opinions on reasonably inexpensive NAS storage



I too am interested for personal use, very different from Jesse’s but same type
of device.  I will not go back to Netgear.  The last one I bought did not even
last a month before the crashes started.



Thank you,



Jon Harris



From:listsad...@lists.myitforum.com  [mailto:listsad...@lists.myitforum.com]On
Behalf Of Jesse Rink
Sent:  Tuesday, December 20, 2016 1:44 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] Opinions on reasonably inexpensive NAS storage



In the past, we’ve used a lot of Netgear ReadyNAS models for cheap (sub $1,800)
entry level NAS storage, mostly for the purpose of backup storage with Veeam. 
Been very popular in the
past with our SMB sized customers.  Lately some of my team/engineers have
noticed various problems/crashes with the Netgear units so I’m curious what
other options out there people have had good success with.   These are
situations where a customer doesn’t
want to spend a lot of money of disk storage, so enterprise class storage is
completely out.   Think along the lines of, 4 or 8 disks, SATA, no SAN
connectivity, just NAS…



Thoughts?



Jesse Rink

Source One Technology, Inc.

HP Partner

262 993 2231



Website |Blog |LinkedIn |Twitter

Re: [NTSysADM] RE: Opinions on reasonably inexpensive NAS storage

[Andrew S. Baker]

You need smaller VMs
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Tue, Dec 20, 2016 2:07 PM, Webster webs...@carlwebster.com
wrote:
I have two Synology units in my lab. The second one I splurged and went all 1TB
SSD. Made a HUGE difference in my lab. I can now run over 20 VMs concurrently.
With spinning disks, the other NAS died at 5 VMs and was basically unusable at
4.



Thanks





Carl Webster

Citrix Technology Professional

http://www.CarlWebster.com

The Accidental Citrix Admin



From:  listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]On
Behalf Of Jesse Rink
Sent:  Tuesday, December 20, 2016 12:44 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] Opinions on reasonably inexpensive NAS storage



In the past, we’ve used a lot of Netgear ReadyNAS models for cheap (sub $1,800)
entry level NAS storage, mostly for the purpose of backup storage with Veeam. 
Been very popular in the
past with our SMB sized customers.  Lately some of my team/engineers have
noticed various problems/crashes with the Netgear units so I’m curious what
other options out there people have had good success with.   These are
situations where a customer doesn’t
want to spend a lot of money of disk storage, so enterprise class storage is
completely out.   Think along the lines of, 4 or 8 disks, SATA, no SAN
connectivity, just NAS…



Thoughts?



Jesse Rink

Source One Technology, Inc.

HP Partner

262 993 2231



Website |Blog |LinkedIn |Twitter

Re: [NTSysADM] Office 64bit improvements other than Excel

[Andrew S. Baker]

I finally upgraded from Outlook 2010 to 2016 a few months back, and I'm glad to
see that Outlook is no longer the sluggish beast it has been for years and
years.
That's worth it for me, and almost offsets the blandness and lack of distinction
of the default color scheme across the new office line (relative to 2010)
Regards,





ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Fri, Dec 9, 2016 12:39 PM, Wolf, Daniel da.w...@neopost.com
wrote:
Hello everyone,

Is Outlook 64-bit better with large PSTs, in any way?



We will be embarking on a company-wide upgrade to Office 2016, and I have to
decide if it will be 64-bit by default, or stay 32-bit.



Ignoring plugin compatibility (just trust me we have that part handled), are
there any benefits to using Office 2016 64-bit outside of large Excel files?



I’m looking for a technical citation, thus far I haven’t found anything beyond
64bit being immune to certain security issues.



Regards,

Daniel Wolf

Re: [NTSysADM] RE: Simple, Simple CRM

[Andrew S. Baker]

That does look nice, Brian.   Thanks for that recommendation…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Thu, Dec 8, 2016 4:36 PM, Brian Desmond br...@briandesmond.com
wrote:
I use www.pipedrive.com  and have been really happy with it, especially as
“simple” goes.



Thanks,

Brian Desmond



w – 312.625.1438 | c – 312.731.3132



From:  listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]On
Behalf Of Stefan Jafs
Sent:  Thursday, December 8, 2016 2:14 PM
To:  ntsysadm@lists.myitforum.com
Subject:  [NTSysADM] Simple, Simple CRM



We are looking for a very simple CRM, out telemarketer enter some info, if it
becomes warm they will forward / mention it to the appropriates sales person, we
have about 20 sales people There should be a flag for follow up.

We have tried Microsoft CRM in the past but t many buttons to push ( from
the sales guys).



Could be freestanding or a plugin to Outlook, or a plugin to SAP A-1 (our ERP
system).



Any suggestions would be appreciated.



__

Stefan Jafs

Re: [NTSysADM] OT: IT Philosophy

[Andrew S. Baker]

Get your manager's view in writing.
#1 -- If he's fine with convergence of liability, then great.
#3 -- Speak to legal
#4 -- Security requires defense in depth.  Deliberately eliminating one layer of
protection does not lend itself to security.
I hope that your customers are either consumers or enterprises which don't care
about security, or this will come back to bite the organization sooner rather
than later.
Get your manager's view in writing.   (Repeated for emphasis)
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Wed, Dec 7, 2016 11:24 PM, Kish N Kepi kishnk...@gmail.com
wrote:
We keep a lax environment – our users are local admins on their Windows laptops
and we not stop them from installing any software they want – the only caveat I
ever say is ‘don’t be stupid’. And yes, we are a hi-tech house, well beyond the
startup stage.



During a conversation about potential changes to the way we do backups today, I
stated that the current back up routine specifically excludes most media files,
and also that I’d used psexec  to kill utorrent  processes. My boss, who is
actually quite knowledgeable in IT matters, had a response surprised me: why?
Why not backup the media files? Why not allow torrent traffic? His points were
as follows:

1.  We give them laptops and smartphones and expect them to be available at
all hours of the day – that’s convergence of home and office life – why
shouldn’t we backup the photos of their kids, pets and vacations too?

2.  Do we have bandwidth issues? We have a broad link to the internet and
only at periodic peaks do we hit anywhere near our limit

3.  Legality of torrents? Really? How many people care about the legality?

4.  Malware? We have other protections in place.



I couldn’t come up with any answers that sounded reasonable to me, so at this
stage, we’re planning increase our backup storage capacity. 



Does anyone here have answers that I lack? Sorry for cross-posting, but I this
question is bothering me, and I know that many people in this for a have strong,
well-formed (and well-expressed) opinions



Kish n Kepi

Re: [NTSysADM] ALL Flash Storage

[Andrew S. Baker]

Nimble has some good tech.

There is pretty good innovation in storage right now across the board.
Regards,







ASB  
http://XeeMe.com/AndrewBaker










On Wed, Dec 7, 2016 1:53 PM, Kurt Buff kurt.b...@gmail.com
wrote:
We also have a VNX 5400 (and a VNXe 3100), and we're going to dump it

for Nimble in the middle of the year, once our support runs out.




The cost of renewing support will cover a new Nimble, basically, and

we expect much improved performance.




Kurt




On Wed, Dec 7, 2016 at 6:24 AM, David McSpadden  wrote:

> What is eveyone’s thoughts on All Flash Storage?

>

> I am looking to replace the Storage I have attached to my VNX5400 from EMC

> with either:

>

>

>

> EMC Unity

>

>

>

> PureStorage

>

>

>

> Nimble

>

>

>

> I haven’t gotten all the proposals in yet but was wondering what everyone

> else thought about them?

>

> This e-mail and any files transmitted with it are property of Indiana

> Members Credit Union, are confidential, and are intended solely for the use

> of the individual or entity to whom this e-mail is addressed. If you are not

> one of the named recipient(s) or otherwise have reason to believe that you

> have received this message in error, please notify the sender and delete

> this message immediately from your computer. Any other use, retention,

> dissemination, forwarding, printing, or copying of this email is strictly

> prohibited.

>

>

> Please consider the environment before printing this email.

Re: [NTSysADM] Odd .ps1 files.

[Andrew S. Baker]

Very interesting…
Regards,







ASB








On Fri, Dec 2, 2016 2:32 PM, Kennedy, Jim kennedy...@elyriaschools.org
wrote:
And the answer is PS creates a fake random named ps1 on login to see if it is
auth'd under Applocker rules.



-Original Message-

From: Kennedy, Jim

Sent: Friday, December 2, 2016 2:25 PM

To: excha...@lists.myitforum.com; ntsysadm

Subject: RE: [NTSysADM] Odd .ps1 files.



Sorry, wrong forum.



-Original Message-

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kennedy, Jim

Sent: Friday, December 2, 2016 2:23 PM

To: ntsysadm; excha...@lists.myitforum.com

Subject: [Exchange] [NTSysADM] Odd .ps1 files.



Seeing these from time to time from my SIEM. Not a lot but fairly consistently.



C:\Users\\AppData\Local\Temp\1hv3rbtn.tyz.ps1



These are regular students that can't even run powershell. Always a generated
string for the file name. This is a pretty tight environment, the students don't
even have email, their filter is very tight. So it's like I have a system
generating them...but dang if I can think of one that would do that under a user
context.

Re: [NTSysADM] List of major IT conferences in the US?

[Andrew S. Baker]

  

  








  


  
Add the Gartner Security Summit in MD in June.I plan to be at that one…Regards,

 ASB 
 http://XeeMe.com/AndrewBaker  Providing Expert Technology
Consulting Services for the SMB market…  GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
  

  




  
  


  On Mon, Nov 28, 2016 6:19 PM, Jonathan Raper  jra...@nwnit.com
 wrote:
  



Hi everyone,
 
Back in April of this year I typed up this list of significant/notable/major IT conferences in the US and shared it with the collective. A number of you provided some good feedback. I figured I’d update it for
 2017 and share it again. If there is something missing in the US that you believe is significant/worthwhile, please feel free to let me know!
 
Hope you find this useful!
 




Conference


2017 Date


Location




SANS


MANY, as early as Jan 9-14


many




RSA Conference


Feb 13 - 17


San Francisco




Red Hat Summit


May 2 – 5


Boston




EMC World


May 8 - 11


Las Vegas




Oxford Identity, Security, and Mobility Summit


May 9 – 11


Redmond, WA




Interop


May 15 - 19


Las Vegas




Citrix Synergy


May 23 – 25


Las Vegas




E2E Virtualization Conference


May 25 – 26


Orlando




Cloud Identity Summit


June 19 – 22


Chicago




Cisco Live


June 25 - 29


Las Vegas




Briforum


Not yet announced – Usually July


Boston?




Black Hat


July 22 - 27


Las Vegas




DEFCON


July 27 – 30


Las Vegas




VMWorld


August 27 – 31


Las Vegas




HP Global Partner Conf


Not yet announced – Usually Sept


Boston?




DerbyCon


Not yet announced – Usually Sept


Louisville, Ky




Microsoft Ignite


Sept 25 – 29


Orlando




NetApp Insight


Oct 2 – 5


Las Vegas




IT/Dev Connections


Oct 23 – 27


San Francisco




Gartner ITxpo


Oct 1 – 5


Orlando




Intel/McAfee FOCUS


Not yet announced – usually Oct/Nov


Las Vegas?




 
Thanks,
 
Jonathan


NOTE: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are
 not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone
 or return email and destroy or delete this message along with any attachments immediately.



  

  



  

Re: [NTSysADM] File permission question

[Andrew S. Baker]

Office creates temp files then replaces the originals when you save the files,
so if you make the permissions restrictive enough to prevent moving, you'll also
prevent editing.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Wed, Nov 23, 2016 4:59 PM, David McSpadden dav...@imcu.com
wrote:
Server 2012

Active directory

Windows 7 32 bit

Office 2010

Created a file share

Everyone full on share

Created ad security group

Set security for group with modify 




Trying to prevent users from deleting or moving folders/files




Users in group were still able to move 




Changed permissions to special by removing delete files from advanced
permissions.




Then users could not make changes to files they were not creator owner of?




What am I missing?




Sent from my iPhone

This e-mail and any files transmitted with it are property of Indiana Members
Credit Union, are confidential, and are intended solely for the use of the
individual or entity to whom this e-mail is addressed. If you are not one of the
named recipient(s) or otherwise have reason to believe that you have received
this message in error, please notify the sender and delete this message
immediately from your computer. Any other use, retention, dissemination,
forwarding, printing, or copying of this email is strictly prohibited.




Please consider the environment before printing this email.

Re: [NTSysADM] Update on the broken DFSR issue

[Andrew S. Baker]

So much process to get the right stuff in place, but for vetting crazy restore
policies?  Not so much process…   Sigh.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Thu, Nov 17, 2016 4:55 PM, Webster webs...@carlwebster.com
wrote:
Yep, they are in a "highly secure" industry with federal oversight. When I
proposed adding a 2008 R2 or 2012 R2 DC, it was quickly shot down by a list of
acronyms I had never
heard of before. They said they have to get security baselines for any server
that is involved with authentication and it took so long to get for Server 2008
SP2 that have no interest in going thru it again. They were overjoyed when I
told them 2008 SP2 was
on extended support for almost another 3 years.



I doubt I could get permission to write this up as an article because without
screenshots, event log entries and dcdiag reports, it would be very difficult to
explain and show
what all happened. I guess I could just publish a series of black boxes connect
by "a", "and", "the", "but", and "or" and call it a day.  story about 
  when   happened and  solved it.



Thanks





Webster



From:  listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]On
Behalf Of Andrew S. Baker
Sent:  Thursday, November 17, 2016 3:32 PM
To:  ntsysadm@lists.myitforum.com
Subject:  Re: [NTSysADM] Update on the broken DFSR issue



Too bad you can't write a book about this one.



Regards,



ASB
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…



 GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842





On Thu, Nov 17, 2016 2:16 PM, Webster webs...@carlwebster.com  wrote:

Boss man got on out GTM and explained the history of the issue. About a year ago
they moved from FSR to DFSR for SYSVOL. Sometime after that, an admin who no
longer works there, restored the main DC from a snapshot pre DFSR migration and
pre adprep for 2008
R2. So you had the main DC now thought it was on schema 44 and the other thought
it was on schema 47. One thought it was using DFSR and one thought it was using
FRS. That admin attempted to trick the DCs thru a series or regedits and
ADSIEdits. He then went
and restored a copy of the SYSVOL tree to a file share and then copied and
pasted that to both DCs.



They have been operating in this screwed up, unreliable, non-steady state for
over a year now. Three months ago (I was originally told two) the new admin
comes in to all this fiasco and also tries to reverse the travesty thru a bunch
of regedits and adsiedits.
Why no one thought or bothered to get Microsoft support involved over a year ago
is beyond me. I talked the boss into us getting Microsoft support involved. My
co-worker who got me involved in this call is now getting an AD backup and will
open a call with
MS. When he finishes up with MS support, I will let you know "the rest of the
story".



Thanks





Webster

Re: [NTSysADM] Update on the broken DFSR issue

[Andrew S. Baker]

Too bad you can't write a book about this one.
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Thu, Nov 17, 2016 2:16 PM, Webster webs...@carlwebster.com
wrote:
Boss man got on out GTM and explained the history of the issue. About a year ago
they moved from FSR to DFSR for SYSVOL. Sometime after that, an admin who no
longer works there, restored the main DC from a snapshot pre DFSR migration and
pre adprep for 2008 R2. So you had the main DC now thought it was on schema 44
and the other thought it was on schema 47. One thought it was using DFSR and one
thought it was using FRS. That admin attempted to trick the DCs thru a series or
regedits and ADSIEdits.
He then went and restored a copy of the SYSVOL tree to a file share and then
copied and pasted that to both DCs.



They have been operating in this screwed up, unreliable, non-steady state for
over a year now. Three months ago (I was originally told two) the new admin
comes in to all this fiasco and also tries to reverse the travesty thru a bunch
of
regedits and adsiedits. Why no one thought or bothered to get Microsoft support
involved over a year ago is beyond me. I talked the boss into us getting
Microsoft support involved. My co-worker who got me involved in this call is now
getting an AD backup and
will open a call with MS. When he finishes up with MS support, I will let you
know "the rest of the story".



Thanks





Webster

Re: [NTSysADM] Big Breach -- 400M +

[Andrew S. Baker]

It seems like they are not going to make the database publicly searchable this
time…
Regards,







ASB








On Mon, Nov 14, 2016 6:33 PM, Micheal Espinola Jr michealespin...@gmail.com
wrote:
Wonder if we are going to get a public naughty list just in time for Christmas.
--
Espi

On Mon, Nov 14, 2016 at 2:59 PM, Ed Ziots <eziot...@gmail.com>  wrote:
Nice let the games begin


On Nov 14, 2016 10:10 AM, "Andrew S. Baker" <asbz...@gmail.com> wrote:

Urgent Phishing Alert: Warn Your Users Against AdultFriendFinder Scams Now

 Urgent Phishing Alert: Warn Your Users Against AdultFriendFinder Scams Now

 blog.knowbe4.com
 


AdultFriendFinder network hack exposes 412 million accounts

 Almost every account password was cracked, thanks to the company's poor
security
practices. Even "deleted" accounts were found in the breach.

 zdnet.com
 


You may see some impact in your organization…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax

[NTSysADM] Big Breach -- 400M +

[Andrew S. Baker]

Urgent Phishing Alert: Warn Your Users Against AdultFriendFinder Scams Now

 Urgent Phishing Alert: Warn Your Users Against AdultFriendFinder Scams Now

 blog.knowbe4.com
 


AdultFriendFinder network hack exposes 412 million accounts

 Almost every account password was cracked, thanks to the company's poor
security
practices. Even "deleted" accounts were found in the breach.

 zdnet.com
 


You may see some impact in your organization…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842








Sent with Mixmax

Re: [NTSysADM] USC keeps getting disabled

[Andrew S. Baker]

If you are joined to the domain, are you using a domain account?
The error message suggests otherwise…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Thu, Oct 27, 2016 10:46 AM, Bud Durland b...@mrpcap.com
wrote:
I have Windows 10 professional running the current update, joined to a domain.  
UAC is disabled, so I can’t run many of the Windows 10 apps (“this app can’t be
opened using the built-in administrator account”).   I change the UAC & reboot,
and all is well for a while, then it goes back, so I’m certain it’s a GPO
issue.  My expert on such things isn’t with us anymore, and Googling the problem
yields conflicting answers.   Can anyone guide me to the correct domain GPO
entries and settings so that UAC stays enabled?



Thanks in advance.



--



Bud Durland   |    Director of Information Technology 
Direct:  518.324.4850 | Cell:  518.726.0967 | Fax:  518.561.0017 | 
b...@mrpcap.com
1 Plant St., Plattsburgh, NY 12901  
Website |  Twitter |  LinkedIn |  YouTube  








NOTE -- This message contains legally privileged and confidential information 
and is intended only for the individual named.
If you are not the named addressee you should not disseminate, distribute or 
copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail 
by mistake and delete
this e-mail from your system. Thank you.

Re: [NTSysADM] Script Update: Microsoft DNS Documentation Script Update Version 1.03

[Andrew S. Baker]

Again?  I think you mean "still" .
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Wed, Oct 19, 2016 3:19 PM, Kurt Buff kurt.b...@gmail.com
wrote:
You've been a busy bee again - thanks for this...




Kurt




On Wed, Oct 19, 2016 at 4:59 AM, Webster  wrote:

> http://carlwebster.com/microsoft-dns-documentation-script-update-version-1-03/

>

>

>

> Thanks

>

>

>

>

>

> Carl Webster

>

> Citrix Technology Professional

>

> http://www.CarlWebster.com

>

> The Accidental Citrix Admin

>

>

Re: [NTSysADM] Ping -a does not work anymore

[Andrew S. Baker]

Works here on multiple servers and workstations (Server 2008-R2 & 2012-R2;
Win7, 8, 10)
Are you having any issue with DNS?
Are you trying to resolve local or remote hosts?
What does your DNS suffix configuration look like?
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Tue, Oct 18, 2016 3:46 PM, Stefan Jafs sj...@amico.com
wrote:
For some reason ping -a does not resolve any DNS name anymore, it used to work,
tried it on 2 PC’s and 2 Servers.



Google is no help, any ideas?



__

Stefan Jafs

Re: [NTSysADM] Drooly security things at Ignite

[Andrew S. Baker]

Very nice…
Thanks, Susan.     (Oh, I get lots of malware samples… )
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Thu, Sep 29, 2016 2:44 PM, Susan Bradley sbrad...@pacbell.net
wrote:
If you want to test it with real ransomware, holler, I get lots of
samples.

They are now integrating it with the Office threat stuff and plans
are to stick it in/support it in server 2016 too.

On 9/29/2016 9:34 AM, Andrew S. Baker
wrote:
>>Check out Windows defender advanced
threat protection beta...
 
I'm actually
looking forward to testing this out…
 
Regards,





ASB  
http://XeeMe.com/AndrewBaker

Providing
Expert Technology
Consulting Services for the
SMB market…


GPG:860D 40A1 4DA5
3AE1 B052 8F9F 07A1 F9D6 A549
8842









On Thu, Sep 29, 2016 11:53 AM,
Susan Bradley sbrad...@pacbell.net
wrote:
https://technet.microsoft.com/windows-server-docs/security/securing-privileged-access/securing-privileged-access

Good doc on solutions




Check out Windows defender advanced threat protection
beta... it is not a/v. It is like forensics with a
cloud console to review what bad thing may have done
to your workstations.

https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp

Re: [NTSysADM] Drooly security things at Ignite

[Andrew S. Baker]

>>Check out Windows defender advanced threat protection beta...
I'm actually looking forward to testing this out…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Thu, Sep 29, 2016 11:53 AM, Susan Bradley sbrad...@pacbell.net
wrote:
https://technet.microsoft.com/windows-server-docs/security/securing-privileged-access/securing-privileged-access

Good doc on solutions




Check out Windows defender advanced threat protection beta... it is not a/v. It
is like forensics with a cloud console to review what bad thing may have done to
your workstations.

https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp

Re: [NTSysADM] raid 5? in 2016

[Andrew S. Baker]

As the drives in question are SSDs, they will rebuild faster than regular SATA
or SAS drives.
Still, RAID6 is better than RAID5 for timely recovery due to the above…
Regards,







ASB  
http://XeeMe.com/AndrewBaker

Providing Expert Technology
Consulting Services for the SMB market…


GPG:860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842













On Fri, Sep 16, 2016 1:26 PM, Mark Gottschalk mgo...@2roads.com
wrote:
http://www.zdnet.com/article/why-raid-5-stops-working-in-2009/

It claims a 50% chance of
rebuild failure in a RAID5 array with 7 1-TB drives.  Your disks are
only 500GB, but there are 8 of them.  Someone else will have to do
the math on that.  The consensus starting several years ago (the article
is from 2009) is that RAID 5 is dead due to the very high chance (approaching
100% with large drives) of a URE during rebuild, thus rendering a RAID
5 array a false sense of security and not actually robust/redundant at
all.

Another article about OBR10
(one big raid 10) being the current standard for server storage:
https://community.spiceworks.com/topic/262196-one-big-raid-10-the-new-standard-in-server-storage

There are always exceptions,
and yours could justifiably be one of them.  Don't know and don't
want to debate it (plenty of that in the SpiceWorks comments). Just sending
some info I was previously aware of.

-- Mark




From:J- P 
To:NT 
Date:09/16/2016 06:18 AM
Subject:[NTSysADM] raid
5? in 2016
Sent by:






So I inherited this server , (sitting on
site since February) low and behold when I fire it up it turns out that
whoever set it up used all 8 discs in a raid 5 (granted they are only 500gb
enterprise ssd's ) but still raid 5? and no hot spare?

I'm trying to figure what the purpose of
this server is/was, but aside from a losing some space wouldn't a  raid
6 and hot spare make MUCH more sense?

I'd like to move some of their VMs to it,
as it is a brand spanking new r730 with 96gb of ram

Re: [NTSysADM] Biometrics on Windows 10 1607

[Andrew S. Baker]

Now they mention it…
Regards,




ASB
http://XeeMe.com/AndrewBaker










On Tue, Aug 30, 2016 8:25 AM, Joseph L. Casale jcas...@activenetwerx.com wrote:
I am in a similar situation and just working through it. They have made some
changes in sign in and lock security.



For example, disabling the lock screen password request seems to only be
partially available through GPOs, the same “Some settings are managed by your
organization” gets an additional “Authentication is not required when this PC
wakes from sleep. Sign in as an administrator to change this setting.” Which of
course works but is hardly scalable. Other pressing issues are on the plate so I
have not finished this, but it looks like a combination of GPO policy and GPO
reg entries are required for that one.



I have found a few articles indicating changes such as 
https://blogs.technet.microsoft.com/ash/2016/08/13/changes-to-convenience-pin-and-thus-windows-hello-behaviour-in-windows-10-version-1607/
 where the policies now depend on additional criteria…



jlc



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kish N Kepi
Sent: Tuesday, August 30, 2016 3:12 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Biometrics on Windows 10 1607



Fresh install of Windows 10 build 14393. Domain-joined. Windows Hello, PIN and
Fingerprint are all greyed out



Default Domain Policy includes all 3 Biometrics lines:

Allow domain users to log on using biometrics: Enabled

Allow the use of biometrics: Enabled

Allow users to log on using biometrics: Enabled

With no WMI Filtering

I ran gpedit.msc locally on his laptop, and it shows the same 3 lines configured
as enabled.

After googling, I added this registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider]

"Domain Accounts"=dword:0001



On my laptop, the fingerprint works fine, but on the COO’s, Windows Hello is
greyed out and at the top it says: some settings are managed by your
organization. But as I said, my organization allows it and it works for me and
several other Win 10 laptops.

COO will not accept his new laptop without a fingerprint. I tried logging in
with a different domain user on that laptop and it is grey there too. However, a
non-domain, local account has access to Hello/Pin/Finger



Any ideas?



Kish

Re: [NTSysADM] VLAN dhcp issue Netgear GS748Tv5

[Andrew S. Baker]

The switch can handle layer 2 traffic and VLANs just fine. The inability to
handle DHCP is a separate thing altogether.

Regards,




ASB
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…

GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A















On Mon, Aug 22, 2016 9:32 PM, J- P jnat...@hotmail.com wrote:
Thanks Espi,

i guess i was hoping to see if someone had real world experience with these -

i find it odd that it can be labled and sold as a managed switch with vlan
support if it requires a 2nd switch.

i thought perhaps i was missing or overlooking some setting(s)

What if soemone had a small network (30 pcs , a few servers and some printers)
and they bought this 48 port "managed layer 3 vlan capable switch " with the
expectation that it can do what it claims?

thx again




From: michealespin...@gmail.com
Date: Mon, 22 Aug 2016 17:16:10 -0700
Subject: Re: [NTSysADM] VLAN dhcp issue Netgear GS748Tv5
To: ntsysadm@lists.myitforum.com

Hi J-P,
I didnt really see a question in your initial post, but if I'm understanding
your frustration correctly: If there are no DHCP helper options, I dont see how
this could work. DHCP is a broadcast protocol, and needs a helper mechanism to
cross networks. I can only assume that this model is a lower-tiered option that
is meant to be stacked with a higher-tiered managed switch.
I saw a similarly themed question posted here:

https://community.netgear.com/t5/Smart-Plus-Click-Switches/Why-have-none-of-Netgear-s-L2-switches-a-DHCP-relay-agent/td-p/500749


--
Espi

On Mon, Aug 22, 2016 at 1:29 PM, J- P < jnat...@hotmail.com > wrote:
Anyone, Bueller,


Jean-Paul Natola






From: jnat...@hotmail.com
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] VLAN dhcp issue Netgear GS748Tv5
Date: Sat, 20 Aug 2016 19:47:11 -0400

Hi all,
I've been testing VLAN on a GS748tv5 I emphasize v5 as netgear tends to create
different devices and only differentiate them by the version , as a matter of
fact this device does not have a "ip-helper, or dhcp relay" options (yes I know,
its old , and crappy anyway),
So I created vlan5 , assigned it an IP 192.168.5.1 , added the firewall port and
test pc port to the vlan and since I have no option for ip-helper or DHCP relay,
the PC received no ip address (and yes, I did create the DHCP scope 192.168.5.x
on my 08r2 server, )
If I give the pc a static address (i.e 192.168.5.x ) I can then successfully
ping 192.168.5.1 , further research said to enable DHCP option 82 on the DHCP
server; https://www.google.com/search? q=dhcp+option+82==
which of course doesn't exist in 08, so I tried to manually create option 82,
still no joy-
if anyone can share any thoughts it would be greatly appreciated
and before anyone asks, there is no CLI, no Shell, no Terminal on this POS
switch


Jean-Paul Natola

Re: [NTSysADM] PowerShell on Linux and Open Source

[Andrew S. Baker]

This is interesting…
They are coupling everything else in Windows, but decoupling PowerShell?
This could be *very* interesting, if people start using PowerShell on other
platforms, it could increase the usefulness of PowerShell on Windows.
OTOH, I haven't heard a lot of new about Mono in years…
Download | Mono To try pre-release packages, check the alpha or beta download 
pages. mono-project.com

We'll have to see how it all plays out, and if people will just sit skeptically
on the sidelines, or contribute in a meaningful way.
Maybe the only real benefit will be much desired features on Windows.

Regards,




ASB
http://XeeMe.com/AndrewBaker















On Thu, Aug 18, 2016 11:51 AM, Michael B. Smith mich...@smithcons.com wrote:

https://blogs.msdn.microsoft.com/powershell/2016/08/18/powershell-on-linux-and-open-source-2/



Discuss.

Re: [NTSysADM] Outlook desktop alert changes

[Andrew S. Baker]

Which version/build of Windows are you running?
Regards,




ASB








On Wed, Aug 17, 2016 5:03 PM, Kevin Lundy klu...@gmail.com wrote:
Since the list has been very quiet lately, I'll ask a user level question.
My Outlook 2016 has recently stopped showing a preview of the message in the
toast desktop alert. It now just says "there are new items in your mailbox"
Did any of the recent Office patches take away the preview capability?
Kevin