Re: [NTSysADM] DHCP role

2017-11-30 Thread David Lum 
I've pulled DHCP off all our DC's and it wasn't too tough for the network team 
to accomodate. Using DHCP failover took a bit more work for us to perfect.  
Using failover you by definiton copy the confif to the new serverstand up 
new dhcp server, config as failover, then stand down DHCP on the domain 
controller and decondigure failover once the new server is confirmed to hand 
out IP's. (Assuming Win DHCP servers).

Totally worth it in our opinion. 

Dave

> On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife 
>  wrote:
> 
> Problem with that, is that I’d really like to keep the same IP for the DHCP 
> server.  My network team has that in all their switches around the state as 
> ip-helper entries.
>  
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Webster
> Sent: Thursday, November 30, 2017 7:45 AM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [NTSysADM] DHCP role
>  
> I would migrate DHCP first.
>  
> Webster
>  
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Heaton, Joseph@Wildlife
> Sent: Thursday, November 30, 2017 9:00 AM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [NTSysADM] DHCP role
>  
> That’s what we’re doing as well.  Not sure why, but our service account is 
> member of DNSUpdateProxy, but also a member of DNSAdmins.  Anyone have an 
> idea why that group?  I didn’t set this up initially, I’m just trying to get 
> things in best practices, and address a current issue I’m working through, of 
> replacing a DC, that happens to be our main DHCP server.  My thoughts at the 
> moment, are to add a new DC, with only DC roles.  Then, DCpromo the old DC 
> (with DHCP), then migrate DHCP to a new server, that is only a member server, 
> not a DC.
>  
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Mark Gottschalk
> Sent: Wednesday, November 29, 2017 6:21 PM
> To: ntsysadm@lists.myitforum.com
> Subject: Re: [NTSysADM] DHCP role
>  
> https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/
>  
> https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx 
> 
> This is what we've done with DHCP on DC.  Have a user "DHCP_user" in 
> Protected User group, DNSUpdateProxy group. Use this for alternate 
> credentials. 
> 
> Note that first article says: 
> "A common error is to think that the DHCP Server service running in a DC will 
> use its service account security context to register records in DNS if no 
> alternate credentials are configured, and then there is security risk. In 
> fact, this is not the behavior of the DHCP Server in a DC. 
> 
> If the DHCP Server service detects that it is running in a domain controller, 
> and no alternate credentials for DNS registrations have been configured, then 
> it decides to not do any registrations for DHCP clients and logs event 
> DHCP/1056." 
> 
> It also starts with: 
> "One common deployment scenario for the DHCP Server service is to have it 
> installed in domain controllers. When this scenario is used it is necessary 
> to define the alternate credentials to be used by DHCP when doing DNS 
> registrations on behalf of the DHCP clients." 
> 
> If you can separate them with no downside, go for it.  However, running DHCP 
> on a DC appears to be accounted for and can be addressed by above. 
> 
> -- Mark 
> 
> 
> 
> 
> From:"Heaton, Joseph@Wildlife"  
> To:'NT System Admin Issues Discussion list' 
>  
> Date:11/29/2017 02:49 PM 
> Subject:[NTSysADM] DHCP role 
> Sent by:"listsad...@lists.myitforum.com"   
> 
> Is it still best practice to have DHCP NOT on a DC?  I’ve been reading a 
> bunch of stuff, but everything I’m reading refers to Server 2003 or older.
>  
> Joe Heaton
> Information Technology Operations Branch
> Data and Technology Division
> CA Department of Fish and Wildlife
> 1700 9th Street, 3rd Floor
> Sacramento, CA  95811
> Desk:  916-323-1284
>

RE: [NTSysADM] Adding *only* reboot right for domain user to a local host, remotely ...

2017-01-23 Thread David Lum 
I do this so our NOC can patch/reboot and the GPO setting I use is “allow 
system shutdown” and that GPO does nothing else. Also, you’ll want to add 
BUILTIN\Administrators and Domain Admins to that GPO or else ONLY the group 
specified in the GPO can reboot the system.  Don’t ask how I know :).

 

Dave

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Friday, January 20, 2017 9:43 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Adding *only* reboot right for domain user to a local host, 
remotely ...

 

(I really wish my boss wouldn't ask about this type of stuff at noon on a 
Friday, when I have to leave by 4PM ...)

 

Anyway, what he wants to do: he wants our techs to be able to use a domain 
account, log into domain member servers, run Windows Update, *and* then be able 
to tell it to reboot. 

And he does NOT want to add this domain account to local Administrators group.

 

(don't ask, it's a long story)

 

I *think* I can do this with a GPO

 



Computer Configuration > Policies > Windows Settings > Security Settings > 
Local Policies > User Right Assignment > Force shutdown from a remote system

Simply add account(s) in question to this policy and they will be able to 
reboot servers remotely.



Problem is, I haven't tested this yet, and he (ideally) wants this in place so 
the techs can install windows updates on Sunday. And no way do I want to roll 
this out to all production servers, without testing it first (which I don't 
have time to do, before I have to leave today)

Is this the best way to give a domain user only the right to reboot a server, 
without giving them any other rights? (I have a GPO that assigns WSUS settings 
via OU and group membership; I could either add it to that one, or make a new, 
and assign it to that same OU and group membership)

Re: [NTSysADM] RE: ALL Flash Storage

2016-12-07 Thread David Lum 
%dayjob% moved to all flash last year and (we run Epic - medical - databases 
and about 9,000 concurrent users) the IOPS improvement is "yuuuge".

Dave

> On Dec 7, 2016, at 6:34 AM, James Rankin  wrote:
> 
> I think – SuperFast J
>  
> We mainly use Atlantis, but not being much of a storage bod, don’t know much 
> except my VDI sessions are a lot quicker than they used to be
>  
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of David McSpadden
> Sent: 07 December 2016 14:25
> To: ntsysadm@lists.myitforum.com
> Subject: [NTSysADM] ALL Flash Storage
>  
> What is eveyone’s thoughts on All Flash Storage?
> I am looking to replace the Storage I have attached to my VNX5400 from EMC 
> with either:
>  
> EMC Unity
>  
> PureStorage
>  
> Nimble
>  
> I haven’t gotten all the proposals in yet but was wondering what everyone 
> else thought about them?
> This e-mail and any files transmitted with it are property of Indiana Members 
> Credit Union, are confidential, and are intended solely for the use of the 
> individual or entity to whom this e-mail is addressed. If you are not one of 
> the named recipient(s) or otherwise have reason to believe that you have 
> received this message in error, please notify the sender and delete this 
> message immediately from your computer. Any other use, retention, 
> dissemination, forwarding, printing, or copying of this email is strictly 
> prohibited.
> 
>  
> Please consider the environment before printing this email.

[NTSysADM] Automated Xenserver disk report

2014-12-09 Thread David Lum 
Does anyone know of a way to generate Xenserver storage reports?
Specifically look across the various pools and give me a repoty of available
space on both local hosts (not guest VM's) and shared (SAN/NAS) storage?

 

Dave Lum \\ I.T. Garage

 mailto:d...@theitgarage.com d...@theitgarage.com \\ 503.267.9764
(voice/text)

 http://www.theitgarage.com www.theitgarage.com

RE: [NTSysADM] Change Management process and documentation

2014-10-28 Thread David Lum 
Boom, winner!

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of geoff taylor
Sent: Tuesday, October 28, 2014 11:02 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Change Management process and documentation

 

Ah! Run screamingpoke yourself in the eye with a sharp
stick..its better than suggested email.

Here are just some of the reasons:

1) Email does not have a followup and reminder system  (automated
notifications of approvals, escalations etc)
2) Email will flood your mailbox and lose site of end goal
3) no prioritization of problems
4) poor history retrieval
5) no solution database
6) no self help for end users
7) no time tracking to report where you are spending your time
8) no incident reporting to see trends.


I have used tonnes (y I'm a canuck) of tools from Remedy to IBM overkill
from good to downright awful and everyone was better than email.

I  cannot say enough good things about this tool:
Sysaid 
https://www.sysaid.com
We used the free version at a charity for years, and recently ponied up as
we needed more admins to use it.  Still dirt cheap.  Works as advertised.

YMMV but stay away from email at all costs

gt




On 28/10/2014 1:09 PM, Dave Lum wrote:

We are defining a new change management process at %dayjob%. The current
consensus is to do it all via email, which for reason's I can't fully
explain gives me fits. I've been asked why not email and I can't come up
with anything more useful than new engineer starts and has no way to review
previous changes. Kind of a weak argument.

 

%dayjob% is a smallish company (~250 employees) that does have to worry
about HIPAA but currently shows no interest in following ITIL guidelines.

 

What do you guys use and if not email, why not?

 

Dave Lum \\ I.T. Garage

d...@theitgarage.com \\ 503.267.9764 (voice/text)

www.theitgarage.com

RE: [NTSysADM] Change Management process and documentation

2014-10-28 Thread David Lum 
That's how I handle it for my client. The same mechanism they use to submit
Help Desk tickets (SysAid) I create a ticket when I'm making a system change
to their systems (patching, upgrades, GPO changes, etc.). It performs double
duty as I can then reference that ticket ID in my invoice to them.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Jason Kirkland
Sent: Tuesday, October 28, 2014 12:57 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Change Management process and documentation

 

So what process does a small company use for change management?  Do you just
open a ticket and document in that ticket?  I don't think that is adequate
enough.  I am trying to figure out a proper process for us and also how can
I get buy in from other employees.

 

 

 

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of geoff taylor
Sent: Tuesday, October 28, 2014 2:49 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Change Management process and documentation

 

As I mentioned we being poor just adapted the helpdesk components.  But
Sysaid has the real thing, ITIL compliant as well.

https://www.sysaid.com/help-desk/itil-package/change-management

On 28/10/2014 2:31 PM, Dave Lum wrote:

+1 I use cloud SysAid for  %sidejob% Help Desk. This list looks like
HelpDesk stuff, not change management, although a few still apply.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Kennedy, Jim
Sent: Tuesday, October 28, 2014 11:06 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Change Management process and documentation

 

Sysaid is pretty epic, we use it for our help desk. Have not used it for
change management.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of geoff taylor
Sent: Tuesday, October 28, 2014 2:02 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Change Management process and documentation

 

Ah! Run screamingpoke yourself in the eye with a sharp
stick..its better than suggested email.

Here are just some of the reasons:

1) Email does not have a followup and reminder system  (automated
notifications of approvals, escalations etc)
2) Email will flood your mailbox and lose site of end goal
3) no prioritization of problems
4) poor history retrieval
5) no solution database
6) no self help for end users
7) no time tracking to report where you are spending your time
8) no incident reporting to see trends.


I have used tonnes (y I'm a canuck) of tools from Remedy to IBM overkill
from good to downright awful and everyone was better than email.

I  cannot say enough good things about this tool:
Sysaid 
https://www.sysaid.com
We used the free version at a charity for years, and recently ponied up as
we needed more admins to use it.  Still dirt cheap.  Works as advertised.

YMMV but stay away from email at all costs

gt



On 28/10/2014 1:09 PM, Dave Lum wrote:

We are defining a new change management process at %dayjob%. The current
consensus is to do it all via email, which for reason's I can't fully
explain gives me fits. I've been asked why not email and I can't come up
with anything more useful than new engineer starts and has no way to review
previous changes. Kind of a weak argument.

 

%dayjob% is a smallish company (~250 employees) that does have to worry
about HIPAA but currently shows no interest in following ITIL guidelines.

 

What do you guys use and if not email, why not?

 

Dave Lum \\ I.T. Garage

d...@theitgarage.com \\ 503.267.9764 (voice/text)

www.theitgarage.com

 

 

 

 

 

It is our policy at Robins Federal Credit Union to never request account
information via email.

Confidentiality Notice: This e-mail, along with any attachment, is intended
solely for the specified recipient and may contain confidential and/or
privileged information. Any review, dissemination, copying, printing or
other use of this e-mail by persons or entities other than the intended
recipient is prohibited. If you have received this e-mail in error, please
contact the sender immediately and delete the information.

[NTSysADM] 2008 R2 SBS2011 VM inplace upgrade Hyper-V host 2008R2 to 2012R2

2014-10-14 Thread David Lum 
I rarely do in-place OS upgrades, but this one looks easy. I have a SBS2011
VM running on a 2008 R2 Hyper-V host. I have licenses for 2012R2 and would
like to upgrade the host to that OS. I have upgraded a couple other hosts
and the VM's made it over with no issue, but I figured I'd check with the
collective, has anyone seen any issues?

 

Dave Lum \\ I.T. Garage

 mailto:d...@theitgarage.com d...@theitgarage.com \\ 503.267.9764
(voice/text)

 http://www.theitgarage.com www.theitgarage.com

Re: [NTSysADM] Windows Service account management

2014-10-09 Thread David Lum 
Yes it will, as you are effectively just using OneDrive as a replication medium.

I treat all cloud storage as a replication point as I operate under the 
assumption all cloud data can dissappear without notice. Critical data I have 
the original, a local copy (at minimum in a seperate physical device), and a 
cloud copy. Backups are disk to disk to cloud.

Put another way, I use the cloud as protection from a regional event that wipes 
out my local data and local copies. 

Dave Lum - d...@theitgarage.com

Sent from mobile device, please pardon the brevity.

 On Oct 9, 2014, at 7:13 PM, Jon Harris jk.har...@live.com wrote:
 
 Dave will KeePass installed locally work with the cloud based database?  I 
 have been thinking of doing that but my oldness keeps telling me to ignore 
 convenience for safety.
  
 Jon
  
  Date: Thu, 9 Oct 2014 19:06:53 -0700
  Subject: Re: [NTSysADM] Windows Service account management
  From: kurt.b...@gmail.com
  To: ntsysadm@lists.myitforum.com
  
  Probably safer than a web/cloud-based service (LastPass, et al) where
  the database isn't under your direct control, as long as you have a
  good password on the database.
  
  Kurt
  
  On Thu, Oct 9, 2014 at 7:00 PM, Dave Lum l...@ochin.org wrote:
   LOL –I store mine in Keepass…on my OneDrive.
  
  
  
   From: listsad...@lists.myitforum.com 
   [mailto:listsad...@lists.myitforum.com]
   On Behalf Of Jon Harris
   Sent: Thursday, October 09, 2014 3:43 PM
   To: ntsysadm@lists.myitforum.com
   Subject: RE: [NTSysADM] Windows Service account management
  
  
  
   I really dislike the idea of storing my passwords and user IDs in the 
   cloud.
   That is why I use KeePass. It would be more convenient out in the cloud 
   but
   just my dislike and distrust of cloud based stuff. Yeah, yeah OLD foggy I
   know.
  
   Jon
  
  
   
  
   From: r...@pge.com
   To: ntsysadm@lists.myitforum.com
   Subject: RE: [NTSysADM] Windows Service account management
   Date: Thu, 9 Oct 2014 15:33:02 +
  
   LastPass runs on all of those platforms and my Kindle :-D
  
  
  
   Actually I can’t vouch for WP because I don’t have one but it’s supported
   and it does run just fine on my RT tablet.
  
  
  
   Also has a level of enterprise support  secure password sharing facility.
  
  
  
   Not a substitute for a full blown on-prem password vaulting solution[1] 
   but
   it can solve a lot of problems
  
  
  
   [1] Which still has some of the inherent shortcomings mentioned in this
   thread but can close a lot of gaps. We have 10’s of thousands of root and
   administrator accounts that are now unique  fully managed.
  
  
  
   From: listsad...@lists.myitforum.com 
   [mailto:listsad...@lists.myitforum.com]
   On Behalf Of Jon Harris
   Sent: Wednesday, October 08, 2014 4:46 PM
  
  
   To: ntsysadm@lists.myitforum.com
   Subject: RE: [NTSysADM] Windows Service account management
  
  
  
   KeePass does not appear to have a version to work on Windows RT or phones
   YET. I hope they do eventually get there though.
  
   Jon
  
  
   Date: Wed, 8 Oct 2014 15:00:41 -0700
   Subject: Re: [NTSysADM] Windows Service account management
   From: kurt.b...@gmail.com
   To: ntsysadm@lists.myitforum.com
  
   Password Safe and Keepass both come in flavors that run on iPhone and
   Android, as well as Windows and *nix.
  
   Kurt
  
   On Wed, Oct 8, 2014 at 2:40 PM, James Button
   jamesbut...@blueyonder.co.uk wrote:
Yup! Nice concepts
And
20 chars long - it better be based on a phrase I can remember, or I'll
have to
write it down on something I keep near the system where I logon.
Maybe I can write it as the hint facility
Special characters - yup - definitely needs writing down
Ah! I can have the system remember the password and enter it whenever I
put my
id in the userid panel
   
Hey - I'm the sysprog, and I can't ask someone else to fix my lost
password for
me, and management are not going to be happy if I can't fix their
forgotten
password
   
Ah! This weeks selection of monthly password updates, where's my jotter
- postit
pad - that will do.
   
The above is based on experience from many years as sysprog and 
security
management techy on a site with mainframes, mini's, comms, network
servers and
PC's.
   
And then, having required the consultant's ideas be implemented,
management
wonder why people create back-doors and/or write notes on passwords.
   
At least - for most systems, I was allowed to change the password, so
used a
long phrase I could remember, and just wrote down the formula for
selecting the
characters from the phrase.
   
Are you sure you will never need to logon either locally, or remotely -
not even
for a restore and update to 'current' status process.
   
That said, how about limiting logon attempts to 1 a minute - that will
(hopefully) deal with

[NTSysADM] LDAP requests never drop to zero

2014-09-30 Thread David Lum 
Sorry for the cross-post, but this seems to fit both lists. 

 

Setup: I have a CAS box is looking at two GC's (single CAS, two mailbox
servers).

 

Most performance indicators on the CAs server fall well into the acceptable
range, except for LDAP Search time  and LDAP read time.

LDAP read for GC #1: varies between 0 and 16ms. Avg = 3ms

LDAP read for GC #2: varies between 0 and 3600ms. Avg = 1200ms

 

LDAP search for GC #1: varies between 0 and 16ms. Avg = 4ms

LDAP search for GC #2: varies between 267 and 289ms. Avg = 1240ms

 

LDAP Outstanding requests for GC #1: varies between 0 and 1.

LDAP Outstanding requests for GC #2: varies between 19 and 29, never
dropping below 19

 

DCDIAG on GC#2 comes up clean. Nothing bizarre/unusual in the event logs.
CPU, network and disk indicators on GC#2 show low utilization (or, at least
not almost pegged).

 

Doing a Network Monitor dump, I see a lot of TCP: DUP ACK between the CAS
and GC #2 (about 10x more than between the CAS and the other GC), but I
don't know if that's a the problem or the symptom. Anyone have a suggestion
of other places for me to look, or should I look into the network? 

 

Notable is we recently changed CAS servers but we didn't have any baseline
performance info before making the change, so I'm not sure if this issue
existed beforehand or not.

 

Dave Lum \\ I.T. Garage

 mailto:d...@theitgarage.com d...@theitgarage.com \\ 503.267.9764
(voice/text)

 http://www.theitgarage.com www.theitgarage.com

RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

2014-05-07 Thread David Lum 
He used to work at Blackberry?

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: Wednesday, May 07, 2014 10:01 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

Because they want to go out of business.


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Wednesday, May 07, 2014 12:59 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

I left the very dry, dull and boring day 2 keynote and have responded to both.  
Why Citrix hired a Chief Marketing Officer that is dry and monotone and who 
does not have a Twitter or Facebook account and doesn’t know what either is 
used for is beyond me.

Thanks


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Wednesday, May 07, 2014 11:35 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

Web is at a conference this week. It may be a day or two before he responds 
(then again, he may respond in 5 minutes – who knows?). ☺

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim
Sent: Wednesday, May 7, 2014 12:26 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: DHCP and Active Directory documentation scripts

Same here.

On Wed, May 7, 2014 at 9:19 AM, Miller Bonnie L. 
mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote:
If you’re still looking for testers, I’d also like to try both out!

Thanks,
Bonnie

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Tuesday, April 29, 2014 12:11 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: DHCP and Active Directory documentation scripts

These scripts are really making a lot pf progress with the help of testers from 
this list.  David McSpadden found a couple today in the DHCP script so I am 
delaying releasing that script until May 19th.

The AD script is coming along very nicely thanks to all the suggestions from 
the testers.

I can always use more and more testers.  If you are interested in either the AD 
or DHCP script (or both), send me an email letting me know what you want to 
test.  As, I hope, the list members who are helping with testing can tell you, 
I fix any issues found and add most suggestions very promptly.

Thanks


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Wednesday, April 23, 2014 6:45 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] DHCP and Active Directory documentation scripts

With the help of Michael B. Smith, I have created a DHCP documentation script.  
The DHCP script will be released on Monday May 5th.  Still would like some more 
testers.  Requires Server 2012+ DHCP and Win8.x with RSAT.  This script creates 
either a Word doc, PDF file or formatted text file.  The DHCP script documents 
every nook and cranny of both IPv4 and IPv6 that I can find a way to document.  
The next update of the DHCP script will add HTML output.

Again with the help of Michael B. Smith, I am creating an Active Directory 
documentation script.  The Active Directory script is now at version 0.5.  This 
script requires at least one 2008 R2 domain controller and a minimum of Win7 
with RSAT and Word installed.  Version 1 of the script will focus on the 2008 
R2 Active Directory cmdlets.  As soon as V1 is released, I will start on V2 
which will move to requiring PoSH V3, at least one Server 2012+ DC and Win8.x 
with RSAT and will create either a Word doc, PDF file, formatted text file or 
HTML.  Server 2012+ also has DNS cmdlets that I can use that are not in 2008 
R2.  I also need testers for the current AD documentation script.

Thanks


Webster

Please note, our email and web site address have changed:
Email: @EncompassCS.org
Web Site: www.EncompassCS.orghttp://www.EncompassCS.org
Notice to recipient: This communication is intended for the person(s) to whom 
it is addressed and may contain information that is protected by Federal and/or 
State law. If you receive this in error, any review, use, dissemination, 
distribution, or reproduction is strictly prohibited. Please notify us 
immediately by telephone or email and delete the email and any attachment from 
your system. Thank you for your cooperation.
P Help the environment and don't print this email unless

RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

2014-05-07 Thread David Lum 
He used to work at Blackberry?

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: Wednesday, May 07, 2014 10:01 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

Because they want to go out of business.


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Wednesday, May 07, 2014 12:59 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

I left the very dry, dull and boring day 2 keynote and have responded to both.  
Why Citrix hired a Chief Marketing Officer that is dry and monotone and who 
does not have a Twitter or Facebook account and doesn’t know what either is 
used for is beyond me.

Thanks


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Wednesday, May 07, 2014 11:35 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts

Web is at a conference this week. It may be a day or two before he responds 
(then again, he may respond in 5 minutes – who knows?). ☺

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim
Sent: Wednesday, May 7, 2014 12:26 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: DHCP and Active Directory documentation scripts

Same here.

On Wed, May 7, 2014 at 9:19 AM, Miller Bonnie L. 
mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote:
If you’re still looking for testers, I’d also like to try both out!

Thanks,
Bonnie

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Tuesday, April 29, 2014 12:11 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: DHCP and Active Directory documentation scripts

These scripts are really making a lot pf progress with the help of testers from 
this list.  David McSpadden found a couple today in the DHCP script so I am 
delaying releasing that script until May 19th.

The AD script is coming along very nicely thanks to all the suggestions from 
the testers.

I can always use more and more testers.  If you are interested in either the AD 
or DHCP script (or both), send me an email letting me know what you want to 
test.  As, I hope, the list members who are helping with testing can tell you, 
I fix any issues found and add most suggestions very promptly.

Thanks


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Wednesday, April 23, 2014 6:45 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] DHCP and Active Directory documentation scripts

With the help of Michael B. Smith, I have created a DHCP documentation script.  
The DHCP script will be released on Monday May 5th.  Still would like some more 
testers.  Requires Server 2012+ DHCP and Win8.x with RSAT.  This script creates 
either a Word doc, PDF file or formatted text file.  The DHCP script documents 
every nook and cranny of both IPv4 and IPv6 that I can find a way to document.  
The next update of the DHCP script will add HTML output.

Again with the help of Michael B. Smith, I am creating an Active Directory 
documentation script.  The Active Directory script is now at version 0.5.  This 
script requires at least one 2008 R2 domain controller and a minimum of Win7 
with RSAT and Word installed.  Version 1 of the script will focus on the 2008 
R2 Active Directory cmdlets.  As soon as V1 is released, I will start on V2 
which will move to requiring PoSH V3, at least one Server 2012+ DC and Win8.x 
with RSAT and will create either a Word doc, PDF file, formatted text file or 
HTML.  Server 2012+ also has DNS cmdlets that I can use that are not in 2008 
R2.  I also need testers for the current AD documentation script.

Thanks


Webster

Please note, our email and web site address have changed:
Email: @EncompassCS.org
Web Site: www.EncompassCS.orghttp://www.EncompassCS.org
Notice to recipient: This communication is intended for the person(s) to whom 
it is addressed and may contain information that is protected by Federal and/or 
State law. If you receive this in error, any review, use, dissemination, 
distribution, or reproduction is strictly prohibited. Please notify us 
immediately by telephone or email and delete the email and any attachment from 
your system. Thank you for your cooperation.
P Help the environment and don't print this email unless

RE: [NTSysADM] Speaking of Dropbox... Security flaws discovered today

2014-05-06 Thread David Lum 
This is actually what triggered my initial question about Dropbox/file sharing 
policies... :)

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sam Cayze
Sent: Tuesday, May 06, 2014 12:37 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Speaking of Dropbox... Security flaws discovered today

Be warned.  Security flaw discovered today.  Again.

http://grahamcluley.com/2014/05/dropbox-box-leak/

http://news.idg.no/cw/art.cfm?id=2D07456E-B77A-1191-113A2E0A9DBC0945

RE: [NTSysADM] IT sec pros surprisingly cavalier about mobile security best practices

2014-05-05 Thread David Lum 
Our information isn't as important as making it easy for our users to get at 
it

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kramer, Jack
Sent: Saturday, May 03, 2014 10:14 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] IT sec pros surprisingly cavalier about mobile security 
best practices

I was specifically disallowed from requiring PIN for mobile devices connected 
to our Exchange server. Higher ed.

-Jack-


On May 3, 2014, at 7:29 AM, Ken Schaefer 
k...@kj.net.aumailto:k...@kj.net.au wrote:


Sample-size of 169 people. Given that most say they don't have a PIN, that 
would indicate that they either don't have Exchange policies, or they don't 
have an MDM in place. Or they simply don't connect their mobile device to work 
networks (that question doesn't seem to be answered in the article). I think 
that rules out pretty much all major enterprises and government departments, 
and just about any decent sized org that has centralised IT.

Cheers
Ken

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
Sent: Saturday, 3 May 2014 2:40 AM
To: ntsysadm
Subject: Re: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile 
security best practices

This is true of the privileged of every vertical.
Education just has more of them per capita.  (The music industry and law firms 
are neck and neck for a close second)






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Thu, May 1, 2014 at 10:24 PM, Jon Harris 
jk.har...@live.commailto:jk.har...@live.com wrote:
My experience was they were usually the ones that caused the most issues 
including putting sensitive information in public places.

Jon


From: na...@nowmicro.commailto:na...@nowmicro.com

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile 
security best practices
Date: Fri, 2 May 2014 01:56:19 +


Every time a professor uses Academic Freedom as a reason that they should 
have admin rights to a state-owned device used to access, process, and 
potentially store private data about their students...  a ninja kills a kitten.









From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Jon Harris
Sent: Thursday, May 1, 2014 7:35 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile 
security best practices



My personal experience working in higher Ed was anyone with a PhD after their 
name always made it hard to take away permissions.  They just felt they knew 
EVERYTHING and anyone without a PhD knew nothing or very little!

Jon




From: mich...@smithcons.commailto:mich...@smithcons.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile security 
best practices
Date: Thu, 1 May 2014 23:52:42 +

I preach on this to every med-and-large organization I speak with.



Higher-Ed doesn't seem to care (mostly), but CSOs and CTOs are very 
interested



There are some EXCELLENT solutions for this, for WP7.5+, iOS 6+, BB 10+, etc. 
Android just sucks, but there are some workarounds you can apply to get 
improved results (for secure Android, you basically have to throw away 
whatever google version you are running, and run one of a couple of other 
Android builds that supports secure containers).



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, May 1, 2014 5:37 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] IT sec pros surprisingly cavalier about mobile security 
best practices



http://www.net-security.org/secworld.php?id=16783



image001.jpg








David Lum

Network System Admin, Information Services

office 503-265-4728tel:503-265-4728  |  
modahealth.comhttp://www.modahealth.com/


I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email 
address,david@modahealth.commailto:david@modahealth.com, so we can 
stay connected.


This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information

[NTSysADM] RE: Moving on to new Position, might be gone from the list for a Bit

2014-05-05 Thread David Lum 
Are you moving on because I deleted all those Linux OS files? LOL

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ziots, Edward
Sent: Monday, May 05, 2014 7:30 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Moving on to new Position, might be gone from the list for 
a Bit

Just to everyone on the list I am going to be moving on to a new position after 
May 16th. Its been a time coming, I am moving on to be a Lead Information 
Security Analyst, with my new company. I am pretty darn excited about the 
opportunity and what it means for my career growth.

I hope to talk with you all on my new position in the future.  The list and 
those whom contribute has been an immeasurable success in my personal and 
professional career development.

Sincerely,
EZ

Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.orgmailto:ezi...@lifespan.org
Work:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[cid:image001.png@01CF6856.FB2D2630]

[NTSysADM] How to start your last 5 days of work

2014-05-02 Thread David Lum 
Next week is my last week at Moda, so today I decided to start my day by 
oopsing a Unix command. On a machine in an ESX cluster I MEANT to delete a 
/var/log/ipmi folder, so I SSH to the machine and type this: rm -r /*

I was cutting and pasting and neglected to remove one character. I'm sure 
someone here knows Unix enough to tell me what happened next... :)

[cid:image001.jpg@01CF65E5.0E6CA0F0]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.

[NTSysADM] RE: How to start your last 5 days of work

2014-05-02 Thread David Lum 
Door #1.  My next communication to my team here was This server is going to 
drop offline here in a second and hey, where are the ESX ISO's? . It has not 
been my best IT week, earlier this week I dropped an Exchange server offline 
for patching, unscheduled, during the day. At least that wasn't here at Moda 
(where we have them clustered anyway, same with ESX).

I swear on average I'm better than this week has looked!

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, May 02, 2014 9:10 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: How to start your last 5 days of work

Depends on the version of rm. :)

It MAY have been catastrophic removal of a bunch of stuff.

Or it may have said Dave, I won't do that.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, May 2, 2014 12:01 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] How to start your last 5 days of work

Next week is my last week at Moda, so today I decided to start my day by 
oopsing a Unix command. On a machine in an ESX cluster I MEANT to delete a 
/var/log/ipmi folder, so I SSH to the machine and type this: rm -r /*

I was cutting and pasting and neglected to remove one character. I'm sure 
someone here knows Unix enough to tell me what happened next... :)

[cid:image001.jpg@01CF65E9.5AA54680]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, 
david@modahealth.commailto:david@modahealth.com, so we can stay 
connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.

[NTSysADM] XP is no longer supported. OK wait, just this one last time...

2014-05-01 Thread David Lum 
Just this last out-of-band one...
https://technet.microsoft.com/library/security/ms14-may

[cid:image001.jpg@01CF651F.AAD68210]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.

[NTSysADM] IT sec pros surprisingly cavalier about mobile security best practices

2014-05-01 Thread David Lum 
http://www.net-security.org/secworld.php?id=16783

[cid:image001.jpg@01CF6549.C29ED1C0]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.

[NTSysADM] NSS labs

2014-04-29 Thread David Lum 
Is anyone here subscribed to NSS labs?
https://www.nsslabs.com/become-client

[cid:image001.jpg@01CF63B2.2C36A160]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.

RE: [NTSysADM] IE exploit

2014-04-28 Thread David Lum 
Adobe’s patch addresses CVE-2014-0515
Microsoft’s address CVE-2014-1776

It’s possible they are linked, since this article does make them seem like the 
same attack vector, but I do not speek enough programmer-speak to know for sure:
http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: Monday, April 28, 2014 10:37 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] IE exploit

I thought that is what I read in the MS articles?
VML and Flash were the vector for the exploit?


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent
Sent: Monday, April 28, 2014 1:34 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

Yes, but that has nothing to do with the exploit reported over the weekend.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Monday, April 28, 2014 1:13 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

Flash just released an update.

http://helpx.adobe.com/security/products/flash-player/apsb14-13.html


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent
Sent: Monday, April 28, 2014 1:11 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

It’s all versions of Internet Explorer. However, supported versions will be 
patched.

There are ways to mitigate:

http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-affects-ie6-11

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Monday, April 28, 2014 1:05 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

Is it just XP or am I wrong that the 7’s, 8’s, and Server OS’s also an issue 
the way I am reading it.
Especially if they have Adobe Flash (Not sure of version) and the website being 
visited using VML.
??

From: listsad...@lists.myitforum..commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent
Sent: Monday, April 28, 2014 12:59 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

The is the first in a coming list of exploits that Windows XP will be 
vulnerable to forever.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Link
Sent: Monday, April 28, 2014 12:51 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] IE exploit

It's really bad if you're still running XP in your environment...

On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden 
dav...@imcu.commailto:dav...@imcu.com wrote:
Any reason for concern?


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment

RE: [NTSysADM] IE exploit

2014-04-28 Thread David Lum 
Saw this on a forum today:  ”We have one agency warning us of an exploit, and 
the other agency trying to use the exploit :)”

FTW!

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rod Trent
Sent: Monday, April 28, 2014 12:04 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

It’s not. Adobe has been working on today’s patch since early April, working 
with Kaspersky. The one announced over the weekend as identified by FireEye and 
Microsoft is working on a patch.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Monday, April 28, 2014 3:00 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

Adobe’s patch addresses CVE-2014-0515
Microsoft’s address CVE-2014-1776

It’s possible they are linked, since this article does make them seem like the 
same attack vector, but I do not speek enough programmer-speak to know for sure:
http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Monday, April 28, 2014 10:37 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] IE exploit

I thought that is what I read in the MS articles?
VML and Flash were the vector for the exploit?


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent
Sent: Monday, April 28, 2014 1:34 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

Yes, but that has nothing to do with the exploit reported over the weekend.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Monday, April 28, 2014 1:13 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

Flash just released an update.

http://helpx.adobe.com/security/products/flash-player/apsb14-13.html


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent
Sent: Monday, April 28, 2014 1:11 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

It’s all versions of Internet Explorer. However, supported versions will be 
patched.

There are ways to mitigate:

http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-affects-ie6-11

From: listsad...@lists.myitforum..commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Monday, April 28, 2014 1:05 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

Is it just XP or am I wrong that the 7’s, 8’s, and Server OS’s also an issue 
the way I am reading it.
Especially if they have Adobe Flash (Not sure of version) and the website being 
visited using VML.
??

From: listsad...@lists.myitforum..commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent
Sent: Monday, April 28, 2014 12:59 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] IE exploit

The is the first in a coming list of exploits that Windows XP will be 
vulnerable to forever.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Link
Sent: Monday, April 28, 2014 12:51 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] IE exploit

It's really bad if you're still running XP in your environment...

On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden 
dav...@imcu.commailto:dav...@imcu.com wrote:
Any reason for concern?


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have

[NTSysADM] Whitelisting product - Savant Protection

2014-04-24 Thread David Lum 
Does anyone have any experience with their product? I am considering adding it 
to endpoints for some additional protection...
[cid:image001.jpg@01CF5FA8.C1A2A540]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.

RE: [NTSysADM] DHCP and Active Directory documentation scripts

2014-04-24 Thread David Lum 
Count me in!

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: Wednesday, April 23, 2014 6:56 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] DHCP and Active Directory documentation scripts

Yes I do.

Thanks


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Wednesday, April 23, 2014 8:19 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] DHCP and Active Directory documentation scripts

Do you plan on maintaining support for both v1 and v2 of the AD scripts?  I’m 
game to help test but 2012 isn’t in the picture for a while down the road.  
Perhaps a fallback mode to the 2008r2 functionality if the requirements for 
2012 aren’t available?

Anyway, I’m in! ☺

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Wednesday, April 23, 2014 8:07 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] DHCP and Active Directory documentation scripts

No PowerShell for AppSense or not enough PowerShell to work with or I would add 
it to my ever growing list of products people want documentation scripts for.

Thanks


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Wednesday, April 23, 2014 7:05 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] DHCP and Active Directory documentation scripts

Can't you two serial scripters do one for AppSense infrastructure too? Would 
make my life so much easier :-)

On 23 April 2014 12:44, Webster 
webs...@carlwebster.commailto:webs...@carlwebster.com wrote:
With the help of Michael B. Smith, I have created a DHCP documentation script.  
The DHCP script will be released on Monday May 5th.  Still would like some more 
testers.  Requires Server 2012+ DHCP and Win8.x with RSAT.  This script creates 
either a Word doc, PDF file or formatted text file.  The DHCP script documents 
every nook and cranny of both IPv4 and IPv6 that I can find a way to document.  
The next update of the DHCP script will add HTML output.

Again with the help of Michael B. Smith, I am creating an Active Directory 
documentation script.  The Active Directory script is now at version 0.5.  This 
script requires at least one 2008 R2 domain controller and a minimum of Win7 
with RSAT and Word installed.  Version 1 of the script will focus on the 2008 
R2 Active Directory cmdlets.  As soon as V1 is released, I will start on V2 
which will move to requiring PoSH V3, at least one Server 2012+ DC and Win8.x 
with RSAT and will create either a Word doc, PDF file, formatted text file or 
HTML.  Server 2012+ also has DNS cmdlets that I can use that are not in 2008 
R2.  I also need testers for the current AD documentation script.

Thanks


Webster




--
James Rankin
-
RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization 
Practice Analyst - Desktop Virtualization
http://appsensebigot.blogspot.co.uk

RE: [NTSysADM] Windows 8.1 update required to be installed

2014-04-23 Thread David Lum 
I knew there was a reason I've rarely changed default folders.crap like 
this! The only thing I really change anymore is the drive letter - I'll put 
stuff in D:\Program Files\ but I'll leave the rest of the path the same, 
and up to the installer. I think it was back in my Win95 days I quit creating 
my on paths for system-y stiff because of stuff like this.

-Dave Lum


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Beauvais, Dave
Sent: Wednesday, April 23, 2014 1:40 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Windows 8.1 update required to be installed
Importance: Low

A friend and colleague here recently encountered update problems on a number of 
his Windows 8.1 and Windows Server 2012 R2 boxes. After days of fighting with 
it he ultimately determined it was caused by his renaming and moving of the 
following two folders, which is something he's done for many years to organize 
his traditional start menu the way he prefers:

%AllUsersProfile% \Microsoft\Windows\Start Menu\Programs\System Tools
(Displays in 8.1 GUI as Windows System)

%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools

After recreating both folders, the update installed successfully on all 
affected systems. I am surprised that the update installer would handle that 
case so poorly. I tried to convince him to open a case with Microsoft so the 
issue would be researched and documented, but he opted to work it himself.

Dave Beauvais

--
Dave W. Beauvais, Exchange and Windows Systems Administrator
Ohio University Office of Information Technology


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rod Trent
Sent: Monday, April 21, 2014 12:55
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Windows 8.1 update required to be installed

Let me reiterate with emphasis... :)

Running SFC SHOULD be the same thing.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Susan Bradley
Sent: Monday, April 21, 2014 11:58 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Windows 8.1 update required to be installed

No it doesn't.  These folks have sfc /scannow and dism'd until their blue in
the face and it doesn't work.

It's rare, but is has happened

The people in those two threads would disagree with you on that.

KB2919355 is still in 'throttle mode' and hasn't been actively pushed.
You can tell this by the fact it's still unchecked.

On 4/21/2014 6:46 AM, Rod Trent wrote:
 Running SFC should be about the same thing.

 That happened to someone else recently and they didn't have a CD or
 any other media, so they had to grab the bits with the product key:

 http://windowsitpro.com/windows-81/installing-windows-81-using-only-yo
 ur-pro
 duct-key

 -Original Message-
 From: listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com]
 On Behalf Of Jay Dale
 Sent: Monday, April 21, 2014 9:23 AM
 To: ntsysadm@lists.myitforum.com
 Subject: RE: [NTSysADM] Windows 8.1 update required to be installed

 Well after working with MS on this issue and not getting anywhere, I
 found a couple of links - Susan is on them as well:

 http://answers.microsoft.com/en-us/windows/forum/windows8_1-windows_up
 date/w
 indows-81-update-1-failing-to-install-with-errors/c3071122-e903-4775-b
 659-e9
 8784bc786c?page=1

 http://answers.microsoft.com/en-us/windows/forum/windows8_1-windows_in
 stall/
 kb2919355-windows-81-update-fails-800f0092-and/4d4d23a3-695a-4bd4-b340
 -d2ce9 c75919d?page=42tab=questionstatus=AllReplies

 A lot of the solutions did not work for me, but what finally worked
 was doing a repair install from the Windows 8 CD.  Making sure to keep
 all apps and programs, I was then able to run the update without a
problem.

 Jay Dale
   Director of Information Technology
 P:713-333-2020



 -Original Message-
 From: listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com]
 On Behalf Of Susan Bradley
 Sent: Friday, April 18, 2014 4:23 PM
 To: ntsysadm@lists.myitforum.com
 Subject: Re: [NTSysADM] Windows 8.1 update required to be installed

 This is deemed a security update.
 thus it will always be a free call.

 On 4/18/2014 2:13 PM, Hank Arnold wrote:
 I think that what folks (including me) are afraid of is the support
 person deciding that the call isn't free



 -Original Message-
 From: listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com]
 On Behalf Of Melvin Backus
 Sent: Thursday, April 17, 2014 6:59 AM
 To: ntsysadm@lists.myitforum.com
 Subject: RE: [NTSysADM] Windows 8.1 update required to be installed

 If this is a broken update Microsoft normally wouldn't charge for an
 incident.  Probably worth the attempt at least to confirm.

 --
 There are 10 kinds of people in the world...
those who understand binary

[NTSysADM] RE: Help me fire my old DC's

2014-04-14 Thread David Lum 
Oh man yeah, I remember doing this to myself once too, on a DC that had IIS 
stuff and I DCPROMO'd it down and rebooted...

Things like these are why I like a DC to really do nothing BUT hold DC roles, I 
even kick DHCP off it if I can.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Miller Bonnie L.
Sent: Monday, April 14, 2014 5:35 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Help me fire my old DC's

In addition to the others' comments-back in the day I had demoted a 2003 dc or 
two that was running IIS for WSUS.  I remember things getting quite broken with 
permissions, and it took some fixing.

Has to do with the fact that on a DC, your special accounts (IIS_WPG, aspnet, 
etc) are domain-level accounts, but once on a member server they will become 
new local accounts.  Had to reapply permissions in several places to get it all 
just right-YMMV.

-Bonnie

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Friday, April 11, 2014 4:59 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Help me fire my old DC's

Ok, you guys almost have me convinced to not P2V my 2 DC's at this Data Center.

Now I have never actually demoted one.  (All of my old DC's have just hardware 
failed.)

(I do have a 2012 DC up and have migrated all the FSMO roles to it and made it 
my SNTP time provider.)

So to do this correctly.  I am going to use this checklist.
-Make sure none of them are in my SNTP setup and Time providers.
-Make sure no clients are using them for DNS resolution.
-Demote them.
-Make sure they are no longer Global Catalog providers for the Exchange 2010 
environment.
-Make sure they are no longer LDAP connectors for my Cisco Anywhere client 
connection on my ASA 5500.
-Make sure I can still access the IIS apps that are loaded on one of them.
-For the 2008 R2 DC at this point I can just un join it from the Domain and 
then shut off.
---Then remove all DNS records or OU records that may remain after 1 day. (Give 
replication a very good amount of time.)
-For the 2003 DC (With IIS apps installed.) I should be able to P2V at this 
time.



This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

RE: [NTSysADM] Home router

2014-04-14 Thread David Lum 
How is that cheaper than a three pack of UniFi's for $199?

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of J- P
Sent: Monday, April 14, 2014 9:44 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Home router

the Aerohives run anywhere from 699 to 999





Subject: RE: [NTSysADM] Home router
Date: Mon, 14 Apr 2014 11:50:41 -0400
From: scaes...@caesare.commailto:scaes...@caesare.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
You don't say?

-sc

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: Monday, April 14, 2014 10:43 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Home router

Very similar to these that I use, but  a heck of a lot cheaper :)

http://www.aerohive.com/products/overview/access-points.html



From: asbz...@gmail.commailto:asbz...@gmail.com
Date: Mon, 14 Apr 2014 08:26:52 -0400
Subject: Re: [NTSysADM] Home router
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
I plan to get a couple of these in a few weeks and test them out:  
http://www.ubnt.com/unifi




ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Sat, Apr 12, 2014 at 12:10 AM, Jon Harris 
jk.har...@live.commailto:jk.har...@live.com wrote:
At least until the license expires then it is bricked unless you want to keep 
paying them.  It is nice though.  I kind of wish it was not so expensive it 
would be great in the home market, well at least if I was selling and setting 
them up it would be.  Most, if not all, home owners want something that works 
but they don't have to keep paying for the use of.

Jon


Date: Sat, 12 Apr 2014 00:02:11 -0400

Subject: Re: [NTSysADM] Home router
From: rich...@gmail.commailto:rich...@gmail.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com

I do have a Meraki AP as well for the 3rd floor.  Darn nice of 'em to give it 
to me.

On Fri, Apr 11, 2014 at 11:41 PM, Steven M. Caesare 
scaes...@caesare.commailto:scaes...@caesare.com wrote:
Gotcha.

I'm using an OpenBSD box for those tasks, and Meraki  Buffalo/DD-WRT devices 
as AP's.

In addition it's a reverse proxy-cache.


-sc


-Original Message-
From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com]
Received: Friday, 11 Apr 2014, 11:15PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com 
[ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com]
Subject: Re: [NTSysADM] Home router

For me it was every single one of those, plus gateway AV, highly
configurable packet capture[1], and robust logging/reporting.

[1] The free Astaro fw had everything[2] but packet cap, which is
occasionally required for troubleshooting.

[2] The WiFi AP was most definitely not free.  Anyone need a Sophos AP?
 I've got one I'll sell you cheap.


On Fri, Apr 11, 2014 at 11:06 PM, Steven M. Caesare 
scaes...@caesare.commailto:scaes...@caesare.comwrote:

 What are people looking for in a home router?

 I'm assuming it's something in a feature set not provided by the  router
 supplied by your broadband ISP?

 Wireless? Multiple interfaces? FW Capability? VPN endpoint?

 -sc


 -Original Message-
 From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com]
 Received: Friday, 11 Apr 2014, 11:00PM
 To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com 
 [ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com]
 Subject: Re: [NTSysADM] Home router

 I gave up and dropped the coin for a Sonicwall TZ205 at home.  I tried the
 free Astaro offering for a while, as well as ddwrt, but I didn't like
 either of them.  I'm so used to the full feature set at work, that I became
 very frustrated when I didn't have it at home.  In hindsight, I think it
 was a very good decision.


 On Fri, Apr 11, 2014 at 10:17 PM, Michael B. Smith 
 mich...@smithcons.commailto:mich...@smithcons.com
 wrote:

   I like the buffalo hardware (which comes with a version of ddwrt) and
  then flashing it with the current version of ddwrt. For home and
  very-small-business.
 
 
 
  *From:* 
  listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
  [mailto:
  listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] *On 
  Behalf Of *Brian Desmond
  *Sent:* Friday, April 11, 2014 7:51 PM
  *To:* ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
  *Subject:* RE: [NTSysADM] Home router
 
 
 
  *I've got a 1U Cisco router I use courtesy of ebay - it's been working
 for
  many years in the corner. Keep in mind when you buy commercial gear, the
  support cost goes way up, and when it breaks and you're not home, it's
 not
  exactly end user

RE: [NTSysADM] Home router

2014-04-14 Thread David Lum 
AHHH

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Link
Sent: Monday, April 14, 2014 11:05 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Home router

Gah, send too soon.
He's saying that the Aerohives are similar but more expensive than the Unifi.

On Mon, Apr 14, 2014 at 1:53 PM, David Lum 
david@modahealth.commailto:david@modahealth.com wrote:
How is that cheaper than a three pack of UniFi’s for $199?

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of J- P
Sent: Monday, April 14, 2014 9:44 AM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Home router

the Aerohives run anywhere from 699 to 999




Subject: RE: [NTSysADM] Home router
Date: Mon, 14 Apr 2014 11:50:41 -0400
From: scaes...@caesare.commailto:scaes...@caesare.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
You don’t say?

-sc

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: Monday, April 14, 2014 10:43 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Home router

Very similar to these that I use, but  a heck of a lot cheaper :)

http://www.aerohive.com/products/overview/access-points.html



From: asbz...@gmail.commailto:asbz...@gmail.com
Date: Mon, 14 Apr 2014 08:26:52 -0400
Subject: Re: [NTSysADM] Home router
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
I plan to get a couple of these in a few weeks and test them out:  
http://www.ubnt.com/unifi




ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market…




On Sat, Apr 12, 2014 at 12:10 AM, Jon Harris 
jk.har...@live.commailto:jk.har...@live.com wrote:
At least until the license expires then it is bricked unless you want to keep 
paying them.  It is nice though.  I kind of wish it was not so expensive it 
would be great in the home market, well at least if I was selling and setting 
them up it would be.  Most, if not all, home owners want something that works 
but they don't have to keep paying for the use of.

Jon


Date: Sat, 12 Apr 2014 00:02:11 -0400

Subject: Re: [NTSysADM] Home router
From: rich...@gmail.commailto:rich...@gmail.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com

I do have a Meraki AP as well for the 3rd floor.  Darn nice of 'em to give it 
to me.

On Fri, Apr 11, 2014 at 11:41 PM, Steven M. Caesare 
scaes...@caesare.commailto:scaes...@caesare.com wrote:
Gotcha.

I'm using an OpenBSD box for those tasks, and Meraki  Buffalo/DD-WRT devices 
as AP's.

In addition it's a reverse proxy-cache.


-sc


-Original Message-
From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com]
Received: Friday, 11 Apr 2014, 11:15PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com 
[ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com]
Subject: Re: [NTSysADM] Home router

For me it was every single one of those, plus gateway AV, highly
configurable packet capture[1], and robust logging/reporting.

[1] The free Astaro fw had everything[2] but packet cap, which is
occasionally required for troubleshooting.

[2] The WiFi AP was most definitely not free.  Anyone need a Sophos AP?
 I've got one I'll sell you cheap.


On Fri, Apr 11, 2014 at 11:06 PM, Steven M. Caesare 
scaes...@caesare.commailto:scaes...@caesare.comwrote:

 What are people looking for in a home router?

 I'm assuming it's something in a feature set not provided by the  router
 supplied by your broadband ISP?

 Wireless? Multiple interfaces? FW Capability? VPN endpoint?

 -sc


 -Original Message-
 From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com]
 Received: Friday, 11 Apr 2014, 11:00PM
 To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com 
 [ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com]
 Subject: Re: [NTSysADM] Home router

 I gave up and dropped the coin for a Sonicwall TZ205 at home.  I tried the
 free Astaro offering for a while, as well as ddwrt, but I didn't like
 either of them.  I'm so used to the full feature set at work, that I became
 very frustrated when I didn't have it at home.  In hindsight, I think it
 was a very good decision.


 On Fri, Apr 11, 2014 at 10:17 PM, Michael B. Smith 
 mich...@smithcons.commailto:mich...@smithcons.com
 wrote:

   I like the buffalo hardware (which comes with a version of ddwrt) and
  then flashing it with the current version of ddwrt. For home and
  very-small-business.
 
 
 
  *From:* 
  listsad...@lists.myitforum.commailto:listsad

[NTSysADM] Heartbleed vulnerability

2014-04-09 Thread David Lum 
From: David Lum
Sent: Wednesday, April 09, 2014 7:43 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: Heartbleed vulnerability

Are many of you guys affected by this?
https://isc.sans.edu/forums/diary/Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921

Most likely vectors are apparently Linux-based appliances.


[cid:image001.jpg@01CF53C8.3E28CE60]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, 
david@modahealth.commailto:david@modahealth.com, so we can stay 
connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.




inline: image001.jpg

RE: [NTSysADM] 64-bit GUI file copy puzzler

2014-04-06 Thread David Lum 
Nope.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Schaefer
Sent: Thursday, March 20, 2014 4:03 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

This doesn’t apply?
https://groups.google.com/forum/#!msg/resara-server/vNKMdFKPml8/zcHqV3PZXtoJ

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, 21 March 2014 8:34 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

It’s not extension dependent, I can rename an Excel file to excelfile.rpt and 
the file copies fine.

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Thursday, March 20, 2014 9:37 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

Just a shot in the dark, but …

Since you said it was file format/extension dependent I’d check the file 
associations for .rpt files and see what program is set to deal with them.  I’m 
guessing that may be different between the working XP clients and the failing 
Win7 clients.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, March 20, 2014 12:30 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

No special shell extensions. I did find out the 32-bit systems that they said 
it did work on was an XP machine, so this morning I tested on a 32-bit Windows 
7 VM and it also failed. We use Microsoft Antimalware here and turning it off 
has no effect.

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer
Sent: Wednesday, March 19, 2014 3:30 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

What Explorer shell extensions do you have loaded?

Any data-loss-prevention/AV type products involved?

Cheers
Ken

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, 20 March 2014 3:01 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

Yes the SAN is providing CIFS.

It seems very specific to the contents of the file. I can copy 
THISFILENAME.XLSX to the SAN location 
(\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but 
REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad 
by one byte then save to my 64-bit PC THEN copy it, it works. Also, the 
unmodified file works if I use XCOPY at the command prompt on the 64-bit 
machine.

It’s something in the contents of the file, or some attribute the 64-bit GUI 
gives it, or a combination.

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
Sent: Tuesday, March 18, 2014 1:53 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler

Hrr...
I take it the SAN is actually providing CIFS storage?
How long are the file/directory path specifications for the files being copied? 
If they're greater than approximately 250 characters 
(x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like 
it (the Win32 API governs this, and character encoding, etc., play some role in 
exactly how many characters you can get away with). Robocopy used the Windows 
Native API, which allows for ridiculously long path names - something like 32k
See, for instance, this:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx

Is it perhaps a limitation similar to that?


Kurt

On Tue, Mar 18, 2014 at 7:35 AM, David Lum 
david@modahealth.commailto:david@modahealth.com wrote:
Over the weekend there was an upgrade to our SAN systems. We now have this 
bizarre issue where Crystal Reports .RPT files are unable to be copied from a 
PC to the SAN shares via Windows 64-bit GUI.

Renaming an Excel file to .RPT: works
Use a 32-bit system to copy the file: works
Any other file (PDF, XLS, etc.): works
Using XCOPY on a 64-bit machine: works

It only fails when using the GUI on a 64-bit system, and it’s only on these 
Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit 
machine with Notepad, change one byte, save it to the PC I can then copy it 
over.

Ideas

RE: [NTSysADM] Re: No communication between VMs on an ESXi host

2014-04-06 Thread David Lum 
That is actually kind of a good feeling - the issue I emailed about recently 
(the 64-bit GUI issue) has both Microsoft, IBM AND NetApp stumped, as I had all 
three vendors on a conference call on Friday. Much log file flinging is ensuing.

I've had good luck with VMWare support, I suspect they'll get you your answer 
eventually.

-Dave Lum


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Friday, April 04, 2014 4:42 PM
To: NTSysADM@lists.myitforum.com
Subject: [NTSysADM] Re: No communication between VMs on an ESXi host

UPDATE: I win!

Well, it feels just a small bit like victory, anyway.

I spent about 4 hours on a support call with VMware, and have stumped the techs.

They've collected logs, and are going to call me on Monday.

Heh.

Kurt

On Thu, Apr 3, 2014 at 1:39 PM, Kurt Buff kurt.b...@gmail.com wrote:
 All,

 My search-fu is failing, so I turn to you for help...

 I have a small ESXi 5.5 host, about to go into production.

 The three VMs (2008R2 for all of them, a DC, Exchange 2010 and a PRTG
 box) on it can communicate with machines not on the ESXi host - ping,
 RDP, etc. - and vice versa. No problems.

 However, the three VMs on this host cannot talk with each other. No
 ping, no RDP. When pinging from one of the VMs to another, I get a mix
 of unreachables from the VMs own address and straight timeouts.

 There is only one vSwitch, which has two NICs bound to it, and the
 vswitch is set up to route based on IP hash. The physical switch to
 which they are connect (and this shouldn't matter, but...) is an HP
 2510G-48, and the ports for the host are in a simple trunk - no LACP.

 I've turned off the Domain profile of the firewall on one of the
 machine, which seems to make no difference.

 I've examined the VMware host security settings to no avail. I've
 turned off the Windows firewall.

 I've got 3 ESXi hosts in a vSphere Standard cluster that doesn't have
 this problem.

 Kurt

RE: [NTSysADM] 64-bit GUI file copy puzzler

2014-03-20 Thread David Lum 
No special shell extensions. I did find out the 32-bit systems that they said 
it did work on was an XP machine, so this morning I tested on a 32-bit Windows 
7 VM and it also failed. We use Microsoft Antimalware here and turning it off 
has no effect.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Schaefer
Sent: Wednesday, March 19, 2014 3:30 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

What Explorer shell extensions do you have loaded?

Any data-loss-prevention/AV type products involved?

Cheers
Ken

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, 20 March 2014 3:01 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

Yes the SAN is providing CIFS.

It seems very specific to the contents of the file. I can copy 
THISFILENAME.XLSX to the SAN location 
(\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but 
REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad 
by one byte then save to my 64-bit PC THEN copy it, it works. Also, the 
unmodified file works if I use XCOPY at the command prompt on the 64-bit 
machine.

It’s something in the contents of the file, or some attribute the 64-bit GUI 
gives it, or a combination.

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
Sent: Tuesday, March 18, 2014 1:53 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler

Hrr...
I take it the SAN is actually providing CIFS storage?
How long are the file/directory path specifications for the files being copied? 
If they're greater than approximately 250 characters 
(x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like 
it (the Win32 API governs this, and character encoding, etc., play some role in 
exactly how many characters you can get away with). Robocopy used the Windows 
Native API, which allows for ridiculously long path names - something like 32k
See, for instance, this:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx

Is it perhaps a limitation similar to that?


Kurt

On Tue, Mar 18, 2014 at 7:35 AM, David Lum 
david@modahealth.commailto:david@modahealth.com wrote:
Over the weekend there was an upgrade to our SAN systems. We now have this 
bizarre issue where Crystal Reports .RPT files are unable to be copied from a 
PC to the SAN shares via Windows 64-bit GUI.

Renaming an Excel file to .RPT: works
Use a 32-bit system to copy the file: works
Any other file (PDF, XLS, etc.): works
Using XCOPY on a 64-bit machine: works

It only fails when using the GUI on a 64-bit system, and it’s only on these 
Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit 
machine with Notepad, change one byte, save it to the PC I can then copy it 
over.

Ideas?

[cid:image001.jpg@01CF4412.76CF2220]





David Lum
Network System Admin, Information Services
office 503-265-4728tel:503-265-4728  |  
modahealth.comhttp://www.modahealth.com/

I’m excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, 
david@modahealth.commailto:david@modahealth.com, so we can stay 
connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.




inline: image001.jpg

RE: [NTSysADM] 64-bit GUI file copy puzzler

2014-03-20 Thread David Lum 
It’s not extension dependent, I can rename an Excel file to excelfile.rpt and 
the file copies fine.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: Thursday, March 20, 2014 9:37 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

Just a shot in the dark, but …

Since you said it was file format/extension dependent I’d check the file 
associations for .rpt files and see what program is set to deal with them.  I’m 
guessing that may be different between the working XP clients and the failing 
Win7 clients.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, March 20, 2014 12:30 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

No special shell extensions. I did find out the 32-bit systems that they said 
it did work on was an XP machine, so this morning I tested on a 32-bit Windows 
7 VM and it also failed. We use Microsoft Antimalware here and turning it off 
has no effect.

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer
Sent: Wednesday, March 19, 2014 3:30 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

What Explorer shell extensions do you have loaded?

Any data-loss-prevention/AV type products involved?

Cheers
Ken

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, 20 March 2014 3:01 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

Yes the SAN is providing CIFS.

It seems very specific to the contents of the file. I can copy 
THISFILENAME.XLSX to the SAN location 
(\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but 
REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad 
by one byte then save to my 64-bit PC THEN copy it, it works. Also, the 
unmodified file works if I use XCOPY at the command prompt on the 64-bit 
machine.

It’s something in the contents of the file, or some attribute the 64-bit GUI 
gives it, or a combination.

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
Sent: Tuesday, March 18, 2014 1:53 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler

Hrr...
I take it the SAN is actually providing CIFS storage?
How long are the file/directory path specifications for the files being copied? 
If they're greater than approximately 250 characters 
(x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like 
it (the Win32 API governs this, and character encoding, etc., play some role in 
exactly how many characters you can get away with). Robocopy used the Windows 
Native API, which allows for ridiculously long path names - something like 32k
See, for instance, this:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx

Is it perhaps a limitation similar to that?


Kurt

On Tue, Mar 18, 2014 at 7:35 AM, David Lum 
david@modahealth.commailto:david@modahealth.com wrote:
Over the weekend there was an upgrade to our SAN systems. We now have this 
bizarre issue where Crystal Reports .RPT files are unable to be copied from a 
PC to the SAN shares via Windows 64-bit GUI.

Renaming an Excel file to .RPT: works
Use a 32-bit system to copy the file: works
Any other file (PDF, XLS, etc.): works
Using XCOPY on a 64-bit machine: works

It only fails when using the GUI on a 64-bit system, and it’s only on these 
Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit 
machine with Notepad, change one byte, save it to the PC I can then copy it 
over.

Ideas?

[cid:image001.jpg@01CF4428.F5174FC0]





David Lum
Network System Admin, Information Services
office 503-265-4728tel:503-265-4728  |  
modahealth.comhttp://www.modahealth.com/

I’m excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, 
david@modahealth.commailto:david@modahealth.com, so we can stay 
connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy

RE: [NTSysADM] 64-bit GUI file copy puzzler

2014-03-19 Thread David Lum 
Yes the SAN is providing CIFS.

It seems very specific to the contents of the file. I can copy 
THISFILENAME.XLSX to the SAN location 
(\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but 
REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad 
by one byte then save to my 64-bit PC THEN copy it, it works. Also, the 
unmodified file works if I use XCOPY at the command prompt on the 64-bit 
machine.

It’s something in the contents of the file, or some attribute the 64-bit GUI 
gives it, or a combination.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Tuesday, March 18, 2014 1:53 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler

Hrr...
I take it the SAN is actually providing CIFS storage?
How long are the file/directory path specifications for the files being copied? 
If they're greater than approximately 250 characters 
(x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like 
it (the Win32 API governs this, and character encoding, etc., play some role in 
exactly how many characters you can get away with). Robocopy used the Windows 
Native API, which allows for ridiculously long path names - something like 32k
See, for instance, this:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx

Is it perhaps a limitation similar to that?


Kurt

On Tue, Mar 18, 2014 at 7:35 AM, David Lum 
david@modahealth.commailto:david@modahealth.com wrote:
Over the weekend there was an upgrade to our SAN systems. We now have this 
bizarre issue where Crystal Reports .RPT files are unable to be copied from a 
PC to the SAN shares via Windows 64-bit GUI.

Renaming an Excel file to .RPT: works
Use a 32-bit system to copy the file: works
Any other file (PDF, XLS, etc.): works
Using XCOPY on a 64-bit machine: works

It only fails when using the GUI on a 64-bit system, and it’s only on these 
Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit 
machine with Notepad, change one byte, save it to the PC I can then copy it 
over.

Ideas?

[cid:image001.jpg@01CF4351.13DE6E30]





David Lum
Network System Admin, Information Services
office 503-265-4728tel:503-265-4728  |  
modahealth.comhttp://www.modahealth.com/

I’m excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, 
david@modahealth.commailto:david@modahealth.com, so we can stay 
connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.




inline: image001.jpg

[NTSysADM] 64-bit GUI file copy puzzler

2014-03-18 Thread David Lum 
Over the weekend there was an upgrade to our SAN systems. We now have this 
bizarre issue where Crystal Reports .RPT files are unable to be copied from a 
PC to the SAN shares via Windows 64-bit GUI.

Renaming an Excel file to .RPT: works
Use a 32-bit system to copy the file: works
Any other file (PDF, XLS, etc.): works
Using XCOPY on a 64-bit machine: works

It only fails when using the GUI on a 64-bit system, and it's only on these 
Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit 
machine with Notepad, change one byte, save it to the PC I can then copy it 
over.

Ideas?

[cid:image001.jpg@01CF427C.9729CA30]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.




inline: image001.jpg

RE: [NTSysADM] 64-bit GUI file copy puzzler

2014-03-18 Thread David Lum 
We have contacted IBM the SAN vendor. We do get an error message (can't believe 
I forgot that part). Error 0x80070032. The request is not supported. 
Google-Fu finds a lot of results but I can match none of them to my scenario.

What does the 64-bit GUI do during a file copy to a SMB share that the same 
system using XCOPY at the command line does not?

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rene de Haas
Sent: Tuesday, March 18, 2014 9:28 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler

No ErrorMessage? What if you copy to another share not on the SAN?

On Tue, Mar 18, 2014 at 5:21 PM, J- P 
jnat...@hotmail.commailto:jnat...@hotmail.com wrote:
are the permissions still the same?
j



From: david@modahealth.commailto:david@modahealth.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Date: Tue, 18 Mar 2014 07:35:13 -0700
Subject: [NTSysADM] 64-bit GUI file copy puzzler


Over the weekend there was an upgrade to our SAN systems. We now have this 
bizarre issue where Crystal Reports .RPT files are unable to be copied from a 
PC to the SAN shares via Windows 64-bit GUI.



Renaming an Excel file to .RPT: works

Use a 32-bit system to copy the file: works

Any other file (PDF, XLS, etc.): works

Using XCOPY on a 64-bit machine: works



It only fails when using the GUI on a 64-bit system, and it's only on these 
Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit 
machine with Notepad, change one byte, save it to the PC I can then copy it 
over.



Ideas?



[cid:image001.jpg@01CF4294.08BD2400]








David Lum

Network System Admin, Information Services

office 503-265-4728tel:503-265-4728  |  
modahealth.comhttp://www.modahealth.com/


I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, 
david@modahealth.commailto:david@modahealth.com, so we can stay 
connected.


This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.







inline: image001.jpg

RE: [NTSysADM] 64-bit GUI file copy puzzler

2014-03-18 Thread David Lum 
Other information: on the same error box I get an unexpected error is 
preventing you from copying the file. Our SAN's are IBM N-series and it's only 
copying to their shares that we have an issue, these .RPT files can go from 
64-bit Win7 to 32 or 64-bit Windows servers just fine.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David Lum
Sent: Tuesday, March 18, 2014 10:37 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler

We have contacted IBM the SAN vendor. We do get an error message (can't believe 
I forgot that part). Error 0x80070032. The request is not supported. 
Google-Fu finds a lot of results but I can match none of them to my scenario.

What does the 64-bit GUI do during a file copy to a SMB share that the same 
system using XCOPY at the command line does not?

-Dave Lum

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rene de Haas
Sent: Tuesday, March 18, 2014 9:28 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler

No ErrorMessage? What if you copy to another share not on the SAN?

On Tue, Mar 18, 2014 at 5:21 PM, J- P 
jnat...@hotmail.commailto:jnat...@hotmail.com wrote:
are the permissions still the same?
j


From: david@modahealth.commailto:david@modahealth.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Date: Tue, 18 Mar 2014 07:35:13 -0700
Subject: [NTSysADM] 64-bit GUI file copy puzzler


Over the weekend there was an upgrade to our SAN systems. We now have this 
bizarre issue where Crystal Reports .RPT files are unable to be copied from a 
PC to the SAN shares via Windows 64-bit GUI.



Renaming an Excel file to .RPT: works

Use a 32-bit system to copy the file: works

Any other file (PDF, XLS, etc.): works

Using XCOPY on a 64-bit machine: works



It only fails when using the GUI on a 64-bit system, and it's only on these 
Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit 
machine with Notepad, change one byte, save it to the PC I can then copy it 
over.



Ideas?



[cid:image001.jpg@01CF4297.8E2FDCB0]








David Lum

Network System Admin, Information Services

office 503-265-4728tel:503-265-4728  |  
modahealth.comhttp://www.modahealth.com/


I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, 
david@modahealth.commailto:david@modahealth.com, so we can stay 
connected.


This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.







inline: image001.jpg

RE: [NTSysADM] what switch do you prefer for SMB?

2014-03-13 Thread David Lum 
+1 again.

-Dave Lum


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Craig Wardlaw
Sent: Thursday, March 13, 2014 4:39 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] what switch do you prefer for SMB?

+1 on the ProCurve

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Ben Scott
Sent: Wednesday, March 12, 2014 11:15 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] what switch do you prefer for SMB?

On Wed, Mar 12, 2014 at 2:05 PM, Jimmy Tran ji...@jt-solution.com wrote:
 What do you use or recommend?

  As anyone who's been on this list for more than few months knows,
I'm a big fan of HP ProCurve.  Warrantied and supported forever is
hard to beat.

 The requirements are gigabit, layer 2 switching, vlans and budget friendly
 ($300-$700) for a 24 or 48 port switch.

  ProCurve 2530-24G (J9776A).  24 1000BASE-T ports, 4 gig SFP.
Provantage has it for $520.

  ProCurve 2530-48G (J9775A).  48 1000BASE-T ports, 4 gig SFP.
Provantage has it for $910.

-- Ben

[NTSysADM] One of those dumb things...

2014-03-10 Thread David Lum 
I use passphrases as my passwords wherever I can. Today trying to log into our 
guest wireless for the first time I'm presented with a portal and when I enter 
my password and it tells me passwords must not contain spaces. Seriously? I 
have has a space in my Windows passwords for years - while I avoid spaces for 
fields I might script, like username and folder names, for a password I've 
never worried about it.

Dumb.

[cid:image001.jpg@01CF3C3C.E5155AC0]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.




inline: image001.jpg

[NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question

2014-03-04 Thread David Lum 
+2012

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Tuesday, March 04, 2014 1:35 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question

Heck yeah. And outside of features related to Hyper-V (in which I also include 
the SMB updates) it’s one of the Top-10 reasons to upgrade. IMO.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rami SIK
Sent: Tuesday, March 4, 2014 4:04 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question

So, on Servers 2012,  DHCP can be configured for failover?

Regards,


Rami

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Tuesday, March 04, 2014 11:39 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question

I don’t see why not.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Tuesday, March 4, 2014 2:35 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Server 2012 (not R2) DHCP Failover config question


Can I setup two Server 2012 servers with DHCP, not authorize either server, 
create non-active scopes and still configure DHCP Failover?  Customer would 
like to see this setup before flipping the switch.  I would have just over 150 
scopes to import from the current 2008 R2 DHCP cluster.



Thanks





Webster

​



Learn how to avoid investment fraud at the BCSC's investor education website: 
www.investright.orghttp://www.investright.org

If this message is not meant for you, do not use it - please let us know, and 
then delete it. We try hard to keep our messages and attachments free of 
viruses and other malicious programs, but are not liable if our precautions 
don't prevent their spread.

RE: [NTSysADM] RE: Redesigned Action Pack

2014-02-03 Thread David Lum 
I beat the deadline for the higher price and renewed last week :)

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Crawford, Scott
Sent: Saturday, February 01, 2014 6:45 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Redesigned Action Pack

Don't love the messenger :)

$475

More info here:
http://blogs.technet.com/b/msuspartner/archive/2014/01/29/the-new-microsoft-action-pack-subscription-debuts-february-24.aspx

Sent from my Windows Phone

From: Kennedy, Jimmailto:kennedy...@elyriaschools.org
Sent: ‎1/‎31/‎2014 12:28 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Redesigned Action Pack
I love you man.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Crawford, Scott
Sent: Friday, January 31, 2014 1:21 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Redesigned Action Pack

http://blogs.technet.com/b/firehose/archive/2014/01/30/partners-redesigned-microsoft-action-pack-subscription-debuts-feb-24.aspx

Sent from my Windows Phone

[NTSysADM] 7200RPM SAS vs. 7200RPM SATA

2014-01-30 Thread David Lum 
Short version: Other than cost, is there any reason not to use a 7200RPM SAS 
drive in place of a 7200RPM SATA drive in a server with more than a couple 
concurrent users connected to it?

Long version:
Scenario: SMB Client, 50 users, three physical servers. All physicals running 
Hyper-V (two with 2012, one with 2008R2)

Server1: 3 years old, two RAID1 volumes using 15K SAS drives (SBS 
2011/Exchange/SQL/file print for 30 users)
Server2: 1yr old, RAID 10 using four 15K SAS drives (file/print for 15 users, 
remote site from the other two)
Server 3: 7 yrs old, RAID 1 with two 7200RPM SATA drives (file/print for 15 
users)
[And yes, I plan on swapping Server1 and Server2's roles so the faster disk 
subsystem is the one with SQL and Exchange on it.]

Possibly relevant: I use DFSR between servers 1 and 2 and would like to have it 
with server3 as well.

I am replacing Server3 with a three year old 1U and I'm torn between giving it 
four 7200RPM 1GB SAS drives or four SATA drives. Going with 10K or 15K SAS 
doubles the price of the drives. Reading various links, I read the 7200 SAS 
drives are either effectively SATA drives with SAS controller, or they're 
simply slower spinning, higher MTBF SAS drives. I get conflicting information...

Either way, a 7200RPM SAS drive array should handily outperform 7200 SATA 
drives if 10+ users are connected to it, correct?

[cid:image001.jpg@01CF1DAF.84E8DF10]





David Lum
Network System Admin, Information Services
office 503-265-4728  |  modahealth.comhttp://www.modahealth.com/

I'm excited to announce that ODS Health is now Moda Health. Please make a note 
of my new email address, david@modahealth.com, so we can stay connected.

This message is intended for the sole use of the individual and entity to whom 
it is addressed, and may contain information that is privileged, confidential 
and exempt from disclosure under applicable law. If you are not the intended 
addressee, nor authorized to receive for the intended addressee, you are hereby 
notified that you may not use, copy, disclose or distribute to anyone the 
message or any information contained in the message. If you have received this 
message in error, please immediately advise the sender by reply email and 
delete the message.




inline: image001.jpg

[NTSysADM] RE: Guest disks on Hyper-V 2012 R2

2014-01-27 Thread David Lum 
Short answer: separate VHDX.

As a general rule I keep OS drives /VHDX’s separate from everything else, even 
if  it’s virtualized and sitting on the same disk subsystem. Easier if you have 
to restore/move things around.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Steve Norton
Sent: Monday, January 27, 2014 11:06 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Guest disks on Hyper-V 2012 R2

I'm just getting my feet wet with virtual technology. I'm planning to migrate a 
physical file server that contains over 4 million Word, Excel and PDF files to 
a virtualized instance. Roughly 100 users access these files regularly on a 
daily basis. Should the guest OS be on a separate vhdx from the file storage or 
is it acceptable for the whole thing (OS and 4 million files) to reside on a 
single vhdx?
Thanks.
Steve

[NTSysADM] This doesn't happen every day (excessups.com)

2014-01-23 Thread David Lum 
This is an unpaid endorsement because it's so rare for me to see this. I don't 
do much UPS (battery backup, not shipping) business, but I bought replacement 
UPS battery from excessups.com a bit more than a year ago. Ran into an issue 
where I'd requested the wrong part, but their response and customer service was 
great at the time, so I kept the contact info.

A week ago I contacted them saying I have a $600 budget for a UPS and I am 
attaching server XY and Z to it, what product of theirs would they recommend. 
They sent me a link to product somebody else carried telling me this will get 
you the most for your budget. That the link went to another site was weird, 
but I just assumed for whatever reason that excessups simply didn't have it on 
their site yet but they did carry it, so I replied I'll take one.

As it turns out no, he's sending me to this other place because he feels I'll 
get the best bang for my buck there, to a company he said is unrelated to his. 
When I asked him about it he said that their current pricing I below his 
wholesale cost, so go there.

Wow. Tony at excessups, you are the MAN.

Dave

RE: [NTSysADM] RE: IT resumes?

2014-01-23 Thread David Lum 
Same here. They’re we looking for an additional Network system admin and every 
time I was given a name, I’d hit LinkedIn.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian Desmond
Sent: Thursday, January 23, 2014 10:03 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT resumes?

Weird. First thing I do when I get a resume or a candidate is look them up on 
LinkedIn.

I do like some sort of piece of paper whether it’s a LinkedIn printout or a 
resume – I’ve got a whole stack on my desk covered in notes from the hiring 
exercise I’m doing right now.

Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com

w – 312.625.1438 | c – 312.731.3132

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, January 23, 2014 12:00 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT resumes?

Since I recently went through a job hunt and replacement myself, I can tell you 
I was on DICE and MONSTER and INDEED like a hound (yes  a lot show the same 
thing) as well as the Oregon Employment website. I have been on LinkedIn for a 
long time as well.

Resume’s landed my new job.  Sent six, got four calls, interviews with two 
companies (a third would have happened but they guessed rightly that their 
salary range was too low) and landed one fine job.

My manager here explicitly does NOT look at LinkedIn before interviewing in 
person (other than resume she wants her first impression to be in person) - 
which I find odd, but it shows there are some like that out there.

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward
Sent: Thursday, January 23, 2014 8:50 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT resumes?

Honestly, I think anymore with the emergence of Linked In that a lot of 
professionals are getting noticed more for positions than what the resume is 
providing. Especially I am using mine as a way to demonstrate my work and 
professional affiliations with groups ( ISC, ISACA, CEH etc etc, along with 
displaying the technical presentations I have put on)

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.orgmailto:ezi...@lifespan.org
Work:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[cid:image001.jpg@01CF1824.B21391F0]


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Thursday, January 23, 2014 10:46 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT resumes?

I was about to say… resume? What’s a resume?

I wrote one for a gig a few years ago (which you and I discussed Web) that I 
didn’t end up taking… otherwise it’s pretty much word of mouth and other social 
interactions. What we used to call “networking”. ☺ Before we had “social 
graphs” and “work graphs” blah blah blah. ☺

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Thursday, January 23, 2014 10:37 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT resumes?

I always tell people my most current resume is LinkedIn.  I keep that 
up-to-date as I complete a worthy project, certification, course, speaking gig, 
etc.  I may be lucky (or fortunate) but I rarely get asked for a resume any 
more.  I get most gigs nowadays via networking, my blog, Twitter, LinkedIn and 
Facebook.  Only cold callers ask for a resume now.


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Greene
Sent: Thursday, January 23, 2014 10:31 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: IT resumes?

Yes, I was going to say … many people seem to use LinkedIn as an ongoing public 
resume … includes job history, education, skills, etc. Seems pretty complete.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad

[NTSysADM] Server with 144GB of RAM installed for $594

2014-01-23 Thread David Lum 
More fun for budget home lab users.
http://www.ebay.com/itm/DELL-C6100-C6105-CLOUD-SERVER-6x-1-8GHz-AMD-6-CORE-HEX-CORE-144GB-RAM-3x-250GB-/181306790824?pt=COMP_EN_Servershash=item2a36ba13a8

Dave

RE: [NTSysADM] LogMeIn Free ... now isn't (free, anymore). Recommendations?

2014-01-22 Thread David Lum 
I just tried this. You open a port in your firewall and then you have a URL to 
the machine you installed the app on. Not as friendly as LogMeIn, everything is 
configured on each target system (which can actually be good or bad). To access 
from over the Internet you need to know the public IP.

LogMeIn has you connecting your machine to a central site, NCH has you connect 
direct from wherever to your machine.

-Dave Lum

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Reimer, Mark
Sent: Tuesday, January 21, 2014 3:08 PM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] LogMeIn Free ... now isn't (free, anymore). 
Recommendations?

I've found this:

http://www.nchsoftware.com/remotedesktop/

I haven't installed it, nor have I ever worked with it, but looks promising for 
what I need.

Mark

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Tuesday, January 21, 2014 7:06 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] LogMeIn Free ... now isn't (free, anymore). 
Recommendations?

join.mehttp://join.me always works for connecting to family and friends

As for my own PC, I usually use GoToMyPC, but there are probably better/cheaper 
options

On 21 January 2014 14:03, Michael Leone 
oozerd...@gmail.commailto:oozerd...@gmail.com wrote:
Got this notice today:

As of January 21, 2014, LogMeIn Free will no longer be available.

Came as news to me, I hadn't heard ahead of time that they were going
to discontinue this service. Anyone have a recommendation for another
free service? I have 4 or 5 machines I regularly use this with (2 of
mine, and others are family members), and before I sign up for some
bulk account, I'd like to hear about options. I'm looking for remote
control mostly, don't really need file transfer. What do you all
recommend? Years back I used VNC, but that is not nearly as fast (not
even the various permutations like TightVNC or UltraCNC, etc).



--
James Rankin
-
RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization 
Practice Analyst - Desktop Virtualization
http://appsensebigot.blogspot.co.uk

[NTSysADM] Any RDS guru's out here?

2013-09-25 Thread David Lum 
I have an RDS farm that we are changing the SSL certificate form a wildcard to 
a farm-specific one. Our RDSH servers are also using the wildcard cert to 
digitally sign RemoteApp. Does this SSL need to be the same cert as the RDS 
gateway server SSL?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] RE: Any RDS guru's out here?

2013-09-25 Thread David Lum 
Also, what happens if the cert expire, do RDS App servers refuse the 
connection, or does an additional popup occur? Specifically this in regards to 
the RDSH servers set to use a digital signature and trying to RDP from the 
RDWeb website.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David Lum
Sent: Wednesday, September 25, 2013 6:53 AM
To: NTSysADM@lists.myITforum.com
Subject: [NTSysADM] Any RDS guru's out here?

I have an RDS farm that we are changing the SSL certificate form a wildcard to 
a farm-specific one. Our RDSH servers are also using the wildcard cert to 
digitally sign RemoteApp. Does this SSL need to be the same cert as the RDS 
gateway server SSL?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] Change control....GPO

2013-09-23 Thread David Lum 
Thanks guys, I was kind of thinking as much. Ken, great input as always!

Dave


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Schaefer
Sent: Sunday, September 22, 2013 4:51 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Change controlGPO

Hi,

IMO:

GPO changes should be classified based on risk:
- the scope of possible issues (e.g. will it impact the domain, an OU, only a 
select group),
- as well as the possible impact of the change (complete outage, major impact, 
minor inconvenience etc.).

It's then fairly easy to draw up an x by y 2D grid:





Scope of Change





Large

Medium

Small

Possible Adverse Impact

High







Medium







Low








Then you base your process around the risk weighting:

*Changes that would result in a green box can be handled by creating 
an incident ticket [1]

*Changes that are orange require your normal change management process

*Changes that are red require CAB approval, plus some other additional 
review.

You may have some special process, or mandatory weightings, for privileged 
accounts, machines etc. E.g. changes to servers that the Board (or executive) 
store their documents on, plus their workstations/accounts, changes to security 
infrastructure etc.
You don't want to send every change to CAB - otherwise you'll get bogged down 
in every minor change (e.g. adding or removing a single site from an IE zone)

Cheers
Ken

[1] You may want to limit these to a set of pre-approved standard changes. 
The CAB would agree to a blanket approved change that can then be reused for 
each subsequent individual change. If the change doesn't fall into a 
pre-approved category, it can be approved by an offline CAB


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward
Sent: Monday, 23 September 2013 1:14 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Change controlGPO

+2, Defintely agree that GPO change, or modification which will impact the 
workstation environment, should go to change management.

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.orgmailto:ezi...@lifespan.org
Work:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond
Sent: Saturday, September 21, 2013 2:44 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Change controlGPO

+1. I've seen this pivot in highly regulated environments where the GPO affects 
a controlled asset/system then it's much more rigid.


Thanks,
Brian Desmond
br...@briandesmond.commailto:br...@briandesmond.com

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins
Sent: Friday, September 20, 2013 10:08 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Change controlGPO

Most of the environments I've worked in treat GPO's depending on level of 
impact.  Domain-wide, go to Change Control processes.  OU level required 
manager for that OU's sign off.  GPO's making maintenance changes with low risk 
are treated the same as user account creation.  HD Ticket or similar to track 
request and work.


 - WJR

On Fri, Sep 20, 2013 at 9:55 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
For you guys with a pretty well defined change control process - are 
incremental GPO changes (in this case we have a GPO that controls IE's trusted 
sites, I want to add enable auto logon with current credentials for sites in 
trusted sites) reviewed by people before the change? I'm thinking in larger 
environments it might be submitted by one person, reviewed and approved by 
another but not necessarily held until a formal change request meeting is 
convened?

Normally I'd just whip this change out, but I need to think about the 
accountability process in general.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229tel:503.548.5229



inline: image001.jpg

[NTSysADM] Is this domain change, or just DNS play?

2013-09-20 Thread David Lum 
We have a development department that wants to do what seems to me to just be 
DNS hoky-poky. We have and internal domain structure of internaldomain.local, 
and this group is asking for DNS entries of 
host1.ourdepartment.internaldomain.local, 
host2.ourdepartment.internaldomain.local , etc. We don't have to create an 
actual subdomain to make those kind of DNS entries work, do we? Just create a 
new DNS zone?

Specifically the request is we want these to point to the same IP address
Host2.ourdepartment.internaldomain.local
Host2.ourdepartment.internaldomain.local
Host1.ourdepartment.internaldomain.local

It just doesn't feel like we'd need to stand up an actual domain in the forest 
to achieve that...
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] Change control....GPO

2013-09-20 Thread David Lum 
For you guys with a pretty well defined change control process - are 
incremental GPO changes (in this case we have a GPO that controls IE's trusted 
sites, I want to add enable auto logon with current credentials for sites in 
trusted sites) reviewed by people before the change? I'm thinking in larger 
environments it might be submitted by one person, reviewed and approved by 
another but not necessarily held until a formal change request meeting is 
convened?

Normally I'd just whip this change out, but I need to think about the 
accountability process in general.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229

[NTSysADM] RE: GPO to set preferred wireless to 5GHz

2013-09-19 Thread David Lum 
Thanks. Yes, Meru offers band steering as well. For reasons I forget at the 
moment we decided to set this at the client side.

Wireless is a really, really sore subject for me these days...

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jesse Rink
Sent: Wednesday, September 18, 2013 3:08 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: GPO to set preferred wireless to 5GHz

It's typically easiest to have make the Band Steering a function of the 
wireless infrastructure instead.  Most modern wireless infrastructures, HP, 
Aruba, Cisco, etc. all have Band Steering capabilities which you can tie to the 
SSIDs that are broadcasted, etc.

Not sure if that's even possible from a GPO standpoint as GPO stuff is 
typically just registry tweaks.  And I'm not sure, even if you manually adjust 
that setting on the wireless NIC itself, if that actually makes a registry 
change or if it's done at some deeper driver level. ?



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[listsad...@lists.myitforum.com] on behalf of David Lum [david@nwea.org]
Sent: Wednesday, September 18, 2013 4:17 PM
To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Subject: [NTSysADM] GPO to set preferred wireless to 5GHz
Do any of you guys configure your wireless via GPO? If yes, do you also set the 
preference to 5GHz (assuming you have systems that go both ways, so to speak).

I am able to configure the basic wireless settings, but I'd like a way to set 
the preferred to 5GHz via GPO.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] RE: Think strategically, not tactically..

2013-09-18 Thread David Lum 
Thanks or your feedback on this Ken, I think this e-mail nails it pretty well, 
specifically the first two.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Schaefer
Sent: Tuesday, September 17, 2013 9:46 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Think strategically, not tactically..

Hmm – does any of the following apply to your situation:

-Solutions to problems are “point” solutions that are developed to fix 
a particular issue as it crops up, resulting in various solutions  
configurations?

-Processes are “ad hoc”, and whilst this is flexible, makes it hard to 
understand whether things are improving or not, and hard to compare the 
outcomes from one period to another

-You are technology focussed (i.e. on technical features, or fixing 
technical issues), but a lack of focus on the business side (i.e. financial 
frameworks) makes it hard to understand what IT is actually costing, which 
leads to (potentially) sub-optimal decision making

In this case strategic might mean any of the following:
- developing some broad principles (standardisation, simplification, 
consolidation etc.)
- developing some standardised processes/procedures that allow metrics to be 
captured (you can get a bunch out of standard ITSM literature like ITIL), that 
allowed IT performance and outcomes to be tracked
- developing the business side of IT decision making (overall enterprise 
architecture/roadmap, business cases/ROI, plus methods of allocating costs. 
Plus methods of tracking projected costs/outcomes against actual realised 
outcomes)

Cheers
Ken

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Wednesday, 18 September 2013 6:14 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Think strategically, not tactically..

I have nothing specific, other than I need to think more strategically when it 
comes to being a sysadmin. For example, I have 800 endpoints on my network I 
need to manage and maintain, I get caught up in tactical solutions and I’ve 
been told to think more strategically.

Is this thinking close?
Strategic: What business need am I trying to address?
Tactical: What’s the best tool to manage my systems?

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward
Sent: Tuesday, September 17, 2013 1:05 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Think strategically, not tactically..

No not problem solved, with moving to cloud, if not done right, makes into 
bigger problem. As for the offline comment, if there is sensitive internal 
information to discuss it would be better in an offline convers, but if its 
just general of course best for all to learn online.

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.orgmailto:ezi...@lifespan.org
Work:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall
Sent: Tuesday, September 17, 2013 4:00 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Think strategically, not tactically..

I thought the only valid long-term strategy is to 'go to the cloud.'

Boom!  Problem solved.

On Tue, Sep 17, 2013 at 3:54 PM, Kurt Buff 
kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote:
No, please - not offline.

This is an outstanding opportunity for learning for all of us as sysadmins.
Kurt

On Tue, Sep 17, 2013 at 12:48 PM, Ziots, Edward 
ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote:
Dave,

What is the situation at hand that you need to get things across to the 
business at a strategic level as compared to tactical day to day level.

The approaches are varied, depending on the audience and the priorites. 
(Corporate mergers, Compliance/Regulations issues, Bussiness drivers, etc etc)

Hit me offline and we can discuss more,

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.orgmailto:ezi...@lifespan.org
Work:401-255

[NTSysADM] GPO to set preferred wireless to 5GHz

2013-09-18 Thread David Lum 
Do any of you guys configure your wireless via GPO? If yes, do you also set the 
preference to 5GHz (assuming you have systems that go both ways, so to speak).

I am able to configure the basic wireless settings, but I'd like a way to set 
the preferred to 5GHz via GPO.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] RDP access to servers

2013-09-17 Thread David Lum 
We have about 100 Windows servers, and on occasion we have some non-IT 
employees and vendors that need RDP access to a server here and there. Do you 
guys create AD groups for these, or do you add the user directly to the server?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] RE: Think strategically, not tactically..

2013-09-17 Thread David Lum 
I have nothing specific, other than I need to think more strategically when it 
comes to being a sysadmin. For example, I have 800 endpoints on my network I 
need to manage and maintain, I get caught up in tactical solutions and I’ve 
been told to think more strategically.

Is this thinking close?
Strategic: What business need am I trying to address?
Tactical: What’s the best tool to manage my systems?

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ziots, Edward
Sent: Tuesday, September 17, 2013 1:05 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Think strategically, not tactically..

No not problem solved, with moving to cloud, if not done right, makes into 
bigger problem. As for the offline comment, if there is sensitive internal 
information to discuss it would be better in an offline convers, but if its 
just general of course best for all to learn online.

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.orgmailto:ezi...@lifespan.org
Work:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall
Sent: Tuesday, September 17, 2013 4:00 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Think strategically, not tactically..

I thought the only valid long-term strategy is to 'go to the cloud.'

Boom!  Problem solved.

On Tue, Sep 17, 2013 at 3:54 PM, Kurt Buff 
kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote:
No, please - not offline.

This is an outstanding opportunity for learning for all of us as sysadmins.
Kurt

On Tue, Sep 17, 2013 at 12:48 PM, Ziots, Edward 
ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote:
Dave,

What is the situation at hand that you need to get things across to the 
business at a strategic level as compared to tactical day to day level.

The approaches are varied, depending on the audience and the priorites. 
(Corporate mergers, Compliance/Regulations issues, Bussiness drivers, etc etc)

Hit me offline and we can discuss more,

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.orgmailto:ezi...@lifespan.org
Work:401-255-2497tel:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of David Lum
Sent: Tuesday, September 17, 2013 3:32 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Think strategically, not tactically..

So….I need to come up with a way to better approach some situations and think 
more strategically and less tactically. When it comes to systems management 
(servers, endpoints, troubleshooting, etc.), what does that look like? Can 
someone shoot some examples out?

Brain cramp. Sure I can Google this, but let’s pretend I work for you and am 
asking for guidance ☺.

Dave.


inline: image001.jpg

RE: [NTSysADM] Troubleshooting wireless - advice - multiple answers

2013-09-13 Thread David Lum 
I’ve received no reports of problems from the 6th floor, but then again since 
those are impromptu conference rooms there’s no guarantee there’s anyone in 
there often enough to see an issue.

Last night we rebooted all the AP’s and the controller after reverting a change 
made yesterday afternoon. So far today there have been no reports of any 
problems. Frustrating…

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Daniel Chenault
Sent: Friday, September 20, 2013 10:28 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Troubleshooting wireless - advice - multiple answers

What's happening on the 6th floor in the vicinity of those rooms?

And all this science I don't understand
It's just my job five days a week

Elton John Rocket Man

On Sep 13, 2013, at 11:50, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Answers to multiple e-mails

Laptop hardware info:
Multiple Dell laptops and Macbooks
Multiple NIC vendors
Windows and MAC OS’s
Unsure if a reboot clears the issue

Location information:
Same area of the building (north side)
Different times of the day
Rooms are toward the edge of the building
Building is 7 floors high, problem reports have come from 5th and 7th floor

Infrastructure information:
50 dual-band AP’s
Signal strength as measured by iNSSIDer  never weaker than 60dB and typically 
there are multiple AP’s stronger than 65dB
Walking the floor, by the time one AP’s signal strength has dropped below 60dB 
you are then closer to another AP with a signal stronger than 60dB
Per Meru, all AP’s are on the same channels, all AP’s are set to full broadcast 
power

Usage information:
User activity at the time varies from looking at a web page
Different times of the day
* unknown the duration the users have this issue

Dave


Can you swap APs to see if the problem follows the AP?
Different hardware might rule out drivers.
Are these two rooms next to each other on the same AP or different areas and 
different Aps?
How long does it usually last? Does it clear itself or is a reboot needed?
Same time or completely varies?
When it’s happening, if someone else comes in does it happen to them?
Are they always in the same spot?


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr
Sent: Thursday, September 12, 2013 5:28 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Troubleshooting wireless - advice

I'm assuming this is a roaming issue between multiple APs with the same SSID.  
If not, please correct me.


  1.  Which brand are the mobile devices that are experiencing issues with 
these APs?
  2.  Who makes the NIC chipsets on these devices?
  3.  If a problematic device is hard-reset while in close-range of the AP its 
having connectivity issues with, does the problem continue?
  4.  What is the radio channel of the AP with problematic clients - and what 
are the radio channels of its nearest (3) neighbors?

--
Espi


On Thu, Sep 12, 2013 at 1:00 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Scenario: Five floors, 50 AP’s managed by a single controller (Meru). A few 
(less than ten, more than two) users report connectivity issues in two 
different small conference/meeting rooms.


• Throughput/capacity limits are not being approached

• These rooms are used largely ad-hoc, so rarely are the people who 
report problems in the same room consecutive days.

• Users with reporting issues do not report problems in any other 
areas/floors of the building

• Users reporting issues are not streaming video, and in some cases are 
sitting idle reading a document

• Other users have no problems in the areas/room that these few users 
report problems

• Two of the users reporting problems in the same room are on 
completely different hardware/software (Dell+Win7, Mac+MacOS)

Our suspicion is a malfunctioning AP in the area, the confusing part is not 
everyone is reporting an issue in the areas that a few people are having 
problems from.

I am working with our vendor (Meru), but it’s a laborious process of looking at 
logs, making a change, and then “let us know if the users still report a 
problem”. This method can result in three/four days between making a change and 
the user going back into the affected area.

Today Meru had us disable the AP closest to that room, but I’d love some advice 
on a better way to systematically get at this in case the bum AP is not the 
issue. Swapping machines is the least desirable option here (doable, but these 
are busy folks in transit a lot).

It doesn’t help that two of the users are director-level and one of THOSE is my 
boss’ boss….
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 
503.267.9764tel:503.267.9764

RE: [NTSysADM] Win8.1 / Server 2012 R2

2013-09-09 Thread David Lum 
Nothing on Action Pack yet.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Matthew W. Ross
Sent: Monday, September 09, 2013 10:36 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Win8.1 / Server 2012 R2

Not on VLSC for education yet. At least not for me.


--Matt Ross
Ephrata School District


- Original Message -
From: Michael B. Smith
[mailto:mich...@smithcons.com]
To: ntsysadm@lists.myitforum.com
[mailto:ntsysadm@lists.myitforum.com]
Sent: Mon, 09 Sep 2013 10:25:19
-0800
Subject: RE: [NTSysADM] Win8.1 / Server 2012 R2


 Technet? What's that?
 
 :) :) :)
 
 -Original Message-
 From: listsad...@lists.myitforum.com 
 [mailto:listsad...@lists.myitforum.com]
 On Behalf Of Mike Hoffman
 Sent: Monday, September 9, 2013 1:20 PM
 To: ntsysadm@lists.myitforum.com
 Subject: RE: [NTSysADM] Win8.1 / Server 2012 R2
 
 They are on Technet now as well.
 
 Mike
 
 -Original Message-
 From: listsad...@lists.myitforum.com 
 [mailto:listsad...@lists.myitforum.com]
 On Behalf Of Susan Bradley
 Sent: 09 September 2013 18:16
 To: ntsysadm@lists.myitforum.com
 Subject: Re: [NTSysADM] Win8.1 / Server 2012 R2
 
 http://blogs.msdn.com/b/stevengu/archive/2013/09/09/download-windows-8
 -1-rtm-visual-studio-2013-rc-and-windows-server-2012-r2-rtm-today.aspx
 
 On purpose.
 
 On 9/9/2013 10:12 AM, Michael B. Smith wrote:
 
  Dunno if it is on purpose or a mistake - but right now, Win8.1 and 
  Server 2012 R2 are available from MSDN.
 
 
 --
 So?  Your thoughts?
 http://windowsitpro.com/industry/microsoft-attempts-ease-demise-techne
 t-subscribers-building-replacement-mcts

[NTSysADM] AD groups - Global, or Universal?

2013-09-05 Thread David Lum 
I seem to think it was from this list that helped me decide to no use Global 
groups in AD but I have an SE pointing me to MS articles and it looks like I 
should be using Global instead on Universal, - currently I use Domain local and 
Universal groups, but we're pretty small (600-users) and have two forests, but 
the majority of the accesses I am concerned about are users from DOMAIN1 
getting access to local resources (file shares and servers) in DOMAIN1.

Is there a compelling reason to use Global vs. Universal? Somehow I was 
thinking global as much for backward-compatibility, but am not finding anything 
online saying as much.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

Re: [NTSysADM] Upgrade 2003 DC's

2013-08-30 Thread David Lum 
Yeah, we already have a 2008 R2 and a 2012 dc in the subdomain. For rhe items 
you listed I simply created GPO's for each and applied them one at a time until 
the GPO's replicated what a 2008 R2 environment woyld look like, and then I 
stood up a 2008 R2 DC.

Dave

On Aug 30, 2013, at 6:58 AM, Christopher Bodnar 
christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote:

We are in the process of doing this. Outside of the procedural items you 
outlined, have you looked into the other possible issues you may run into 
(besides the CS stuff)? Here is the list that I have been using for our 
environment:

1.LanMan Hash:
http://support.microsoft.com/kb/946405

2.SMB signing (UNIX? )
http://technet.microsoft.com/en-us/library/cc731654.aspx


3.LmCompatibilityLevel
http://technet.microsoft.com/en-us/library/cc960646.aspx

By default the new setting on 2008 R2 will take this setting from a 2 to a 3.


4.5000 attributes in LDAP response

http://support.microsoft.com/default.aspx?scid=kb;en-US;2009267

http://blogs.technet.com/b/qzaidi/archive/2010/09/02/override-the-hardcoded-ldap-query-limits-introduced-in-windows-server-2008-and-windows-server-2008-r2.aspx


5.For other operating system implementations (such as Netapp, Samba, 
EMC, etc), it is strongly suggested to contact those vendors to get their 
supportability matrix for Windows as client and as DC.

6.SSL connections to the nodes by using the alias name from an LDAPS 
client http://support.microsoft.com/kb/2275950
http://support.microsoft.com/kb/2282241


7.Windows Vista and Windows Server 2008 and later operating systems use 
a higher range of ports for outgoing connections than previous versions of 
Windows. The new default start port is 49152, and the default end port is 
65535. This is a change from the configuration of earlier versions of Windows 
that used a default port range of 1025 through 5000. If you receive errors 
indicating that “the endpoint mapper is out of endpoints,” especially after 
retiring domain controllers that run Windows 2000 or Windows Server 2003, you 
might need to reconfigure firewalls and routers to use the new default port 
range. For more information, see article 929851 
(http://go.microsoft.com/fwlink/?LinkID=153117).

8.See Microsoft Security Advisory (937811) 
(http://go.microsoft.com/fwlink/?LinkId=164559) and article 976918 in the 
Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=178251 ).

9..NET Framework 3.5 SP1 or earlier:

http://support.microsoft.com/default.aspx?scid=kb;en-US;2260240
Christopher Bodnar
Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services
Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.commailto:


mime-attachment.jpg

The Guardian Life Insurance Company of America

www.guardianlife.comhttp://www.guardianlife.com/








From:David Lum david@nwea.orgmailto:david@nwea.org
To:NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com 
NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Date:08/29/2013 05:39 PM
Subject:[NTSysADM] Upgrade 2003 DC's
Sent by:
listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com




So… in my environment we have four ancient DC’s. Two root DC’s and two of five 
subdomain DC’s. These have been around enough and our environment is complex 
enough that we aren’t sure how many systems rely in the specific IP or hostname.

Seems to me it should be fairly straightforward to stand up new with same 
name/IP as the originals:

• Transfer all FSMO roles
• Demote DC (DCRPOMO)
• Unjoin from domain
• Power off
• Build new server with same name
• Join to domain
• Install AD DS roles
• DCPROMO
• Transfer FSMO roles back (optional)

Now in one case the DC is also a certificate server, although we aren’t 100% 
sure if/how it’s being used. Surely there are some caveats to consider?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

inline: ATT1.jpg

[NTSysADM] SSL and RDS servers

2013-08-29 Thread David Lum 
Assume two RDS Gateway servers...URL to get to them is 
https://rdservices.nwea.org.  Currently I am using  a wildcard cert, but 
apparently due to how NWEA's wildcard cert is licensed I need to change it to a 
single host cert. Is there any way to have a cert for rdservices.nwea.org to be 
legit on two servers?

I am fairly cert illiterate so I am not sure of the mechanism a browser uses to 
match SSL cert with  particular host.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] RE: SSL and RDS servers

2013-08-29 Thread David Lum 
Rock on, thanks!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Damien Solodow
Sent: Thursday, August 29, 2013 11:38 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: SSL and RDS servers

You can definitely have the cert for that URL be on both servers.
Generate the CSR on one of them and install the cert.
Then export the cert  private key as a .pfx (don't select the remove after 
export)
Import the .pfx on the other server.

The browser compares the URL being accessed with the common name of the 
certificate. So when you generate your request, make sure the common name is 
rdservices.nwea.org and you should be good.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Thursday, August 29, 2013 2:28 PM
To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Subject: [NTSysADM] SSL and RDS servers

Assume two RDS Gateway servers...URL to get to them is 
https://rdservices.nwea.org.  Currently I am using  a wildcard cert, but 
apparently due to how NWEA's wildcard cert is licensed I need to change it to a 
single host cert. Is there any way to have a cert for rdservices.nwea.org to be 
legit on two servers?

I am fairly cert illiterate so I am not sure of the mechanism a browser uses to 
match SSL cert with  particular host.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] Upgrade 2003 DC's

2013-08-29 Thread David Lum 
So... in my environment we have four ancient DC's. Two root DC's and two of 
five subdomain DC's. These have been around enough and our environment is 
complex enough that we aren't sure how many systems rely in the specific IP or 
hostname.

Seems to me it should be fairly straightforward to stand up new with same 
name/IP as the originals:


* Transfer all FSMO roles

* Demote DC (DCRPOMO)

* Unjoin from domain

* Power off

* Build new server with same name

* Join to domain

* Install AD DS roles

* DCPROMO

* Transfer FSMO roles back (optional)

Now in one case the DC is also a certificate server, although we aren't 100% 
sure if/how it's being used. Surely there are some caveats to consider?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] RE: Looking for Hyper-V server hardware

2013-08-26 Thread David Lum 
Glad to help! My 840 had two 1TB drives with my VM's on it, so I simply RAID1'd 
two of the 160GB drives on the C1100, swapped in my 1TB drives, loaded Server 
2012 (and no datacenter edition needed to see over 32GB RAM, YAY!!) and presto!

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Erik Goldoff
Sent: Monday, August 26, 2013 7:10 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

Even with relatively small (160GB), old hard drives a good deal  [ I really 
doubt at this price that those are not original/previous owner drives with 
years of spin already on them]

I might have to pick up one or two , thanks for the link David

-EG

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Steven M. Caesare
Sent: Monday, August 26, 2013 9:25 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

Wow. $400? That's impressive...

-sc

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Monday, August 26, 2013 9:20 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

I missed these recommendations (I was on PTO last week) so I ended up paying 
$400 for one of these:
http://www.ebay.com/itm/Dell-Poweredge-C1100-1U-2X-XEON-QC-L5520-2-26GHZ-4x160GB-HDD-48GB-DDR3-Warranty-/251263380756?pt=COMP_EN_Servershash=item3a8076ed14

On powering up it turns out I have one of this guys' 72GB RAM offerings, but it 
loaded Server 2012 Standard just fine and I was able to move my Hyper-V guests 
over no sweat. It doesn't come with a CD-ROM drive and reading forums it's not 
really recommended for an SMB solution but for my lab uses it's perfect.

Troubleshooting my PowerEdge 840 (long story on why I didn't do this before 
ordering the C1100), turns out the BIOS dropped the settings of two of the four 
SATA drives (unknown) and changed the boot order from 0-1-2-3 to 2-1-0-3. 
Resetting the drive info to what I'd expected brought the server back to normal 
operating condition. I will simply turn it into an iSCSI target...

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer
Sent: Saturday, August 17, 2013 3:20 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

For the workload you've mentioned, I'd just get a HP Microserver. Cheap, quiet, 
cool.

Get 2 x SSDs for whatever needs fast disk, and 2 x WD Blacks or Reds for 
anything that needs bulk storage.

The latest gen (G8) has iLO, 2 x GB Nics, 4 drive bays, 16GB RAM supported.

Cheers
Ken

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Saturday, 17 August 2013 5:00 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

I don't need 32GB, but I plan to run Exchange 2013 which would be my main 
RAM-eater, the rest don't really need much RAM. I could probably get away with 
16GB if I had to, the Exchange would exist for testing migration from on-prem 
to Office365 more than anything.

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
Sent: Friday, August 16, 2013 11:52 AM
To: ntsysadm
Subject: Re: [NTSysADM] RE: Looking for Hyper-V server hardware

Why do you need 32GB to manage that?

I have a host managing more VMs (5 currently) with 16GB RAM, and I was doing 
some streaming on it for a while.

An i3 would be okay, but an i5 would be excellent.(I'm running two 
different Hyper-V boxen with quad-core E3-1235 processors.)






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Fri, Aug 16, 2013 at 1:33 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks 
like all i-series CPU's support Hyper-V too.

Thinking furtherI have a PC that we mainly use to stream 
HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the 
entertainment system/HDMI output with other VM's running in the background? It 
looks like if I can use SLAT (Intel's I processors do). Anyone doing this?

Hyper-V server with
1 Media workstation VM leveraging good video card for streaming 1080 video 
outputting to TV via HDMI
1 VM that is a server OS
1 VM that is generic workstation client

Dave


From: listsad

RE: [NTSysADM] MSIEXEC CPU on TS-Solved

2013-08-26 Thread David Lum 
+1

I would have never figured that one out...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Monday, August 26, 2013 8:25 AM
To: ntsysadm
Subject: Re: [NTSysADM] MSIEXEC CPU on TS-Solved

Thanks for following up.  That was a very good find.






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Sat, Aug 24, 2013 at 7:12 PM, J- P 
jnat...@hotmail.commailto:jnat...@hotmail.com wrote:
Ok, so after looking at thousands of procmon lines , I finally figured out what 
was causing it-
This is not the normal bug thats been around , but it did relate to an HP 
printer.

What tipped me off was the spools process not doing anything other than 
process profiling no regquery no create , no file create  and no imagepath ,

So I ran procmon on a desktop and there it was,  Spoolsv.eve doing what it 
should be , RegOpen, FileSystemControl, Regcreate, etc.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side 
Rendering Print 
Provider\Servers\Print_Server\Printers\{3B2A2A60-72A2-4B70-99F3-1FE3E72FDB85}\PrinterDriverData

HKCU\Printers\Connections\,,Print_Server_Name,Shared_Printer_Name

and heck of alot more entries-


Evidently the genius writing the front end of the DB decided to make some 
upgrades (without telling anyone), like hardcoding  default printers for 
various reports, queries etc.. and since said printers did not exist on Box , 
thats when MSIExec would kickoff and attempt the installation of the HP 
Printers.

After installing ALL the printers on the box, print previews take about  1 
second to load, and no MSIexec.

This will be one costly lesson to the client :) as I spent quite sometime on 
this.

Thanks to everyone for all the feedback.

And now time for some cognac

Thanks again











Jean-Paul Natola



From: ken.corne...@kimball.commailto:ken.corne...@kimball.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Date: Thu, 22 Aug 2013 08:25:47 -0400
Subject: RE: [NTSysADM] MSIEXEC CPU on TS

Not local to the Citrix server, local to the RDP or Citrix client.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Daniel Chenault
Sent: Wednesday, August 21, 2013 11:14 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] MSIEXEC CPU on TS



A... okay. Major bummer.



If this is only for local attach printers then the only solution I see until MS 
issues a patch is for the RDP/Citrix server to not have any local attach 
printers.



From: J- Pmailto:jnat...@hotmail.com

Sent: Wednesday, August 21, 2013 3:20 PM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com

Subject: RE: [NTSysADM] MSIEXEC CPU on TS



think I may have stumbled onto something,I have afew 1000 of these, however, 
they are not identical they seem to increment and all result in NO MORE 
ENTRIES

HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32
HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32
HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}













Jean-Paul Natola




From: ken.corne...@kimball.commailto:ken.corne...@kimball.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Date: Wed, 21 Aug 2013 13:44:16 -0400
Subject: RE: [NTSysADM] MSIEXEC CPU on TS

That's not the problem.



What happens is that whenever a remote user (either citrix or RDP) prints (or 
logs on, I forget), the local printers FOR ALL LOGGED IN USERS get GUIDs 
assigned that are unique for that user's session.  The stupid HP print drivers 
(maybe other too) create  keys under HKU\.Default\Software\Hewlett-Packard  
corresponding to ALL THESE GUIDS. This rapidly results in thousands of keys.



For some reason, msiexec.exe likes to fully traverse that key OVER and OVER and 
OVER resulting in msiexec using 100% of one CPU AND msiexec taking forever to 
get anything done.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Chenault
Sent: Wednesday, August 21, 2013 12:53 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] MSIEXEC CPU on TS



Maybe I'm missing something or need more coffee...



Set up a group of the RDP users. Deny those users access to those printers 
using the printer properties Security tab.



From: J- Pmailto:jnat...@hotmail.com

Sent: Tuesday, August 20, 2013 4:29 PM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com

Subject: RE:

RE: [NTSysADM] RE: Looking for Hyper-V server hardware

2013-08-26 Thread David Lum 
Yep, works like a charm...requires older IE (I had to tell IE10 to play like 
IE8) and Java, but I consoled into it and it woks fine.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Monday, August 26, 2013 10:34 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

Good heavens. Do these things have a BMC on them? DRAC, I mean?

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Monday, August 26, 2013 9:20 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

I missed these recommendations (I was on PTO last week) so I ended up paying 
$400 for one of these:
http://www.ebay.com/itm/Dell-Poweredge-C1100-1U-2X-XEON-QC-L5520-2-26GHZ-4x160GB-HDD-48GB-DDR3-Warranty-/251263380756?pt=COMP_EN_Servershash=item3a8076ed14

On powering up it turns out I have one of this guys' 72GB RAM offerings, but it 
loaded Server 2012 Standard just fine and I was able to move my Hyper-V guests 
over no sweat. It doesn't come with a CD-ROM drive and reading forums it's not 
really recommended for an SMB solution but for my lab uses it's perfect.

Troubleshooting my PowerEdge 840 (long story on why I didn't do this before 
ordering the C1100), turns out the BIOS dropped the settings of two of the four 
SATA drives (unknown) and changed the boot order from 0-1-2-3 to 2-1-0-3. 
Resetting the drive info to what I'd expected brought the server back to normal 
operating condition. I will simply turn it into an iSCSI target...

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer
Sent: Saturday, August 17, 2013 3:20 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

For the workload you've mentioned, I'd just get a HP Microserver. Cheap, quiet, 
cool.

Get 2 x SSDs for whatever needs fast disk, and 2 x WD Blacks or Reds for 
anything that needs bulk storage.

The latest gen (G8) has iLO, 2 x GB Nics, 4 drive bays, 16GB RAM supported.

Cheers
Ken

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Saturday, 17 August 2013 5:00 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware

I don't need 32GB, but I plan to run Exchange 2013 which would be my main 
RAM-eater, the rest don't really need much RAM. I could probably get away with 
16GB if I had to, the Exchange would exist for testing migration from on-prem 
to Office365 more than anything.

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
Sent: Friday, August 16, 2013 11:52 AM
To: ntsysadm
Subject: Re: [NTSysADM] RE: Looking for Hyper-V server hardware

Why do you need 32GB to manage that?

I have a host managing more VMs (5 currently) with 16GB RAM, and I was doing 
some streaming on it for a while.

An i3 would be okay, but an i5 would be excellent.(I'm running two 
different Hyper-V boxen with quad-core E3-1235 processors.)






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Fri, Aug 16, 2013 at 1:33 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks 
like all i-series CPU's support Hyper-V too.

Thinking furtherI have a PC that we mainly use to stream 
HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the 
entertainment system/HDMI output with other VM's running in the background? It 
looks like if I can use SLAT (Intel's I processors do). Anyone doing this?

Hyper-V server with
1 Media workstation VM leveraging good video card for streaming 1080 video 
outputting to TV via HDMI
1 VM that is a server OS
1 VM that is generic workstation client

Dave


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Ken Cornetet
Sent: Friday, August 16, 2013 7:57 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM 
will just about consume your $500 right off the bat.

Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com

[NTSysADM] Looking for Hyper-V server hardware

2013-08-16 Thread David Lum 
My old home lab PowerEdge 840 server is giving me issues so I'm looking to 
upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a 
tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell 
because that's what my clients run, but not a requirement) but do want Xeon 
instead of the AMD equivalent.  The closest I can find is a Dell T300 populated 
with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB 
RAM!).

Since this is for my home lab I don't mind building a white box system either. 
Suggestions anyone? Dell Outlet prices are out of my price range...


* Tower

* Xeon proc

* 24+GB installed

* HDD's / optical drive not necessary, I have my own
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] RE: Looking for Hyper-V server hardware

2013-08-16 Thread David Lum 
Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks 
like all i-series CPU's support Hyper-V too.

Thinking furtherI have a PC that we mainly use to stream 
HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the 
entertainment system/HDMI output with other VM's running in the background? It 
looks like if I can use SLAT (Intel's I processors do). Anyone doing this?

Hyper-V server with
1 Media workstation VM leveraging good video card for streaming 1080 video 
outputting to TV via HDMI
1 VM that is a server OS
1 VM that is generic workstation client

Dave


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Cornetet
Sent: Friday, August 16, 2013 7:57 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM 
will just about consume your $500 right off the bat.

Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, August 16, 2013 10:19 AM
To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Subject: [NTSysADM] Looking for Hyper-V server hardware

My old home lab PowerEdge 840 server is giving me issues so I'm looking to 
upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a 
tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell 
because that's what my clients run, but not a requirement) but do want Xeon 
instead of the AMD equivalent.  The closest I can find is a Dell T300 populated 
with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB 
RAM!).

Since this is for my home lab I don't mind building a white box system either. 
Suggestions anyone? Dell Outlet prices are out of my price range...


* Tower

* Xeon proc

* 24+GB installed

* HDD's / optical drive not necessary, I have my own
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] RE: Looking for Hyper-V server hardware

2013-08-16 Thread David Lum 
Thanks!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Friday, August 16, 2013 10:37 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

I think you would want to do the below to get your video performance in the 
entertainment workstation. Or perhaps run that part off the hyper-v host side.

http://technet.microsoft.com/en-us/virtualization/hh278966.aspx


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, August 16, 2013 1:33 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks 
like all i-series CPU's support Hyper-V too.

Thinking furtherI have a PC that we mainly use to stream 
HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the 
entertainment system/HDMI output with other VM's running in the background? It 
looks like if I can use SLAT (Intel's I processors do). Anyone doing this?

Hyper-V server with
1 Media workstation VM leveraging good video card for streaming 1080 video 
outputting to TV via HDMI
1 VM that is a server OS
1 VM that is generic workstation client

Dave


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet
Sent: Friday, August 16, 2013 7:57 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM 
will just about consume your $500 right off the bat.

Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, August 16, 2013 10:19 AM
To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Subject: [NTSysADM] Looking for Hyper-V server hardware

My old home lab PowerEdge 840 server is giving me issues so I'm looking to 
upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a 
tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell 
because that's what my clients run, but not a requirement) but do want Xeon 
instead of the AMD equivalent.  The closest I can find is a Dell T300 populated 
with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB 
RAM!).

Since this is for my home lab I don't mind building a white box system either. 
Suggestions anyone? Dell Outlet prices are out of my price range...


* Tower

* Xeon proc

* 24+GB installed

* HDD's / optical drive not necessary, I have my own
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] RE: Looking for Hyper-V server hardware

2013-08-16 Thread David Lum 
I'm just trying to stream from the Internet to the TV...so whatever Hulu uses 
(looks like Flash) or Windows Media Player (watching DVD's).

Media software on the host OS sounds like my fallback plan, shouldn't be an 
issue I'd think, Server 2012 licensing allows that kind of usage (1 physical 
and 2VM's, as I read it). Apparently Win8 would let me do similar things, but I 
don't see it as fitting what I want to do with VM's...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Cornetet
Sent: Friday, August 16, 2013 11:29 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

Not sure what media software you are using, but a few people tried to get XBMC 
(a very popular media player) to run in a virtual under ESX using a variety of 
video cards dedicated to the XMBC virtual, and none were ever successful in 
getting useable results. Oh, and the technology that allows that is VT-d. SLAT 
is secondary address translation table.

I'm guessing you'd want to run the media software on the host OS.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, August 16, 2013 1:33 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks 
like all i-series CPU's support Hyper-V too.

Thinking furtherI have a PC that we mainly use to stream 
HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the 
entertainment system/HDMI output with other VM's running in the background? It 
looks like if I can use SLAT (Intel's I processors do). Anyone doing this?

Hyper-V server with
1 Media workstation VM leveraging good video card for streaming 1080 video 
outputting to TV via HDMI
1 VM that is a server OS
1 VM that is generic workstation client

Dave


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet
Sent: Friday, August 16, 2013 7:57 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM 
will just about consume your $500 right off the bat.

Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, August 16, 2013 10:19 AM
To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Subject: [NTSysADM] Looking for Hyper-V server hardware

My old home lab PowerEdge 840 server is giving me issues so I'm looking to 
upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a 
tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell 
because that's what my clients run, but not a requirement) but do want Xeon 
instead of the AMD equivalent.  The closest I can find is a Dell T300 populated 
with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB 
RAM!).

Since this is for my home lab I don't mind building a white box system either. 
Suggestions anyone? Dell Outlet prices are out of my price range...


* Tower

* Xeon proc

* 24+GB installed

* HDD's / optical drive not necessary, I have my own
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] RE: Looking for Hyper-V server hardware

2013-08-16 Thread David Lum 
I don't need 32GB, but I plan to run Exchange 2013 which would be my main 
RAM-eater, the rest don't really need much RAM. I could probably get away with 
16GB if I had to, the Exchange would exist for testing migration from on-prem 
to Office365 more than anything.

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Friday, August 16, 2013 11:52 AM
To: ntsysadm
Subject: Re: [NTSysADM] RE: Looking for Hyper-V server hardware

Why do you need 32GB to manage that?

I have a host managing more VMs (5 currently) with 16GB RAM, and I was doing 
some streaming on it for a while.

An i3 would be okay, but an i5 would be excellent.(I'm running two 
different Hyper-V boxen with quad-core E3-1235 processors.)






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Fri, Aug 16, 2013 at 1:33 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks 
like all i-series CPU's support Hyper-V too.

Thinking furtherI have a PC that we mainly use to stream 
HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the 
entertainment system/HDMI output with other VM's running in the background? It 
looks like if I can use SLAT (Intel's I processors do). Anyone doing this?

Hyper-V server with
1 Media workstation VM leveraging good video card for streaming 1080 video 
outputting to TV via HDMI
1 VM that is a server OS
1 VM that is generic workstation client

Dave


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Ken Cornetet
Sent: Friday, August 16, 2013 7:57 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Looking for Hyper-V server hardware

I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM 
will just about consume your $500 right off the bat.

Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500.



From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Friday, August 16, 2013 10:19 AM
To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Subject: [NTSysADM] Looking for Hyper-V server hardware

My old home lab PowerEdge 840 server is giving me issues so I'm looking to 
upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a 
tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell 
because that's what my clients run, but not a requirement) but do want Xeon 
instead of the AMD equivalent.  The closest I can find is a Dell T300 populated 
with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB 
RAM!).

Since this is for my home lab I don't mind building a white box system either. 
Suggestions anyone? Dell Outlet prices are out of my price range...


* Tower

* Xeon proc

* 24+GB installed

* HDD's / optical drive not necessary, I have my own
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 
503.267.9764tel:503.267.9764

RE: [NTSysADM] Odd RDP issue - resolved

2013-08-14 Thread David Lum 
Time settings: check. Same/same
No name resolution issues
Dual NIC on SBS – I know ☺. NIC 2 was VM-VM only on dedicated virtual switch, 
using HOSTS file so only traffic to-from SERVER2 traverses it (they are on the 
same Hyper-V host)
netstat -n -a -o | find 3389 shows 3389 open and listening

Doing more work, on security layer setting it to “RDP Security Layer” it did 
work, but “Negotiate” didn’t. Hey….I found the issue! A couple weeks ago I 
ran a tool (IISCrypto) to disable TLS 1.0 and I think this was the first 
reboot. Flipping it back to “RDP layer” allows RDP to work.

Re-enabling TLS 1.0 and restarting the Remote Desktop services once again 
allows the RDP session to work in its default config (and allowing the 
requirement of NLA).

Learned something new today, even if it was self-inflicted…don’t turn off TLS 
1.0 if you want to use “negotiate” or “TLS 1.0” settings with RDP

Thanks everyone!

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Christopher Bodnar
Sent: Wednesday, August 14, 2013 12:15 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Odd RDP issue

From an internal connection are there any name resolution issues (FQDN, 
NetBIOS) names both resolve? Can you RDP to it by IP from the internal network? 
Can you RDP to itself while accessing it from the Hyper-V console?

Christopher Bodnar
Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.commailto:

[cid:image001.jpg@01CE98EA.12C431E0]

The Guardian Life Insurance Company of America

www.guardianlife.comhttp://www.guardianlife.com/







From:David Lum david@nwea.orgmailto:david@nwea.org
To:NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com 
NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Date:08/14/2013 02:49 PM
Subject:[NTSysADM] Odd RDP issue
Sent by:
listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com




SBS 2011 (similar to 2008R2), Hyper-V VM. Two NIC’s on the VM.

RDP has been working fine for months. I was able to RDP to the machine today to 
reboot it, but after the server came back up I cannot RDP to it.
• Entering via Hyper-V console I can log onto the VM’s console.
• From the Internet I *can* use 
https://remote.mydomain.comhttps://remote.mydomain.com/ (which is the 
affected server) and use Remote Web Access to access other servers, shared 
folders, etc. but cannot RDP to the server itself
• The only broken thing I am finding is RDP to the server
• Changing RDP security levels (require NLA or not) has no effect

Every time I try to RDP I get a corresponding “A fatal error occurred while 
creating an SSL server credential. The internal server state is 10013” in the 
servers event log.

Google-fu comes up with a few ideas but nothing definitive for me. Anyone?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.
inline: image001.jpg

[NTSysADM] Sounded so easy

2013-08-13 Thread David Lum 
2008 R2 server at remote site that was DNS/DC/File/Print. Also runs a helpdesk 
app (Sysaid) and AutoDesk license server and DFS. I am going to P2V it, so 
before doing it I wanted to demote it from domain controller.

Except the demotion broke DFS and modified the firewall entries that had been 
allowing the FlexLM and SysAid apps, which wasn't immediately apparent (ICMP 
still worked, for example). Of course after spending an hour chasing 
not-obvious-to-me issues I kill the firewall and hey, lookie there!

Nice thing is Server 2012 licensing will allow me to stand up a new DC and keep 
the it divorced from the everything else server. I hate having a DC that does 
much of anything else...
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] Cool little tool

2013-08-07 Thread David Lum 
Hi Jim,

I have no experience with Office365 Sharepoint, so I can't say. :(

Dave
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jim Majorowicz
Sent: Wednesday, August 07, 2013 9:56 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Cool little tool

David,

Would you say this easier than an Office365 SharePoint?

On Fri, Aug 2, 2013 at 8:25 AM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
This will sound like a sales pitch and it is, but it's because I just 
implemented it and think it's cool, I am not getting referral fees. So there. :)

Liquidfiles.net. You can get a non-Windows VM that's basically a fancy 
standalone FTP server where you get a web front-end to log in to and send a 
hyperlink to large files that you host on premise or in the cloud. Some cool 
features:


* Download URL expires after a time you specify

* URL can be available to just the recipient(s) or everyone

* Recipient confirms their e-mail address one time, then they get the 
download URL

* Users sending you files

o   Other people can send *you* files without any FTP client or requiring any 
further setup from the sender (for example, 
https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a 
hyperlink to the file you've sent, but not all extensions are allowed :))

o   File receive locations can be per user and/or a catchall

* Outlook plug-in. Instead of the web page you have a new toolbar in 
Outlook to send files.

o   This plug in can be installed on anyone's system, it asks for your 
liquidfiles credentials the first time you launch it per machine. For me adding 
the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same 
server/login ID for sending files, for example.

* You can specify accepted and/or blocked extensions

One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The 
best part is I didn't find it that complex at all, and it's pretty cheap if you 
need it for just a few select users, no license cost if you are sending to 
other users in your e-mail domain.

Features here:
http://www.liquidfiles.net/features.html
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 
503.267.9764tel:503.267.9764

RE: [NTSysADM] Google Chrome stores passwords in plaintext

2013-08-07 Thread David Lum 
Saw that. Not sure how much I care, as it's been said many times once you give 
up physical access all bets are off. As the Chrome guy says We want to be very 
clear that when you grant someone access to your OS user account, that they can 
get at everything.

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: Wednesday, August 07, 2013 9:22 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Google Chrome stores passwords in plaintext

http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw

No obfuscation to the casual snooper, no master password, no nothing.  This is 
the same thing that Firefox caught flack for 3 years ago.

--
Espi

RE: [NTSysADM] Google Chrome stores passwords in plaintext

2013-08-07 Thread David Lum 
Oh? A serious flaw in the security of Google's Chrome browser lets anyone with 
access to a user's computer see all the passwords stored for email, social 
media and other sites, directly from the settings panel... Besides personal 
accounts, sensitive company login details would be compromised if someone who 
used Chrome left their computer unattended with the screen active.

I took that to mean physical access was required.

?

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Wednesday, August 07, 2013 12:03 PM
To: ntsysadm
Subject: Re: [NTSysADM] Google Chrome stores passwords in plaintext

But you can get it without physical access...  that's the point.






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Wed, Aug 7, 2013 at 2:40 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Saw that. Not sure how much I care, as it's been said many times once you give 
up physical access all bets are off. As the Chrome guy says We want to be very 
clear that when you grant someone access to your OS user account, that they can 
get at everything.

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Micheal Espinola Jr
Sent: Wednesday, August 07, 2013 9:22 AM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Google Chrome stores passwords in plaintext

http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw

No obfuscation to the casual snooper, no master password, no nothing.  This is 
the same thing that Firefox caught flack for 3 years ago.

--
Espi

RE: [NTSysADM] Google Chrome stores passwords in plaintext

2013-08-07 Thread David Lum 
A...Chrome settings panel not OS settings panel (which is typically 
unavailable to my non-admin users). I are slow... I sit a little more educated.

Personally the only password I save in a browser is my IE connecting to our 
internal Sharepoint site at %dayjob%. I'm too paranoid to have my browsers save 
anything else, for web passwords I use Keepass and cut  paste.

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: Wednesday, August 07, 2013 12:05 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Google Chrome stores passwords in plaintext

Surely, and as Google also points out - thats the penultimate reason for not 
caring if the passwords are stored in plaintext.  But, I have to agree with so 
many others that this isnt a concern about physical access hackers.  This is a 
concern for snoopers, spies, and casual intruders.

I'm in complete agreement with Jim Kennedy's response, as insider spying and 
hacking is always a concern.  I'll kick it up a notch to say that physical 
security is a categorically piss-poor excuse in this day and age to leave 
anything security related in plaintext.  I'm baffled by this.

--
Espi


On Wed, Aug 7, 2013 at 11:40 AM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Saw that. Not sure how much I care, as it's been said many times once you give 
up physical access all bets are off. As the Chrome guy says We want to be very 
clear that when you grant someone access to your OS user account, that they can 
get at everything.

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Micheal Espinola Jr
Sent: Wednesday, August 07, 2013 9:22 AM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Google Chrome stores passwords in plaintext

http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw

No obfuscation to the casual snooper, no master password, no nothing.  This is 
the same thing that Firefox caught flack for 3 years ago.

--
Espi

RE: [NTSysADM] 10Gb Ethernet

2013-08-02 Thread David Lum 
Late to this party…what kind of disk subsystems are you transferring to and 
from? I don’t see even ½ that when  going from SAS to SAS on the same machine. 
Then again it’s probably because I am going from RAID1 to RAID 1 and not 
multispindle RAID5 or 10…

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Richard Stovall
Sent: Friday, July 26, 2013 5:43 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] 10Gb Ethernet

I'm just beginning to prepare the environment at $Work for the transition from 
VMware to Hyper-V.  Part of the exercise is implementing 10Gb Ethernet for the 
first time.

I work in the SMB space at a company with an IT staff of two.  Consequently, I 
don't get too jazzed about much in the way of infrastructure these days, but I 
gotta tell ya, it's slicker the greased owl sh** to see sustained file 
transfers on the order of 750MB/sec (without any network tweaking at all).

More info. as things progress, but, for today at least, it was was pretty cool 
throwing multi-GB files around in mere seconds.  (Heck, it was hard finding 
something big enough to test with!)

[NTSysADM] Cool little tool

2013-08-02 Thread David Lum 
This will sound like a sales pitch and it is, but it's because I just 
implemented it and think it's cool, I am not getting referral fees. So there. :)

Liquidfiles.net. You can get a non-Windows VM that's basically a fancy 
standalone FTP server where you get a web front-end to log in to and send a 
hyperlink to large files that you host on premise or in the cloud. Some cool 
features:


* Download URL expires after a time you specify

* URL can be available to just the recipient(s) or everyone

* Recipient confirms their e-mail address one time, then they get the 
download URL

* Users sending you files

o   Other people can send *you* files without any FTP client or requiring any 
further setup from the sender (for example, 
https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a 
hyperlink to the file you've sent, but not all extensions are allowed :))

o   File receive locations can be per user and/or a catchall

* Outlook plug-in. Instead of the web page you have a new toolbar in 
Outlook to send files.

o   This plug in can be installed on anyone's system, it asks for your 
liquidfiles credentials the first time you launch it per machine. For me adding 
the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same 
server/login ID for sending files, for example.

* You can specify accepted and/or blocked extensions

One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The 
best part is I didn't find it that complex at all, and it's pretty cheap if you 
need it for just a few select users, no license cost if you are sending to 
other users in your e-mail domain.

Features here:
http://www.liquidfiles.net/features.html
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] Cool little tool

2013-08-02 Thread David Lum 
It's a VM sitting on 2008R2 Hyper-V.

My client needs to send too large for e-mail large media files (100-300MB). 
This solution is easier to implement than SFTP, especially from the end users 
standpoint.

I will be rolling this out to my other client shortly, and I can imagine 
%dayjob% might have a use for it as well...

Dave

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: Friday, August 02, 2013 8:59 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Cool little tool

Interesting.  How are you currently using this service?

--
Espi


On Fri, Aug 2, 2013 at 8:25 AM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
This will sound like a sales pitch and it is, but it's because I just 
implemented it and think it's cool, I am not getting referral fees. So there. :)

Liquidfiles.net. You can get a non-Windows VM that's basically a fancy 
standalone FTP server where you get a web front-end to log in to and send a 
hyperlink to large files that you host on premise or in the cloud. Some cool 
features:


* Download URL expires after a time you specify

* URL can be available to just the recipient(s) or everyone

* Recipient confirms their e-mail address one time, then they get the 
download URL

* Users sending you files

o   Other people can send *you* files without any FTP client or requiring any 
further setup from the sender (for example, 
https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a 
hyperlink to the file you've sent, but not all extensions are allowed :))

o   File receive locations can be per user and/or a catchall

* Outlook plug-in. Instead of the web page you have a new toolbar in 
Outlook to send files.

o   This plug in can be installed on anyone's system, it asks for your 
liquidfiles credentials the first time you launch it per machine. For me adding 
the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same 
server/login ID for sending files, for example.

* You can specify accepted and/or blocked extensions

One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The 
best part is I didn't find it that complex at all, and it's pretty cheap if you 
need it for just a few select users, no license cost if you are sending to 
other users in your e-mail domain.

Features here:
http://www.liquidfiles.net/features.html
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 
503.267.9764tel:503.267.9764

[NTSysADM] RE: Hyper v 2012, deleted tree of snapshots, but AVHDX files remain

2013-08-02 Thread David Lum 
The Hyper-V GUI also shows progress of the merging. I am just glad we can leave 
the VM's up like ESX has been able to do, I hated having to power off to merge 
snapshots! It was a huge deterrent to going snapshot crazy (which can be good 
and bad...)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, August 02, 2013 11:45 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Hyper v 2012, deleted tree of snapshots, but AVHDX 
files remain

It merges them in the background. When the merge is complete, the files will be 
removed.

There is a cmdlet that will give you status of this process, but I can't think 
of the name at the moment (there are 2,700+ new cmdlets in server 2012 - wow!).

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jesse Rink
Sent: Friday, August 2, 2013 2:39 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Hyper v 2012, deleted tree of snapshots, but AVHDX files 
remain

So one of my customers has a 2012 Hyper V server.  One of the VMs running on it 
had 3 snapshots recently taken, all 3 were not needed, so the top-most snapshot 
was selected and then the entire subtree of snapshots was deleted.  The Hyper-V 
host no longer shows any snapshots for that VM.   However, looking at the 
physical location where the VHDX file is stored, there is still 3 AVHDX files 
(with one of them continuing to grow).

How long does it take Hyper V to delete these from the disk?  The server is 
still UP...  but i read with 2012, that's fine...   thoughts on why these files 
are leftover?  Hyper V did not give any indication that deletion of the 
snapshots was unsuccessful.

Thanks
JR

RE: [NTSysADM] Cool little tool

2013-08-02 Thread David Lum 
Aw Dad...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, August 02, 2013 12:20 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Cool little tool

Ok boys, it's time to step back into your corners...

;-)

Sent from my Windows Phone

From: Andrew S. Baker
Sent: 8/2/2013 3:17 PM
To: ntsysadm
Subject: Re: [NTSysADM] Cool little tool
So, in your analysis of the possible business risks, you see no need for any 
particular mitigations that would undermine the current end-user productivity 
benefits?  :)

Understood.






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Fri, Aug 2, 2013 at 3:06 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
LOL. Damnit Jim!

It's was likely a rhetorical question...however, I deemed security to be 
sufficient (check security section on this page : 
http://www.liquidfiles.net/features.html), as the appliance in question is 
running CentOS, and even if this system was fully compromised the only data on 
it are files in transit, there is not much anyone could do from this device 
to anything else on the network (it's not domain joined, for example). A bad 
guy could walk off with the entire VM and not get much. The biggest risk I see 
is a DoS where someone filled up the driveexcept there's quota's so they 
can really only DoS a single user (well, a concentrated effort might fill the 
various repositories...).

However, I still couldn't guess at the odds of a MiTM on this device! HAHHA

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Andrew S. Baker
Sent: Friday, August 02, 2013 11:28 AM
To: ntsysadm

Subject: Re: [NTSysADM] Cool little tool

*** TOPIC JUMP ***

My client needs to send too large for e-mail large media files (100-300MB). 
This solution is easier to implement than SFTP, especially from the end users 
standpoint.

What is this I see?


You just made a decision that prioritizes ease of use and functionality over 
security?   Hmmm  :)







ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Fri, Aug 2, 2013 at 12:23 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
It's a VM sitting on 2008R2 Hyper-V.

My client needs to send too large for e-mail large media files (100-300MB). 
This solution is easier to implement than SFTP, especially from the end users 
standpoint.

I will be rolling this out to my other client shortly, and I can imagine 
%dayjob% might have a use for it as well...

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Micheal Espinola Jr
Sent: Friday, August 02, 2013 8:59 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Cool little tool

Interesting.  How are you currently using this service?

--
Espi


On Fri, Aug 2, 2013 at 8:25 AM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
This will sound like a sales pitch and it is, but it's because I just 
implemented it and think it's cool, I am not getting referral fees. So there. :)

Liquidfiles.net. You can get a non-Windows VM that's basically a fancy 
standalone FTP server where you get a web front-end to log in to and send a 
hyperlink to large files that you host on premise or in the cloud. Some cool 
features:


* Download URL expires after a time you specify

* URL can be available to just the recipient(s) or everyone

* Recipient confirms their e-mail address one time, then they get the 
download URL

* Users sending you files

o   Other people can send *you* files without any FTP client or requiring any 
further setup from the sender (for example, 
https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a 
hyperlink to the file you've sent, but not all extensions are allowed :))

o   File receive locations can be per user and/or a catchall

* Outlook plug-in. Instead of the web page you have a new toolbar in 
Outlook to send files.

o   This plug in can be installed on anyone's system, it asks for your 
liquidfiles credentials the first time you launch it per machine. For me adding 
the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same 
server/login ID for sending files, for example.

* You can specify accepted and/or blocked extensions

One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The 
best part is I didn't find it that complex at all, and it's pretty cheap if you 
need it for just a few select users

[NTSysADM] man-in-the-middle attack

2013-07-31 Thread David Lum 
I need to present management with the odds of this actually getting exploited, 
as I'd want to force TLS 1.2 for ADFS but that takes Chrome and more 
importantly Safari (iOS devices) out of the mix, so I suspect management might 
say we want compatibility instead of protection from some obscure attack that 
is unlikely to happen.

In short, what are the odds of a MITM attack actually happening between my 
remote employee and our ADFS server?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] LDAP lookups

2013-07-31 Thread David Lum 
In a domain with 3 DC's, which one handles LDAP requests? If the LDAP is set to 
query mydomaion.com.com ,what determines which DC processes the query?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] RE: LDAP lookups

2013-07-31 Thread David Lum 
I got lucky - under protest I made a change only to troubleshoot then we flip 
it back. The change eliminated that error message but did NOT fix their 
underlying problem, so I was able to flip it back...

I saw an objection from Desmond on blog about it, as well as  link:
http://jeftek.com/219/avoid-changing-the-maxpagesize-ldap-query-policy

So I was pretty set against it.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Free, Bob
Sent: Wednesday, July 31, 2013 12:05 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: LDAP lookups

NO NO NO

Just say NO

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Wednesday, July 31, 2013 11:24 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: LDAP lookups

Thanks everyone! That was my assumption after looking at _ldap records in DNS 
as well.

I've been asked to change the Sizelimit and PageSize attributes because our 
developers are getting this error
https://confluence.atlassian.com/display/FISHKB/LDAP%3A+error+code+4+-+Sizelimit+Exceeded

Dave

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet
Sent: Wednesday, July 31, 2013 11:16 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] RE: LDAP lookups

When the DNS server (assuming windows DNS) resolves mydomain.com, it will 
find 3 address (A) records. If the client is on the same subnet as one of the A 
records, the DNS server will do subnet sorting which means it will put that A 
record first in the list of 3 records that it returns to the client. Otherwise 
it will round-robin the order of the  3 records returned.

So, if the LDAP client is on the same subnet as one of the DCs, it will hit 
that DC (because that DC's IP address will be first in the list returned by the 
DNS server). Otherwise, it will be random.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Wednesday, July 31, 2013 1:43 PM
To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com
Subject: [NTSysADM] LDAP lookups

In a domain with 3 DC's, which one handles LDAP requests? If the LDAP is set to 
query mydomaion.com.com ,what determines which DC processes the query?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764



PGE is committed to protecting our customers' privacy.
To learn more, please visit http://www.pge.com/about/company/privacy/customer/

RE: [NTSysADM] Nostalgia

2013-07-18 Thread David Lum 
Fail

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Steven M. Caesare
Sent: Thursday, July 18, 2013 7:26 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

Answer a question to continue reading this article.?

Oof.

-sc

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Thursday, July 18, 2013 10:07 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

http://www.accessmylibrary.com/article-1G1-15397162/microsoft-hoping-visine-helps.html
 (from May 30, 1994)

There was plenty of backroom talk, too, about Visine, code name for a set of 
migration tools Microsoft has in the works for Daytona, the next version of the 
Windows NT Advanced Server. The idea here is that NetWare 3.X shops are going 
to have to make a big effort, anyway, to upgrade to 4.0, so why not give them 
tools to make the switch to Daytona easier? Visine is intended, of course, to 
get the red out.

Thanks


Webster

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr
Sent: Thursday, July 18, 2013 8:55 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Nostalgia

I'm guessing; because it gets the red out?

--
Espi


On Thu, Jul 18, 2013 at 6:41 AM, Steven M. Caesare 
scaes...@caesare.commailto:scaes...@caesare.com wrote:
NT Gateway Services for Netware.

AKA Visine.

-sc

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Free, Bob
Sent: Wednesday, July 17, 2013 7:43 PM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

 let's not forget Banyan Vines

Indeed

Some of us who worked on the real NOS back in the day (or heaven forbid, both) 
were prone to calling Novell the Red Virus :)

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Senter, John
Sent: Wednesday, July 17, 2013 8:45 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

If we are going to talk about Novell,.  Expensive yet had directory services 
that far exceed Window NT.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum
Sent: Wednesday, July 17, 2013 11:37 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

The weight of e-mail I receive is amazing! I had to delete a much of SPAM from 
my laptop to lighten it enough for me to pick it up.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet
Sent: Wednesday, July 17, 2013 8:08 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

I don't know about that. I'd say the weight of a month's worth of my junk mail 
easily exceeds what a computer shopper used to weigh.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins
Sent: Wednesday, July 17, 2013 10:59 AM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Nostalgia

And now he hates you for not using the USPS for much of anything now.


 - WJR

On Wed, Jul 17, 2013 at 8:56 AM, Andrew S. Baker 
asbz...@gmail.commailto:asbz...@gmail.com wrote:
Yeah, but my mail carrier hated me for years on account of that monthly mag... 
:)






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Wed, Jul 17, 2013 at 9:27 AM, William Robbins 
dangerw...@gmail.commailto:dangerw...@gmail.com wrote:
I miss Computer Shopper.

[Inline image 1]


 - WJR

On Wed, Jul 17, 2013 at 8:22 AM, Christopher Bodnar 
christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote:
OK, while we are on the nostalgia train. my first PC had an AMD DX40 chip. 
Bought from ABS out of Computer Shopper. I truly miss the Loft of Doom and 
Pepsi Cola.
Christopher Bodnar
Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459tel:610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.commailto:christopher_bod...@glic.com

[cid:image001.jpg@01CE838A.31A6E5F0]

The Guardian Life Insurance Company of America

www.guardianlife.comhttp://www.guardianlife.com/







From:Crawford, Scott 
crawfo...@evangel.edumailto:crawfo...@evangel.edu
To:ntsysadm

RE: [NTSysADM] Nostalgia

2013-07-17 Thread David Lum 
The weight of e-mail I receive is amazing! I had to delete a much of SPAM from 
my laptop to lighten it enough for me to pick it up.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ken Cornetet
Sent: Wednesday, July 17, 2013 8:08 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

I don't know about that. I'd say the weight of a month's worth of my junk mail 
easily exceeds what a computer shopper used to weigh.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins
Sent: Wednesday, July 17, 2013 10:59 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Nostalgia

And now he hates you for not using the USPS for much of anything now.


 - WJR

On Wed, Jul 17, 2013 at 8:56 AM, Andrew S. Baker 
asbz...@gmail.commailto:asbz...@gmail.com wrote:
Yeah, but my mail carrier hated me for years on account of that monthly mag... 
:)






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Wed, Jul 17, 2013 at 9:27 AM, William Robbins 
dangerw...@gmail.commailto:dangerw...@gmail.com wrote:
I miss Computer Shopper.

[Inline image 1]


 - WJR

On Wed, Jul 17, 2013 at 8:22 AM, Christopher Bodnar 
christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote:
OK, while we are on the nostalgia train. my first PC had an AMD DX40 chip. 
Bought from ABS out of Computer Shopper. I truly miss the Loft of Doom and 
Pepsi Cola.
Christopher Bodnar
Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.commailto:christopher_bod...@glic.com

[cid:image001.jpg@01CE82C8.C24CDB90]

The Guardian Life Insurance Company of America

www.guardianlife.comhttp://www.guardianlife.com/







From:Crawford, Scott 
crawfo...@evangel.edumailto:crawfo...@evangel.edu
To:ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com 
ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Date:07/17/2013 01:15 AM
Subject:RE: [NTSysADM] Nostalgia
Sent by:
listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com


it also has intel at the bottom. I have that very chip in my drawer. I saved it 
because it was an Intel/AMD chip, which I found funny. It was  only years later 
that I realized it was a 286.
Sent from my Windows Phone


From: Ben Scott
Sent: 7/16/2013 4:32 PM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Nostalgia


On Tue, Jul 16, 2013 at 12:59 PM, James Rankin 
kz2...@googlemail.commailto:kz2...@googlemail.com wrote:
 http://www.theregister.co.uk/2013/07/16/netware_4_anniversary/

 I'm amused that /The Register/ has a photo of a microchip, captioned
Intel's 16-bit x86 microprocessor... the chip is clearly marked with
the AMD name and logo.  :)

-- Ben
- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.




inline: image001.jpg

RE: [NTSysADM] Nostalgia

2013-07-16 Thread David Lum 
+1 Got my CNA (the little cert) on 4.1 but worked with and knew 3.12 MCH 
better

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rod Trent
Sent: Tuesday, July 16, 2013 10:10 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Nostalgia

Netware 3.12 was solid and the version I used to get my CNE.

Netware 4.11 and above, got Novell into trouble.  That, and NT 4 become viable.


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Tuesday, July 16, 2013 12:59 PM
To: NTSysADM@lists.myitforum.commailto:NTSysADM@lists.myitforum.com
Subject: [NTSysADM] Nostalgia

A bit MS-tinted, rather, but still takes me back

http://www.theregister.co.uk/2013/07/16/netware_4_anniversary/

Now I feel old, having to explain what Netware was to youngsters around me!

--
James Rankin
Technical Consultant (ACA, CCA, MCTS)
http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/

[NTSysADM] So, the Russia listened to me about secure e-mail. Sort of.

2013-07-11 Thread David Lum 
On 6/21 I said use name mail. Someone is Russia was listening!

http://news.cnet.com/8301-1009_3-57593274-83/kremlin-finds-way-to-avoid-leaks-typewriters/
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] VDI Server Hardware Critique

2013-07-05 Thread David Lum 
I have never heard this term before today, looking it up now.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jim Majorowicz
Sent: Wednesday, July 03, 2013 3:52 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] VDI Server Hardware Critique

Be careful of a SATA Raid array.  I've got a couple of these and in an effort 
to save money and I'm not doing it again.  The issue comes down to something I 
learned about the hard way.  Array Puncture...


On Wed, Jul 3, 2013 at 3:30 PM, Stephen Wimberly 
riverside...@loopyguy.commailto:riverside...@loopyguy.com wrote:
Kurt, Our Dell rep tells me that I could set this up on SATA drives on RAID 5, 
which scares me.  If SATA on RAID 5 would be 'acceptible' then I think SSD 
would be just overkill, but if anyone has tried this I would love to hear your 
experience.

Christopher, Good Question.  We have over 500 desktops in total, so we 
certainly aren't trying for 100% VDI.  The thought is that we would use the 
first box to learn on and see what our CPU and IOPS looks like.  I am hoping to 
use the first box officially for 50 workstations, but 75 to 100 if a box ever 
dies.  When we add more boxes in the future we will have the fault tolerance 
built in with a farm of VDI host boxes.

An external array would be more than the budget allows, so we are attempting to 
go with internal drives.  Since the workstations in mind will boot at different 
times there should not be much of a login storm.

On Tue, Jul 2, 2013 at 10:01 AM, Christopher Bodnar 
christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote:
What do you expect the concurrency to be on average?

My biggest problem with something like this is that you have no fault 
tolerance. So if this one box goes down, all these part time helpers are down.
Christopher Bodnar
Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459tel:610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.commailto:christopher_bod...@glic.com



The Guardian Life Insurance Company of America

www.guardianlife.comhttp://www.guardianlife.com/







From:Stephen Wimberly 
riverside...@loopyguy.commailto:riverside...@loopyguy.com
To:ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Date:07/01/2013 06:37 PM
Subject:[NTSysADM] VDI Server Hardware Critique
Sent by:
listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com



Please critique the following budget VDI Server purchase. I know there is no 
correct hardware, but also want to hear what others think.

USE:  Approximately 50 workstations via Microsoft RDS that will run Microsoft 
Office (Most will not use Outlook, but rather webmail).  All will have Adobe 
Reader, but not licensed Adobe products.  These will be shared computers, 
generally not used by full time staff personnel but part time helpers so the 
login/logoff storm will be more random.

SERVER:
Dell PowerEdge R720
CPU: Dual Xeon E5-2680 (8 Core)
Memory: 192 GB (12x16GB @ 1600 RDIMS
RAID 10 (H710 PERC)
HDD: 16 300GB 10K 2.5
NIC: BCOM 5720 Daughter Card
OS: Microsoft Windows Server 2012
Microsoft Hyper V
Remote Desktop Services

(We may wait for Server 2012 R2 for the deduplication on the HyperV guests.)

This will be our first step into VDI, so any advance thoughts would be 
appreciated.

Thank you in Advance!

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

RE: [NTSysADM] E-mail retention

2013-07-02 Thread David Lum 
I thought this WAS corporate counsel! Who knew?

Good advice, thanks!


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ben Scott
Sent: Tuesday, July 02, 2013 12:29 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] E-mail retention

On Tue, Jul 2, 2013 at 12:05 PM, David Lum david@nwea.org wrote:
 Given this:

 http://arcweb.sos.state.or.us/doc/recmgmt/train/erm/emailman806.pdf

 Would it be the responsibility of the government entity to know the 
 correct retention period for each message they receive? I'm trying to 
 help a client determine how long e-mail should be kept, including the 
 brick-level backups I have...

  This the NT system administration list.  You want a lawyer.

  I'm dead serious.  This is not an IT question, it's a law question.
Contact corporate counsel.

-- Ben

RE: [NTSysADM] A very good article to read : Features Removed or Deprecated in Windows Server 2012 R2 Preview

2013-07-01 Thread David Lum 
Along the lines of  one more service running that (theoretically) isn't 
needed, 
http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx

David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Sunday, June 30, 2013 5:35 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] A very good article to read : Features Removed or 
Deprecated in Windows Server 2012 R2 Preview

I'm not a developer, so can't comment on that, but will take your word for it.

However, as a sysadmin and user, I am puzzled by the fact that MSFT seems 
unable to bring out products for business use that work well with DDNS and 
FQDNs. as opposed to NetBIOS names.

Also, from both an aesthetic and a security policy point of view, I think it 
would make sense to get rid of it - it's just one more service running that 
(theoretically) isn't needed.

However, WINS hasn't given me problems since at least NT4, and I'm still 
running it under Win2k8 R2, so I don't really care much one way or the other - 
as I said, it's more amusing than anything else.

Kurt

On Sun, Jun 30, 2013 at 2:39 PM, Michael B. Smith 
mich...@smithcons.commailto:mich...@smithcons.com wrote:
 WINS just makes life so much easier as a developer. Seriously.

 Each product they try to remove WINS dependencies from, it breaks stuff and 
 adds more complexity.

 For example, you can run Exchange without WINS (and I'm referring to a 
 complex Exchange deployment - multiple domains, discontiguous namespaces, 
 etc.etc.) - but the complexity of configuration Is Just Not Worth It.

 It's a heck of a lot cheaper to run WINS - and less likely to break.

 To paraphrase Brian's comments - if you have an IT organization that
 thinks getting rid of WINS is their top priority - then they are
 wrong. :)

 -Original Message-
 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
 Sent: Sunday, June 30, 2013 2:51 PM
 To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
 Subject: Re: [NTSysADM] A very good article to read : Features Removed
 or Deprecated in Windows Server 2012 R2 Preview

 Didn't say I don't like it - MSFT has in the past threatened to remove it, 
 and it's amusing to note that they've never followed through.

 Kurt

 On Sun, Jun 30, 2013 at 10:51 AM, Jonathan Link 
 jonathan.l...@gmail.commailto:jonathan.l...@gmail.com wrote:
 Well, be that as it may, Kurt still doesn't like it.


 On Sun, Jun 30, 2013 at 1:43 PM, Brian Desmond
 br...@briandesmond.commailto:br...@briandesmond.com
 wrote:

 +1

 I tell most customers who think removing WINS from their environment
 is a good use of their time to find a more worthwhile project to
 invest in. WINS is dead simple, solves a problem, has practically no
 infrastructure overhead, and requires nearly no maintenance.

 Thanks,
 Brian Desmond
 br...@briandesmond.commailto:br...@briandesmond.com

 w – 312.625.1438 | c – 312.731.3132

 -Original Message-
 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B.
 Smith
 Sent: Friday, June 28, 2013 10:53 PM
 To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
 Subject: RE: [NTSysADM] A very good article to read : Features
 Removed or Deprecated in Windows Server 2012 R2 Preview

 Pffft.

 That isn't going anywhere, anytime soon.

 I expect it to be around after I retire.

 -Original Message-
 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
 Sent: Friday, June 28, 2013 11:10 PM
 To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
 Subject: Re: [NTSysADM] A very good article to read : Features
 Removed or Deprecated in Windows Server 2012 R2 Preview

 I see WINS isn't on that list. :)

 On Fri, Jun 28, 2013 at 5:08 PM, Michael B. Smith
 mich...@smithcons.commailto:mich...@smithcons.com
 wrote:
  Features Removed or Deprecated in Windows Server 2012 R2 Preview
 
  http://technet.microsoft.com/en-us/library/dn303411.aspx

RE: [NTSysADM] General Windows 8 question

2013-06-27 Thread David Lum 
Is not Windows 8.1 just a fancy way to say Win8 SP1?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of rodtr...@myitforum.com
Sent: Wednesday, June 26, 2013 7:41 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] General Windows 8 question

Yes, Windows 8.1 is a free upgrade and will be available around October. For 
those already running Windows 8 when it releases, it will be available from the 
Windows app store.

Sent from Microsoft Surface Pro

From: Jon Harris
Sent: ‎Wednesday‎, ‎June‎ ‎26‎, ‎2013 ‎9‎:‎50‎ ‎PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com

I have a client that is upgrading (replacing the drive so it will not be a real 
upgrade) his machine from Windows 7 Ultimate to Windows 8 Pro.  I got a great 
deal on a full copy of Windows 8 Pro for him.  The drive is about to be 
ordered.  The question is from what I have been told at the Orlando Microsoft 
Store front those people running Windows 8 (RT, Pro, Phone) will be getting the 
new Windows 8.1 when it is released.  I would like to confirm this and find out 
if this will come by way of a download using Windows Update or what?

Anyone have any ideas?

Thanks a lot!

[NTSysADM] IE10 finally did it..

2013-06-26 Thread David Lum 
I've finally had enough problems that I've installed Chrome. Too many sites I 
had to hit F12 and flip compatibility and other general weirdness. I saw a 
Redmond Magazine article stating IE10 blocks 99% of malware attacks, my comment 
is because it blocks 98% of the Internet!
http://redmondmag.com/articles/2013/06/25/ie-10-blocks-more-malware.aspx
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

[NTSysADM] How to send secure communication to your friends and relatives. Cheap!

2013-06-21 Thread David Lum 
Snail mail. Sounds obvious doesn't it?  I wonder if searching snail mail 
without a warrant will be allowed someday, I mean hey, once it leaves your 
house you should have no expectation of privacy right? Isn't digital 
communication the same thing, except using ISP's instead of the postal service?

Just thinking aloud, as it were. But hey we stopped 1.4 shootings by opening 
up your letters!
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [NTSysADM] OT - tips on job change etiquette

2013-06-19 Thread David Lum 
When I interviewed for %dayjob%, I made it clear that I moonlight with my own 
biz. However, I also made it clear that %dayjob% would have priority during my 
scheduled work hours, and that %moonlighting% would actually give me areas of 
work that would improve what was required by %dayjob%.

When I first made up my resume that included the moonlighting gig, I wasn't 
sure if it was going to be beneficial or not, but it turns out - in my case 
anyway - that it was a huge plus as it directly showed experience and 
initiative.

On the notice thing, I'm a bird of a different feather as I'd feel compelled to 
keep them in the loop so they aren't too surprised when you give notice. 
Technically two weeks is plenty, but depending on your relationship you might 
consider full disclosure. In fact, at one point I did exactly this with my 
current biggest %moonlight% client. I thought I was going to have to drop them 
in July a few years ago, in January of that year I let them know it (leaving in 
July) might be a possibility, but that March it turned out to be unnecessary. 
They appreciated it and there has been zero fallout because they appreciate my 
work.

Perhaps that's just me. If I am alone and see a motorist pulled over with 
apparent car problems I will stop to help - my desire to do right outweighs 
my paranoia of being burned by it. Am I likely to get burned someday? Sure, but 
I will sleep well knowing I did right by my own standards.

YMMV.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of William Robbins
Sent: Wednesday, June 19, 2013 7:15 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] OT - tips on job change etiquette

I'd caution you against that.  It sounds nice, and may look good on your bank 
statement.  But it will wear you down faster than you think.  You won't be 
giving your best effort to either company in that scenario.  I advise making a 
clean break if you accept another offer.
Most companies frown on 'Moonlighting' for a reason.  :)


 - WJR

On Wed, Jun 19, 2013 at 9:07 AM, Don Kuhlman 
drkuhl...@yahoo.commailto:drkuhl...@yahoo.com wrote:
Thanks guys. I appreciate the advice!

And if this actually happens, then it would be kind of a win/win if they would 
let me work weekends on current stuff - that's very nice.

Much appreciated!

Don K



From: Kennedy, Jim 
kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com 
ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Sent: Wednesday, June 19, 2013 8:56 AM
Subject: RE: [NTSysADM] OT - tips on job change etiquette

It's not easy, nor fun but you have to answer every one of those questions in a 
way that serves your best interests. Don't do any unneeded harm to your current 
employer but assume the worse and take care of yourself.

Heck no you don't say anything. Never ever, once you do that they will always 
be looking over their shoulder. Hopefully you have expressed several times you 
want the contract converted to full time.

Once you get the gig, you tell them as best you can. You love them, you love it 
here but you need a real employment commitment for your own personal 
protection/career. You promise (and deliver) that you will help them finish 
projects after hoursdocument everything..help them find someoneall of 
those kinds of things.

The hard part will be if when you tell them you are leaving they offer you more 
money and the conversion to full time. I usually advise people to turn that 
down unless there are special circumstances.

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Don Kuhlman
Sent: Wednesday, June 19, 2013 9:52 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] OT - tips on job change etiquette

Morning all.  Just curious as to thoughts from some colleagues in the field.

Say you were in a job as a contractor at a smaller firm, and the job was 
supposed to convert to full time in a few months, but that didn't happen.  
However, your contract is extended several times so you are still at the 
position.  it may end in 6 months after being extended 18. The people at the 
place are really great and the environment is laid back and casual with very 
low stress.

So you keep your options open and along comes what may be a very good 
opportunity with a large well established place that is insourcing and building 
a new team right in your preferred geography.  It is also a 6 month contract to 
start out, but the company wants to make it permanent based on all information 
given.

Do you share with your current gig that you are checking into this?

Or if you don't share the info, and you get the offer, how do you tell your 
current gig so as not to burn any bridges?

And if the new

[NTSysADM] Random e-mail of the day: RFC1149

2013-06-19 Thread David Lum 
Most of you have likely seen this, but I ran across it again today and it still 
makes me chuckle: http://www.ietf.org/rfc/rfc1149.txt
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

RE: [SPAM] Re: [NTSysADM] Home drives

2013-06-07 Thread David Lum 
My company is still insisting we be able to back up our offsite folks who never 
connect via VPN.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Miller Bonnie L.
Sent: Friday, June 07, 2013 9:13 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [SPAM] Re: [NTSysADM] Home drives

We redirect the desktop to the same folder with all of their other redirected 
items, so it both gets backed up and gets server quota applied.  They can make 
a folder on their C: drive if needed (and a shortcut to the desktop), but 
individual workstations aren't backed up.

ie. Redirected structure looks like:

\Username
|--\Desktop
|--\Favorites
|--\My Documents

Etc., with one quota applied at the top to all.

-B

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: Friday, June 07, 2013 9:02 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [SPAM] Re: [NTSysADM] Home drives

Exactly what I do- I drill it into their heads desktops are not backed up


Jean-Paul Natola


From: dgu...@che.orgmailto:dgu...@che.org
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Date: Fri, 7 Jun 2013 11:08:34 -0400
Subject: RE: [SPAM] Re: [NTSysADM] Home drives
I've been told it's old school but...

Assign their home drive through ADUC and direct them to save to that drive, 
also let them know that their local PCs will not get backed up.

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory  Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.orgmailto:dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[Description: Description: Description: Description: Description: 
InfoService-Logo240]


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Wimberly
Sent: Friday, June 07, 2013 10:56 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [SPAM] Re: [NTSysADM] Home drives

We do use the quota on the Windows Server 2008 R2; but the problem in this 
thread is the fact that the login is slow when we redirect the user home folder 
to a network drive.  We redirect to encourage our users to save to the server 
rather than the desktop so we don't have to backup each individual desktop 
computer.  That said, we do want to encourage users to be mindful of the space 
they take up, so we use the quota system on the server to limit them from going 
nuts.

If we stop the redirect to gain a fast login, users save to their local desktop 
and nothing is backed up unless we sync their local home folder with the server 
in some fashion.

What are others doing to gain a quick login and save documents to the server?


On Fri, Jun 7, 2013 at 10:19 AM, William Robbins 
dangerw...@gmail.commailto:dangerw...@gmail.com wrote:
ZOMBIE THREAD!
So if you are already  redirecting, and I'm assuming to a Windows 20xx server, 
what's wrong with using the quotas on those shares?
2003:  
http://www.techrepublic.com/blog/datacenter/apply-quotas-with-individual-file-shares-with-windows-server-2003-r2/224
2008:  http://technet.microsoft.com/en-us/library/dd163561.aspx
That said...there are better (not free) 3rd party utilities for this.


 - WJR

On Fri, Jun 7, 2013 at 8:07 AM, Stephen Wimberly 
riverside...@loopyguy.commailto:riverside...@loopyguy.com wrote:
For all of us who still redirect My Documents to a UNC network location; What 
would be a better method to force the backup of a user's documents and yet 
still provide a user quota on the amount of data they utilize?

On Fri, May 10, 2013 at 10:57 AM, William Robbins 
dangerw...@gmail.commailto:dangerw...@gmail.com wrote:
Thanks again good sir!  :)


inline: image001.jpg

RE: [NTSysADM] RE: password change notification to users not physically connected to domain

2013-06-05 Thread David Lum 
I think I need to make that my sig line!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Free, Bob
Sent: Tuesday, June 04, 2013 10:51 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain


 those servers are still part of the prod AD.



You do, in fact, have a lab environment.  What you do not have is a production 
environment.



~Don Hacherl circa 2009


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Monday, June 03, 2013 11:40 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain

Oh, I don't mind the joke.  I'm just glad it was that easy to get something 
stood up.  We have plenty of VMWare licensing, so throwing up a virtual domain 
should be pretty easy.  Good luck with your crew.

We do have a dev and test environment for our devs, which they do use.  We even 
have it so that we (server admins) have to do the push to test/prod.  That 
said, those servers are still part of the prod AD.

Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins
Sent: Monday, June 03, 2013 11:33 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: password change notification to users not 
physically connected to domain

I only joke because I'm currently in the same position.  Also at a .gov 
coincidentally.  You'd think it wouldn't be such a novel concept that perhaps 
you shouldn't test in environments where you can potentially impact provided 
services...but it is here.  I've finally got them to add it to this years 
budget, so in July I get to stand up a QA forest.

Now getting the devs to use it will be the next challenge.  :P


 - WJR

On Mon, Jun 3, 2013 at 1:29 PM, Heaton, Joseph@Wildlife 
joseph.hea...@wildlife.ca.govmailto:joseph.hea...@wildlife.ca.gov wrote:
That's about the size of it.  I'm talking with our architect, and he agrees 
that we should stand up a test domain, so we'll be doing that, and I'll do an 
LDIF export/import of our user base so we have stuff to play with.

Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of William Robbins
Sent: Monday, June 03, 2013 11:08 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: password change notification to users not 
physically connected to domain

:)


 - WJR

On Mon, Jun 3, 2013 at 12:59 PM, Heaton, Joseph@Wildlife 
joseph.hea...@wildlife.ca.govmailto:joseph.hea...@wildlife.ca.gov wrote:
Michael,

I finally have time to look at this.  The parameters at the top of the script 
are what I have to set beforehand.  Do I have to do something with all of them? 
 To begin with, I want this to only come to me, so I set $adminEmailOnly = 
$True, is that correct?  I don't think we're using ANR, so I left that alone.  
I do want a report afterwards, so I need to leave $Quiet blank?

Just want to get these clarifications before I run it the first time.  
Unfortunately, I don't have a test domain to play in, so it will be run against 
our production domain.  I don't want any notifications sent to the users until 
I'm satisfied with it.

Thanks,

Joe Heaton

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Michael B. Smith
Sent: Sunday, May 05, 2013 7:00 AM
To: Heaton, Joseph@Wildlife; 
ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: password change notification to users not physically 
connected to domain

http://theessentialexchange.com/blogs/michael/archive/2012/01/17/sending-an-email-to-users-whose-password-is-about-to-expire-a-powershell-rewrite.aspx


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Liby Philip Mathew
Sent: Sunday, May 5, 2013 8:16 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] password change notification to users not physically 
connected to domain

Hi,
I am in the process of setting up a password reset policy of 90 days.  I have a 
lots of users that are part of the domain but their laptops are not physically 
connected to the domain (commuting users).  But, these users are

[NTSysADM] RE: An Exchange Q (query-based DL) - self-answered

2013-05-28 Thread David Lum 
I managed to answer my own Q on this one. This example adds Joe Bob to the 
query-based distribution list (err, Dynamic Distribution Group) FireDept

Set-DynamicDistributionGroup -name FireDept -Identity FireDept 
-recipientfilter (Department -eq 'Fire dept') -or (Name -eq 'Joe Bob')

The only caveat is you can no longer use the GUI to modify the group.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David Lum
Sent: Friday, May 24, 2013 6:13 AM
To: NTSysADM@lists.myITforum.com
Subject: [NTSysADM] An Exchange Q (query-based DL)

Situation: I have a query-based distribution list based on the Department 
attribute. I have one user that needs to be in two different groups. Is there 
any way to specifically add a user to a query-based DL, or do I need to choose 
a 2nd attribute to create the DL on so users can be in more than one?
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764

  1   2   >