Re: [NTSysADM] DHCP role
I've pulled DHCP off all our DC's and it wasn't too tough for the network team to accomodate. Using DHCP failover took a bit more work for us to perfect. Using failover you by definiton copy the confif to the new serverstand up new dhcp server, config as failover, then stand down DHCP on the domain controller and decondigure failover once the new server is confirmed to hand out IP's. (Assuming Win DHCP servers). Totally worth it in our opinion. Dave > On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife >wrote: > > Problem with that, is that I’d really like to keep the same IP for the DHCP > server. My network team has that in all their switches around the state as > ip-helper entries. > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Webster > Sent: Thursday, November 30, 2017 7:45 AM > To: ntsysadm@lists.myitforum.com > Subject: RE: [NTSysADM] DHCP role > > I would migrate DHCP first. > > Webster > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Heaton, Joseph@Wildlife > Sent: Thursday, November 30, 2017 9:00 AM > To: ntsysadm@lists.myitforum.com > Subject: RE: [NTSysADM] DHCP role > > That’s what we’re doing as well. Not sure why, but our service account is > member of DNSUpdateProxy, but also a member of DNSAdmins. Anyone have an > idea why that group? I didn’t set this up initially, I’m just trying to get > things in best practices, and address a current issue I’m working through, of > replacing a DC, that happens to be our main DHCP server. My thoughts at the > moment, are to add a new DC, with only DC roles. Then, DCpromo the old DC > (with DHCP), then migrate DHCP to a new server, that is only a member server, > not a DC. > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Mark Gottschalk > Sent: Wednesday, November 29, 2017 6:21 PM > To: ntsysadm@lists.myitforum.com > Subject: Re: [NTSysADM] DHCP role > > https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/ > > https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx > > This is what we've done with DHCP on DC. Have a user "DHCP_user" in > Protected User group, DNSUpdateProxy group. Use this for alternate > credentials. > > Note that first article says: > "A common error is to think that the DHCP Server service running in a DC will > use its service account security context to register records in DNS if no > alternate credentials are configured, and then there is security risk. In > fact, this is not the behavior of the DHCP Server in a DC. > > If the DHCP Server service detects that it is running in a domain controller, > and no alternate credentials for DNS registrations have been configured, then > it decides to not do any registrations for DHCP clients and logs event > DHCP/1056." > > It also starts with: > "One common deployment scenario for the DHCP Server service is to have it > installed in domain controllers. When this scenario is used it is necessary > to define the alternate credentials to be used by DHCP when doing DNS > registrations on behalf of the DHCP clients." > > If you can separate them with no downside, go for it. However, running DHCP > on a DC appears to be accounted for and can be addressed by above. > > -- Mark > > > > > From:"Heaton, Joseph@Wildlife" > To:'NT System Admin Issues Discussion list' > > Date:11/29/2017 02:49 PM > Subject:[NTSysADM] DHCP role > Sent by:"listsad...@lists.myitforum.com" > > Is it still best practice to have DHCP NOT on a DC? I’ve been reading a > bunch of stuff, but everything I’m reading refers to Server 2003 or older. > > Joe Heaton > Information Technology Operations Branch > Data and Technology Division > CA Department of Fish and Wildlife > 1700 9th Street, 3rd Floor > Sacramento, CA 95811 > Desk: 916-323-1284 >
RE: [NTSysADM] Adding *only* reboot right for domain user to a local host, remotely ...
I do this so our NOC can patch/reboot and the GPO setting I use is “allow system shutdown” and that GPO does nothing else. Also, you’ll want to add BUILTIN\Administrators and Domain Admins to that GPO or else ONLY the group specified in the GPO can reboot the system. Don’t ask how I know :). Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Friday, January 20, 2017 9:43 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Adding *only* reboot right for domain user to a local host, remotely ... (I really wish my boss wouldn't ask about this type of stuff at noon on a Friday, when I have to leave by 4PM ...) Anyway, what he wants to do: he wants our techs to be able to use a domain account, log into domain member servers, run Windows Update, *and* then be able to tell it to reboot. And he does NOT want to add this domain account to local Administrators group. (don't ask, it's a long story) I *think* I can do this with a GPO Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Right Assignment > Force shutdown from a remote system Simply add account(s) in question to this policy and they will be able to reboot servers remotely. Problem is, I haven't tested this yet, and he (ideally) wants this in place so the techs can install windows updates on Sunday. And no way do I want to roll this out to all production servers, without testing it first (which I don't have time to do, before I have to leave today) Is this the best way to give a domain user only the right to reboot a server, without giving them any other rights? (I have a GPO that assigns WSUS settings via OU and group membership; I could either add it to that one, or make a new, and assign it to that same OU and group membership)
Re: [NTSysADM] RE: ALL Flash Storage
%dayjob% moved to all flash last year and (we run Epic - medical - databases and about 9,000 concurrent users) the IOPS improvement is "yuuuge". Dave > On Dec 7, 2016, at 6:34 AM, James Rankinwrote: > > I think – SuperFast J > > We mainly use Atlantis, but not being much of a storage bod, don’t know much > except my VDI sessions are a lot quicker than they used to be > > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of David McSpadden > Sent: 07 December 2016 14:25 > To: ntsysadm@lists.myitforum.com > Subject: [NTSysADM] ALL Flash Storage > > What is eveyone’s thoughts on All Flash Storage? > I am looking to replace the Storage I have attached to my VNX5400 from EMC > with either: > > EMC Unity > > PureStorage > > Nimble > > I haven’t gotten all the proposals in yet but was wondering what everyone > else thought about them? > This e-mail and any files transmitted with it are property of Indiana Members > Credit Union, are confidential, and are intended solely for the use of the > individual or entity to whom this e-mail is addressed. If you are not one of > the named recipient(s) or otherwise have reason to believe that you have > received this message in error, please notify the sender and delete this > message immediately from your computer. Any other use, retention, > dissemination, forwarding, printing, or copying of this email is strictly > prohibited. > > > Please consider the environment before printing this email.
[NTSysADM] Automated Xenserver disk report
Does anyone know of a way to generate Xenserver storage reports? Specifically look across the various pools and give me a repoty of available space on both local hosts (not guest VM's) and shared (SAN/NAS) storage? Dave Lum \\ I.T. Garage mailto:d...@theitgarage.com d...@theitgarage.com \\ 503.267.9764 (voice/text) http://www.theitgarage.com www.theitgarage.com
RE: [NTSysADM] Change Management process and documentation
Boom, winner! From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of geoff taylor Sent: Tuesday, October 28, 2014 11:02 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Change Management process and documentation Ah! Run screamingpoke yourself in the eye with a sharp stick..its better than suggested email. Here are just some of the reasons: 1) Email does not have a followup and reminder system (automated notifications of approvals, escalations etc) 2) Email will flood your mailbox and lose site of end goal 3) no prioritization of problems 4) poor history retrieval 5) no solution database 6) no self help for end users 7) no time tracking to report where you are spending your time 8) no incident reporting to see trends. I have used tonnes (y I'm a canuck) of tools from Remedy to IBM overkill from good to downright awful and everyone was better than email. I cannot say enough good things about this tool: Sysaid https://www.sysaid.com We used the free version at a charity for years, and recently ponied up as we needed more admins to use it. Still dirt cheap. Works as advertised. YMMV but stay away from email at all costs gt On 28/10/2014 1:09 PM, Dave Lum wrote: We are defining a new change management process at %dayjob%. The current consensus is to do it all via email, which for reason's I can't fully explain gives me fits. I've been asked why not email and I can't come up with anything more useful than new engineer starts and has no way to review previous changes. Kind of a weak argument. %dayjob% is a smallish company (~250 employees) that does have to worry about HIPAA but currently shows no interest in following ITIL guidelines. What do you guys use and if not email, why not? Dave Lum \\ I.T. Garage d...@theitgarage.com \\ 503.267.9764 (voice/text) www.theitgarage.com
RE: [NTSysADM] Change Management process and documentation
That's how I handle it for my client. The same mechanism they use to submit Help Desk tickets (SysAid) I create a ticket when I'm making a system change to their systems (patching, upgrades, GPO changes, etc.). It performs double duty as I can then reference that ticket ID in my invoice to them. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Kirkland Sent: Tuesday, October 28, 2014 12:57 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Change Management process and documentation So what process does a small company use for change management? Do you just open a ticket and document in that ticket? I don't think that is adequate enough. I am trying to figure out a proper process for us and also how can I get buy in from other employees. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of geoff taylor Sent: Tuesday, October 28, 2014 2:49 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Change Management process and documentation As I mentioned we being poor just adapted the helpdesk components. But Sysaid has the real thing, ITIL compliant as well. https://www.sysaid.com/help-desk/itil-package/change-management On 28/10/2014 2:31 PM, Dave Lum wrote: +1 I use cloud SysAid for %sidejob% Help Desk. This list looks like HelpDesk stuff, not change management, although a few still apply. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Tuesday, October 28, 2014 11:06 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Change Management process and documentation Sysaid is pretty epic, we use it for our help desk. Have not used it for change management. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of geoff taylor Sent: Tuesday, October 28, 2014 2:02 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Change Management process and documentation Ah! Run screamingpoke yourself in the eye with a sharp stick..its better than suggested email. Here are just some of the reasons: 1) Email does not have a followup and reminder system (automated notifications of approvals, escalations etc) 2) Email will flood your mailbox and lose site of end goal 3) no prioritization of problems 4) poor history retrieval 5) no solution database 6) no self help for end users 7) no time tracking to report where you are spending your time 8) no incident reporting to see trends. I have used tonnes (y I'm a canuck) of tools from Remedy to IBM overkill from good to downright awful and everyone was better than email. I cannot say enough good things about this tool: Sysaid https://www.sysaid.com We used the free version at a charity for years, and recently ponied up as we needed more admins to use it. Still dirt cheap. Works as advertised. YMMV but stay away from email at all costs gt On 28/10/2014 1:09 PM, Dave Lum wrote: We are defining a new change management process at %dayjob%. The current consensus is to do it all via email, which for reason's I can't fully explain gives me fits. I've been asked why not email and I can't come up with anything more useful than new engineer starts and has no way to review previous changes. Kind of a weak argument. %dayjob% is a smallish company (~250 employees) that does have to worry about HIPAA but currently shows no interest in following ITIL guidelines. What do you guys use and if not email, why not? Dave Lum \\ I.T. Garage d...@theitgarage.com \\ 503.267.9764 (voice/text) www.theitgarage.com It is our policy at Robins Federal Credit Union to never request account information via email. Confidentiality Notice: This e-mail, along with any attachment, is intended solely for the specified recipient and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the information.
[NTSysADM] 2008 R2 SBS2011 VM inplace upgrade Hyper-V host 2008R2 to 2012R2
I rarely do in-place OS upgrades, but this one looks easy. I have a SBS2011 VM running on a 2008 R2 Hyper-V host. I have licenses for 2012R2 and would like to upgrade the host to that OS. I have upgraded a couple other hosts and the VM's made it over with no issue, but I figured I'd check with the collective, has anyone seen any issues? Dave Lum \\ I.T. Garage mailto:d...@theitgarage.com d...@theitgarage.com \\ 503.267.9764 (voice/text) http://www.theitgarage.com www.theitgarage.com
Re: [NTSysADM] Windows Service account management
Yes it will, as you are effectively just using OneDrive as a replication medium. I treat all cloud storage as a replication point as I operate under the assumption all cloud data can dissappear without notice. Critical data I have the original, a local copy (at minimum in a seperate physical device), and a cloud copy. Backups are disk to disk to cloud. Put another way, I use the cloud as protection from a regional event that wipes out my local data and local copies. Dave Lum - d...@theitgarage.com Sent from mobile device, please pardon the brevity. On Oct 9, 2014, at 7:13 PM, Jon Harris jk.har...@live.com wrote: Dave will KeePass installed locally work with the cloud based database? I have been thinking of doing that but my oldness keeps telling me to ignore convenience for safety. Jon Date: Thu, 9 Oct 2014 19:06:53 -0700 Subject: Re: [NTSysADM] Windows Service account management From: kurt.b...@gmail.com To: ntsysadm@lists.myitforum.com Probably safer than a web/cloud-based service (LastPass, et al) where the database isn't under your direct control, as long as you have a good password on the database. Kurt On Thu, Oct 9, 2014 at 7:00 PM, Dave Lum l...@ochin.org wrote: LOL –I store mine in Keepass…on my OneDrive. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jon Harris Sent: Thursday, October 09, 2014 3:43 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Windows Service account management I really dislike the idea of storing my passwords and user IDs in the cloud. That is why I use KeePass. It would be more convenient out in the cloud but just my dislike and distrust of cloud based stuff. Yeah, yeah OLD foggy I know. Jon From: r...@pge.com To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Windows Service account management Date: Thu, 9 Oct 2014 15:33:02 + LastPass runs on all of those platforms and my Kindle :-D Actually I can’t vouch for WP because I don’t have one but it’s supported and it does run just fine on my RT tablet. Also has a level of enterprise support secure password sharing facility. Not a substitute for a full blown on-prem password vaulting solution[1] but it can solve a lot of problems [1] Which still has some of the inherent shortcomings mentioned in this thread but can close a lot of gaps. We have 10’s of thousands of root and administrator accounts that are now unique fully managed. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jon Harris Sent: Wednesday, October 08, 2014 4:46 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Windows Service account management KeePass does not appear to have a version to work on Windows RT or phones YET. I hope they do eventually get there though. Jon Date: Wed, 8 Oct 2014 15:00:41 -0700 Subject: Re: [NTSysADM] Windows Service account management From: kurt.b...@gmail.com To: ntsysadm@lists.myitforum.com Password Safe and Keepass both come in flavors that run on iPhone and Android, as well as Windows and *nix. Kurt On Wed, Oct 8, 2014 at 2:40 PM, James Button jamesbut...@blueyonder.co.uk wrote: Yup! Nice concepts And 20 chars long - it better be based on a phrase I can remember, or I'll have to write it down on something I keep near the system where I logon. Maybe I can write it as the hint facility Special characters - yup - definitely needs writing down Ah! I can have the system remember the password and enter it whenever I put my id in the userid panel Hey - I'm the sysprog, and I can't ask someone else to fix my lost password for me, and management are not going to be happy if I can't fix their forgotten password Ah! This weeks selection of monthly password updates, where's my jotter - postit pad - that will do. The above is based on experience from many years as sysprog and security management techy on a site with mainframes, mini's, comms, network servers and PC's. And then, having required the consultant's ideas be implemented, management wonder why people create back-doors and/or write notes on passwords. At least - for most systems, I was allowed to change the password, so used a long phrase I could remember, and just wrote down the formula for selecting the characters from the phrase. Are you sure you will never need to logon either locally, or remotely - not even for a restore and update to 'current' status process. That said, how about limiting logon attempts to 1 a minute - that will (hopefully) deal with
[NTSysADM] LDAP requests never drop to zero
Sorry for the cross-post, but this seems to fit both lists. Setup: I have a CAS box is looking at two GC's (single CAS, two mailbox servers). Most performance indicators on the CAs server fall well into the acceptable range, except for LDAP Search time and LDAP read time. LDAP read for GC #1: varies between 0 and 16ms. Avg = 3ms LDAP read for GC #2: varies between 0 and 3600ms. Avg = 1200ms LDAP search for GC #1: varies between 0 and 16ms. Avg = 4ms LDAP search for GC #2: varies between 267 and 289ms. Avg = 1240ms LDAP Outstanding requests for GC #1: varies between 0 and 1. LDAP Outstanding requests for GC #2: varies between 19 and 29, never dropping below 19 DCDIAG on GC#2 comes up clean. Nothing bizarre/unusual in the event logs. CPU, network and disk indicators on GC#2 show low utilization (or, at least not almost pegged). Doing a Network Monitor dump, I see a lot of TCP: DUP ACK between the CAS and GC #2 (about 10x more than between the CAS and the other GC), but I don't know if that's a the problem or the symptom. Anyone have a suggestion of other places for me to look, or should I look into the network? Notable is we recently changed CAS servers but we didn't have any baseline performance info before making the change, so I'm not sure if this issue existed beforehand or not. Dave Lum \\ I.T. Garage mailto:d...@theitgarage.com d...@theitgarage.com \\ 503.267.9764 (voice/text) http://www.theitgarage.com www.theitgarage.com
RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts
He used to work at Blackberry? -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Wednesday, May 07, 2014 10:01 AM To: 'ntsysadm@lists.myitforum.com' Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts Because they want to go out of business. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, May 07, 2014 12:59 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts I left the very dry, dull and boring day 2 keynote and have responded to both. Why Citrix hired a Chief Marketing Officer that is dry and monotone and who does not have a Twitter or Facebook account and doesn’t know what either is used for is beyond me. Thanks Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, May 07, 2014 11:35 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts Web is at a conference this week. It may be a day or two before he responds (then again, he may respond in 5 minutes – who knows?). ☺ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim Sent: Wednesday, May 7, 2014 12:26 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: DHCP and Active Directory documentation scripts Same here. On Wed, May 7, 2014 at 9:19 AM, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: If you’re still looking for testers, I’d also like to try both out! Thanks, Bonnie From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Tuesday, April 29, 2014 12:11 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: DHCP and Active Directory documentation scripts These scripts are really making a lot pf progress with the help of testers from this list. David McSpadden found a couple today in the DHCP script so I am delaying releasing that script until May 19th. The AD script is coming along very nicely thanks to all the suggestions from the testers. I can always use more and more testers. If you are interested in either the AD or DHCP script (or both), send me an email letting me know what you want to test. As, I hope, the list members who are helping with testing can tell you, I fix any issues found and add most suggestions very promptly. Thanks Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, April 23, 2014 6:45 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] DHCP and Active Directory documentation scripts With the help of Michael B. Smith, I have created a DHCP documentation script. The DHCP script will be released on Monday May 5th. Still would like some more testers. Requires Server 2012+ DHCP and Win8.x with RSAT. This script creates either a Word doc, PDF file or formatted text file. The DHCP script documents every nook and cranny of both IPv4 and IPv6 that I can find a way to document. The next update of the DHCP script will add HTML output. Again with the help of Michael B. Smith, I am creating an Active Directory documentation script. The Active Directory script is now at version 0.5. This script requires at least one 2008 R2 domain controller and a minimum of Win7 with RSAT and Word installed. Version 1 of the script will focus on the 2008 R2 Active Directory cmdlets. As soon as V1 is released, I will start on V2 which will move to requiring PoSH V3, at least one Server 2012+ DC and Win8.x with RSAT and will create either a Word doc, PDF file, formatted text file or HTML. Server 2012+ also has DNS cmdlets that I can use that are not in 2008 R2. I also need testers for the current AD documentation script. Thanks Webster Please note, our email and web site address have changed: Email: @EncompassCS.org Web Site: www.EncompassCS.orghttp://www.EncompassCS.org Notice to recipient: This communication is intended for the person(s) to whom it is addressed and may contain information that is protected by Federal and/or State law. If you receive this in error, any review, use, dissemination, distribution, or reproduction is strictly prohibited. Please notify us immediately by telephone or email and delete the email and any attachment from your system. Thank you for your cooperation. P Help the environment and don't print this email unless
RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts
He used to work at Blackberry? -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Wednesday, May 07, 2014 10:01 AM To: 'ntsysadm@lists.myitforum.com' Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts Because they want to go out of business. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, May 07, 2014 12:59 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts I left the very dry, dull and boring day 2 keynote and have responded to both. Why Citrix hired a Chief Marketing Officer that is dry and monotone and who does not have a Twitter or Facebook account and doesn’t know what either is used for is beyond me. Thanks Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, May 07, 2014 11:35 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: DHCP and Active Directory documentation scripts Web is at a conference this week. It may be a day or two before he responds (then again, he may respond in 5 minutes – who knows?). ☺ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim Sent: Wednesday, May 7, 2014 12:26 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: DHCP and Active Directory documentation scripts Same here. On Wed, May 7, 2014 at 9:19 AM, Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu wrote: If you’re still looking for testers, I’d also like to try both out! Thanks, Bonnie From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Tuesday, April 29, 2014 12:11 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: DHCP and Active Directory documentation scripts These scripts are really making a lot pf progress with the help of testers from this list. David McSpadden found a couple today in the DHCP script so I am delaying releasing that script until May 19th. The AD script is coming along very nicely thanks to all the suggestions from the testers. I can always use more and more testers. If you are interested in either the AD or DHCP script (or both), send me an email letting me know what you want to test. As, I hope, the list members who are helping with testing can tell you, I fix any issues found and add most suggestions very promptly. Thanks Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, April 23, 2014 6:45 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] DHCP and Active Directory documentation scripts With the help of Michael B. Smith, I have created a DHCP documentation script. The DHCP script will be released on Monday May 5th. Still would like some more testers. Requires Server 2012+ DHCP and Win8.x with RSAT. This script creates either a Word doc, PDF file or formatted text file. The DHCP script documents every nook and cranny of both IPv4 and IPv6 that I can find a way to document. The next update of the DHCP script will add HTML output. Again with the help of Michael B. Smith, I am creating an Active Directory documentation script. The Active Directory script is now at version 0.5. This script requires at least one 2008 R2 domain controller and a minimum of Win7 with RSAT and Word installed. Version 1 of the script will focus on the 2008 R2 Active Directory cmdlets. As soon as V1 is released, I will start on V2 which will move to requiring PoSH V3, at least one Server 2012+ DC and Win8.x with RSAT and will create either a Word doc, PDF file, formatted text file or HTML. Server 2012+ also has DNS cmdlets that I can use that are not in 2008 R2. I also need testers for the current AD documentation script. Thanks Webster Please note, our email and web site address have changed: Email: @EncompassCS.org Web Site: www.EncompassCS.orghttp://www.EncompassCS.org Notice to recipient: This communication is intended for the person(s) to whom it is addressed and may contain information that is protected by Federal and/or State law. If you receive this in error, any review, use, dissemination, distribution, or reproduction is strictly prohibited. Please notify us immediately by telephone or email and delete the email and any attachment from your system. Thank you for your cooperation. P Help the environment and don't print this email unless
RE: [NTSysADM] Speaking of Dropbox... Security flaws discovered today
This is actually what triggered my initial question about Dropbox/file sharing policies... :) -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Sam Cayze Sent: Tuesday, May 06, 2014 12:37 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Speaking of Dropbox... Security flaws discovered today Be warned. Security flaw discovered today. Again. http://grahamcluley.com/2014/05/dropbox-box-leak/ http://news.idg.no/cw/art.cfm?id=2D07456E-B77A-1191-113A2E0A9DBC0945
RE: [NTSysADM] IT sec pros surprisingly cavalier about mobile security best practices
Our information isn't as important as making it easy for our users to get at it -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kramer, Jack Sent: Saturday, May 03, 2014 10:14 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] IT sec pros surprisingly cavalier about mobile security best practices I was specifically disallowed from requiring PIN for mobile devices connected to our Exchange server. Higher ed. -Jack- On May 3, 2014, at 7:29 AM, Ken Schaefer k...@kj.net.aumailto:k...@kj.net.au wrote: Sample-size of 169 people. Given that most say they don't have a PIN, that would indicate that they either don't have Exchange policies, or they don't have an MDM in place. Or they simply don't connect their mobile device to work networks (that question doesn't seem to be answered in the article). I think that rules out pretty much all major enterprises and government departments, and just about any decent sized org that has centralised IT. Cheers Ken From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Saturday, 3 May 2014 2:40 AM To: ntsysadm Subject: Re: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile security best practices This is true of the privileged of every vertical. Education just has more of them per capita. (The music industry and law firms are neck and neck for a close second) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, May 1, 2014 at 10:24 PM, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: My experience was they were usually the ones that caused the most issues including putting sensitive information in public places. Jon From: na...@nowmicro.commailto:na...@nowmicro.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile security best practices Date: Fri, 2 May 2014 01:56:19 + Every time a professor uses Academic Freedom as a reason that they should have admin rights to a state-owned device used to access, process, and potentially store private data about their students... a ninja kills a kitten. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Jon Harris Sent: Thursday, May 1, 2014 7:35 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile security best practices My personal experience working in higher Ed was anyone with a PhD after their name always made it hard to take away permissions. They just felt they knew EVERYTHING and anyone without a PhD knew nothing or very little! Jon From: mich...@smithcons.commailto:mich...@smithcons.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: IT sec pros surprisingly cavalier about mobile security best practices Date: Thu, 1 May 2014 23:52:42 + I preach on this to every med-and-large organization I speak with. Higher-Ed doesn't seem to care (mostly), but CSOs and CTOs are very interested There are some EXCELLENT solutions for this, for WP7.5+, iOS 6+, BB 10+, etc. Android just sucks, but there are some workarounds you can apply to get improved results (for secure Android, you basically have to throw away whatever google version you are running, and run one of a couple of other Android builds that supports secure containers). From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, May 1, 2014 5:37 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] IT sec pros surprisingly cavalier about mobile security best practices http://www.net-security.org/secworld.php?id=16783 image001.jpg David Lum Network System Admin, Information Services office 503-265-4728tel:503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address,david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information
[NTSysADM] RE: Moving on to new Position, might be gone from the list for a Bit
Are you moving on because I deleted all those Linux OS files? LOL -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward Sent: Monday, May 05, 2014 7:30 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Moving on to new Position, might be gone from the list for a Bit Just to everyone on the list I am going to be moving on to a new position after May 16th. Its been a time coming, I am moving on to be a Lead Information Security Analyst, with my new company. I am pretty darn excited about the opportunity and what it means for my career growth. I hope to talk with you all on my new position in the future. The list and those whom contribute has been an immeasurable success in my personal and professional career development. Sincerely, EZ Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:image001.png@01CF6856.FB2D2630]
[NTSysADM] How to start your last 5 days of work
Next week is my last week at Moda, so today I decided to start my day by oopsing a Unix command. On a machine in an ESX cluster I MEANT to delete a /var/log/ipmi folder, so I SSH to the machine and type this: rm -r /* I was cutting and pasting and neglected to remove one character. I'm sure someone here knows Unix enough to tell me what happened next... :) [cid:image001.jpg@01CF65E5.0E6CA0F0] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message.
[NTSysADM] RE: How to start your last 5 days of work
Door #1. My next communication to my team here was This server is going to drop offline here in a second and hey, where are the ESX ISO's? . It has not been my best IT week, earlier this week I dropped an Exchange server offline for patching, unscheduled, during the day. At least that wasn't here at Moda (where we have them clustered anyway, same with ESX). I swear on average I'm better than this week has looked! Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Friday, May 02, 2014 9:10 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: How to start your last 5 days of work Depends on the version of rm. :) It MAY have been catastrophic removal of a bunch of stuff. Or it may have said Dave, I won't do that. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, May 2, 2014 12:01 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] How to start your last 5 days of work Next week is my last week at Moda, so today I decided to start my day by oopsing a Unix command. On a machine in an ESX cluster I MEANT to delete a /var/log/ipmi folder, so I SSH to the machine and type this: rm -r /* I was cutting and pasting and neglected to remove one character. I'm sure someone here knows Unix enough to tell me what happened next... :) [cid:image001.jpg@01CF65E9.5AA54680] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message.
[NTSysADM] XP is no longer supported. OK wait, just this one last time...
Just this last out-of-band one... https://technet.microsoft.com/library/security/ms14-may [cid:image001.jpg@01CF651F.AAD68210] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message.
[NTSysADM] IT sec pros surprisingly cavalier about mobile security best practices
http://www.net-security.org/secworld.php?id=16783 [cid:image001.jpg@01CF6549.C29ED1C0] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message.
[NTSysADM] NSS labs
Is anyone here subscribed to NSS labs? https://www.nsslabs.com/become-client [cid:image001.jpg@01CF63B2.2C36A160] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message.
RE: [NTSysADM] IE exploit
Adobe’s patch addresses CVE-2014-0515 Microsoft’s address CVE-2014-1776 It’s possible they are linked, since this article does make them seem like the same attack vector, but I do not speek enough programmer-speak to know for sure: http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Monday, April 28, 2014 10:37 AM To: 'ntsysadm@lists.myitforum.com' Subject: RE: [NTSysADM] IE exploit I thought that is what I read in the MS articles? VML and Flash were the vector for the exploit? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 1:34 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit Yes, but that has nothing to do with the exploit reported over the weekend. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Monday, April 28, 2014 1:13 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit Flash just released an update. http://helpx.adobe.com/security/products/flash-player/apsb14-13.html From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 1:11 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit It’s all versions of Internet Explorer. However, supported versions will be patched. There are ways to mitigate: http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-affects-ie6-11 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Monday, April 28, 2014 1:05 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit Is it just XP or am I wrong that the 7’s, 8’s, and Server OS’s also an issue the way I am reading it. Especially if they have Adobe Flash (Not sure of version) and the website being visited using VML. ?? From: listsad...@lists.myitforum..commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 12:59 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit The is the first in a coming list of exploits that Windows XP will be vulnerable to forever. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Link Sent: Monday, April 28, 2014 12:51 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] IE exploit It's really bad if you're still running XP in your environment... On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden dav...@imcu.commailto:dav...@imcu.com wrote: Any reason for concern? This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment
RE: [NTSysADM] IE exploit
Saw this on a forum today: ”We have one agency warning us of an exploit, and the other agency trying to use the exploit :)” FTW! -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 12:04 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit It’s not. Adobe has been working on today’s patch since early April, working with Kaspersky. The one announced over the weekend as identified by FireEye and Microsoft is working on a patch. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Monday, April 28, 2014 3:00 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit Adobe’s patch addresses CVE-2014-0515 Microsoft’s address CVE-2014-1776 It’s possible they are linked, since this article does make them seem like the same attack vector, but I do not speek enough programmer-speak to know for sure: http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Monday, April 28, 2014 10:37 AM To: 'ntsysadm@lists.myitforum.com' Subject: RE: [NTSysADM] IE exploit I thought that is what I read in the MS articles? VML and Flash were the vector for the exploit? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 1:34 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit Yes, but that has nothing to do with the exploit reported over the weekend. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Monday, April 28, 2014 1:13 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit Flash just released an update. http://helpx.adobe.com/security/products/flash-player/apsb14-13.html From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 1:11 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit It’s all versions of Internet Explorer. However, supported versions will be patched. There are ways to mitigate: http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-affects-ie6-11 From: listsad...@lists.myitforum..commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Monday, April 28, 2014 1:05 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit Is it just XP or am I wrong that the 7’s, 8’s, and Server OS’s also an issue the way I am reading it. Especially if they have Adobe Flash (Not sure of version) and the website being visited using VML. ?? From: listsad...@lists.myitforum..commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 12:59 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] IE exploit The is the first in a coming list of exploits that Windows XP will be vulnerable to forever. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Link Sent: Monday, April 28, 2014 12:51 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] IE exploit It's really bad if you're still running XP in your environment... On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden dav...@imcu.commailto:dav...@imcu.com wrote: Any reason for concern? This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have
[NTSysADM] Whitelisting product - Savant Protection
Does anyone have any experience with their product? I am considering adding it to endpoints for some additional protection... [cid:image001.jpg@01CF5FA8.C1A2A540] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message.
RE: [NTSysADM] DHCP and Active Directory documentation scripts
Count me in! -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, April 23, 2014 6:56 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] DHCP and Active Directory documentation scripts Yes I do. Thanks Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Wednesday, April 23, 2014 8:19 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] DHCP and Active Directory documentation scripts Do you plan on maintaining support for both v1 and v2 of the AD scripts? I’m game to help test but 2012 isn’t in the picture for a while down the road. Perhaps a fallback mode to the 2008r2 functionality if the requirements for 2012 aren’t available? Anyway, I’m in! ☺ -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Wednesday, April 23, 2014 8:07 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] DHCP and Active Directory documentation scripts No PowerShell for AppSense or not enough PowerShell to work with or I would add it to my ever growing list of products people want documentation scripts for. Thanks Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Wednesday, April 23, 2014 7:05 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] DHCP and Active Directory documentation scripts Can't you two serial scripters do one for AppSense infrastructure too? Would make my life so much easier :-) On 23 April 2014 12:44, Webster webs...@carlwebster.commailto:webs...@carlwebster.com wrote: With the help of Michael B. Smith, I have created a DHCP documentation script. The DHCP script will be released on Monday May 5th. Still would like some more testers. Requires Server 2012+ DHCP and Win8.x with RSAT. This script creates either a Word doc, PDF file or formatted text file. The DHCP script documents every nook and cranny of both IPv4 and IPv6 that I can find a way to document. The next update of the DHCP script will add HTML output. Again with the help of Michael B. Smith, I am creating an Active Directory documentation script. The Active Directory script is now at version 0.5. This script requires at least one 2008 R2 domain controller and a minimum of Win7 with RSAT and Word installed. Version 1 of the script will focus on the 2008 R2 Active Directory cmdlets. As soon as V1 is released, I will start on V2 which will move to requiring PoSH V3, at least one Server 2012+ DC and Win8.x with RSAT and will create either a Word doc, PDF file, formatted text file or HTML. Server 2012+ also has DNS cmdlets that I can use that are not in 2008 R2. I also need testers for the current AD documentation script. Thanks Webster -- James Rankin - RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk
RE: [NTSysADM] Windows 8.1 update required to be installed
I knew there was a reason I've rarely changed default folders.crap like this! The only thing I really change anymore is the drive letter - I'll put stuff in D:\Program Files\ but I'll leave the rest of the path the same, and up to the installer. I think it was back in my Win95 days I quit creating my on paths for system-y stiff because of stuff like this. -Dave Lum -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Beauvais, Dave Sent: Wednesday, April 23, 2014 1:40 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Windows 8.1 update required to be installed Importance: Low A friend and colleague here recently encountered update problems on a number of his Windows 8.1 and Windows Server 2012 R2 boxes. After days of fighting with it he ultimately determined it was caused by his renaming and moving of the following two folders, which is something he's done for many years to organize his traditional start menu the way he prefers: %AllUsersProfile% \Microsoft\Windows\Start Menu\Programs\System Tools (Displays in 8.1 GUI as Windows System) %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools After recreating both folders, the update installed successfully on all affected systems. I am surprised that the update installer would handle that case so poorly. I tried to convince him to open a case with Microsoft so the issue would be researched and documented, but he opted to work it himself. Dave Beauvais -- Dave W. Beauvais, Exchange and Windows Systems Administrator Ohio University Office of Information Technology -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Monday, April 21, 2014 12:55 To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Windows 8.1 update required to be installed Let me reiterate with emphasis... :) Running SFC SHOULD be the same thing. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Susan Bradley Sent: Monday, April 21, 2014 11:58 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Windows 8.1 update required to be installed No it doesn't. These folks have sfc /scannow and dism'd until their blue in the face and it doesn't work. It's rare, but is has happened The people in those two threads would disagree with you on that. KB2919355 is still in 'throttle mode' and hasn't been actively pushed. You can tell this by the fact it's still unchecked. On 4/21/2014 6:46 AM, Rod Trent wrote: Running SFC should be about the same thing. That happened to someone else recently and they didn't have a CD or any other media, so they had to grab the bits with the product key: http://windowsitpro.com/windows-81/installing-windows-81-using-only-yo ur-pro duct-key -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jay Dale Sent: Monday, April 21, 2014 9:23 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Windows 8.1 update required to be installed Well after working with MS on this issue and not getting anywhere, I found a couple of links - Susan is on them as well: http://answers.microsoft.com/en-us/windows/forum/windows8_1-windows_up date/w indows-81-update-1-failing-to-install-with-errors/c3071122-e903-4775-b 659-e9 8784bc786c?page=1 http://answers.microsoft.com/en-us/windows/forum/windows8_1-windows_in stall/ kb2919355-windows-81-update-fails-800f0092-and/4d4d23a3-695a-4bd4-b340 -d2ce9 c75919d?page=42tab=questionstatus=AllReplies A lot of the solutions did not work for me, but what finally worked was doing a repair install from the Windows 8 CD. Making sure to keep all apps and programs, I was then able to run the update without a problem. Jay Dale Director of Information Technology P:713-333-2020 -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Susan Bradley Sent: Friday, April 18, 2014 4:23 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Windows 8.1 update required to be installed This is deemed a security update. thus it will always be a free call. On 4/18/2014 2:13 PM, Hank Arnold wrote: I think that what folks (including me) are afraid of is the support person deciding that the call isn't free -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, April 17, 2014 6:59 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Windows 8.1 update required to be installed If this is a broken update Microsoft normally wouldn't charge for an incident. Probably worth the attempt at least to confirm. -- There are 10 kinds of people in the world... those who understand binary
[NTSysADM] RE: Help me fire my old DC's
Oh man yeah, I remember doing this to myself once too, on a DC that had IIS stuff and I DCPROMO'd it down and rebooted... Things like these are why I like a DC to really do nothing BUT hold DC roles, I even kick DHCP off it if I can. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Miller Bonnie L. Sent: Monday, April 14, 2014 5:35 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Help me fire my old DC's In addition to the others' comments-back in the day I had demoted a 2003 dc or two that was running IIS for WSUS. I remember things getting quite broken with permissions, and it took some fixing. Has to do with the fact that on a DC, your special accounts (IIS_WPG, aspnet, etc) are domain-level accounts, but once on a member server they will become new local accounts. Had to reapply permissions in several places to get it all just right-YMMV. -Bonnie From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden Sent: Friday, April 11, 2014 4:59 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] Help me fire my old DC's Ok, you guys almost have me convinced to not P2V my 2 DC's at this Data Center. Now I have never actually demoted one. (All of my old DC's have just hardware failed.) (I do have a 2012 DC up and have migrated all the FSMO roles to it and made it my SNTP time provider.) So to do this correctly. I am going to use this checklist. -Make sure none of them are in my SNTP setup and Time providers. -Make sure no clients are using them for DNS resolution. -Demote them. -Make sure they are no longer Global Catalog providers for the Exchange 2010 environment. -Make sure they are no longer LDAP connectors for my Cisco Anywhere client connection on my ASA 5500. -Make sure I can still access the IIS apps that are loaded on one of them. -For the 2008 R2 DC at this point I can just un join it from the Domain and then shut off. ---Then remove all DNS records or OU records that may remain after 1 day. (Give replication a very good amount of time.) -For the 2003 DC (With IIS apps installed.) I should be able to P2V at this time. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
RE: [NTSysADM] Home router
How is that cheaper than a three pack of UniFi's for $199? -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Monday, April 14, 2014 9:44 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Home router the Aerohives run anywhere from 699 to 999 Subject: RE: [NTSysADM] Home router Date: Mon, 14 Apr 2014 11:50:41 -0400 From: scaes...@caesare.commailto:scaes...@caesare.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com You don't say? -sc From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Monday, April 14, 2014 10:43 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Home router Very similar to these that I use, but a heck of a lot cheaper :) http://www.aerohive.com/products/overview/access-points.html From: asbz...@gmail.commailto:asbz...@gmail.com Date: Mon, 14 Apr 2014 08:26:52 -0400 Subject: Re: [NTSysADM] Home router To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com I plan to get a couple of these in a few weeks and test them out: http://www.ubnt.com/unifi ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Sat, Apr 12, 2014 at 12:10 AM, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: At least until the license expires then it is bricked unless you want to keep paying them. It is nice though. I kind of wish it was not so expensive it would be great in the home market, well at least if I was selling and setting them up it would be. Most, if not all, home owners want something that works but they don't have to keep paying for the use of. Jon Date: Sat, 12 Apr 2014 00:02:11 -0400 Subject: Re: [NTSysADM] Home router From: rich...@gmail.commailto:rich...@gmail.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com I do have a Meraki AP as well for the 3rd floor. Darn nice of 'em to give it to me. On Fri, Apr 11, 2014 at 11:41 PM, Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com wrote: Gotcha. I'm using an OpenBSD box for those tasks, and Meraki Buffalo/DD-WRT devices as AP's. In addition it's a reverse proxy-cache. -sc -Original Message- From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com] Received: Friday, 11 Apr 2014, 11:15PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com [ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com] Subject: Re: [NTSysADM] Home router For me it was every single one of those, plus gateway AV, highly configurable packet capture[1], and robust logging/reporting. [1] The free Astaro fw had everything[2] but packet cap, which is occasionally required for troubleshooting. [2] The WiFi AP was most definitely not free. Anyone need a Sophos AP? I've got one I'll sell you cheap. On Fri, Apr 11, 2014 at 11:06 PM, Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.comwrote: What are people looking for in a home router? I'm assuming it's something in a feature set not provided by the router supplied by your broadband ISP? Wireless? Multiple interfaces? FW Capability? VPN endpoint? -sc -Original Message- From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com] Received: Friday, 11 Apr 2014, 11:00PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com [ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com] Subject: Re: [NTSysADM] Home router I gave up and dropped the coin for a Sonicwall TZ205 at home. I tried the free Astaro offering for a while, as well as ddwrt, but I didn't like either of them. I'm so used to the full feature set at work, that I became very frustrated when I didn't have it at home. In hindsight, I think it was a very good decision. On Fri, Apr 11, 2014 at 10:17 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: I like the buffalo hardware (which comes with a version of ddwrt) and then flashing it with the current version of ddwrt. For home and very-small-business. *From:* listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] *On Behalf Of *Brian Desmond *Sent:* Friday, April 11, 2014 7:51 PM *To:* ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com *Subject:* RE: [NTSysADM] Home router *I've got a 1U Cisco router I use courtesy of ebay - it's been working for many years in the corner. Keep in mind when you buy commercial gear, the support cost goes way up, and when it breaks and you're not home, it's not exactly end user
RE: [NTSysADM] Home router
AHHH -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Link Sent: Monday, April 14, 2014 11:05 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Home router Gah, send too soon. He's saying that the Aerohives are similar but more expensive than the Unifi. On Mon, Apr 14, 2014 at 1:53 PM, David Lum david@modahealth.commailto:david@modahealth.com wrote: How is that cheaper than a three pack of UniFi’s for $199? -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Monday, April 14, 2014 9:44 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Home router the Aerohives run anywhere from 699 to 999 Subject: RE: [NTSysADM] Home router Date: Mon, 14 Apr 2014 11:50:41 -0400 From: scaes...@caesare.commailto:scaes...@caesare.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com You don’t say? -sc From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Monday, April 14, 2014 10:43 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Home router Very similar to these that I use, but a heck of a lot cheaper :) http://www.aerohive.com/products/overview/access-points.html From: asbz...@gmail.commailto:asbz...@gmail.com Date: Mon, 14 Apr 2014 08:26:52 -0400 Subject: Re: [NTSysADM] Home router To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com I plan to get a couple of these in a few weeks and test them out: http://www.ubnt.com/unifi ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Sat, Apr 12, 2014 at 12:10 AM, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: At least until the license expires then it is bricked unless you want to keep paying them. It is nice though. I kind of wish it was not so expensive it would be great in the home market, well at least if I was selling and setting them up it would be. Most, if not all, home owners want something that works but they don't have to keep paying for the use of. Jon Date: Sat, 12 Apr 2014 00:02:11 -0400 Subject: Re: [NTSysADM] Home router From: rich...@gmail.commailto:rich...@gmail.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com I do have a Meraki AP as well for the 3rd floor. Darn nice of 'em to give it to me. On Fri, Apr 11, 2014 at 11:41 PM, Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com wrote: Gotcha. I'm using an OpenBSD box for those tasks, and Meraki Buffalo/DD-WRT devices as AP's. In addition it's a reverse proxy-cache. -sc -Original Message- From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com] Received: Friday, 11 Apr 2014, 11:15PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com [ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com] Subject: Re: [NTSysADM] Home router For me it was every single one of those, plus gateway AV, highly configurable packet capture[1], and robust logging/reporting. [1] The free Astaro fw had everything[2] but packet cap, which is occasionally required for troubleshooting. [2] The WiFi AP was most definitely not free. Anyone need a Sophos AP? I've got one I'll sell you cheap. On Fri, Apr 11, 2014 at 11:06 PM, Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.comwrote: What are people looking for in a home router? I'm assuming it's something in a feature set not provided by the router supplied by your broadband ISP? Wireless? Multiple interfaces? FW Capability? VPN endpoint? -sc -Original Message- From: Richard Stovall [rich...@gmail.commailto:rich...@gmail.com] Received: Friday, 11 Apr 2014, 11:00PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com [ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com] Subject: Re: [NTSysADM] Home router I gave up and dropped the coin for a Sonicwall TZ205 at home. I tried the free Astaro offering for a while, as well as ddwrt, but I didn't like either of them. I'm so used to the full feature set at work, that I became very frustrated when I didn't have it at home. In hindsight, I think it was a very good decision. On Fri, Apr 11, 2014 at 10:17 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: I like the buffalo hardware (which comes with a version of ddwrt) and then flashing it with the current version of ddwrt. For home and very-small-business. *From:* listsad...@lists.myitforum.commailto:listsad
[NTSysADM] Heartbleed vulnerability
From: David Lum Sent: Wednesday, April 09, 2014 7:43 AM To: 'ntsysadm@lists.myitforum.com' Subject: Heartbleed vulnerability Are many of you guys affected by this? https://isc.sans.edu/forums/diary/Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921 Most likely vectors are apparently Linux-based appliances. [cid:image001.jpg@01CF53C8.3E28CE60] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
RE: [NTSysADM] 64-bit GUI file copy puzzler
Nope. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Thursday, March 20, 2014 4:03 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler This doesn’t apply? https://groups.google.com/forum/#!msg/resara-server/vNKMdFKPml8/zcHqV3PZXtoJ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, 21 March 2014 8:34 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler It’s not extension dependent, I can rename an Excel file to excelfile.rpt and the file copies fine. -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, March 20, 2014 9:37 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler Just a shot in the dark, but … Since you said it was file format/extension dependent I’d check the file associations for .rpt files and see what program is set to deal with them. I’m guessing that may be different between the working XP clients and the failing Win7 clients. -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, March 20, 2014 12:30 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler No special shell extensions. I did find out the 32-bit systems that they said it did work on was an XP machine, so this morning I tested on a 32-bit Windows 7 VM and it also failed. We use Microsoft Antimalware here and turning it off has no effect. -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Wednesday, March 19, 2014 3:30 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler What Explorer shell extensions do you have loaded? Any data-loss-prevention/AV type products involved? Cheers Ken From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, 20 March 2014 3:01 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler Yes the SAN is providing CIFS. It seems very specific to the contents of the file. I can copy THISFILENAME.XLSX to the SAN location (\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad by one byte then save to my 64-bit PC THEN copy it, it works. Also, the unmodified file works if I use XCOPY at the command prompt on the 64-bit machine. It’s something in the contents of the file, or some attribute the 64-bit GUI gives it, or a combination. -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Tuesday, March 18, 2014 1:53 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler Hrr... I take it the SAN is actually providing CIFS storage? How long are the file/directory path specifications for the files being copied? If they're greater than approximately 250 characters (x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like it (the Win32 API governs this, and character encoding, etc., play some role in exactly how many characters you can get away with). Robocopy used the Windows Native API, which allows for ridiculously long path names - something like 32k See, for instance, this: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx Is it perhaps a limitation similar to that? Kurt On Tue, Mar 18, 2014 at 7:35 AM, David Lum david@modahealth.commailto:david@modahealth.com wrote: Over the weekend there was an upgrade to our SAN systems. We now have this bizarre issue where Crystal Reports .RPT files are unable to be copied from a PC to the SAN shares via Windows 64-bit GUI. Renaming an Excel file to .RPT: works Use a 32-bit system to copy the file: works Any other file (PDF, XLS, etc.): works Using XCOPY on a 64-bit machine: works It only fails when using the GUI on a 64-bit system, and it’s only on these Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit machine with Notepad, change one byte, save it to the PC I can then copy it over. Ideas
RE: [NTSysADM] Re: No communication between VMs on an ESXi host
That is actually kind of a good feeling - the issue I emailed about recently (the 64-bit GUI issue) has both Microsoft, IBM AND NetApp stumped, as I had all three vendors on a conference call on Friday. Much log file flinging is ensuing. I've had good luck with VMWare support, I suspect they'll get you your answer eventually. -Dave Lum -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Friday, April 04, 2014 4:42 PM To: NTSysADM@lists.myitforum.com Subject: [NTSysADM] Re: No communication between VMs on an ESXi host UPDATE: I win! Well, it feels just a small bit like victory, anyway. I spent about 4 hours on a support call with VMware, and have stumped the techs. They've collected logs, and are going to call me on Monday. Heh. Kurt On Thu, Apr 3, 2014 at 1:39 PM, Kurt Buff kurt.b...@gmail.com wrote: All, My search-fu is failing, so I turn to you for help... I have a small ESXi 5.5 host, about to go into production. The three VMs (2008R2 for all of them, a DC, Exchange 2010 and a PRTG box) on it can communicate with machines not on the ESXi host - ping, RDP, etc. - and vice versa. No problems. However, the three VMs on this host cannot talk with each other. No ping, no RDP. When pinging from one of the VMs to another, I get a mix of unreachables from the VMs own address and straight timeouts. There is only one vSwitch, which has two NICs bound to it, and the vswitch is set up to route based on IP hash. The physical switch to which they are connect (and this shouldn't matter, but...) is an HP 2510G-48, and the ports for the host are in a simple trunk - no LACP. I've turned off the Domain profile of the firewall on one of the machine, which seems to make no difference. I've examined the VMware host security settings to no avail. I've turned off the Windows firewall. I've got 3 ESXi hosts in a vSphere Standard cluster that doesn't have this problem. Kurt
RE: [NTSysADM] 64-bit GUI file copy puzzler
No special shell extensions. I did find out the 32-bit systems that they said it did work on was an XP machine, so this morning I tested on a 32-bit Windows 7 VM and it also failed. We use Microsoft Antimalware here and turning it off has no effect. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Wednesday, March 19, 2014 3:30 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler What Explorer shell extensions do you have loaded? Any data-loss-prevention/AV type products involved? Cheers Ken From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, 20 March 2014 3:01 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler Yes the SAN is providing CIFS. It seems very specific to the contents of the file. I can copy THISFILENAME.XLSX to the SAN location (\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad by one byte then save to my 64-bit PC THEN copy it, it works. Also, the unmodified file works if I use XCOPY at the command prompt on the 64-bit machine. It’s something in the contents of the file, or some attribute the 64-bit GUI gives it, or a combination. -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Tuesday, March 18, 2014 1:53 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler Hrr... I take it the SAN is actually providing CIFS storage? How long are the file/directory path specifications for the files being copied? If they're greater than approximately 250 characters (x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like it (the Win32 API governs this, and character encoding, etc., play some role in exactly how many characters you can get away with). Robocopy used the Windows Native API, which allows for ridiculously long path names - something like 32k See, for instance, this: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx Is it perhaps a limitation similar to that? Kurt On Tue, Mar 18, 2014 at 7:35 AM, David Lum david@modahealth.commailto:david@modahealth.com wrote: Over the weekend there was an upgrade to our SAN systems. We now have this bizarre issue where Crystal Reports .RPT files are unable to be copied from a PC to the SAN shares via Windows 64-bit GUI. Renaming an Excel file to .RPT: works Use a 32-bit system to copy the file: works Any other file (PDF, XLS, etc.): works Using XCOPY on a 64-bit machine: works It only fails when using the GUI on a 64-bit system, and it’s only on these Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit machine with Notepad, change one byte, save it to the PC I can then copy it over. Ideas? [cid:image001.jpg@01CF4412.76CF2220] David Lum Network System Admin, Information Services office 503-265-4728tel:503-265-4728 | modahealth.comhttp://www.modahealth.com/ I’m excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
RE: [NTSysADM] 64-bit GUI file copy puzzler
It’s not extension dependent, I can rename an Excel file to excelfile.rpt and the file copies fine. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus Sent: Thursday, March 20, 2014 9:37 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler Just a shot in the dark, but … Since you said it was file format/extension dependent I’d check the file associations for .rpt files and see what program is set to deal with them. I’m guessing that may be different between the working XP clients and the failing Win7 clients. -- There are 10 kinds of people in the world... those who understand binary and those who don't. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, March 20, 2014 12:30 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler No special shell extensions. I did find out the 32-bit systems that they said it did work on was an XP machine, so this morning I tested on a 32-bit Windows 7 VM and it also failed. We use Microsoft Antimalware here and turning it off has no effect. -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Wednesday, March 19, 2014 3:30 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler What Explorer shell extensions do you have loaded? Any data-loss-prevention/AV type products involved? Cheers Ken From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, 20 March 2014 3:01 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler Yes the SAN is providing CIFS. It seems very specific to the contents of the file. I can copy THISFILENAME.XLSX to the SAN location (\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad by one byte then save to my 64-bit PC THEN copy it, it works. Also, the unmodified file works if I use XCOPY at the command prompt on the 64-bit machine. It’s something in the contents of the file, or some attribute the 64-bit GUI gives it, or a combination. -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Tuesday, March 18, 2014 1:53 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler Hrr... I take it the SAN is actually providing CIFS storage? How long are the file/directory path specifications for the files being copied? If they're greater than approximately 250 characters (x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like it (the Win32 API governs this, and character encoding, etc., play some role in exactly how many characters you can get away with). Robocopy used the Windows Native API, which allows for ridiculously long path names - something like 32k See, for instance, this: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx Is it perhaps a limitation similar to that? Kurt On Tue, Mar 18, 2014 at 7:35 AM, David Lum david@modahealth.commailto:david@modahealth.com wrote: Over the weekend there was an upgrade to our SAN systems. We now have this bizarre issue where Crystal Reports .RPT files are unable to be copied from a PC to the SAN shares via Windows 64-bit GUI. Renaming an Excel file to .RPT: works Use a 32-bit system to copy the file: works Any other file (PDF, XLS, etc.): works Using XCOPY on a 64-bit machine: works It only fails when using the GUI on a 64-bit system, and it’s only on these Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit machine with Notepad, change one byte, save it to the PC I can then copy it over. Ideas? [cid:image001.jpg@01CF4428.F5174FC0] David Lum Network System Admin, Information Services office 503-265-4728tel:503-265-4728 | modahealth.comhttp://www.modahealth.com/ I’m excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy
RE: [NTSysADM] 64-bit GUI file copy puzzler
Yes the SAN is providing CIFS. It seems very specific to the contents of the file. I can copy THISFILENAME.XLSX to the SAN location (\\SANVOLUME\SHARE1file:///\\SANVOLUME\SHARE1, for example) just fine, but REPORT.RPT fails to the same location. However, if I edit REPORT.RPT in Notepad by one byte then save to my 64-bit PC THEN copy it, it works. Also, the unmodified file works if I use XCOPY at the command prompt on the 64-bit machine. It’s something in the contents of the file, or some attribute the 64-bit GUI gives it, or a combination. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Tuesday, March 18, 2014 1:53 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler Hrr... I take it the SAN is actually providing CIFS storage? How long are the file/directory path specifications for the files being copied? If they're greater than approximately 250 characters (x:\reall\long\directory\andfilename.rpt), the Windows file system doesn't like it (the Win32 API governs this, and character encoding, etc., play some role in exactly how many characters you can get away with). Robocopy used the Windows Native API, which allows for ridiculously long path names - something like 32k See, for instance, this: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx Is it perhaps a limitation similar to that? Kurt On Tue, Mar 18, 2014 at 7:35 AM, David Lum david@modahealth.commailto:david@modahealth.com wrote: Over the weekend there was an upgrade to our SAN systems. We now have this bizarre issue where Crystal Reports .RPT files are unable to be copied from a PC to the SAN shares via Windows 64-bit GUI. Renaming an Excel file to .RPT: works Use a 32-bit system to copy the file: works Any other file (PDF, XLS, etc.): works Using XCOPY on a 64-bit machine: works It only fails when using the GUI on a 64-bit system, and it’s only on these Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit machine with Notepad, change one byte, save it to the PC I can then copy it over. Ideas? [cid:image001.jpg@01CF4351.13DE6E30] David Lum Network System Admin, Information Services office 503-265-4728tel:503-265-4728 | modahealth.comhttp://www.modahealth.com/ I’m excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
[NTSysADM] 64-bit GUI file copy puzzler
Over the weekend there was an upgrade to our SAN systems. We now have this bizarre issue where Crystal Reports .RPT files are unable to be copied from a PC to the SAN shares via Windows 64-bit GUI. Renaming an Excel file to .RPT: works Use a 32-bit system to copy the file: works Any other file (PDF, XLS, etc.): works Using XCOPY on a 64-bit machine: works It only fails when using the GUI on a 64-bit system, and it's only on these Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit machine with Notepad, change one byte, save it to the PC I can then copy it over. Ideas? [cid:image001.jpg@01CF427C.9729CA30] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
RE: [NTSysADM] 64-bit GUI file copy puzzler
We have contacted IBM the SAN vendor. We do get an error message (can't believe I forgot that part). Error 0x80070032. The request is not supported. Google-Fu finds a lot of results but I can match none of them to my scenario. What does the 64-bit GUI do during a file copy to a SMB share that the same system using XCOPY at the command line does not? -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rene de Haas Sent: Tuesday, March 18, 2014 9:28 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler No ErrorMessage? What if you copy to another share not on the SAN? On Tue, Mar 18, 2014 at 5:21 PM, J- P jnat...@hotmail.commailto:jnat...@hotmail.com wrote: are the permissions still the same? j From: david@modahealth.commailto:david@modahealth.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Date: Tue, 18 Mar 2014 07:35:13 -0700 Subject: [NTSysADM] 64-bit GUI file copy puzzler Over the weekend there was an upgrade to our SAN systems. We now have this bizarre issue where Crystal Reports .RPT files are unable to be copied from a PC to the SAN shares via Windows 64-bit GUI. Renaming an Excel file to .RPT: works Use a 32-bit system to copy the file: works Any other file (PDF, XLS, etc.): works Using XCOPY on a 64-bit machine: works It only fails when using the GUI on a 64-bit system, and it's only on these Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit machine with Notepad, change one byte, save it to the PC I can then copy it over. Ideas? [cid:image001.jpg@01CF4294.08BD2400] David Lum Network System Admin, Information Services office 503-265-4728tel:503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
RE: [NTSysADM] 64-bit GUI file copy puzzler
Other information: on the same error box I get an unexpected error is preventing you from copying the file. Our SAN's are IBM N-series and it's only copying to their shares that we have an issue, these .RPT files can go from 64-bit Win7 to 32 or 64-bit Windows servers just fine. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Tuesday, March 18, 2014 10:37 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] 64-bit GUI file copy puzzler We have contacted IBM the SAN vendor. We do get an error message (can't believe I forgot that part). Error 0x80070032. The request is not supported. Google-Fu finds a lot of results but I can match none of them to my scenario. What does the 64-bit GUI do during a file copy to a SMB share that the same system using XCOPY at the command line does not? -Dave Lum From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rene de Haas Sent: Tuesday, March 18, 2014 9:28 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] 64-bit GUI file copy puzzler No ErrorMessage? What if you copy to another share not on the SAN? On Tue, Mar 18, 2014 at 5:21 PM, J- P jnat...@hotmail.commailto:jnat...@hotmail.com wrote: are the permissions still the same? j From: david@modahealth.commailto:david@modahealth.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Date: Tue, 18 Mar 2014 07:35:13 -0700 Subject: [NTSysADM] 64-bit GUI file copy puzzler Over the weekend there was an upgrade to our SAN systems. We now have this bizarre issue where Crystal Reports .RPT files are unable to be copied from a PC to the SAN shares via Windows 64-bit GUI. Renaming an Excel file to .RPT: works Use a 32-bit system to copy the file: works Any other file (PDF, XLS, etc.): works Using XCOPY on a 64-bit machine: works It only fails when using the GUI on a 64-bit system, and it's only on these Crystal Reports .RPT files. If I open one of these RPT files on a 64-bit machine with Notepad, change one byte, save it to the PC I can then copy it over. Ideas? [cid:image001.jpg@01CF4297.8E2FDCB0] David Lum Network System Admin, Information Services office 503-265-4728tel:503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.commailto:david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
RE: [NTSysADM] what switch do you prefer for SMB?
+1 again. -Dave Lum -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Craig Wardlaw Sent: Thursday, March 13, 2014 4:39 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] what switch do you prefer for SMB? +1 on the ProCurve -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ben Scott Sent: Wednesday, March 12, 2014 11:15 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] what switch do you prefer for SMB? On Wed, Mar 12, 2014 at 2:05 PM, Jimmy Tran ji...@jt-solution.com wrote: What do you use or recommend? As anyone who's been on this list for more than few months knows, I'm a big fan of HP ProCurve. Warrantied and supported forever is hard to beat. The requirements are gigabit, layer 2 switching, vlans and budget friendly ($300-$700) for a 24 or 48 port switch. ProCurve 2530-24G (J9776A). 24 1000BASE-T ports, 4 gig SFP. Provantage has it for $520. ProCurve 2530-48G (J9775A). 48 1000BASE-T ports, 4 gig SFP. Provantage has it for $910. -- Ben
[NTSysADM] One of those dumb things...
I use passphrases as my passwords wherever I can. Today trying to log into our guest wireless for the first time I'm presented with a portal and when I enter my password and it tells me passwords must not contain spaces. Seriously? I have has a space in my Windows passwords for years - while I avoid spaces for fields I might script, like username and folder names, for a password I've never worried about it. Dumb. [cid:image001.jpg@01CF3C3C.E5155AC0] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
[NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question
+2012 -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Tuesday, March 04, 2014 1:35 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question Heck yeah. And outside of features related to Hyper-V (in which I also include the SMB updates) it’s one of the Top-10 reasons to upgrade. IMO. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rami SIK Sent: Tuesday, March 4, 2014 4:04 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question So, on Servers 2012, DHCP can be configured for failover? Regards, Rami From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Tuesday, March 04, 2014 11:39 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Server 2012 (not R2) DHCP Failover config question I don’t see why not. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Tuesday, March 4, 2014 2:35 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] Server 2012 (not R2) DHCP Failover config question Can I setup two Server 2012 servers with DHCP, not authorize either server, create non-active scopes and still configure DHCP Failover? Customer would like to see this setup before flipping the switch. I would have just over 150 scopes to import from the current 2008 R2 DHCP cluster. Thanks Webster Learn how to avoid investment fraud at the BCSC's investor education website: www.investright.orghttp://www.investright.org If this message is not meant for you, do not use it - please let us know, and then delete it. We try hard to keep our messages and attachments free of viruses and other malicious programs, but are not liable if our precautions don't prevent their spread.
RE: [NTSysADM] RE: Redesigned Action Pack
I beat the deadline for the higher price and renewed last week :) -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Crawford, Scott Sent: Saturday, February 01, 2014 6:45 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Redesigned Action Pack Don't love the messenger :) $475 More info here: http://blogs.technet.com/b/msuspartner/archive/2014/01/29/the-new-microsoft-action-pack-subscription-debuts-february-24.aspx Sent from my Windows Phone From: Kennedy, Jimmailto:kennedy...@elyriaschools.org Sent: 1/31/2014 12:28 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Redesigned Action Pack I love you man. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Crawford, Scott Sent: Friday, January 31, 2014 1:21 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] Redesigned Action Pack http://blogs.technet.com/b/firehose/archive/2014/01/30/partners-redesigned-microsoft-action-pack-subscription-debuts-feb-24.aspx Sent from my Windows Phone
[NTSysADM] 7200RPM SAS vs. 7200RPM SATA
Short version: Other than cost, is there any reason not to use a 7200RPM SAS drive in place of a 7200RPM SATA drive in a server with more than a couple concurrent users connected to it? Long version: Scenario: SMB Client, 50 users, three physical servers. All physicals running Hyper-V (two with 2012, one with 2008R2) Server1: 3 years old, two RAID1 volumes using 15K SAS drives (SBS 2011/Exchange/SQL/file print for 30 users) Server2: 1yr old, RAID 10 using four 15K SAS drives (file/print for 15 users, remote site from the other two) Server 3: 7 yrs old, RAID 1 with two 7200RPM SATA drives (file/print for 15 users) [And yes, I plan on swapping Server1 and Server2's roles so the faster disk subsystem is the one with SQL and Exchange on it.] Possibly relevant: I use DFSR between servers 1 and 2 and would like to have it with server3 as well. I am replacing Server3 with a three year old 1U and I'm torn between giving it four 7200RPM 1GB SAS drives or four SATA drives. Going with 10K or 15K SAS doubles the price of the drives. Reading various links, I read the 7200 SAS drives are either effectively SATA drives with SAS controller, or they're simply slower spinning, higher MTBF SAS drives. I get conflicting information... Either way, a 7200RPM SAS drive array should handily outperform 7200 SATA drives if 10+ users are connected to it, correct? [cid:image001.jpg@01CF1DAF.84E8DF10] David Lum Network System Admin, Information Services office 503-265-4728 | modahealth.comhttp://www.modahealth.com/ I'm excited to announce that ODS Health is now Moda Health. Please make a note of my new email address, david@modahealth.com, so we can stay connected. This message is intended for the sole use of the individual and entity to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended addressee, nor authorized to receive for the intended addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete the message. inline: image001.jpg
[NTSysADM] RE: Guest disks on Hyper-V 2012 R2
Short answer: separate VHDX. As a general rule I keep OS drives /VHDX’s separate from everything else, even if it’s virtualized and sitting on the same disk subsystem. Easier if you have to restore/move things around. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Steve Norton Sent: Monday, January 27, 2014 11:06 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Guest disks on Hyper-V 2012 R2 I'm just getting my feet wet with virtual technology. I'm planning to migrate a physical file server that contains over 4 million Word, Excel and PDF files to a virtualized instance. Roughly 100 users access these files regularly on a daily basis. Should the guest OS be on a separate vhdx from the file storage or is it acceptable for the whole thing (OS and 4 million files) to reside on a single vhdx? Thanks. Steve
[NTSysADM] This doesn't happen every day (excessups.com)
This is an unpaid endorsement because it's so rare for me to see this. I don't do much UPS (battery backup, not shipping) business, but I bought replacement UPS battery from excessups.com a bit more than a year ago. Ran into an issue where I'd requested the wrong part, but their response and customer service was great at the time, so I kept the contact info. A week ago I contacted them saying I have a $600 budget for a UPS and I am attaching server XY and Z to it, what product of theirs would they recommend. They sent me a link to product somebody else carried telling me this will get you the most for your budget. That the link went to another site was weird, but I just assumed for whatever reason that excessups simply didn't have it on their site yet but they did carry it, so I replied I'll take one. As it turns out no, he's sending me to this other place because he feels I'll get the best bang for my buck there, to a company he said is unrelated to his. When I asked him about it he said that their current pricing I below his wholesale cost, so go there. Wow. Tony at excessups, you are the MAN. Dave
RE: [NTSysADM] RE: IT resumes?
Same here. They’re we looking for an additional Network system admin and every time I was given a name, I’d hit LinkedIn. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond Sent: Thursday, January 23, 2014 10:03 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT resumes? Weird. First thing I do when I get a resume or a candidate is look them up on LinkedIn. I do like some sort of piece of paper whether it’s a LinkedIn printout or a resume – I’ve got a whole stack on my desk covered in notes from the hiring exercise I’m doing right now. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, January 23, 2014 12:00 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT resumes? Since I recently went through a job hunt and replacement myself, I can tell you I was on DICE and MONSTER and INDEED like a hound (yes a lot show the same thing) as well as the Oregon Employment website. I have been on LinkedIn for a long time as well. Resume’s landed my new job. Sent six, got four calls, interviews with two companies (a third would have happened but they guessed rightly that their salary range was too low) and landed one fine job. My manager here explicitly does NOT look at LinkedIn before interviewing in person (other than resume she wants her first impression to be in person) - which I find odd, but it shows there are some like that out there. Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward Sent: Thursday, January 23, 2014 8:50 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT resumes? Honestly, I think anymore with the emergence of Linked In that a lot of professionals are getting noticed more for positions than what the resume is providing. Especially I am using mine as a way to demonstrate my work and professional affiliations with groups ( ISC, ISACA, CEH etc etc, along with displaying the technical presentations I have put on) Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:image001.jpg@01CF1824.B21391F0] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Thursday, January 23, 2014 10:46 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT resumes? I was about to say… resume? What’s a resume? I wrote one for a gig a few years ago (which you and I discussed Web) that I didn’t end up taking… otherwise it’s pretty much word of mouth and other social interactions. What we used to call “networking”. ☺ Before we had “social graphs” and “work graphs” blah blah blah. ☺ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Thursday, January 23, 2014 10:37 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT resumes? I always tell people my most current resume is LinkedIn. I keep that up-to-date as I complete a worthy project, certification, course, speaking gig, etc. I may be lucky (or fortunate) but I rarely get asked for a resume any more. I get most gigs nowadays via networking, my blog, Twitter, LinkedIn and Facebook. Only cold callers ask for a resume now. Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Greene Sent: Thursday, January 23, 2014 10:31 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: IT resumes? Yes, I was going to say … many people seem to use LinkedIn as an ongoing public resume … includes job history, education, skills, etc. Seems pretty complete. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad
[NTSysADM] Server with 144GB of RAM installed for $594
More fun for budget home lab users. http://www.ebay.com/itm/DELL-C6100-C6105-CLOUD-SERVER-6x-1-8GHz-AMD-6-CORE-HEX-CORE-144GB-RAM-3x-250GB-/181306790824?pt=COMP_EN_Servershash=item2a36ba13a8 Dave
RE: [NTSysADM] LogMeIn Free ... now isn't (free, anymore). Recommendations?
I just tried this. You open a port in your firewall and then you have a URL to the machine you installed the app on. Not as friendly as LogMeIn, everything is configured on each target system (which can actually be good or bad). To access from over the Internet you need to know the public IP. LogMeIn has you connecting your machine to a central site, NCH has you connect direct from wherever to your machine. -Dave Lum From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Reimer, Mark Sent: Tuesday, January 21, 2014 3:08 PM To: 'ntsysadm@lists.myitforum.com' Subject: RE: [NTSysADM] LogMeIn Free ... now isn't (free, anymore). Recommendations? I've found this: http://www.nchsoftware.com/remotedesktop/ I haven't installed it, nor have I ever worked with it, but looks promising for what I need. Mark From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Tuesday, January 21, 2014 7:06 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] LogMeIn Free ... now isn't (free, anymore). Recommendations? join.mehttp://join.me always works for connecting to family and friends As for my own PC, I usually use GoToMyPC, but there are probably better/cheaper options On 21 January 2014 14:03, Michael Leone oozerd...@gmail.commailto:oozerd...@gmail.com wrote: Got this notice today: As of January 21, 2014, LogMeIn Free will no longer be available. Came as news to me, I hadn't heard ahead of time that they were going to discontinue this service. Anyone have a recommendation for another free service? I have 4 or 5 machines I regularly use this with (2 of mine, and others are family members), and before I sign up for some bulk account, I'd like to hear about options. I'm looking for remote control mostly, don't really need file transfer. What do you all recommend? Years back I used VNC, but that is not nearly as fast (not even the various permutations like TightVNC or UltraCNC, etc). -- James Rankin - RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk
[NTSysADM] Any RDS guru's out here?
I have an RDS farm that we are changing the SSL certificate form a wildcard to a farm-specific one. Our RDSH servers are also using the wildcard cert to digitally sign RemoteApp. Does this SSL need to be the same cert as the RDS gateway server SSL? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] RE: Any RDS guru's out here?
Also, what happens if the cert expire, do RDS App servers refuse the connection, or does an additional popup occur? Specifically this in regards to the RDSH servers set to use a digital signature and trying to RDP from the RDWeb website. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Wednesday, September 25, 2013 6:53 AM To: NTSysADM@lists.myITforum.com Subject: [NTSysADM] Any RDS guru's out here? I have an RDS farm that we are changing the SSL certificate form a wildcard to a farm-specific one. Our RDSH servers are also using the wildcard cert to digitally sign RemoteApp. Does this SSL need to be the same cert as the RDS gateway server SSL? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] Change control....GPO
Thanks guys, I was kind of thinking as much. Ken, great input as always! Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Sunday, September 22, 2013 4:51 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Change controlGPO Hi, IMO: GPO changes should be classified based on risk: - the scope of possible issues (e.g. will it impact the domain, an OU, only a select group), - as well as the possible impact of the change (complete outage, major impact, minor inconvenience etc.). It's then fairly easy to draw up an x by y 2D grid: Scope of Change Large Medium Small Possible Adverse Impact High Medium Low Then you base your process around the risk weighting: *Changes that would result in a green box can be handled by creating an incident ticket [1] *Changes that are orange require your normal change management process *Changes that are red require CAB approval, plus some other additional review. You may have some special process, or mandatory weightings, for privileged accounts, machines etc. E.g. changes to servers that the Board (or executive) store their documents on, plus their workstations/accounts, changes to security infrastructure etc. You don't want to send every change to CAB - otherwise you'll get bogged down in every minor change (e.g. adding or removing a single site from an IE zone) Cheers Ken [1] You may want to limit these to a set of pre-approved standard changes. The CAB would agree to a blanket approved change that can then be reused for each subsequent individual change. If the change doesn't fall into a pre-approved category, it can be approved by an offline CAB From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward Sent: Monday, 23 September 2013 1:14 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Change controlGPO +2, Defintely agree that GPO change, or modification which will impact the workstation environment, should go to change management. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Desmond Sent: Saturday, September 21, 2013 2:44 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Change controlGPO +1. I've seen this pivot in highly regulated environments where the GPO affects a controlled asset/system then it's much more rigid. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins Sent: Friday, September 20, 2013 10:08 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Change controlGPO Most of the environments I've worked in treat GPO's depending on level of impact. Domain-wide, go to Change Control processes. OU level required manager for that OU's sign off. GPO's making maintenance changes with low risk are treated the same as user account creation. HD Ticket or similar to track request and work. - WJR On Fri, Sep 20, 2013 at 9:55 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: For you guys with a pretty well defined change control process - are incremental GPO changes (in this case we have a GPO that controls IE's trusted sites, I want to add enable auto logon with current credentials for sites in trusted sites) reviewed by people before the change? I'm thinking in larger environments it might be submitted by one person, reviewed and approved by another but not necessarily held until a formal change request meeting is convened? Normally I'd just whip this change out, but I need to think about the accountability process in general. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 inline: image001.jpg
[NTSysADM] Is this domain change, or just DNS play?
We have a development department that wants to do what seems to me to just be DNS hoky-poky. We have and internal domain structure of internaldomain.local, and this group is asking for DNS entries of host1.ourdepartment.internaldomain.local, host2.ourdepartment.internaldomain.local , etc. We don't have to create an actual subdomain to make those kind of DNS entries work, do we? Just create a new DNS zone? Specifically the request is we want these to point to the same IP address Host2.ourdepartment.internaldomain.local Host2.ourdepartment.internaldomain.local Host1.ourdepartment.internaldomain.local It just doesn't feel like we'd need to stand up an actual domain in the forest to achieve that... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] Change control....GPO
For you guys with a pretty well defined change control process - are incremental GPO changes (in this case we have a GPO that controls IE's trusted sites, I want to add enable auto logon with current credentials for sites in trusted sites) reviewed by people before the change? I'm thinking in larger environments it might be submitted by one person, reviewed and approved by another but not necessarily held until a formal change request meeting is convened? Normally I'd just whip this change out, but I need to think about the accountability process in general. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229
[NTSysADM] RE: GPO to set preferred wireless to 5GHz
Thanks. Yes, Meru offers band steering as well. For reasons I forget at the moment we decided to set this at the client side. Wireless is a really, really sore subject for me these days... Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jesse Rink Sent: Wednesday, September 18, 2013 3:08 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: GPO to set preferred wireless to 5GHz It's typically easiest to have make the Band Steering a function of the wireless infrastructure instead. Most modern wireless infrastructures, HP, Aruba, Cisco, etc. all have Band Steering capabilities which you can tie to the SSIDs that are broadcasted, etc. Not sure if that's even possible from a GPO standpoint as GPO stuff is typically just registry tweaks. And I'm not sure, even if you manually adjust that setting on the wireless NIC itself, if that actually makes a registry change or if it's done at some deeper driver level. ? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [listsad...@lists.myitforum.com] on behalf of David Lum [david@nwea.org] Sent: Wednesday, September 18, 2013 4:17 PM To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Subject: [NTSysADM] GPO to set preferred wireless to 5GHz Do any of you guys configure your wireless via GPO? If yes, do you also set the preference to 5GHz (assuming you have systems that go both ways, so to speak). I am able to configure the basic wireless settings, but I'd like a way to set the preferred to 5GHz via GPO. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] RE: Think strategically, not tactically..
Thanks or your feedback on this Ken, I think this e-mail nails it pretty well, specifically the first two. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Tuesday, September 17, 2013 9:46 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Think strategically, not tactically.. Hmm – does any of the following apply to your situation: -Solutions to problems are “point” solutions that are developed to fix a particular issue as it crops up, resulting in various solutions configurations? -Processes are “ad hoc”, and whilst this is flexible, makes it hard to understand whether things are improving or not, and hard to compare the outcomes from one period to another -You are technology focussed (i.e. on technical features, or fixing technical issues), but a lack of focus on the business side (i.e. financial frameworks) makes it hard to understand what IT is actually costing, which leads to (potentially) sub-optimal decision making In this case strategic might mean any of the following: - developing some broad principles (standardisation, simplification, consolidation etc.) - developing some standardised processes/procedures that allow metrics to be captured (you can get a bunch out of standard ITSM literature like ITIL), that allowed IT performance and outcomes to be tracked - developing the business side of IT decision making (overall enterprise architecture/roadmap, business cases/ROI, plus methods of allocating costs. Plus methods of tracking projected costs/outcomes against actual realised outcomes) Cheers Ken From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Wednesday, 18 September 2013 6:14 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Think strategically, not tactically.. I have nothing specific, other than I need to think more strategically when it comes to being a sysadmin. For example, I have 800 endpoints on my network I need to manage and maintain, I get caught up in tactical solutions and I’ve been told to think more strategically. Is this thinking close? Strategic: What business need am I trying to address? Tactical: What’s the best tool to manage my systems? Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward Sent: Tuesday, September 17, 2013 1:05 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Think strategically, not tactically.. No not problem solved, with moving to cloud, if not done right, makes into bigger problem. As for the offline comment, if there is sensitive internal information to discuss it would be better in an offline convers, but if its just general of course best for all to learn online. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Tuesday, September 17, 2013 4:00 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: Think strategically, not tactically.. I thought the only valid long-term strategy is to 'go to the cloud.' Boom! Problem solved. On Tue, Sep 17, 2013 at 3:54 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: No, please - not offline. This is an outstanding opportunity for learning for all of us as sysadmins. Kurt On Tue, Sep 17, 2013 at 12:48 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Dave, What is the situation at hand that you need to get things across to the business at a strategic level as compared to tactical day to day level. The approaches are varied, depending on the audience and the priorites. (Corporate mergers, Compliance/Regulations issues, Bussiness drivers, etc etc) Hit me offline and we can discuss more, Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-255
[NTSysADM] GPO to set preferred wireless to 5GHz
Do any of you guys configure your wireless via GPO? If yes, do you also set the preference to 5GHz (assuming you have systems that go both ways, so to speak). I am able to configure the basic wireless settings, but I'd like a way to set the preferred to 5GHz via GPO. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] RDP access to servers
We have about 100 Windows servers, and on occasion we have some non-IT employees and vendors that need RDP access to a server here and there. Do you guys create AD groups for these, or do you add the user directly to the server? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] RE: Think strategically, not tactically..
I have nothing specific, other than I need to think more strategically when it comes to being a sysadmin. For example, I have 800 endpoints on my network I need to manage and maintain, I get caught up in tactical solutions and I’ve been told to think more strategically. Is this thinking close? Strategic: What business need am I trying to address? Tactical: What’s the best tool to manage my systems? Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ziots, Edward Sent: Tuesday, September 17, 2013 1:05 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Think strategically, not tactically.. No not problem solved, with moving to cloud, if not done right, makes into bigger problem. As for the offline comment, if there is sensitive internal information to discuss it would be better in an offline convers, but if its just general of course best for all to learn online. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Tuesday, September 17, 2013 4:00 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: Think strategically, not tactically.. I thought the only valid long-term strategy is to 'go to the cloud.' Boom! Problem solved. On Tue, Sep 17, 2013 at 3:54 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: No, please - not offline. This is an outstanding opportunity for learning for all of us as sysadmins. Kurt On Tue, Sep 17, 2013 at 12:48 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Dave, What is the situation at hand that you need to get things across to the business at a strategic level as compared to tactical day to day level. The approaches are varied, depending on the audience and the priorites. (Corporate mergers, Compliance/Regulations issues, Bussiness drivers, etc etc) Hit me offline and we can discuss more, Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-255-2497tel:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Tuesday, September 17, 2013 3:32 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] Think strategically, not tactically.. So….I need to come up with a way to better approach some situations and think more strategically and less tactically. When it comes to systems management (servers, endpoints, troubleshooting, etc.), what does that look like? Can someone shoot some examples out? Brain cramp. Sure I can Google this, but let’s pretend I work for you and am asking for guidance ☺. Dave. inline: image001.jpg
RE: [NTSysADM] Troubleshooting wireless - advice - multiple answers
I’ve received no reports of problems from the 6th floor, but then again since those are impromptu conference rooms there’s no guarantee there’s anyone in there often enough to see an issue. Last night we rebooted all the AP’s and the controller after reverting a change made yesterday afternoon. So far today there have been no reports of any problems. Frustrating… Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Chenault Sent: Friday, September 20, 2013 10:28 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Troubleshooting wireless - advice - multiple answers What's happening on the 6th floor in the vicinity of those rooms? And all this science I don't understand It's just my job five days a week Elton John Rocket Man On Sep 13, 2013, at 11:50, David Lum david@nwea.orgmailto:david@nwea.org wrote: Answers to multiple e-mails Laptop hardware info: Multiple Dell laptops and Macbooks Multiple NIC vendors Windows and MAC OS’s Unsure if a reboot clears the issue Location information: Same area of the building (north side) Different times of the day Rooms are toward the edge of the building Building is 7 floors high, problem reports have come from 5th and 7th floor Infrastructure information: 50 dual-band AP’s Signal strength as measured by iNSSIDer never weaker than 60dB and typically there are multiple AP’s stronger than 65dB Walking the floor, by the time one AP’s signal strength has dropped below 60dB you are then closer to another AP with a signal stronger than 60dB Per Meru, all AP’s are on the same channels, all AP’s are set to full broadcast power Usage information: User activity at the time varies from looking at a web page Different times of the day * unknown the duration the users have this issue Dave Can you swap APs to see if the problem follows the AP? Different hardware might rule out drivers. Are these two rooms next to each other on the same AP or different areas and different Aps? How long does it usually last? Does it clear itself or is a reboot needed? Same time or completely varies? When it’s happening, if someone else comes in does it happen to them? Are they always in the same spot? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Thursday, September 12, 2013 5:28 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Troubleshooting wireless - advice I'm assuming this is a roaming issue between multiple APs with the same SSID. If not, please correct me. 1. Which brand are the mobile devices that are experiencing issues with these APs? 2. Who makes the NIC chipsets on these devices? 3. If a problematic device is hard-reset while in close-range of the AP its having connectivity issues with, does the problem continue? 4. What is the radio channel of the AP with problematic clients - and what are the radio channels of its nearest (3) neighbors? -- Espi On Thu, Sep 12, 2013 at 1:00 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Scenario: Five floors, 50 AP’s managed by a single controller (Meru). A few (less than ten, more than two) users report connectivity issues in two different small conference/meeting rooms. • Throughput/capacity limits are not being approached • These rooms are used largely ad-hoc, so rarely are the people who report problems in the same room consecutive days. • Users with reporting issues do not report problems in any other areas/floors of the building • Users reporting issues are not streaming video, and in some cases are sitting idle reading a document • Other users have no problems in the areas/room that these few users report problems • Two of the users reporting problems in the same room are on completely different hardware/software (Dell+Win7, Mac+MacOS) Our suspicion is a malfunctioning AP in the area, the confusing part is not everyone is reporting an issue in the areas that a few people are having problems from. I am working with our vendor (Meru), but it’s a laborious process of looking at logs, making a change, and then “let us know if the users still report a problem”. This method can result in three/four days between making a change and the user going back into the affected area. Today Meru had us disable the AP closest to that room, but I’d love some advice on a better way to systematically get at this in case the bum AP is not the issue. Swapping machines is the least desirable option here (doable, but these are busy folks in transit a lot). It doesn’t help that two of the users are director-level and one of THOSE is my boss’ boss…. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764
RE: [NTSysADM] Win8.1 / Server 2012 R2
Nothing on Action Pack yet. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Matthew W. Ross Sent: Monday, September 09, 2013 10:36 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Win8.1 / Server 2012 R2 Not on VLSC for education yet. At least not for me. --Matt Ross Ephrata School District - Original Message - From: Michael B. Smith [mailto:mich...@smithcons.com] To: ntsysadm@lists.myitforum.com [mailto:ntsysadm@lists.myitforum.com] Sent: Mon, 09 Sep 2013 10:25:19 -0800 Subject: RE: [NTSysADM] Win8.1 / Server 2012 R2 Technet? What's that? :) :) :) -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Hoffman Sent: Monday, September 9, 2013 1:20 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Win8.1 / Server 2012 R2 They are on Technet now as well. Mike -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Susan Bradley Sent: 09 September 2013 18:16 To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Win8.1 / Server 2012 R2 http://blogs.msdn.com/b/stevengu/archive/2013/09/09/download-windows-8 -1-rtm-visual-studio-2013-rc-and-windows-server-2012-r2-rtm-today.aspx On purpose. On 9/9/2013 10:12 AM, Michael B. Smith wrote: Dunno if it is on purpose or a mistake - but right now, Win8.1 and Server 2012 R2 are available from MSDN. -- So? Your thoughts? http://windowsitpro.com/industry/microsoft-attempts-ease-demise-techne t-subscribers-building-replacement-mcts
[NTSysADM] AD groups - Global, or Universal?
I seem to think it was from this list that helped me decide to no use Global groups in AD but I have an SE pointing me to MS articles and it looks like I should be using Global instead on Universal, - currently I use Domain local and Universal groups, but we're pretty small (600-users) and have two forests, but the majority of the accesses I am concerned about are users from DOMAIN1 getting access to local resources (file shares and servers) in DOMAIN1. Is there a compelling reason to use Global vs. Universal? Somehow I was thinking global as much for backward-compatibility, but am not finding anything online saying as much. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
Re: [NTSysADM] Upgrade 2003 DC's
Yeah, we already have a 2008 R2 and a 2012 dc in the subdomain. For rhe items you listed I simply created GPO's for each and applied them one at a time until the GPO's replicated what a 2008 R2 environment woyld look like, and then I stood up a 2008 R2 DC. Dave On Aug 30, 2013, at 6:58 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: We are in the process of doing this. Outside of the procedural items you outlined, have you looked into the other possible issues you may run into (besides the CS stuff)? Here is the list that I have been using for our environment: 1.LanMan Hash: http://support.microsoft.com/kb/946405 2.SMB signing (UNIX? ) http://technet.microsoft.com/en-us/library/cc731654.aspx 3.LmCompatibilityLevel http://technet.microsoft.com/en-us/library/cc960646.aspx By default the new setting on 2008 R2 will take this setting from a 2 to a 3. 4.5000 attributes in LDAP response http://support.microsoft.com/default.aspx?scid=kb;en-US;2009267 http://blogs.technet.com/b/qzaidi/archive/2010/09/02/override-the-hardcoded-ldap-query-limits-introduced-in-windows-server-2008-and-windows-server-2008-r2.aspx 5.For other operating system implementations (such as Netapp, Samba, EMC, etc), it is strongly suggested to contact those vendors to get their supportability matrix for Windows as client and as DC. 6.SSL connections to the nodes by using the alias name from an LDAPS client http://support.microsoft.com/kb/2275950 http://support.microsoft.com/kb/2282241 7.Windows Vista and Windows Server 2008 and later operating systems use a higher range of ports for outgoing connections than previous versions of Windows. The new default start port is 49152, and the default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000. If you receive errors indicating that “the endpoint mapper is out of endpoints,” especially after retiring domain controllers that run Windows 2000 or Windows Server 2003, you might need to reconfigure firewalls and routers to use the new default port range. For more information, see article 929851 (http://go.microsoft.com/fwlink/?LinkID=153117). 8.See Microsoft Security Advisory (937811) (http://go.microsoft.com/fwlink/?LinkId=164559) and article 976918 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=178251 ). 9..NET Framework 3.5 SP1 or earlier: http://support.microsoft.com/default.aspx?scid=kb;en-US;2260240 Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: mime-attachment.jpg The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:David Lum david@nwea.orgmailto:david@nwea.org To:NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Date:08/29/2013 05:39 PM Subject:[NTSysADM] Upgrade 2003 DC's Sent by: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com So… in my environment we have four ancient DC’s. Two root DC’s and two of five subdomain DC’s. These have been around enough and our environment is complex enough that we aren’t sure how many systems rely in the specific IP or hostname. Seems to me it should be fairly straightforward to stand up new with same name/IP as the originals: • Transfer all FSMO roles • Demote DC (DCRPOMO) • Unjoin from domain • Power off • Build new server with same name • Join to domain • Install AD DS roles • DCPROMO • Transfer FSMO roles back (optional) Now in one case the DC is also a certificate server, although we aren’t 100% sure if/how it’s being used. Surely there are some caveats to consider? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. inline: ATT1.jpg
[NTSysADM] SSL and RDS servers
Assume two RDS Gateway servers...URL to get to them is https://rdservices.nwea.org. Currently I am using a wildcard cert, but apparently due to how NWEA's wildcard cert is licensed I need to change it to a single host cert. Is there any way to have a cert for rdservices.nwea.org to be legit on two servers? I am fairly cert illiterate so I am not sure of the mechanism a browser uses to match SSL cert with particular host. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] RE: SSL and RDS servers
Rock on, thanks! From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Damien Solodow Sent: Thursday, August 29, 2013 11:38 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: SSL and RDS servers You can definitely have the cert for that URL be on both servers. Generate the CSR on one of them and install the cert. Then export the cert private key as a .pfx (don't select the remove after export) Import the .pfx on the other server. The browser compares the URL being accessed with the common name of the certificate. So when you generate your request, make sure the common name is rdservices.nwea.org and you should be good. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Thursday, August 29, 2013 2:28 PM To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Subject: [NTSysADM] SSL and RDS servers Assume two RDS Gateway servers...URL to get to them is https://rdservices.nwea.org. Currently I am using a wildcard cert, but apparently due to how NWEA's wildcard cert is licensed I need to change it to a single host cert. Is there any way to have a cert for rdservices.nwea.org to be legit on two servers? I am fairly cert illiterate so I am not sure of the mechanism a browser uses to match SSL cert with particular host. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] Upgrade 2003 DC's
So... in my environment we have four ancient DC's. Two root DC's and two of five subdomain DC's. These have been around enough and our environment is complex enough that we aren't sure how many systems rely in the specific IP or hostname. Seems to me it should be fairly straightforward to stand up new with same name/IP as the originals: * Transfer all FSMO roles * Demote DC (DCRPOMO) * Unjoin from domain * Power off * Build new server with same name * Join to domain * Install AD DS roles * DCPROMO * Transfer FSMO roles back (optional) Now in one case the DC is also a certificate server, although we aren't 100% sure if/how it's being used. Surely there are some caveats to consider? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] RE: Looking for Hyper-V server hardware
Glad to help! My 840 had two 1TB drives with my VM's on it, so I simply RAID1'd two of the 160GB drives on the C1100, swapped in my 1TB drives, loaded Server 2012 (and no datacenter edition needed to see over 32GB RAM, YAY!!) and presto! Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Erik Goldoff Sent: Monday, August 26, 2013 7:10 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware Even with relatively small (160GB), old hard drives a good deal [ I really doubt at this price that those are not original/previous owner drives with years of spin already on them] I might have to pick up one or two , thanks for the link David -EG From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Steven M. Caesare Sent: Monday, August 26, 2013 9:25 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware Wow. $400? That's impressive... -sc From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Monday, August 26, 2013 9:20 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware I missed these recommendations (I was on PTO last week) so I ended up paying $400 for one of these: http://www.ebay.com/itm/Dell-Poweredge-C1100-1U-2X-XEON-QC-L5520-2-26GHZ-4x160GB-HDD-48GB-DDR3-Warranty-/251263380756?pt=COMP_EN_Servershash=item3a8076ed14 On powering up it turns out I have one of this guys' 72GB RAM offerings, but it loaded Server 2012 Standard just fine and I was able to move my Hyper-V guests over no sweat. It doesn't come with a CD-ROM drive and reading forums it's not really recommended for an SMB solution but for my lab uses it's perfect. Troubleshooting my PowerEdge 840 (long story on why I didn't do this before ordering the C1100), turns out the BIOS dropped the settings of two of the four SATA drives (unknown) and changed the boot order from 0-1-2-3 to 2-1-0-3. Resetting the drive info to what I'd expected brought the server back to normal operating condition. I will simply turn it into an iSCSI target... Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Saturday, August 17, 2013 3:20 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware For the workload you've mentioned, I'd just get a HP Microserver. Cheap, quiet, cool. Get 2 x SSDs for whatever needs fast disk, and 2 x WD Blacks or Reds for anything that needs bulk storage. The latest gen (G8) has iLO, 2 x GB Nics, 4 drive bays, 16GB RAM supported. Cheers Ken From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Saturday, 17 August 2013 5:00 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware I don't need 32GB, but I plan to run Exchange 2013 which would be my main RAM-eater, the rest don't really need much RAM. I could probably get away with 16GB if I had to, the Exchange would exist for testing migration from on-prem to Office365 more than anything. Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Friday, August 16, 2013 11:52 AM To: ntsysadm Subject: Re: [NTSysADM] RE: Looking for Hyper-V server hardware Why do you need 32GB to manage that? I have a host managing more VMs (5 currently) with 16GB RAM, and I was doing some streaming on it for a while. An i3 would be okay, but an i5 would be excellent.(I'm running two different Hyper-V boxen with quad-core E3-1235 processors.) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Fri, Aug 16, 2013 at 1:33 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks like all i-series CPU's support Hyper-V too. Thinking furtherI have a PC that we mainly use to stream HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the entertainment system/HDMI output with other VM's running in the background? It looks like if I can use SLAT (Intel's I processors do). Anyone doing this? Hyper-V server with 1 Media workstation VM leveraging good video card for streaming 1080 video outputting to TV via HDMI 1 VM that is a server OS 1 VM that is generic workstation client Dave From: listsad
RE: [NTSysADM] MSIEXEC CPU on TS-Solved
+1 I would have never figured that one out... From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Monday, August 26, 2013 8:25 AM To: ntsysadm Subject: Re: [NTSysADM] MSIEXEC CPU on TS-Solved Thanks for following up. That was a very good find. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Sat, Aug 24, 2013 at 7:12 PM, J- P jnat...@hotmail.commailto:jnat...@hotmail.com wrote: Ok, so after looking at thousands of procmon lines , I finally figured out what was causing it- This is not the normal bug thats been around , but it did relate to an HP printer. What tipped me off was the spools process not doing anything other than process profiling no regquery no create , no file create and no imagepath , So I ran procmon on a desktop and there it was, Spoolsv.eve doing what it should be , RegOpen, FileSystemControl, Regcreate, etc. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\Print_Server\Printers\{3B2A2A60-72A2-4B70-99F3-1FE3E72FDB85}\PrinterDriverData HKCU\Printers\Connections\,,Print_Server_Name,Shared_Printer_Name and heck of alot more entries- Evidently the genius writing the front end of the DB decided to make some upgrades (without telling anyone), like hardcoding default printers for various reports, queries etc.. and since said printers did not exist on Box , thats when MSIExec would kickoff and attempt the installation of the HP Printers. After installing ALL the printers on the box, print previews take about 1 second to load, and no MSIexec. This will be one costly lesson to the client :) as I spent quite sometime on this. Thanks to everyone for all the feedback. And now time for some cognac Thanks again Jean-Paul Natola From: ken.corne...@kimball.commailto:ken.corne...@kimball.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Date: Thu, 22 Aug 2013 08:25:47 -0400 Subject: RE: [NTSysADM] MSIEXEC CPU on TS Not local to the Citrix server, local to the RDP or Citrix client. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Chenault Sent: Wednesday, August 21, 2013 11:14 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] MSIEXEC CPU on TS A... okay. Major bummer. If this is only for local attach printers then the only solution I see until MS issues a patch is for the RDP/Citrix server to not have any local attach printers. From: J- Pmailto:jnat...@hotmail.com Sent: Wednesday, August 21, 2013 3:20 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] MSIEXEC CPU on TS think I may have stumbled onto something,I have afew 1000 of these, however, they are not identical they seem to increment and all result in NO MORE ENTRIES HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32 HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB} HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32 HKU\.DEFAULT\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA} Jean-Paul Natola From: ken.corne...@kimball.commailto:ken.corne...@kimball.com To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Date: Wed, 21 Aug 2013 13:44:16 -0400 Subject: RE: [NTSysADM] MSIEXEC CPU on TS That's not the problem. What happens is that whenever a remote user (either citrix or RDP) prints (or logs on, I forget), the local printers FOR ALL LOGGED IN USERS get GUIDs assigned that are unique for that user's session. The stupid HP print drivers (maybe other too) create keys under HKU\.Default\Software\Hewlett-Packard corresponding to ALL THESE GUIDS. This rapidly results in thousands of keys. For some reason, msiexec.exe likes to fully traverse that key OVER and OVER and OVER resulting in msiexec using 100% of one CPU AND msiexec taking forever to get anything done. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Chenault Sent: Wednesday, August 21, 2013 12:53 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] MSIEXEC CPU on TS Maybe I'm missing something or need more coffee... Set up a group of the RDP users. Deny those users access to those printers using the printer properties Security tab. From: J- Pmailto:jnat...@hotmail.com Sent: Tuesday, August 20, 2013 4:29 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE:
RE: [NTSysADM] RE: Looking for Hyper-V server hardware
Yep, works like a charm...requires older IE (I had to tell IE10 to play like IE8) and Java, but I consoled into it and it woks fine. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Monday, August 26, 2013 10:34 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware Good heavens. Do these things have a BMC on them? DRAC, I mean? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Monday, August 26, 2013 9:20 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware I missed these recommendations (I was on PTO last week) so I ended up paying $400 for one of these: http://www.ebay.com/itm/Dell-Poweredge-C1100-1U-2X-XEON-QC-L5520-2-26GHZ-4x160GB-HDD-48GB-DDR3-Warranty-/251263380756?pt=COMP_EN_Servershash=item3a8076ed14 On powering up it turns out I have one of this guys' 72GB RAM offerings, but it loaded Server 2012 Standard just fine and I was able to move my Hyper-V guests over no sweat. It doesn't come with a CD-ROM drive and reading forums it's not really recommended for an SMB solution but for my lab uses it's perfect. Troubleshooting my PowerEdge 840 (long story on why I didn't do this before ordering the C1100), turns out the BIOS dropped the settings of two of the four SATA drives (unknown) and changed the boot order from 0-1-2-3 to 2-1-0-3. Resetting the drive info to what I'd expected brought the server back to normal operating condition. I will simply turn it into an iSCSI target... Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Schaefer Sent: Saturday, August 17, 2013 3:20 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware For the workload you've mentioned, I'd just get a HP Microserver. Cheap, quiet, cool. Get 2 x SSDs for whatever needs fast disk, and 2 x WD Blacks or Reds for anything that needs bulk storage. The latest gen (G8) has iLO, 2 x GB Nics, 4 drive bays, 16GB RAM supported. Cheers Ken From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Saturday, 17 August 2013 5:00 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: Looking for Hyper-V server hardware I don't need 32GB, but I plan to run Exchange 2013 which would be my main RAM-eater, the rest don't really need much RAM. I could probably get away with 16GB if I had to, the Exchange would exist for testing migration from on-prem to Office365 more than anything. Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Friday, August 16, 2013 11:52 AM To: ntsysadm Subject: Re: [NTSysADM] RE: Looking for Hyper-V server hardware Why do you need 32GB to manage that? I have a host managing more VMs (5 currently) with 16GB RAM, and I was doing some streaming on it for a while. An i3 would be okay, but an i5 would be excellent.(I'm running two different Hyper-V boxen with quad-core E3-1235 processors.) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Fri, Aug 16, 2013 at 1:33 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks like all i-series CPU's support Hyper-V too. Thinking furtherI have a PC that we mainly use to stream HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the entertainment system/HDMI output with other VM's running in the background? It looks like if I can use SLAT (Intel's I processors do). Anyone doing this? Hyper-V server with 1 Media workstation VM leveraging good video card for streaming 1080 video outputting to TV via HDMI 1 VM that is a server OS 1 VM that is generic workstation client Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Friday, August 16, 2013 7:57 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM will just about consume your $500 right off the bat. Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com
[NTSysADM] Looking for Hyper-V server hardware
My old home lab PowerEdge 840 server is giving me issues so I'm looking to upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell because that's what my clients run, but not a requirement) but do want Xeon instead of the AMD equivalent. The closest I can find is a Dell T300 populated with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB RAM!). Since this is for my home lab I don't mind building a white box system either. Suggestions anyone? Dell Outlet prices are out of my price range... * Tower * Xeon proc * 24+GB installed * HDD's / optical drive not necessary, I have my own David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] RE: Looking for Hyper-V server hardware
Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks like all i-series CPU's support Hyper-V too. Thinking furtherI have a PC that we mainly use to stream HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the entertainment system/HDMI output with other VM's running in the background? It looks like if I can use SLAT (Intel's I processors do). Anyone doing this? Hyper-V server with 1 Media workstation VM leveraging good video card for streaming 1080 video outputting to TV via HDMI 1 VM that is a server OS 1 VM that is generic workstation client Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Friday, August 16, 2013 7:57 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM will just about consume your $500 right off the bat. Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, August 16, 2013 10:19 AM To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Subject: [NTSysADM] Looking for Hyper-V server hardware My old home lab PowerEdge 840 server is giving me issues so I'm looking to upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell because that's what my clients run, but not a requirement) but do want Xeon instead of the AMD equivalent. The closest I can find is a Dell T300 populated with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB RAM!). Since this is for my home lab I don't mind building a white box system either. Suggestions anyone? Dell Outlet prices are out of my price range... * Tower * Xeon proc * 24+GB installed * HDD's / optical drive not necessary, I have my own David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] RE: Looking for Hyper-V server hardware
Thanks! From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim Sent: Friday, August 16, 2013 10:37 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware I think you would want to do the below to get your video performance in the entertainment workstation. Or perhaps run that part off the hyper-v host side. http://technet.microsoft.com/en-us/virtualization/hh278966.aspx From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, August 16, 2013 1:33 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks like all i-series CPU's support Hyper-V too. Thinking furtherI have a PC that we mainly use to stream HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the entertainment system/HDMI output with other VM's running in the background? It looks like if I can use SLAT (Intel's I processors do). Anyone doing this? Hyper-V server with 1 Media workstation VM leveraging good video card for streaming 1080 video outputting to TV via HDMI 1 VM that is a server OS 1 VM that is generic workstation client Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Friday, August 16, 2013 7:57 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM will just about consume your $500 right off the bat. Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, August 16, 2013 10:19 AM To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Subject: [NTSysADM] Looking for Hyper-V server hardware My old home lab PowerEdge 840 server is giving me issues so I'm looking to upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell because that's what my clients run, but not a requirement) but do want Xeon instead of the AMD equivalent. The closest I can find is a Dell T300 populated with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB RAM!). Since this is for my home lab I don't mind building a white box system either. Suggestions anyone? Dell Outlet prices are out of my price range... * Tower * Xeon proc * 24+GB installed * HDD's / optical drive not necessary, I have my own David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] RE: Looking for Hyper-V server hardware
I'm just trying to stream from the Internet to the TV...so whatever Hulu uses (looks like Flash) or Windows Media Player (watching DVD's). Media software on the host OS sounds like my fallback plan, shouldn't be an issue I'd think, Server 2012 licensing allows that kind of usage (1 physical and 2VM's, as I read it). Apparently Win8 would let me do similar things, but I don't see it as fitting what I want to do with VM's... From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Friday, August 16, 2013 11:29 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware Not sure what media software you are using, but a few people tried to get XBMC (a very popular media player) to run in a virtual under ESX using a variety of video cards dedicated to the XMBC virtual, and none were ever successful in getting useable results. Oh, and the technology that allows that is VT-d. SLAT is secondary address translation table. I'm guessing you'd want to run the media software on the host OS. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, August 16, 2013 1:33 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks like all i-series CPU's support Hyper-V too. Thinking furtherI have a PC that we mainly use to stream HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the entertainment system/HDMI output with other VM's running in the background? It looks like if I can use SLAT (Intel's I processors do). Anyone doing this? Hyper-V server with 1 Media workstation VM leveraging good video card for streaming 1080 video outputting to TV via HDMI 1 VM that is a server OS 1 VM that is generic workstation client Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Friday, August 16, 2013 7:57 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM will just about consume your $500 right off the bat. Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, August 16, 2013 10:19 AM To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Subject: [NTSysADM] Looking for Hyper-V server hardware My old home lab PowerEdge 840 server is giving me issues so I'm looking to upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell because that's what my clients run, but not a requirement) but do want Xeon instead of the AMD equivalent. The closest I can find is a Dell T300 populated with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB RAM!). Since this is for my home lab I don't mind building a white box system either. Suggestions anyone? Dell Outlet prices are out of my price range... * Tower * Xeon proc * 24+GB installed * HDD's / optical drive not necessary, I have my own David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] RE: Looking for Hyper-V server hardware
I don't need 32GB, but I plan to run Exchange 2013 which would be my main RAM-eater, the rest don't really need much RAM. I could probably get away with 16GB if I had to, the Exchange would exist for testing migration from on-prem to Office365 more than anything. Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Friday, August 16, 2013 11:52 AM To: ntsysadm Subject: Re: [NTSysADM] RE: Looking for Hyper-V server hardware Why do you need 32GB to manage that? I have a host managing more VMs (5 currently) with 16GB RAM, and I was doing some streaming on it for a while. An i3 would be okay, but an i5 would be excellent.(I'm running two different Hyper-V boxen with quad-core E3-1235 processors.) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Fri, Aug 16, 2013 at 1:33 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Hmm...maybe I'm thinking too narrow of a box (see what I did there?). Looks like all i-series CPU's support Hyper-V too. Thinking furtherI have a PC that we mainly use to stream HULU/Netflixwould it be feasible to use a Hyper-V server and one VM be the entertainment system/HDMI output with other VM's running in the background? It looks like if I can use SLAT (Intel's I processors do). Anyone doing this? Hyper-V server with 1 Media workstation VM leveraging good video card for streaming 1080 video outputting to TV via HDMI 1 VM that is a server OS 1 VM that is generic workstation client Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Friday, August 16, 2013 7:57 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Looking for Hyper-V server hardware I'd think whiteboxing would not be viable since a Xeon proc and 32GB of RAM will just about consume your $500 right off the bat. Why does it have to be a Xeon? A quad core i5 whitebox might be doable for $500. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, August 16, 2013 10:19 AM To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Subject: [NTSysADM] Looking for Hyper-V server hardware My old home lab PowerEdge 840 server is giving me issues so I'm looking to upgrade, looking to spend ~500 (can be used, obviously!). Ideally I'd like a tower server populated with 32GB RAM. I'm not picky on brand (partial to Dell because that's what my clients run, but not a requirement) but do want Xeon instead of the AMD equivalent. The closest I can find is a Dell T300 populated with 24GB RAM for about $500 shipped, which would work (the 840 has only 8GB RAM!). Since this is for my home lab I don't mind building a white box system either. Suggestions anyone? Dell Outlet prices are out of my price range... * Tower * Xeon proc * 24+GB installed * HDD's / optical drive not necessary, I have my own David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764
RE: [NTSysADM] Odd RDP issue - resolved
Time settings: check. Same/same No name resolution issues Dual NIC on SBS – I know ☺. NIC 2 was VM-VM only on dedicated virtual switch, using HOSTS file so only traffic to-from SERVER2 traverses it (they are on the same Hyper-V host) netstat -n -a -o | find 3389 shows 3389 open and listening Doing more work, on security layer setting it to “RDP Security Layer” it did work, but “Negotiate” didn’t. Hey….I found the issue! A couple weeks ago I ran a tool (IISCrypto) to disable TLS 1.0 and I think this was the first reboot. Flipping it back to “RDP layer” allows RDP to work. Re-enabling TLS 1.0 and restarting the Remote Desktop services once again allows the RDP session to work in its default config (and allowing the requirement of NLA). Learned something new today, even if it was self-inflicted…don’t turn off TLS 1.0 if you want to use “negotiate” or “TLS 1.0” settings with RDP Thanks everyone! Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Christopher Bodnar Sent: Wednesday, August 14, 2013 12:15 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Odd RDP issue From an internal connection are there any name resolution issues (FQDN, NetBIOS) names both resolve? Can you RDP to it by IP from the internal network? Can you RDP to itself while accessing it from the Hyper-V console? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE98EA.12C431E0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:David Lum david@nwea.orgmailto:david@nwea.org To:NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Date:08/14/2013 02:49 PM Subject:[NTSysADM] Odd RDP issue Sent by: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com SBS 2011 (similar to 2008R2), Hyper-V VM. Two NIC’s on the VM. RDP has been working fine for months. I was able to RDP to the machine today to reboot it, but after the server came back up I cannot RDP to it. • Entering via Hyper-V console I can log onto the VM’s console. • From the Internet I *can* use https://remote.mydomain.comhttps://remote.mydomain.com/ (which is the affected server) and use Remote Web Access to access other servers, shared folders, etc. but cannot RDP to the server itself • The only broken thing I am finding is RDP to the server • Changing RDP security levels (require NLA or not) has no effect Every time I try to RDP I get a corresponding “A fatal error occurred while creating an SSL server credential. The internal server state is 10013” in the servers event log. Google-fu comes up with a few ideas but nothing definitive for me. Anyone? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. inline: image001.jpg
[NTSysADM] Sounded so easy
2008 R2 server at remote site that was DNS/DC/File/Print. Also runs a helpdesk app (Sysaid) and AutoDesk license server and DFS. I am going to P2V it, so before doing it I wanted to demote it from domain controller. Except the demotion broke DFS and modified the firewall entries that had been allowing the FlexLM and SysAid apps, which wasn't immediately apparent (ICMP still worked, for example). Of course after spending an hour chasing not-obvious-to-me issues I kill the firewall and hey, lookie there! Nice thing is Server 2012 licensing will allow me to stand up a new DC and keep the it divorced from the everything else server. I hate having a DC that does much of anything else... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] Cool little tool
Hi Jim, I have no experience with Office365 Sharepoint, so I can't say. :( Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jim Majorowicz Sent: Wednesday, August 07, 2013 9:56 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Cool little tool David, Would you say this easier than an Office365 SharePoint? On Fri, Aug 2, 2013 at 8:25 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: This will sound like a sales pitch and it is, but it's because I just implemented it and think it's cool, I am not getting referral fees. So there. :) Liquidfiles.net. You can get a non-Windows VM that's basically a fancy standalone FTP server where you get a web front-end to log in to and send a hyperlink to large files that you host on premise or in the cloud. Some cool features: * Download URL expires after a time you specify * URL can be available to just the recipient(s) or everyone * Recipient confirms their e-mail address one time, then they get the download URL * Users sending you files o Other people can send *you* files without any FTP client or requiring any further setup from the sender (for example, https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a hyperlink to the file you've sent, but not all extensions are allowed :)) o File receive locations can be per user and/or a catchall * Outlook plug-in. Instead of the web page you have a new toolbar in Outlook to send files. o This plug in can be installed on anyone's system, it asks for your liquidfiles credentials the first time you launch it per machine. For me adding the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same server/login ID for sending files, for example. * You can specify accepted and/or blocked extensions One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The best part is I didn't find it that complex at all, and it's pretty cheap if you need it for just a few select users, no license cost if you are sending to other users in your e-mail domain. Features here: http://www.liquidfiles.net/features.html David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764
RE: [NTSysADM] Google Chrome stores passwords in plaintext
Saw that. Not sure how much I care, as it's been said many times once you give up physical access all bets are off. As the Chrome guy says We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Wednesday, August 07, 2013 9:22 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Google Chrome stores passwords in plaintext http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw No obfuscation to the casual snooper, no master password, no nothing. This is the same thing that Firefox caught flack for 3 years ago. -- Espi
RE: [NTSysADM] Google Chrome stores passwords in plaintext
Oh? A serious flaw in the security of Google's Chrome browser lets anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel... Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active. I took that to mean physical access was required. ? Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Wednesday, August 07, 2013 12:03 PM To: ntsysadm Subject: Re: [NTSysADM] Google Chrome stores passwords in plaintext But you can get it without physical access... that's the point. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Aug 7, 2013 at 2:40 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Saw that. Not sure how much I care, as it's been said many times once you give up physical access all bets are off. As the Chrome guy says We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Wednesday, August 07, 2013 9:22 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] Google Chrome stores passwords in plaintext http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw No obfuscation to the casual snooper, no master password, no nothing. This is the same thing that Firefox caught flack for 3 years ago. -- Espi
RE: [NTSysADM] Google Chrome stores passwords in plaintext
A...Chrome settings panel not OS settings panel (which is typically unavailable to my non-admin users). I are slow... I sit a little more educated. Personally the only password I save in a browser is my IE connecting to our internal Sharepoint site at %dayjob%. I'm too paranoid to have my browsers save anything else, for web passwords I use Keepass and cut paste. Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Wednesday, August 07, 2013 12:05 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Google Chrome stores passwords in plaintext Surely, and as Google also points out - thats the penultimate reason for not caring if the passwords are stored in plaintext. But, I have to agree with so many others that this isnt a concern about physical access hackers. This is a concern for snoopers, spies, and casual intruders. I'm in complete agreement with Jim Kennedy's response, as insider spying and hacking is always a concern. I'll kick it up a notch to say that physical security is a categorically piss-poor excuse in this day and age to leave anything security related in plaintext. I'm baffled by this. -- Espi On Wed, Aug 7, 2013 at 11:40 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Saw that. Not sure how much I care, as it's been said many times once you give up physical access all bets are off. As the Chrome guy says We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Wednesday, August 07, 2013 9:22 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] Google Chrome stores passwords in plaintext http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw No obfuscation to the casual snooper, no master password, no nothing. This is the same thing that Firefox caught flack for 3 years ago. -- Espi
RE: [NTSysADM] 10Gb Ethernet
Late to this party…what kind of disk subsystems are you transferring to and from? I don’t see even ½ that when going from SAS to SAS on the same machine. Then again it’s probably because I am going from RAID1 to RAID 1 and not multispindle RAID5 or 10… From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Stovall Sent: Friday, July 26, 2013 5:43 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] 10Gb Ethernet I'm just beginning to prepare the environment at $Work for the transition from VMware to Hyper-V. Part of the exercise is implementing 10Gb Ethernet for the first time. I work in the SMB space at a company with an IT staff of two. Consequently, I don't get too jazzed about much in the way of infrastructure these days, but I gotta tell ya, it's slicker the greased owl sh** to see sustained file transfers on the order of 750MB/sec (without any network tweaking at all). More info. as things progress, but, for today at least, it was was pretty cool throwing multi-GB files around in mere seconds. (Heck, it was hard finding something big enough to test with!)
[NTSysADM] Cool little tool
This will sound like a sales pitch and it is, but it's because I just implemented it and think it's cool, I am not getting referral fees. So there. :) Liquidfiles.net. You can get a non-Windows VM that's basically a fancy standalone FTP server where you get a web front-end to log in to and send a hyperlink to large files that you host on premise or in the cloud. Some cool features: * Download URL expires after a time you specify * URL can be available to just the recipient(s) or everyone * Recipient confirms their e-mail address one time, then they get the download URL * Users sending you files o Other people can send *you* files without any FTP client or requiring any further setup from the sender (for example, https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a hyperlink to the file you've sent, but not all extensions are allowed :)) o File receive locations can be per user and/or a catchall * Outlook plug-in. Instead of the web page you have a new toolbar in Outlook to send files. o This plug in can be installed on anyone's system, it asks for your liquidfiles credentials the first time you launch it per machine. For me adding the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same server/login ID for sending files, for example. * You can specify accepted and/or blocked extensions One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The best part is I didn't find it that complex at all, and it's pretty cheap if you need it for just a few select users, no license cost if you are sending to other users in your e-mail domain. Features here: http://www.liquidfiles.net/features.html David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] Cool little tool
It's a VM sitting on 2008R2 Hyper-V. My client needs to send too large for e-mail large media files (100-300MB). This solution is easier to implement than SFTP, especially from the end users standpoint. I will be rolling this out to my other client shortly, and I can imagine %dayjob% might have a use for it as well... Dave From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Friday, August 02, 2013 8:59 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Cool little tool Interesting. How are you currently using this service? -- Espi On Fri, Aug 2, 2013 at 8:25 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: This will sound like a sales pitch and it is, but it's because I just implemented it and think it's cool, I am not getting referral fees. So there. :) Liquidfiles.net. You can get a non-Windows VM that's basically a fancy standalone FTP server where you get a web front-end to log in to and send a hyperlink to large files that you host on premise or in the cloud. Some cool features: * Download URL expires after a time you specify * URL can be available to just the recipient(s) or everyone * Recipient confirms their e-mail address one time, then they get the download URL * Users sending you files o Other people can send *you* files without any FTP client or requiring any further setup from the sender (for example, https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a hyperlink to the file you've sent, but not all extensions are allowed :)) o File receive locations can be per user and/or a catchall * Outlook plug-in. Instead of the web page you have a new toolbar in Outlook to send files. o This plug in can be installed on anyone's system, it asks for your liquidfiles credentials the first time you launch it per machine. For me adding the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same server/login ID for sending files, for example. * You can specify accepted and/or blocked extensions One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The best part is I didn't find it that complex at all, and it's pretty cheap if you need it for just a few select users, no license cost if you are sending to other users in your e-mail domain. Features here: http://www.liquidfiles.net/features.html David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764
[NTSysADM] RE: Hyper v 2012, deleted tree of snapshots, but AVHDX files remain
The Hyper-V GUI also shows progress of the merging. I am just glad we can leave the VM's up like ESX has been able to do, I hated having to power off to merge snapshots! It was a huge deterrent to going snapshot crazy (which can be good and bad...) From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Friday, August 02, 2013 11:45 AM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: Hyper v 2012, deleted tree of snapshots, but AVHDX files remain It merges them in the background. When the merge is complete, the files will be removed. There is a cmdlet that will give you status of this process, but I can't think of the name at the moment (there are 2,700+ new cmdlets in server 2012 - wow!). From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jesse Rink Sent: Friday, August 2, 2013 2:39 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] Hyper v 2012, deleted tree of snapshots, but AVHDX files remain So one of my customers has a 2012 Hyper V server. One of the VMs running on it had 3 snapshots recently taken, all 3 were not needed, so the top-most snapshot was selected and then the entire subtree of snapshots was deleted. The Hyper-V host no longer shows any snapshots for that VM. However, looking at the physical location where the VHDX file is stored, there is still 3 AVHDX files (with one of them continuing to grow). How long does it take Hyper V to delete these from the disk? The server is still UP... but i read with 2012, that's fine... thoughts on why these files are leftover? Hyper V did not give any indication that deletion of the snapshots was unsuccessful. Thanks JR
RE: [NTSysADM] Cool little tool
Aw Dad... From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Friday, August 02, 2013 12:20 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Cool little tool Ok boys, it's time to step back into your corners... ;-) Sent from my Windows Phone From: Andrew S. Baker Sent: 8/2/2013 3:17 PM To: ntsysadm Subject: Re: [NTSysADM] Cool little tool So, in your analysis of the possible business risks, you see no need for any particular mitigations that would undermine the current end-user productivity benefits? :) Understood. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Fri, Aug 2, 2013 at 3:06 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: LOL. Damnit Jim! It's was likely a rhetorical question...however, I deemed security to be sufficient (check security section on this page : http://www.liquidfiles.net/features.html), as the appliance in question is running CentOS, and even if this system was fully compromised the only data on it are files in transit, there is not much anyone could do from this device to anything else on the network (it's not domain joined, for example). A bad guy could walk off with the entire VM and not get much. The biggest risk I see is a DoS where someone filled up the driveexcept there's quota's so they can really only DoS a single user (well, a concentrated effort might fill the various repositories...). However, I still couldn't guess at the odds of a MiTM on this device! HAHHA From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker Sent: Friday, August 02, 2013 11:28 AM To: ntsysadm Subject: Re: [NTSysADM] Cool little tool *** TOPIC JUMP *** My client needs to send too large for e-mail large media files (100-300MB). This solution is easier to implement than SFTP, especially from the end users standpoint. What is this I see? You just made a decision that prioritizes ease of use and functionality over security? Hmmm :) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Fri, Aug 2, 2013 at 12:23 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: It's a VM sitting on 2008R2 Hyper-V. My client needs to send too large for e-mail large media files (100-300MB). This solution is easier to implement than SFTP, especially from the end users standpoint. I will be rolling this out to my other client shortly, and I can imagine %dayjob% might have a use for it as well... Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Friday, August 02, 2013 8:59 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Cool little tool Interesting. How are you currently using this service? -- Espi On Fri, Aug 2, 2013 at 8:25 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: This will sound like a sales pitch and it is, but it's because I just implemented it and think it's cool, I am not getting referral fees. So there. :) Liquidfiles.net. You can get a non-Windows VM that's basically a fancy standalone FTP server where you get a web front-end to log in to and send a hyperlink to large files that you host on premise or in the cloud. Some cool features: * Download URL expires after a time you specify * URL can be available to just the recipient(s) or everyone * Recipient confirms their e-mail address one time, then they get the download URL * Users sending you files o Other people can send *you* files without any FTP client or requiring any further setup from the sender (for example, https://bigftp.ci.cornelius.or.us/filedrop/recieve sends me an e-mail with a hyperlink to the file you've sent, but not all extensions are allowed :)) o File receive locations can be per user and/or a catchall * Outlook plug-in. Instead of the web page you have a new toolbar in Outlook to send files. o This plug in can be installed on anyone's system, it asks for your liquidfiles credentials the first time you launch it per machine. For me adding the add-in to %dayjob%, %home%, and %MyPC-At-A-Client% all points to the same server/login ID for sending files, for example. * You can specify accepted and/or blocked extensions One feature I haven't leveraged yet is LDAP (or SAML SSO) authentication. The best part is I didn't find it that complex at all, and it's pretty cheap if you need it for just a few select users
[NTSysADM] man-in-the-middle attack
I need to present management with the odds of this actually getting exploited, as I'd want to force TLS 1.2 for ADFS but that takes Chrome and more importantly Safari (iOS devices) out of the mix, so I suspect management might say we want compatibility instead of protection from some obscure attack that is unlikely to happen. In short, what are the odds of a MITM attack actually happening between my remote employee and our ADFS server? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] LDAP lookups
In a domain with 3 DC's, which one handles LDAP requests? If the LDAP is set to query mydomaion.com.com ,what determines which DC processes the query? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] RE: LDAP lookups
I got lucky - under protest I made a change only to troubleshoot then we flip it back. The change eliminated that error message but did NOT fix their underlying problem, so I was able to flip it back... I saw an objection from Desmond on blog about it, as well as link: http://jeftek.com/219/avoid-changing-the-maxpagesize-ldap-query-policy So I was pretty set against it. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Free, Bob Sent: Wednesday, July 31, 2013 12:05 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: LDAP lookups NO NO NO Just say NO From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Wednesday, July 31, 2013 11:24 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: LDAP lookups Thanks everyone! That was my assumption after looking at _ldap records in DNS as well. I've been asked to change the Sizelimit and PageSize attributes because our developers are getting this error https://confluence.atlassian.com/display/FISHKB/LDAP%3A+error+code+4+-+Sizelimit+Exceeded Dave From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Wednesday, July 31, 2013 11:16 AM To: 'ntsysadm@lists.myitforum.com' Subject: [NTSysADM] RE: LDAP lookups When the DNS server (assuming windows DNS) resolves mydomain.com, it will find 3 address (A) records. If the client is on the same subnet as one of the A records, the DNS server will do subnet sorting which means it will put that A record first in the list of 3 records that it returns to the client. Otherwise it will round-robin the order of the 3 records returned. So, if the LDAP client is on the same subnet as one of the DCs, it will hit that DC (because that DC's IP address will be first in the list returned by the DNS server). Otherwise, it will be random. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Wednesday, July 31, 2013 1:43 PM To: NTSysADM@lists.myITforum.commailto:NTSysADM@lists.myITforum.com Subject: [NTSysADM] LDAP lookups In a domain with 3 DC's, which one handles LDAP requests? If the LDAP is set to query mydomaion.com.com ,what determines which DC processes the query? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/
RE: [NTSysADM] Nostalgia
Fail From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Steven M. Caesare Sent: Thursday, July 18, 2013 7:26 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia Answer a question to continue reading this article.? Oof. -sc From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Webster Sent: Thursday, July 18, 2013 10:07 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia http://www.accessmylibrary.com/article-1G1-15397162/microsoft-hoping-visine-helps.html (from May 30, 1994) There was plenty of backroom talk, too, about Visine, code name for a set of migration tools Microsoft has in the works for Daytona, the next version of the Windows NT Advanced Server. The idea here is that NetWare 3.X shops are going to have to make a big effort, anyway, to upgrade to 4.0, so why not give them tools to make the switch to Daytona easier? Visine is intended, of course, to get the red out. Thanks Webster From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr Sent: Thursday, July 18, 2013 8:55 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Nostalgia I'm guessing; because it gets the red out? -- Espi On Thu, Jul 18, 2013 at 6:41 AM, Steven M. Caesare scaes...@caesare.commailto:scaes...@caesare.com wrote: NT Gateway Services for Netware. AKA Visine. -sc From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Free, Bob Sent: Wednesday, July 17, 2013 7:43 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia let's not forget Banyan Vines Indeed Some of us who worked on the real NOS back in the day (or heaven forbid, both) were prone to calling Novell the Red Virus :) From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Senter, John Sent: Wednesday, July 17, 2013 8:45 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia If we are going to talk about Novell,. Expensive yet had directory services that far exceed Window NT. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Wednesday, July 17, 2013 11:37 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia The weight of e-mail I receive is amazing! I had to delete a much of SPAM from my laptop to lighten it enough for me to pick it up. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Wednesday, July 17, 2013 8:08 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia I don't know about that. I'd say the weight of a month's worth of my junk mail easily exceeds what a computer shopper used to weigh. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins Sent: Wednesday, July 17, 2013 10:59 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Nostalgia And now he hates you for not using the USPS for much of anything now. - WJR On Wed, Jul 17, 2013 at 8:56 AM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: Yeah, but my mail carrier hated me for years on account of that monthly mag... :) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Jul 17, 2013 at 9:27 AM, William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com wrote: I miss Computer Shopper. [Inline image 1] - WJR On Wed, Jul 17, 2013 at 8:22 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: OK, while we are on the nostalgia train. my first PC had an AMD DX40 chip. Bought from ABS out of Computer Shopper. I truly miss the Loft of Doom and Pepsi Cola. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CE838A.31A6E5F0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu To:ntsysadm
RE: [NTSysADM] Nostalgia
The weight of e-mail I receive is amazing! I had to delete a much of SPAM from my laptop to lighten it enough for me to pick it up. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ken Cornetet Sent: Wednesday, July 17, 2013 8:08 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia I don't know about that. I'd say the weight of a month's worth of my junk mail easily exceeds what a computer shopper used to weigh. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins Sent: Wednesday, July 17, 2013 10:59 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Nostalgia And now he hates you for not using the USPS for much of anything now. - WJR On Wed, Jul 17, 2013 at 8:56 AM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: Yeah, but my mail carrier hated me for years on account of that monthly mag... :) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Jul 17, 2013 at 9:27 AM, William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com wrote: I miss Computer Shopper. [Inline image 1] - WJR On Wed, Jul 17, 2013 at 8:22 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: OK, while we are on the nostalgia train. my first PC had an AMD DX40 chip. Bought from ABS out of Computer Shopper. I truly miss the Loft of Doom and Pepsi Cola. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CE82C8.C24CDB90] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu To:ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Date:07/17/2013 01:15 AM Subject:RE: [NTSysADM] Nostalgia Sent by: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com it also has intel at the bottom. I have that very chip in my drawer. I saved it because it was an Intel/AMD chip, which I found funny. It was only years later that I realized it was a 286. Sent from my Windows Phone From: Ben Scott Sent: 7/16/2013 4:32 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Nostalgia On Tue, Jul 16, 2013 at 12:59 PM, James Rankin kz2...@googlemail.commailto:kz2...@googlemail.com wrote: http://www.theregister.co.uk/2013/07/16/netware_4_anniversary/ I'm amused that /The Register/ has a photo of a microchip, captioned Intel's 16-bit x86 microprocessor... the chip is clearly marked with the AMD name and logo. :) -- Ben - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. inline: image001.jpg
RE: [NTSysADM] Nostalgia
+1 Got my CNA (the little cert) on 4.1 but worked with and knew 3.12 MCH better From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Tuesday, July 16, 2013 10:10 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Nostalgia Netware 3.12 was solid and the version I used to get my CNE. Netware 4.11 and above, got Novell into trouble. That, and NT 4 become viable. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin Sent: Tuesday, July 16, 2013 12:59 PM To: NTSysADM@lists.myitforum.commailto:NTSysADM@lists.myitforum.com Subject: [NTSysADM] Nostalgia A bit MS-tinted, rather, but still takes me back http://www.theregister.co.uk/2013/07/16/netware_4_anniversary/ Now I feel old, having to explain what Netware was to youngsters around me! -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/
[NTSysADM] So, the Russia listened to me about secure e-mail. Sort of.
On 6/21 I said use name mail. Someone is Russia was listening! http://news.cnet.com/8301-1009_3-57593274-83/kremlin-finds-way-to-avoid-leaks-typewriters/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] VDI Server Hardware Critique
I have never heard this term before today, looking it up now. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jim Majorowicz Sent: Wednesday, July 03, 2013 3:52 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] VDI Server Hardware Critique Be careful of a SATA Raid array. I've got a couple of these and in an effort to save money and I'm not doing it again. The issue comes down to something I learned about the hard way. Array Puncture... On Wed, Jul 3, 2013 at 3:30 PM, Stephen Wimberly riverside...@loopyguy.commailto:riverside...@loopyguy.com wrote: Kurt, Our Dell rep tells me that I could set this up on SATA drives on RAID 5, which scares me. If SATA on RAID 5 would be 'acceptible' then I think SSD would be just overkill, but if anyone has tried this I would love to hear your experience. Christopher, Good Question. We have over 500 desktops in total, so we certainly aren't trying for 100% VDI. The thought is that we would use the first box to learn on and see what our CPU and IOPS looks like. I am hoping to use the first box officially for 50 workstations, but 75 to 100 if a box ever dies. When we add more boxes in the future we will have the fault tolerance built in with a farm of VDI host boxes. An external array would be more than the budget allows, so we are attempting to go with internal drives. Since the workstations in mind will boot at different times there should not be much of a login storm. On Tue, Jul 2, 2013 at 10:01 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: What do you expect the concurrency to be on average? My biggest problem with something like this is that you have no fault tolerance. So if this one box goes down, all these part time helpers are down. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Stephen Wimberly riverside...@loopyguy.commailto:riverside...@loopyguy.com To:ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Date:07/01/2013 06:37 PM Subject:[NTSysADM] VDI Server Hardware Critique Sent by: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com Please critique the following budget VDI Server purchase. I know there is no correct hardware, but also want to hear what others think. USE: Approximately 50 workstations via Microsoft RDS that will run Microsoft Office (Most will not use Outlook, but rather webmail). All will have Adobe Reader, but not licensed Adobe products. These will be shared computers, generally not used by full time staff personnel but part time helpers so the login/logoff storm will be more random. SERVER: Dell PowerEdge R720 CPU: Dual Xeon E5-2680 (8 Core) Memory: 192 GB (12x16GB @ 1600 RDIMS RAID 10 (H710 PERC) HDD: 16 300GB 10K 2.5 NIC: BCOM 5720 Daughter Card OS: Microsoft Windows Server 2012 Microsoft Hyper V Remote Desktop Services (We may wait for Server 2012 R2 for the deduplication on the HyperV guests.) This will be our first step into VDI, so any advance thoughts would be appreciated. Thank you in Advance! - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
RE: [NTSysADM] E-mail retention
I thought this WAS corporate counsel! Who knew? Good advice, thanks! -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ben Scott Sent: Tuesday, July 02, 2013 12:29 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] E-mail retention On Tue, Jul 2, 2013 at 12:05 PM, David Lum david@nwea.org wrote: Given this: http://arcweb.sos.state.or.us/doc/recmgmt/train/erm/emailman806.pdf Would it be the responsibility of the government entity to know the correct retention period for each message they receive? I'm trying to help a client determine how long e-mail should be kept, including the brick-level backups I have... This the NT system administration list. You want a lawyer. I'm dead serious. This is not an IT question, it's a law question. Contact corporate counsel. -- Ben
RE: [NTSysADM] A very good article to read : Features Removed or Deprecated in Windows Server 2012 R2 Preview
Along the lines of one more service running that (theoretically) isn't needed, http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Sunday, June 30, 2013 5:35 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] A very good article to read : Features Removed or Deprecated in Windows Server 2012 R2 Preview I'm not a developer, so can't comment on that, but will take your word for it. However, as a sysadmin and user, I am puzzled by the fact that MSFT seems unable to bring out products for business use that work well with DDNS and FQDNs. as opposed to NetBIOS names. Also, from both an aesthetic and a security policy point of view, I think it would make sense to get rid of it - it's just one more service running that (theoretically) isn't needed. However, WINS hasn't given me problems since at least NT4, and I'm still running it under Win2k8 R2, so I don't really care much one way or the other - as I said, it's more amusing than anything else. Kurt On Sun, Jun 30, 2013 at 2:39 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: WINS just makes life so much easier as a developer. Seriously. Each product they try to remove WINS dependencies from, it breaks stuff and adds more complexity. For example, you can run Exchange without WINS (and I'm referring to a complex Exchange deployment - multiple domains, discontiguous namespaces, etc.etc.) - but the complexity of configuration Is Just Not Worth It. It's a heck of a lot cheaper to run WINS - and less likely to break. To paraphrase Brian's comments - if you have an IT organization that thinks getting rid of WINS is their top priority - then they are wrong. :) -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Sunday, June 30, 2013 2:51 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] A very good article to read : Features Removed or Deprecated in Windows Server 2012 R2 Preview Didn't say I don't like it - MSFT has in the past threatened to remove it, and it's amusing to note that they've never followed through. Kurt On Sun, Jun 30, 2013 at 10:51 AM, Jonathan Link jonathan.l...@gmail.commailto:jonathan.l...@gmail.com wrote: Well, be that as it may, Kurt still doesn't like it. On Sun, Jun 30, 2013 at 1:43 PM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: +1 I tell most customers who think removing WINS from their environment is a good use of their time to find a more worthwhile project to invest in. WINS is dead simple, solves a problem, has practically no infrastructure overhead, and requires nearly no maintenance. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Friday, June 28, 2013 10:53 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] A very good article to read : Features Removed or Deprecated in Windows Server 2012 R2 Preview Pffft. That isn't going anywhere, anytime soon. I expect it to be around after I retire. -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Friday, June 28, 2013 11:10 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] A very good article to read : Features Removed or Deprecated in Windows Server 2012 R2 Preview I see WINS isn't on that list. :) On Fri, Jun 28, 2013 at 5:08 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Features Removed or Deprecated in Windows Server 2012 R2 Preview http://technet.microsoft.com/en-us/library/dn303411.aspx
RE: [NTSysADM] General Windows 8 question
Is not Windows 8.1 just a fancy way to say Win8 SP1? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of rodtr...@myitforum.com Sent: Wednesday, June 26, 2013 7:41 PM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] General Windows 8 question Yes, Windows 8.1 is a free upgrade and will be available around October. For those already running Windows 8 when it releases, it will be available from the Windows app store. Sent from Microsoft Surface Pro From: Jon Harris Sent: Wednesday, June 26, 2013 9:50 PM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com I have a client that is upgrading (replacing the drive so it will not be a real upgrade) his machine from Windows 7 Ultimate to Windows 8 Pro. I got a great deal on a full copy of Windows 8 Pro for him. The drive is about to be ordered. The question is from what I have been told at the Orlando Microsoft Store front those people running Windows 8 (RT, Pro, Phone) will be getting the new Windows 8.1 when it is released. I would like to confirm this and find out if this will come by way of a download using Windows Update or what? Anyone have any ideas? Thanks a lot!
[NTSysADM] IE10 finally did it..
I've finally had enough problems that I've installed Chrome. Too many sites I had to hit F12 and flip compatibility and other general weirdness. I saw a Redmond Magazine article stating IE10 blocks 99% of malware attacks, my comment is because it blocks 98% of the Internet! http://redmondmag.com/articles/2013/06/25/ie-10-blocks-more-malware.aspx David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
[NTSysADM] How to send secure communication to your friends and relatives. Cheap!
Snail mail. Sounds obvious doesn't it? I wonder if searching snail mail without a warrant will be allowed someday, I mean hey, once it leaves your house you should have no expectation of privacy right? Isn't digital communication the same thing, except using ISP's instead of the postal service? Just thinking aloud, as it were. But hey we stopped 1.4 shootings by opening up your letters! David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [NTSysADM] OT - tips on job change etiquette
When I interviewed for %dayjob%, I made it clear that I moonlight with my own biz. However, I also made it clear that %dayjob% would have priority during my scheduled work hours, and that %moonlighting% would actually give me areas of work that would improve what was required by %dayjob%. When I first made up my resume that included the moonlighting gig, I wasn't sure if it was going to be beneficial or not, but it turns out - in my case anyway - that it was a huge plus as it directly showed experience and initiative. On the notice thing, I'm a bird of a different feather as I'd feel compelled to keep them in the loop so they aren't too surprised when you give notice. Technically two weeks is plenty, but depending on your relationship you might consider full disclosure. In fact, at one point I did exactly this with my current biggest %moonlight% client. I thought I was going to have to drop them in July a few years ago, in January of that year I let them know it (leaving in July) might be a possibility, but that March it turned out to be unnecessary. They appreciated it and there has been zero fallout because they appreciate my work. Perhaps that's just me. If I am alone and see a motorist pulled over with apparent car problems I will stop to help - my desire to do right outweighs my paranoia of being burned by it. Am I likely to get burned someday? Sure, but I will sleep well knowing I did right by my own standards. YMMV. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins Sent: Wednesday, June 19, 2013 7:15 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] OT - tips on job change etiquette I'd caution you against that. It sounds nice, and may look good on your bank statement. But it will wear you down faster than you think. You won't be giving your best effort to either company in that scenario. I advise making a clean break if you accept another offer. Most companies frown on 'Moonlighting' for a reason. :) - WJR On Wed, Jun 19, 2013 at 9:07 AM, Don Kuhlman drkuhl...@yahoo.commailto:drkuhl...@yahoo.com wrote: Thanks guys. I appreciate the advice! And if this actually happens, then it would be kind of a win/win if they would let me work weekends on current stuff - that's very nice. Much appreciated! Don K From: Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Sent: Wednesday, June 19, 2013 8:56 AM Subject: RE: [NTSysADM] OT - tips on job change etiquette It's not easy, nor fun but you have to answer every one of those questions in a way that serves your best interests. Don't do any unneeded harm to your current employer but assume the worse and take care of yourself. Heck no you don't say anything. Never ever, once you do that they will always be looking over their shoulder. Hopefully you have expressed several times you want the contract converted to full time. Once you get the gig, you tell them as best you can. You love them, you love it here but you need a real employment commitment for your own personal protection/career. You promise (and deliver) that you will help them finish projects after hoursdocument everything..help them find someoneall of those kinds of things. The hard part will be if when you tell them you are leaving they offer you more money and the conversion to full time. I usually advise people to turn that down unless there are special circumstances. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Don Kuhlman Sent: Wednesday, June 19, 2013 9:52 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] OT - tips on job change etiquette Morning all. Just curious as to thoughts from some colleagues in the field. Say you were in a job as a contractor at a smaller firm, and the job was supposed to convert to full time in a few months, but that didn't happen. However, your contract is extended several times so you are still at the position. it may end in 6 months after being extended 18. The people at the place are really great and the environment is laid back and casual with very low stress. So you keep your options open and along comes what may be a very good opportunity with a large well established place that is insourcing and building a new team right in your preferred geography. It is also a 6 month contract to start out, but the company wants to make it permanent based on all information given. Do you share with your current gig that you are checking into this? Or if you don't share the info, and you get the offer, how do you tell your current gig so as not to burn any bridges? And if the new
[NTSysADM] Random e-mail of the day: RFC1149
Most of you have likely seen this, but I ran across it again today and it still makes me chuckle: http://www.ietf.org/rfc/rfc1149.txt David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
RE: [SPAM] Re: [NTSysADM] Home drives
My company is still insisting we be able to back up our offsite folks who never connect via VPN. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Miller Bonnie L. Sent: Friday, June 07, 2013 9:13 AM To: ntsysadm@lists.myitforum.com Subject: RE: [SPAM] Re: [NTSysADM] Home drives We redirect the desktop to the same folder with all of their other redirected items, so it both gets backed up and gets server quota applied. They can make a folder on their C: drive if needed (and a shortcut to the desktop), but individual workstations aren't backed up. ie. Redirected structure looks like: \Username |--\Desktop |--\Favorites |--\My Documents Etc., with one quota applied at the top to all. -B From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of J- P Sent: Friday, June 07, 2013 9:02 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: RE: [SPAM] Re: [NTSysADM] Home drives Exactly what I do- I drill it into their heads desktops are not backed up Jean-Paul Natola From: dgu...@che.orgmailto:dgu...@che.org To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Date: Fri, 7 Jun 2013 11:08:34 -0400 Subject: RE: [SPAM] Re: [NTSysADM] Home drives I've been told it's old school but... Assign their home drive through ADUC and direct them to save to that drive, also let them know that their local PCs will not get backed up. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: Description: Description: InfoService-Logo240] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Wimberly Sent: Friday, June 07, 2013 10:56 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [SPAM] Re: [NTSysADM] Home drives We do use the quota on the Windows Server 2008 R2; but the problem in this thread is the fact that the login is slow when we redirect the user home folder to a network drive. We redirect to encourage our users to save to the server rather than the desktop so we don't have to backup each individual desktop computer. That said, we do want to encourage users to be mindful of the space they take up, so we use the quota system on the server to limit them from going nuts. If we stop the redirect to gain a fast login, users save to their local desktop and nothing is backed up unless we sync their local home folder with the server in some fashion. What are others doing to gain a quick login and save documents to the server? On Fri, Jun 7, 2013 at 10:19 AM, William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com wrote: ZOMBIE THREAD! So if you are already redirecting, and I'm assuming to a Windows 20xx server, what's wrong with using the quotas on those shares? 2003: http://www.techrepublic.com/blog/datacenter/apply-quotas-with-individual-file-shares-with-windows-server-2003-r2/224 2008: http://technet.microsoft.com/en-us/library/dd163561.aspx That said...there are better (not free) 3rd party utilities for this. - WJR On Fri, Jun 7, 2013 at 8:07 AM, Stephen Wimberly riverside...@loopyguy.commailto:riverside...@loopyguy.com wrote: For all of us who still redirect My Documents to a UNC network location; What would be a better method to force the backup of a user's documents and yet still provide a user quota on the amount of data they utilize? On Fri, May 10, 2013 at 10:57 AM, William Robbins dangerw...@gmail.commailto:dangerw...@gmail.com wrote: Thanks again good sir! :) inline: image001.jpg
RE: [NTSysADM] RE: password change notification to users not physically connected to domain
I think I need to make that my sig line! From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Free, Bob Sent: Tuesday, June 04, 2013 10:51 AM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] RE: password change notification to users not physically connected to domain those servers are still part of the prod AD. You do, in fact, have a lab environment. What you do not have is a production environment. ~Don Hacherl circa 2009 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Monday, June 03, 2013 11:40 AM To: 'ntsysadm@lists.myitforum.com' Subject: RE: [NTSysADM] RE: password change notification to users not physically connected to domain Oh, I don't mind the joke. I'm just glad it was that easy to get something stood up. We have plenty of VMWare licensing, so throwing up a virtual domain should be pretty easy. Good luck with your crew. We do have a dev and test environment for our devs, which they do use. We even have it so that we (server admins) have to do the push to test/prod. That said, those servers are still part of the prod AD. Joe Heaton Enterprise Server Support CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 323-1284 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins Sent: Monday, June 03, 2013 11:33 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: password change notification to users not physically connected to domain I only joke because I'm currently in the same position. Also at a .gov coincidentally. You'd think it wouldn't be such a novel concept that perhaps you shouldn't test in environments where you can potentially impact provided services...but it is here. I've finally got them to add it to this years budget, so in July I get to stand up a QA forest. Now getting the devs to use it will be the next challenge. :P - WJR On Mon, Jun 3, 2013 at 1:29 PM, Heaton, Joseph@Wildlife joseph.hea...@wildlife.ca.govmailto:joseph.hea...@wildlife.ca.gov wrote: That's about the size of it. I'm talking with our architect, and he agrees that we should stand up a test domain, so we'll be doing that, and I'll do an LDIF export/import of our user base so we have stuff to play with. Joe Heaton Enterprise Server Support CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 323-1284 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins Sent: Monday, June 03, 2013 11:08 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] RE: password change notification to users not physically connected to domain :) - WJR On Mon, Jun 3, 2013 at 12:59 PM, Heaton, Joseph@Wildlife joseph.hea...@wildlife.ca.govmailto:joseph.hea...@wildlife.ca.gov wrote: Michael, I finally have time to look at this. The parameters at the top of the script are what I have to set beforehand. Do I have to do something with all of them? To begin with, I want this to only come to me, so I set $adminEmailOnly = $True, is that correct? I don't think we're using ANR, so I left that alone. I do want a report afterwards, so I need to leave $Quiet blank? Just want to get these clarifications before I run it the first time. Unfortunately, I don't have a test domain to play in, so it will be run against our production domain. I don't want any notifications sent to the users until I'm satisfied with it. Thanks, Joe Heaton From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Sunday, May 05, 2013 7:00 AM To: Heaton, Joseph@Wildlife; ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] RE: password change notification to users not physically connected to domain http://theessentialexchange.com/blogs/michael/archive/2012/01/17/sending-an-email-to-users-whose-password-is-about-to-expire-a-powershell-rewrite.aspx From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Liby Philip Mathew Sent: Sunday, May 5, 2013 8:16 AM To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com Subject: [NTSysADM] password change notification to users not physically connected to domain Hi, I am in the process of setting up a password reset policy of 90 days. I have a lots of users that are part of the domain but their laptops are not physically connected to the domain (commuting users). But, these users are
[NTSysADM] RE: An Exchange Q (query-based DL) - self-answered
I managed to answer my own Q on this one. This example adds Joe Bob to the query-based distribution list (err, Dynamic Distribution Group) FireDept Set-DynamicDistributionGroup -name FireDept -Identity FireDept -recipientfilter (Department -eq 'Fire dept') -or (Name -eq 'Joe Bob') The only caveat is you can no longer use the GUI to modify the group. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David Lum Sent: Friday, May 24, 2013 6:13 AM To: NTSysADM@lists.myITforum.com Subject: [NTSysADM] An Exchange Q (query-based DL) Situation: I have a query-based distribution list based on the Department attribute. I have one user that needs to be in two different groups. Is there any way to specifically add a user to a query-based DL, or do I need to choose a 2nd attribute to create the DL on so users can be in more than one? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764