[NTSysADM] RE: domain admin account passwords management

[Heaton, Joseph@Wildlife]

EA and SA should be empty, until needed.  A DA can add themselves to those 
groups.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David McSpadden
Sent: Wednesday, January 17, 2018 9:30 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: domain admin account passwords management

Agreed on all accounts.
With that said how do we still manage the EA, DA, and SA accounts with the 90 
day rotation?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Wednesday, January 17, 2018 12:15 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: domain admin account passwords management

Notice:  This email is from an outside source.  Please do not open any 
attachments, click on any hyperlinks, or respond without first confirming the 
authenticity of the email.


I would suggest you should only have 4 (maximum) domain admin accounts.

If Ford can get by with 4, so can you.

And the actual Administrator account should have a disgustingly long password 
that is written down and put in a safe.

I doubt highly that your service accounts need to be domain admins. They may 
need some specific privileges delegated, but actual domain admin? Probably not.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Wednesday, January 17, 2018 12:01 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] domain admin account passwords management

I know we have LAPS for local admins.
What is everyone doing for domain admin account passwords management and 
compliance?
We are being asked to change passwords every 90 days and most of the domain 
admins are service accounts?
So...what does everyone else do to automate/management this?


David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
[Description: imcu email icon]  [Description: facebook email 
icon]    [Description: twitter email 
icon] 
[Description: email logo]
[Image result for mcp 
logo]


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for workstations?

[Heaton, Joseph@Wildlife]

My question to that statement, is:  Have any of the chip manufacturers given a 
timeframe of when new, fixed, processors will be released?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Tuesday, January 9, 2018 6:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for 
workstations?

Not going to happen. It’s going to require new processors.

Everything being released is a mitigation, not a “fix”.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ed Ziots
Sent: Tuesday, January 9, 2018 4:27 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Are the Meltdown/Spectre reg keys needed for 
workstations?

It would be nice if intel and amd released.processor or bios.firmware update 
to.fix the flaw.once and all.

On Jan 9, 2018 2:24 PM, "Michael Leone" 
> wrote:
Here's something (more) I am confused about. Suppose I have Win 7 and Win 10 
workstations, and I have properly patched the OS. Do I *also* need to issue the 
2 (or is it 3) registry entries?

I *thought* the registry entries were only for servers, but I have seen other 
statements that say that the Meltdown/Spectre fixes are *not* enabled until you 
issue the registry entries.

So without the reg entries, you are effectively unpatched? The patches are 
there, but dormant?

(neither of my home PCs have BIOS updates issued - one is for a very old Dell 
Optiplex 755 that I only use to connect to a NAS, and the other is one I 
assembled from parts back in 2011. Neither has has had a BIOS upgrade released 
in years. Ah, the joy )

[NTSysADM] RE: Surface and rdp small display

[Heaton, Joseph@Wildlife]

Terminals allows you to select RDP display settings, as well.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrea 'ML' Suatoni
Sent: Tuesday, January 9, 2018 8:20 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Surface and rdp small display

Well, I don't know if it fits in your environment, but due to that precise DPI 
issue I've switched to mRemoteNG as RDP client when I started using a Surface, 
and it works perfectly. No more Lilliputian remote desktops since then.

Andrea

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: 09 January 2018 15:46
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Surface and rdp small display

I have been reading and applying hotfixes to my CFO's surface but the RDP 
session is so small he cannot use his Surface to remote into his workstation in 
the office.
What should I be really doing to fix this?


David McSpadden
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190| F: 317.554.8106
[Description: imcu email icon]  [Description: facebook email 
icon]    [Description: twitter email 
icon] 
[Description: email logo]
[Image result for mcp 
logo]


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.

RE: [NTSysADM] Oh, this one really hurts...

[Heaton, Joseph@Wildlife]

Should the patches be available thorugh WSUS?  Or do we have to manually 
download and deploy?

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Wednesday, January 3, 2018 7:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Oh, this one really hurts...

Win10 (and Server 1709) patch is out: 
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Note that it only installs if the A/V vender has updated their engine! (Or you 
are using Windows Defender.)

There are 3 bugs according to Google. AMD is vulnerable to only one of them and 
AMD says that the chances of that bug being hit are close to zero.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Wednesday, January 3, 2018 8:12 PM
To: ntsysadm
Subject: Re: [NTSysADM] Oh, this one really hurts...

No, it's not trivial. And I have to believe it's going to be cloud providers 
who are hardest hit, initially.

First, MSFT is releasing a patch for Win10 today:
https://www.theverge.com/2018/1/3/16846784/microsoft-processor-bug-windows-10-fix

Second, it's not just Intel - it seems to also affect AMD and ARM64:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

But AMD says it's not vulnerable:
https://lkml.org/lkml/2017/12/27/2

And, now it's *two* bugs, not just one:
https://meltdownattack.com/

And lastly, these flaws, along with this:
https://www.thezdi.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor

make me more leery than ever of cloud services...

Kurt

On Wed, Jan 3, 2018 at 4:39 PM, Mark Gottschalk  wrote:
> "...The effects are still being benchmarked, however we're looking at 
> a ballpark figure of five to 30 per cent slow down, depending on the 
> task and the processor model..."
>
> PostgreSQL: 10%-23% slowdown.
>
> Wow. That is not trivial.
>
>
>
>
> From:Kurt Buff 
> To:ntsysadm , Patch Management Mailing
> List 
> Date:01/02/2018 06:59 PM
> Subject:[NTSysADM] Oh, this one really hurts...
> Sent by:
> 
>
>
>
> "A fundamental design flaw in Intel's processor chips has forced a 
> significant redesign of the Linux and Windows kernels to defang the 
> chip-level security bug."
>
> http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>
>
>
>

[NTSysADM] DNS configuration question

[Heaton, Joseph@Wildlife]

Do you have to set scavenging on reverse lookup zones, or do you have the 
"Update associated pointer (PTR) record" checked?  I'm getting some issues 
where the PTR record will either hold onto an old IP, or will not delete when 
the forward zone record is cleaned.  My aging/scavenging settings:

On the server:

Scavenging is enabled under Properties, with a 7 day scavenging period.

On the Forward zone:

Aging is set, with both No-refresh interval and refresh interval set at 10 days.

On the Reverse zone:

Scavenge stale resource records is not checked.

By the way, the forward records do NOT have the "Update associated pointer 
(PTR) record" checked.  Not sure why not.


Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] RE: VDI options

[Heaton, Joseph@Wildlife]

Thanks, James, I will definitely keep that in mind.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, December 14, 2017 11:03 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: VDI options

Here's an example - I was brought in a couple of years ago for a customer that 
wanted "to do VDI". Why? They didn't know, they just thought it was the 
solution to everything. They were going to move 5000 PCs off user desks and 
into the datacenter, just because they thought it was the right thing to do.

What we did do was implement a robust application containerization system, 
coupled with profile management features, that allowed them to quickly deploy 
new apps, provision them without installing them, and maintain a similar 
look-and-feel across their existing devices. They ended up using Citrix for a 
limited amount of XenApp systems (to allow remote application access) and 
approximately 35 "power user" VDI instances that gave remote access to some 
overseas students needing to use "heavy" applications.

5000 VDI down to 30 saved them a lot of money. Their main requirement was easy 
deployment of applications, a cut-down "roaming" experience and the ability to 
deal with Windows 10 feature upgrades without the hassle of broken applications.

TL:DR - VDI isn't the magic bullet. In truth, it isn't really a necessity for 
most projects. Some parts of it are, but you can replicate those with other 
tech.

Happy to offer bits of advice offline if you need some help defining the actual 
scope, just shout.

Cheers,



JR

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 14 December 2017 17:34
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: VDI options

Very good points/questions, from you and Webster.  I will go back and see if I 
can get further clarification of what they really want.  VDI has been a 
buzzword thrown around here for years, but I was approached last week by my 
supervisor and told to look into it, but no real scope.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Thursday, December 14, 2017 8:55 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: VDI options

I suppose it all depends on your use case for "VDI". Would a published desktop 
from a server do or does it have to be full fat client VDI for licensing or GPU 
reasons? Does it have to be on-premise or cloud? Citrix and VMware both have 
many pricing options now, which could be more palatable depending on what else 
you want with it (application packaging, profile management, etc.)

We are a partner with Parallels, Citrix and VMware FWIW. I suppose a more 
detailed breakdown of your actual VDI drivers would allow me to give a more 
in-depth response.

Cheers,




[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D374F0.1EB24910]






James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 14 December 2017 16:21
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] VDI options

I know there are tons of options for VDI out there today.  I'm asking what you 
guys are using, and why.

We are a VMWare shop, running ESXi 5.5, but don't own licensing for Horizon.  
That is currently the front-runner fo

[NTSysADM] RE: VDI options

[Heaton, Joseph@Wildlife]

Very good points/questions, from you and Webster.  I will go back and see if I 
can get further clarification of what they really want.  VDI has been a 
buzzword thrown around here for years, but I was approached last week by my 
supervisor and told to look into it, but no real scope.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, December 14, 2017 8:55 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: VDI options

I suppose it all depends on your use case for "VDI". Would a published desktop 
from a server do or does it have to be full fat client VDI for licensing or GPU 
reasons? Does it have to be on-premise or cloud? Citrix and VMware both have 
many pricing options now, which could be more palatable depending on what else 
you want with it (application packaging, profile management, etc.)

We are a partner with Parallels, Citrix and VMware FWIW. I suppose a more 
detailed breakdown of your actual VDI drivers would allow me to give a more 
in-depth response.

Cheers,




[cid:image001.png@01D21FCA.D5DD9850]
[cid:image002.jpg@01D21FCA.D5DD9850]
[cid:image003.jpg@01D374BE.9B5CB9F0]






James Rankin CTA ACA vExpert
Technical Evangelist / Media Hound
Howell Technology Group
Office: 0191 4813446
Mobile: 07809 668579
Email: ja...@htguk.com<mailto:ja...@htguk.com>

www.htguk.com<http://www.htguk.com/> | Twitter<https://twitter.com/htguk> | 
Linkedin<https://www.linkedin.com/in/markhtg> | 
Facebook<https://www.facebook.com/HTGUK>


COMPANY INFORMATION
Howell Technology Group Ltd is a limited company registered in England with 
registered number 5520670 and VAT registered number GB 862 666 004. Our 
registered office is at 2.30 One Trinity Green, Eldon Street, South Shields, 
Tyne & Wear, NE33 1SA

CONFIDENTIALITY NOTICE
This message is intended solely for the addressee and may contain confidential 
information. If you have received this message in error, please send it back to 
us, and immediately and permanently delete it. Do not use, copy or disclose the 
information contained in this message or in any attachment.

PRIVACY POLICY
For information about how we process data and monitor communications please see 
our Privacy Policy.

To log a ticket please follow the link. https://htguk.on.spiceworks.com/portal



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 14 December 2017 16:21
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] VDI options

I know there are tons of options for VDI out there today.  I'm asking what you 
guys are using, and why.

We are a VMWare shop, running ESXi 5.5, but don't own licensing for Horizon.  
That is currently the front-runner for the VDI project.

I have looked at Jentu, very briefly, and while it sounds awesome, there's not 
a whole lot of info on how it does what it claims to do.

I think Citrix would be a non-starter, due to licensing, but I haven't looked 
at Citrix in over 10 years, so if something has changed, I'd love to be 
enlightened.

Thanks for any and all input,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] VDI options

[Heaton, Joseph@Wildlife]

I know there are tons of options for VDI out there today.  I'm asking what you 
guys are using, and why.

We are a VMWare shop, running ESXi 5.5, but don't own licensing for Horizon.  
That is currently the front-runner for the VDI project.

I have looked at Jentu, very briefly, and while it sounds awesome, there's not 
a whole lot of info on how it does what it claims to do.

I think Citrix would be a non-starter, due to licensing, but I haven't looked 
at Citrix in over 10 years, so if something has changed, I'd love to be 
enlightened.

Thanks for any and all input,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] Owners of folders

[Heaton, Joseph@Wildlife]

How do you guys keep track of file/folder owners?  i.e. who has the rights to 
request additions/removals of people to the access of those folders?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] RE: Crosspost: clearing the autocomplete cache

[Heaton, Joseph@Wildlife]

Also, Nirsoft has a utility that supposedly lets you open up and edit the 
autocomplete file.  Has anyone used it?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, December 1, 2017 7:21 AM
To: excha...@lists.myitforum.com; ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Crosspost: clearing the autocomplete cache

Without restarting Outlook? That would require testing.

But yes, when Outlook restarts it will.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, December 1, 2017 9:34 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Cc: excha...@lists.myitforum.com<mailto:excha...@lists.myitforum.com>
Subject: [Exchange] RE: [NTSysADM] RE: Crosspost: clearing the autocomplete 
cache

Guys, I am 100% completely onboard with you.  I don’t want to do this, but I’ve 
been directed to, and they’re not listening to reason.  So, does anyone know of 
a way to do this, without opening Outlook.  If I just rename/delete the 
original file, will Outlook recreate it automatically the first time the user 
sends a new e-mail?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jack Kramer
Sent: Thursday, November 30, 2017 1:50 PM
To: <ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>> 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Cc: excha...@lists.myitforum.com<mailto:excha...@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: Crosspost: clearing the autocomplete cache

Oh, if he clears everyone’s autocomplete cache I’d put money on it being open 
carry versus concealed...

Jack Kramer, Senior Consultant
Small Type Computing - www.smalltype.net<http://www.smalltype.net>
W: 855-765-8973 x101 - C: 248-635-4955

On Nov 30, 2017, at 2:48 PM, Webster 
<webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote:

Be glad CA is not a concealed carry state!


Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, November 30, 2017 10:05 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>; 
excha...@lists.myitforum.com<mailto:excha...@lists.myitforum.com>
Subject: [NTSysADM] Crosspost: clearing the autocomplete cache

Recently, we did a cleanup of proxy addresses that were no longer needed.  
Unfortunately, this has caused an issue with our users, as some of their 
autocomplete entries are using the old, now gone, proxy addresses.  I’ve been 
directed to clear everyone’s autocomplete cache.  I found a quick and easy 
command to do this, but it opens Outlook in order to perform the clean.  
(outlook.exe /CleanAutoCompleteCache).  Having Outlook open spontaneously, or a 
second instance opening, would be very disconcerting and worrisome for our 
users, so I’d like to find a way to clean the cache, without opening Outlook.  
Does anyone have a method?

For the most part, all users are using Outlook 2016, but there are a few 2013, 
and 2010.

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] Bitlocker - set up and store keys in AD all at once

[Heaton, Joseph@Wildlife]

MBAM was super simple to setup.  Don't need a separate instance, just have to 
have your DBA buy off on setting the Force Encrypt checkbox.  Took me all of an 
hour or two to setup the entire environment.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Thursday, November 30, 2017 4:45 PM
To: ntsysadm 
Subject: [NTSysADM] Bitlocker - set up and store keys in AD all at once

Anyone have a clue on how to do this - without setting up MBAM?

AFAICT, there isn't a way to do this, but I'm throwing it out here to see if 
I'm wrong. MBAM sets my teeth on edge, needing a SQL instance and all that when 
all I want to do is provision new machines with Bitlocker and get the key set 
up in AD in one go, and not hassle with writing the key to a file, then running 
another (logon) script to get the key imported into AD.

Kurt

RE: [NTSysADM] RE: Crosspost: clearing the autocomplete cache

[Heaton, Joseph@Wildlife]

Guys, I am 100% completely onboard with you.  I don’t want to do this, but I’ve 
been directed to, and they’re not listening to reason.  So, does anyone know of 
a way to do this, without opening Outlook.  If I just rename/delete the 
original file, will Outlook recreate it automatically the first time the user 
sends a new e-mail?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jack Kramer
Sent: Thursday, November 30, 2017 1:50 PM
To: <ntsysadm@lists.myitforum.com> <ntsysadm@lists.myitforum.com>
Cc: excha...@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Crosspost: clearing the autocomplete cache

Oh, if he clears everyone’s autocomplete cache I’d put money on it being open 
carry versus concealed...

Jack Kramer, Senior Consultant
Small Type Computing - www.smalltype.net<http://www.smalltype.net>
W: 855-765-8973 x101 - C: 248-635-4955


On Nov 30, 2017, at 2:48 PM, Webster 
<webs...@carlwebster.com<mailto:webs...@carlwebster.com>> wrote:

Be glad CA is not a concealed carry state!


Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, November 30, 2017 10:05 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>; 
excha...@lists.myitforum.com<mailto:excha...@lists.myitforum.com>
Subject: [NTSysADM] Crosspost: clearing the autocomplete cache

Recently, we did a cleanup of proxy addresses that were no longer needed.  
Unfortunately, this has caused an issue with our users, as some of their 
autocomplete entries are using the old, now gone, proxy addresses.  I’ve been 
directed to clear everyone’s autocomplete cache.  I found a quick and easy 
command to do this, but it opens Outlook in order to perform the clean.  
(outlook.exe /CleanAutoCompleteCache).  Having Outlook open spontaneously, or a 
second instance opening, would be very disconcerting and worrisome for our 
users, so I’d like to find a way to clean the cache, without opening Outlook.  
Does anyone have a method?

For the most part, all users are using Outlook 2016, but there are a few 2013, 
and 2010.

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] DHCP role

[Heaton, Joseph@Wildlife]

You can just do a backup on the old, and restore on the new, as well, right?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Thursday, November 30, 2017 2:33 PM
To: ntsysadm <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] DHCP role

You can quickly import DHCP on a new machine running the same version of 
Windows using NETSH

https://technet.microsoft.com/en-us/library/dd759224(v=ws.11).aspx


Regards,

 ASB



On Thu, Nov 30, 2017 at 12:46 PM, David Lum 
<d...@theitgarage.com<mailto:d...@theitgarage.com>> wrote:
I've pulled DHCP off all our DC's and it wasn't too tough for the network team 
to accomodate. Using DHCP failover took a bit more work for us to perfect.  
Using failover you by definiton copy the confif to the new serverstand up 
new dhcp server, config as failover, then stand down DHCP on the domain 
controller and decondigure failover once the new server is confirmed to hand 
out IP's. (Assuming Win DHCP servers).

Totally worth it in our opinion.

Dave

On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
Problem with that, is that I’d really like to keep the same IP for the DHCP 
server.  My network team has that in all their switches around the state as 
ip-helper entries.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: Thursday, November 30, 2017 7:45 AM

To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] DHCP role

I would migrate DHCP first.

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, November 30, 2017 9:00 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] DHCP role

That’s what we’re doing as well.  Not sure why, but our service account is 
member of DNSUpdateProxy, but also a member of DNSAdmins.  Anyone have an idea 
why that group?  I didn’t set this up initially, I’m just trying to get things 
in best practices, and address a current issue I’m working through, of 
replacing a DC, that happens to be our main DHCP server.  My thoughts at the 
moment, are to add a new DC, with only DC roles.  Then, DCpromo the old DC 
(with DHCP), then migrate DHCP to a new server, that is only a member server, 
not a DC.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mark Gottschalk
Sent: Wednesday, November 29, 2017 6:21 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] DHCP role

https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/
https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx

This is what we've done with DHCP on DC.  Have a user "DHCP_user" in Protected 
User group, DNSUpdateProxy group. Use this for alternate credentials.

Note that first article says:
"A common error is to think that the DHCP Server service running in a DC will 
use its service account security context to register records in DNS if no 
alternate credentials are configured, and then there is security risk. In fact, 
this is not the behavior of the DHCP Server in a DC.

If the DHCP Server service detects that it is running in a domain controller, 
and no alternate credentials for DNS registrations have been configured, then 
it decides to not do any registrations for DHCP clients and logs event 
DHCP/1056."

It also starts with:
"One common deployment scenario for the DHCP Server service is to have it 
installed in domain controllers. When this scenario is used it is necessary to 
define the alternate credentials to be used by DHCP when doing DNS 
registrations on behalf of the DHCP clients."

If you can separate them with no downside, go for it.  However, running DHCP on 
a DC appears to be accounted for and can be addressed by above.

-- Mark




From:"Heaton, Joseph@Wildlife" 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>>
To:'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Date:11/29/2017 02:49 PM
Subject:[NTSysADM] DHCP role
Sent by:
"listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>" 




[https://my-email-signature.link/signature.gif?u=162639=14235916=ddae8ade681152eb77937b7fea0dc380eba11b7a546fdc5534ec8ca29c7f560b]

RE: [NTSysADM] Crosspost: clearing the autocomplete cache

[Heaton, Joseph@Wildlife]

I agree, but at the moment, this is the directive from our CIO.  My 
recommendation has always been that it is a desktop issue, and our Helpdesk 
should handle it, but…

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Gantry Zettler
Sent: Thursday, November 30, 2017 9:00 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Crosspost: clearing the autocomplete cache

If you delete everyone's autocomplete cash, you are going to have a full scale 
riot on your hands.  I HIGHLY HIGHLY recommend you don't do that.  People use 
that exponentially more than contacts in my experience, they won't know what to 
do.


On Thu, Nov 30, 2017 at 10:04 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
Recently, we did a cleanup of proxy addresses that were no longer needed.  
Unfortunately, this has caused an issue with our users, as some of their 
autocomplete entries are using the old, now gone, proxy addresses.  I’ve been 
directed to clear everyone’s autocomplete cache.  I found a quick and easy 
command to do this, but it opens Outlook in order to perform the clean.  
(outlook.exe /CleanAutoCompleteCache).  Having Outlook open spontaneously, or a 
second instance opening, would be very disconcerting and worrisome for our 
users, so I’d like to find a way to clean the cache, without opening Outlook.  
Does anyone have a method?

For the most part, all users are using Outlook 2016, but there are a few 2013, 
and 2010.

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284<tel:(916)%20323-1284>

[NTSysADM] Crosspost: clearing the autocomplete cache

[Heaton, Joseph@Wildlife]

Recently, we did a cleanup of proxy addresses that were no longer needed.  
Unfortunately, this has caused an issue with our users, as some of their 
autocomplete entries are using the old, now gone, proxy addresses.  I've been 
directed to clear everyone's autocomplete cache.  I found a quick and easy 
command to do this, but it opens Outlook in order to perform the clean.  
(outlook.exe /CleanAutoCompleteCache).  Having Outlook open spontaneously, or a 
second instance opening, would be very disconcerting and worrisome for our 
users, so I'd like to find a way to clean the cache, without opening Outlook.  
Does anyone have a method?

For the most part, all users are using Outlook 2016, but there are a few 2013, 
and 2010.

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] DHCP role

[Heaton, Joseph@Wildlife]

Problem with that, is that I'd really like to keep the same IP for the DHCP 
server.  My network team has that in all their switches around the state as 
ip-helper entries.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: Thursday, November 30, 2017 7:45 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] DHCP role

I would migrate DHCP first.

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, November 30, 2017 9:00 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] DHCP role

That's what we're doing as well.  Not sure why, but our service account is 
member of DNSUpdateProxy, but also a member of DNSAdmins.  Anyone have an idea 
why that group?  I didn't set this up initially, I'm just trying to get things 
in best practices, and address a current issue I'm working through, of 
replacing a DC, that happens to be our main DHCP server.  My thoughts at the 
moment, are to add a new DC, with only DC roles.  Then, DCpromo the old DC 
(with DHCP), then migrate DHCP to a new server, that is only a member server, 
not a DC.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mark Gottschalk
Sent: Wednesday, November 29, 2017 6:21 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] DHCP role

https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/
https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx

This is what we've done with DHCP on DC.  Have a user "DHCP_user" in Protected 
User group, DNSUpdateProxy group. Use this for alternate credentials.

Note that first article says:
"A common error is to think that the DHCP Server service running in a DC will 
use its service account security context to register records in DNS if no 
alternate credentials are configured, and then there is security risk. In fact, 
this is not the behavior of the DHCP Server in a DC.

If the DHCP Server service detects that it is running in a domain controller, 
and no alternate credentials for DNS registrations have been configured, then 
it decides to not do any registrations for DHCP clients and logs event 
DHCP/1056."

It also starts with:
"One common deployment scenario for the DHCP Server service is to have it 
installed in domain controllers. When this scenario is used it is necessary to 
define the alternate credentials to be used by DHCP when doing DNS 
registrations on behalf of the DHCP clients."

If you can separate them with no downside, go for it.  However, running DHCP on 
a DC appears to be accounted for and can be addressed by above.

-- Mark




From:"Heaton, Joseph@Wildlife" 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>>
To:'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Date:11/29/2017 02:49 PM
Subject:[NTSysADM] DHCP role
Sent by:
"listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>" 

RE: [NTSysADM] DHCP role

[Heaton, Joseph@Wildlife]

That's what we're doing as well.  Not sure why, but our service account is 
member of DNSUpdateProxy, but also a member of DNSAdmins.  Anyone have an idea 
why that group?  I didn't set this up initially, I'm just trying to get things 
in best practices, and address a current issue I'm working through, of 
replacing a DC, that happens to be our main DHCP server.  My thoughts at the 
moment, are to add a new DC, with only DC roles.  Then, DCpromo the old DC 
(with DHCP), then migrate DHCP to a new server, that is only a member server, 
not a DC.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Mark Gottschalk
Sent: Wednesday, November 29, 2017 6:21 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] DHCP role

https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp-server-in-dcs-and-dns-registrations/
https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx

This is what we've done with DHCP on DC.  Have a user "DHCP_user" in Protected 
User group, DNSUpdateProxy group. Use this for alternate credentials.

Note that first article says:
"A common error is to think that the DHCP Server service running in a DC will 
use its service account security context to register records in DNS if no 
alternate credentials are configured, and then there is security risk. In fact, 
this is not the behavior of the DHCP Server in a DC.

If the DHCP Server service detects that it is running in a domain controller, 
and no alternate credentials for DNS registrations have been configured, then 
it decides to not do any registrations for DHCP clients and logs event 
DHCP/1056."

It also starts with:
"One common deployment scenario for the DHCP Server service is to have it 
installed in domain controllers. When this scenario is used it is necessary to 
define the alternate credentials to be used by DHCP when doing DNS 
registrations on behalf of the DHCP clients."

If you can separate them with no downside, go for it.  However, running DHCP on 
a DC appears to be accounted for and can be addressed by above.

-- Mark




From:    "Heaton, Joseph@Wildlife" 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>>
To:'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Date:11/29/2017 02:49 PM
Subject:[NTSysADM] DHCP role
Sent by:
"listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>" 

[NTSysADM] DHCP role

[Heaton, Joseph@Wildlife]

Is it still best practice to have DHCP NOT on a DC?  I've been reading a bunch 
of stuff, but everything I'm reading refers to Server 2003 or older.

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] Accessing only a lower level folder in a share

[Heaton, Joseph@Wildlife]

You need to setup folder traversal.  Whatever group needs access at D4, needs 
read/execute (This folder only) at the levels above it.  They'll be able to see 
folders along the way, but won't be able to open them.



[cid:image001.png@01D35D27.B71D1300]



-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Tuesday, November 14, 2017 8:51 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Accessing only a lower level folder in a share



It's been so long since I've had to do this, I need a check. I'm doing 
something fundamentally wrong, I think.



We use groups to set share/ACLs on folders. I got a request to share a 4th 
level sub-folder with other employees not in the ACL. So what I have is:



Folder A1 (shared)

-->>B2

   -->>C3

 -->> D4 (this is the one I want to allow access to)



Now, the share permissions on A1 is for DevelopmentGroup, and the NTFS 
permissions are the same. Those permissions just flow down to B2, C3 and D4 
(i.e., normal inheritance).



Now, I'm pretty sure the only way to allow access to only D4, and not allow 
access to B2 and C3 or even see files there, is to enable ABE.

But I've never done that, and am leery of enabling it in production, without a 
whole more testing and forethought (I shudder to think of all the help desk 
calls, if I get something wrong).



Am I correct that only ABE will do what I am thinking of (allow access only to 
D4 and hide contents of A1, B2, C3)?



Barring ABE, there's nothing I can do, short of granting a new group access to 
D4, and living with the consequences?



Thoughts? At this point, I want to just add the new group to the NTFS 
permissions of D4 only, and live with the fact that these new group members can 
see everything higher up.

[NTSysADM] RE: NTFS permission management on shares/directories

[Heaton, Joseph@Wildlife]

We use NTFS Permissions Reporter from CJWDev

www.cjwdev.co.uk

Great product, but if it is a large file structure, you'll probably need 64-bit 
Excel for the report.  Does everything you mention.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Tammy George
Sent: Monday, October 30, 2017 10:21 AM
To: NT Issues (ntsysadm@lists.myitforum.com) 
Subject: [NTSysADM] NTFS permission management on shares/directories

Good afternoon.

We are in the process of migrating our shared departmental network folders to 
SharePoint Online.  We'll be doing a very gradual process and working with each 
department before moving onto the next.  As part of the procedure, we want to 
change all users' access on each top level folder (as well as its many layers 
of subfolders) to read-only.

For example, Arts and all subfolders then onto English and all subfolders, etc. 
 Step one would be to generate a report of all existing permissions and then 
change all user permissions (minus admins, helpdesk, etc) to read-only.

We've tried out get-acl but we're wondering if there's cleaner/easier way to do 
this.   Freeware or a reasonably priced utility.  With that said, I do believe 
I could convince my boss to purchase a more feature packed utility if there is 
one that's highly recommended.  We did download & try ManageEngine's product 
but it won't touch inherited permissions.  I've also downloaded Netwrix's 
Auditor but haven't tried it out yet but I believe this will likely be out of 
our price range anyway.

Any feedback would be greatly appreciated!

Thanks in advance.
- Tammy



Tammy George
Systems Administrator, Technology Services
Acadia University
Wolfville, Nova Scotia, Canada, B4P 2R6

t. (902) 585-1158
w. ts.acadiau.ca

acadiau.ca
Facebook  
Twitter  
YouTube  
LinkedIn
  Flickr
[cid:image001.gif@01D1FE00.EF64F0C0]

[NTSysADM] RE: replication issue

[Heaton, Joseph@Wildlife]

Yep, I just needed to wait a few more minutes.  It's all good now.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 28, 2017 9:14 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: replication issue

If you force replication, quickly.

Otherwise it depends on what you've got in ADSS.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, September 28, 2017 11:48 AM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] replication issue

I have done some cleanup of a couple of old 208R2 DCs, and have removed them 
from the domain. Followed proper procedures, etc.  This morning, I found a 
current DC that in Sites and Services, had its NTDS settings pointing only to 
one of the DCs I removed, almost 2 weeks ago now.  I fixed the issue, by 
manually adding connections to the 3 DCs here at our central site, and removing 
the automatically generated one for the dead DC.

How long should it take for repadmin /showrepl to update to show the good DCs, 
instead of the dead one?

Thanks,

Joe Heaton

[NTSysADM] replication issue

[Heaton, Joseph@Wildlife]

I have done some cleanup of a couple of old 208R2 DCs, and have removed them 
from the domain. Followed proper procedures, etc.  This morning, I found a 
current DC that in Sites and Services, had its NTDS settings pointing only to 
one of the DCs I removed, almost 2 weeks ago now.  I fixed the issue, by 
manually adding connections to the 3 DCs here at our central site, and removing 
the automatically generated one for the dead DC.

How long should it take for repadmin /showrepl to update to show the good DCs, 
instead of the dead one?

Thanks,

Joe Heaton

[NTSysADM] RE: Running RSAT tools elevated

[Heaton, Joseph@Wildlife]

No, my user account is not local admin.  Just a regular ol' user.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ted Ostrowski
Sent: Friday, September 22, 2017 8:21 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Running RSAT tools elevated

To clarify, your "regular" logged in account is Not desktop administrator for 
that machine? I have a co-worker who sets his regular account as a desktop 
admin on his computer, has nothing but issues when trying to run things with 
his domain admin account.

I use RSAT on Win10 1607 with Run as Administrator checked in the shortcut, 
prompts every time (I use this method for quite a few programs, including 
Windows Admin Tools). UAC is completely disabled for our systems.

I've set the shortcut properties in C:\ProgramData\Microsoft\Windows\Start 
Menu\Programs and everything I need launches with admin prompt, making life 
silky smooth.

Good Luck!

Ted

From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov]
Sent: Thursday, September 21, 2017 2:49 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Running RSAT tools elevated

Nope.  We log in with normal user accounts.  Definitely a division of 
permissions.

@Charles - There are a number of local policies in the UAC area that are 
enabled:

Admin Approval Mode for the Built-In Administrator account
Detect application installations and prompt for elevation
Only elevate UIAccess applications that are installed in secure locations
Run all Administrators in Admin Approval Mode
Virtualize file and registry write failures to per-user locations

Behavior of the elevation prompt for admins in Admin Approval Mode  -- Prompt 
for consent
Behavior of the elevation prompt for standard users - Prompt for credentials

All other UAC settings are disabled.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Thursday, September 21, 2017 12:12 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Running RSAT tools elevated

Are you logged in with a local admin account?  Perhaps that is fooling UAC?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, September 21, 2017 11:46 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Running RSAT tools elevated

My UAC was turned all the way up.  I brought it down one notch to match your 
setting, and rebooted, but double-clicking the shortcut on my desktop still 
just opens the app directly, no asking for creds.

Shift-right-click does work, but I really don't want to have to do that every 
time.

In Win7, I would double-click the icon, and UAC/Viewfinity would ask for 
credentials.  I thought all I did was go into Advanced for the shortcut and 
check the Run as Administrator box, but that's not working for me now.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Thursday, September 21, 2017 8:11 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] RE: Running RSAT tools elevated

Is this a UAC setting issue?  I just click and it asks. Mine is set to 'Always 
notify, do not dim'.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, September 21, 2017 9:48 AM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] Running RSAT tools elevated

So, in Win 7, I had installed RSAT tools, and I had the shortcuts setup so that 
when I double-clicked it, it would run as administrator, I'd be prompted by my 
privilege elevation software, put in my admin credentials and away I went.  I 
did not have to use the runas command in the shortcut to make this happen.  
Now, in Win 10, I can't for the life of me get this working.  If I go to the 
Advanced button in the shortcut, and choose Run as Administrator, nothing 
happens.  The tool opens using my logged in credentials, not prompting me for 
my admin creds.  If I do put in the runas command, I end up having to enter my 
credentials twice, once for my privilege elevation software, once in a command 
window that opens up.

Anyone know of a better way of doing this?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] RE: Running RSAT tools elevated

[Heaton, Joseph@Wildlife]

Nope.  We log in with normal user accounts.  Definitely a division of 
permissions.

@Charles - There are a number of local policies in the UAC area that are 
enabled:

Admin Approval Mode for the Built-In Administrator account
Detect application installations and prompt for elevation
Only elevate UIAccess applications that are installed in secure locations
Run all Administrators in Admin Approval Mode
Virtualize file and registry write failures to per-user locations

Behavior of the elevation prompt for admins in Admin Approval Mode  -- Prompt 
for consent
Behavior of the elevation prompt for standard users - Prompt for credentials

All other UAC settings are disabled.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Thursday, September 21, 2017 12:12 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Running RSAT tools elevated

Are you logged in with a local admin account?  Perhaps that is fooling UAC?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, September 21, 2017 11:46 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Running RSAT tools elevated

My UAC was turned all the way up.  I brought it down one notch to match your 
setting, and rebooted, but double-clicking the shortcut on my desktop still 
just opens the app directly, no asking for creds.

Shift-right-click does work, but I really don't want to have to do that every 
time.

In Win7, I would double-click the icon, and UAC/Viewfinity would ask for 
credentials.  I thought all I did was go into Advanced for the shortcut and 
check the Run as Administrator box, but that's not working for me now.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kennedy, Jim
Sent: Thursday, September 21, 2017 8:11 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] RE: Running RSAT tools elevated

Is this a UAC setting issue?  I just click and it asks. Mine is set to 'Always 
notify, do not dim'.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, September 21, 2017 9:48 AM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] Running RSAT tools elevated

So, in Win 7, I had installed RSAT tools, and I had the shortcuts setup so that 
when I double-clicked it, it would run as administrator, I'd be prompted by my 
privilege elevation software, put in my admin credentials and away I went.  I 
did not have to use the runas command in the shortcut to make this happen.  
Now, in Win 10, I can't for the life of me get this working.  If I go to the 
Advanced button in the shortcut, and choose Run as Administrator, nothing 
happens.  The tool opens using my logged in credentials, not prompting me for 
my admin creds.  If I do put in the runas command, I end up having to enter my 
credentials twice, once for my privilege elevation software, once in a command 
window that opens up.

Anyone know of a better way of doing this?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] RE: Running RSAT tools elevated

[Heaton, Joseph@Wildlife]

My UAC was turned all the way up.  I brought it down one notch to match your 
setting, and rebooted, but double-clicking the shortcut on my desktop still 
just opens the app directly, no asking for creds.

Shift-right-click does work, but I really don't want to have to do that every 
time.

In Win7, I would double-click the icon, and UAC/Viewfinity would ask for 
credentials.  I thought all I did was go into Advanced for the shortcut and 
check the Run as Administrator box, but that's not working for me now.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Thursday, September 21, 2017 8:11 AM
To: 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Running RSAT tools elevated

Is this a UAC setting issue?  I just click and it asks. Mine is set to 'Always 
notify, do not dim'.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, September 21, 2017 9:48 AM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] Running RSAT tools elevated

So, in Win 7, I had installed RSAT tools, and I had the shortcuts setup so that 
when I double-clicked it, it would run as administrator, I'd be prompted by my 
privilege elevation software, put in my admin credentials and away I went.  I 
did not have to use the runas command in the shortcut to make this happen.  
Now, in Win 10, I can't for the life of me get this working.  If I go to the 
Advanced button in the shortcut, and choose Run as Administrator, nothing 
happens.  The tool opens using my logged in credentials, not prompting me for 
my admin creds.  If I do put in the runas command, I end up having to enter my 
credentials twice, once for my privilege elevation software, once in a command 
window that opens up.

Anyone know of a better way of doing this?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] Building a test domain

[Heaton, Joseph@Wildlife]

So, after further discussion, we're not sure this path is the best moving 
forward for the immediate need.

The developer is currently using AD LDS, installed on his local PC, to do his 
testing with.  He wants the Test Web server to be able to run the code, and do 
the LDAP query/push, and figuring out how to get the Test Web Server access to 
the cloned and isolated DC is very troublesome.  So, we were starting to look 
at installing AD LDS on the Test web server, and allowing them to use that for 
their testing.  My concern, is whether or not that LDS environment would have 
the ability to write back to the AD DS.  I've just started doing some reading, 
but would like to hear from you guys on this, as well.

Thanks,

Joe

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Wednesday, September 13, 2017 6:21 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Building a test domain

On Tue, Sep 12, 2017 at 5:31 PM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov> wrote:
> For a quick build of a test domain, completely separate from a 
> production domain, would you take a vReplica of the production domain 
> controller, then revive that in the test area?  Sounds great, but I 
> have huge trepidation about it.

I have done it this way. I took a clone of one of my DCs (it's a VM), set it on 
an ESXi server and configured it to use a specific vswitch,
*not* configured to have any NICs assigned to it  (so it was a private network, 
and completely isolated from the other vswitches).

Be certain of that part ..

 Then, on that cloned VM, I seized roles, deleted the other, missing DCs, 
changed it's IP to be one on that private vswitch, created a "management" PC to 
talk to it. It did work. I posted here about it, years ago.

It was a lot of work. But yes, it does give you a replica of your current 
config (all same OUs, sites, etc).

RE: [NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[Heaton, Joseph@Wildlife]

Well, as long as you’re not using it in a Corporate environment:

https://www.piriform.com/legal/software-license/ccleaner

“You may NOT use the Product in corporate or commercial environments.”


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Monday, September 18, 2017 1:25 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] CCleaner found to be backdoored for downloads between 
August 15 and September 12

Ironic that my predilection for the free version of this, which doesn’t 
auto-update, has prevented me from being a victim of this ☺

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Micheal Espinola Jr
Sent: 18 September 2017 20:46
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] CCleaner found to be backdoored for downloads between 
August 15 and September 12

CORRECTION for Google search:

https://www.google.com/search?q=ccleaner+infection

--
Espi


On Mon, Sep 18, 2017 at 12:35 PM, Micheal Espinola Jr 
> wrote:
https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/

https://www.google.com/search?q=ccleanup+infection

--
Espi

RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

[Heaton, Joseph@Wildlife]

S many political fire-fanning statements could be made here, but I will 
refrain.

Things in the world are getting waaay out of hand these days.

Make business decisions based on business needs, not political brouhaha going 
on.

We use System Center Endpoint Protection here (and now Windows Defender, with 
Server 16 and Win 10).  We use it because it is free, and managed with SCCM.  
It catches stuff, and I'm sure it lets other stuff through.  If I had more 
people and/or more time, I'd most likely look into tightening application 
controls, etc, as has already been recommended here.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 11:35 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

But he doesn't say anything is wrong.

It's just another step in the increasing tension between Russia and the USA as 
far as I can see.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Thursday, September 14, 2017 2:26 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

Looks like the WH's cybersecurity dude announced it.

http://www.businessinsider.com/kaspersky-is-being-banned-across-the-us-government-by-trump-2017-9


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Thursday, September 14, 2017 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

As I've recommended Kaspersky for about a decade now, I'm interested in knowing 
your source. :-)

I know that the USA is less and less happy with Russia... But I've not found 
anything that even seems official...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Thursday, September 14, 2017 12:32 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

We use Kaspersky for our AV needs, and to be honest, it's worked out well for 
us. It's certainly caught things that McAfee, our previous AV solution, didn't. 
However, they have this slight problem with being a covert arm of the Russian 
government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking at. But 
tell me, who do you have? And - more importantly - if you had your say in the 
matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch of 
laptops issued to remote users. So far, all Win 7 for workstations, but 
obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized console, to push 
out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We have 
Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among others. 
Just soliciting some real world opinions, along with our own research.

[NTSysADM] Building a test domain

[Heaton, Joseph@Wildlife]

For a quick build of a test domain, completely separate from a production 
domain, would you take a vReplica of the production domain controller, then 
revive that in the test area?  Sounds great, but I have huge trepidation about 
it.

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] RE: Any good SCOM lists?

[Heaton, Joseph@Wildlife]

Ok, so from this, it looks like it makes more sense to start with OMS, not 
SCOM?  We don't have much of an Azure presence, and costs are prohibitive to 
just moving the whole environment up there, but there is a desire from our 
execs, and the state as a whole, to look "cloud first".

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rod Trent
Sent: Wednesday, August 23, 2017 4:47 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: Any good SCOM lists?

It started out that way, but Microsoft is pushing deeper into the cloud into a 
more accelerated rate. OMS has gotten a lot of unexpected capabilities from 
SCOM in the last 6 months to a year, making it clear the direction the products 
are heading. Watch the OMS announcements from Ignite (you can stream at your 
desk and skip the massive crowd).

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, August 22, 2017 5:56 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Any good SCOM lists?

I had read that OMS was SCOM lite, though, and not expected to get full 
functionality.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent
Sent: Tuesday, August 22, 2017 1:57 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: Any good SCOM lists?

The MSMOM/SCOM list isn't high traffic at all - which is actually indicative of 
the product itself. Microsoft is moving SCOM capabilities to OMS. SCOM has a 
short shelf life.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, August 22, 2017 1:57 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Any good SCOM lists?

Thanks Michael.  As mentioned, I signed up for the Myitforum list last week, 
but haven't seen a single message yet.  Is that normal?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Friday, August 18, 2017 4:37 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Any good SCOM lists?

The one I use is ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>

It's low volume, but high quality.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, August 18, 2017 7:00 PM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] Any good SCOM lists?

I signed up for the MyITForum SCOM list, but haven't seen a single message in 
the few days since.  Does anyone know of any active lists?

I know I can go to Technet Forums, etc. but wanted a mailing list, like this, 
or the SCCM/Exchange lists.

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] RE: Any good SCOM lists?

[Heaton, Joseph@Wildlife]

Thanks Michael.  As mentioned, I signed up for the Myitforum list last week, 
but haven't seen a single message yet.  Is that normal?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, August 18, 2017 4:37 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Any good SCOM lists?

The one I use is ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>

It's low volume, but high quality.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, August 18, 2017 7:00 PM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] Any good SCOM lists?

I signed up for the MyITForum SCOM list, but haven't seen a single message in 
the few days since.  Does anyone know of any active lists?

I know I can go to Technet Forums, etc. but wanted a mailing list, like this, 
or the SCCM/Exchange lists.

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

[NTSysADM] Cross post: Anyone using Autopilot?

[Heaton, Joseph@Wildlife]

Just wondering if anyone is using Microsoft's Autopilot?  Good, bad, ugly?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

RE: [NTSysADM] Advice on patching Domain Controllers via WSUS

[Heaton, Joseph@Wildlife]

That’s what we’re moving to.  I’m working on the maintenance windows presently.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian Desmond
Sent: Thursday, July 13, 2017 9:24 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Advice on patching Domain Controllers via WSUS

You can configure clusters and maintenance windows in SCCM so it will only 
reboot a certain percentage of a given population of machines at one point also.


Thanks,
Brian Desmond

(w) 312.625.1438 | (c) 312.731.3132

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Wednesday, July 12, 2017 10:07 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Advice on patching Domain Controllers via WSUS

I patch everything with SCCM.  Currently, all of my servers get updates 
deployed to them, with reboots being done manually by me after hours.  I have a 
little over 200 total, minus the 30 or so in my test group that gets done the 
previous week.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone
Sent: Wednesday, July 12, 2017 7:56 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Advice on patching Domain Controllers via WSUS

Our policy has been that our DCs are not patched via WSUS, like other member 
servers, but instead that we manually install the current patches from 
Microsoft Update. But now, I would like to change this, and use WSUS to patch 
all the DCS to our production levels (meaning: one month behind on released 
patches).

I don't see any downsides to this. I would create a new GPO (rather than modify 
the Default Domain Controllers Policy). I think I might still set them to 
download only, not automatically install.

Thoughts?
Should I let them auto-install, like most of my other member servers?
Is that what you others do?
Do you let your DCs get their patches via WSUS?

(the more servers I don't have to manually install patches on, the happier I 
am. We have some servers that we must do manually, for reasons I won't go into)

RE: [NTSysADM] Advice on patching Domain Controllers via WSUS

[Heaton, Joseph@Wildlife]

I patch everything with SCCM.  Currently, all of my servers get updates 
deployed to them, with reboots being done manually by me after hours.  I have a 
little over 200 total, minus the 30 or so in my test group that gets done the 
previous week.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Leone
Sent: Wednesday, July 12, 2017 7:56 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Advice on patching Domain Controllers via WSUS

Our policy has been that our DCs are not patched via WSUS, like other member 
servers, but instead that we manually install the current patches from 
Microsoft Update. But now, I would like to change this, and use WSUS to patch 
all the DCS to our production levels (meaning: one month behind on released 
patches).

I don't see any downsides to this. I would create a new GPO (rather than modify 
the Default Domain Controllers Policy). I think I might still set them to 
download only, not automatically install.

Thoughts?
Should I let them auto-install, like most of my other member servers?
Is that what you others do?
Do you let your DCs get their patches via WSUS?

(the more servers I don't have to manually install patches on, the happier I 
am. We have some servers that we must do manually, for reasons I won't go into)

[NTSysADM] RE: Folder redirection issues

[Heaton, Joseph@Wildlife]

Wait, the Chief TECHNOLOGY Officer is ok with Server 2003?  The man needs to be 
fired.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Dan Bartley
Sent: Friday, June 30, 2017 12:20 PM
To: 'ntsysadm@lists.myitforum.com' 
Subject: [NTSysADM] Folder redirection issues

I have a couple of issues with folder redirection and GPO. I have been using it 
for years. I am currently migrating everyone to a new file server. I use DFS 
for the drive mappings, so that part is easy. We are still on a 2003 Functional 
level domain (yes, I know but the CTO does not see the value in IT related 
matters until it hits him personally).

Folder redirection has always been set to the literal 
\\server\share name with Basic setting. If I simply update 
the server name in GPO almost no one actually changes in their Document 
settings, even with a gpupdate. Some Win 10 machines do, but none of the Win 7 
machines update for the Documents location. They are receiving the GPO as it 
shows in RSOP and won't allow manually changing the location. I have to turn it 
off altogether, go change them manually-after the tedious step of making the 
new share available offline for Win 7, then set the GPO to the same thing. This 
is only for existing users, any new users pick up the new location fine. Am I 
Missing something here? I can't get it to reliably update.

A thought I had for future proofing this was start changing people to the DFS 
link, then going forward I don't have to change anything for Folder 
redirection, just the DFS. HOWEVER, I set my PC to the DFS path for the new 
User\Documents share, did a gpupdate and upon logging back in it completely 
deleted everything I had in the Documents network share. Yes, I had a backup 
right before testing so I was able to restore it all, but I don't know why it 
did that and can't afford to have a bunch of users suddenly get everything 
deleted. I can restore, but they will fill my office with panic attacks until 
it is done. Any thoughts on this part?

Thanks in advance for any expertise on these.

Best Regards,

Dan Bartley


CONFIDENTIALITY NOTICE***The information contained in this message may be 
privileged, confidential, and protected from disclosure. If the reader of this 
message is not the intended recipient, or any employee or agent responsible for 
delivering this message to the intended recipient, you are hereby notified that 
any dissemination, distribution, or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify us 
immediately by replying to the message and deleting it from your computer. 
Thank you.

[NTSysADM] RE: Group policy admx question

[Heaton, Joseph@Wildlife]

Oy.  I just, within the last year or so, started using the Central Store, so, 
of course, Microsoft is messing it up.

Thanks for the link, Webster.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: Thursday, June 15, 2017 2:05 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Group policy admx question

Darren Mar-Elia uses this example as a shortcoming of the Central Store.

https://sdmsoftware.com/group-policy-blog/tips-tricks/admx-files-for-windows-10-build-1703-creators-update-now-available/

Webster

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, June 15, 2017 3:13 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Group policy admx question

I just downloaded the admx file for Win 10 (1703) Creators Update, from here:
https://www.microsoft.com/en-us/download/confirmation.aspx?id=55080

I then went looking for Server 2016 admx, and found a combined Win 10 and 
Server 2016, here:

https://www.microsoft.com/en-us/download/details.aspx?id=53430

Is there not a separate Server 2016 admx, or do they use the same files?  Also, 
there are a ton of admx files in this download.  Is it best practice just to 
add/update all of them into the central store, or just ones that you think 
you'll need right away?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Group policy admx question

[Heaton, Joseph@Wildlife]

I just downloaded the admx file for Win 10 (1703) Creators Update, from here:
https://www.microsoft.com/en-us/download/confirmation.aspx?id=55080

I then went looking for Server 2016 admx, and found a combined Win 10 and 
Server 2016, here:

https://www.microsoft.com/en-us/download/details.aspx?id=53430

Is there not a separate Server 2016 admx, or do they use the same files?  Also, 
there are a ton of admx files in this download.  Is it best practice just to 
add/update all of them into the central store, or just ones that you think 
you'll need right away?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] Group Policy management

[Heaton, Joseph@Wildlife]

Was curious how everyone has Group Policy Management setup.  I currently use 
one of my domain controllers as my "main" Group Policy management server, with 
AGPM installed there.  I'm preparing to install PolicyPak, and don't want to do 
this on a domain controller, so I'm thinking that I'll build just a really 
basic server, put PolicyPak on it, and AGPM, so that the traffic from clients 
to the PolicyPak server is not going to a domain controller trying to do other 
things.

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] RE: First 2016 DC

[Heaton, Joseph@Wildlife]

It sat at that window for over an hour.  Finally did finish booting, and seems 
to be fine now.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Joseph L. Casale
Sent: Friday, May 19, 2017 4:11 PM
To: 'ntsysadm@lists.myitforum.com' <ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: First 2016 DC

Saw the same behavior when setting  up quick one-off lab domains for test 
purposes on virtual machine's with under provisioned hardware.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, May 19, 2017 3:34 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] First 2016 DC

So, I just built a new Server 2016 box, and have made it a DC.  It is the first 
2016 DC in my environment.  The install seemed to go fine, but the reboot is 
taking forever to happen.  It has been sitting on the "Getting Windows ready, 
Don't turn off your computer" screen for at least 30 minutes plus.  I really 
don't want to shut it down hard, so I'm going to continue to let it sit here 
and watch the dots go in circles, but is this normal?  Should I be concerned at 
all?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] First 2016 DC

[Heaton, Joseph@Wildlife]

So, I just built a new Server 2016 box, and have made it a DC.  It is the first 
2016 DC in my environment.  The install seemed to go fine, but the reboot is 
taking forever to happen.  It has been sitting on the "Getting Windows ready, 
Don't turn off your computer" screen for at least 30 minutes plus.  I really 
don't want to shut it down hard, so I'm going to continue to let it sit here 
and watch the dots go in circles, but is this normal?  Should I be concerned at 
all?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] RE: Which drives for Synology?

[Heaton, Joseph@Wildlife]

They have a list of drives that their equipment works with.  USE THAT LIST!!!  
We actually used that list, gave a vendor the exact part number, and they 
shipped something else, same size, and all stats, and the drives wouldn’t work. 
 Had to ship them all back.  Use the list.

https://www.synology.com/en-us/compatibility



From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jesse Rink
Sent: Friday, May 19, 2017 9:31 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Which drives for Synology?

Looking at a Synology DS916+ for a small customer…  never really used Synology 
stuff before.  Can someone recommend what drives I should look at getting?  
Looking for either 3TB or 4TB drives in the four-disk unit.Brand/model??

https://www.synology.com/en-us/products/DS916+



Jesse Rink
Source One Technology, Inc.
HP Partner
262 993 2231

Website | 
Blog | 
LinkedIn | 
Twitter

RE: [NTSysADM] So simple a 6yo can do it...

[Heaton, Joseph@Wildlife]

Teddy Ruxpin!!!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of John Matteson
Sent: Wednesday, May 17, 2017 2:32 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] So simple a 6yo can do it...

A weaponized teddy bear? You’ll never look at Winnie the Pooh or Paddington 
Bear the same way again.

Oh bother.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
Sent: Wednesday, May 17, 2017 11:11 AM
To: kurt.b...@gmail.com
Subject: [NTSysADM] So simple a 6yo can do it...

http://www.msn.com/en-us/news/technology/cyber-kid-stuns-experts-showing-toys-can-be-weapons/ar-BBBdgMo

RE: [NTSysADM] Strange error for Security Event log

[Heaton, Joseph@Wildlife]

I found a download for WMI Diagnostics Utility – Version 2.2, which works with 
Server 2012 R2.  Ran the script, looking at the report, and no errors.  Final 
line – SUCCESS: WMIDiag determined that WMI works CORRECTLY.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of elsalvoz
Sent: Wednesday, May 10, 2017 10:26 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Strange error for Security Event log

I'm sure you have bounced the box. WMI might be corrupted, there some commands 
that can be run to verify repository health.
Cesar A.

On May 10, 2017 8:43 AM, "Heaton, Joseph@Wildlife" 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
Server 2012R2
Domain Controller
Main DHCP server for the domain

This is affecting only my Security event log.  The Application and System logs 
are working fine.  When I try to look at the Security log, I get an error:

“Event Viewer cannot open the event log or custom view.  Verify that Event Log 
service is running or query is too long.  The instance name passed was not 
recognized as valid by a WMI data provider (4201)”

I have been searching the internet, and have found plenty of stuff on this 
error, but nothing has looked right.  Permissions are correct in the registry, 
permissions are correct in the file structure, the event log keys are correct 
value in the registry.  The Windows Event Log service is running, which was 
another symptom people were listing.  There are no custom views setup, or 
filters.

When I look at the properties of the Security log within Event Viewer, it shows 
the Log size as 0 bytes.  The max log size was up to 12.5GB (I did NOT set it 
to that).  The size of the actual log in the directory is 8GB.  I have manually 
reset the max size to 4GB, closed out the Event Viewer, reopened it, and the 
max size had changed to 8GB.

I have been digging on this for a few days now, and just can’t find a solution. 
 We do have Splunk in place, and what it is seeing as far as Security logs, are 
521 entries, which say “Unable to log events to security log”.  Which makes 
sense, since the security log is hosed.  Can I simply rename the actual log 
file, or move it out of the location, and the system would recreate it?  Any 
help/tips/advice you guys can offer would be greatly appreciated.

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:(916)%20323-1284>

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Strange error for Security Event log

[Heaton, Joseph@Wildlife]

Server 2012R2
Domain Controller
Main DHCP server for the domain

This is affecting only my Security event log.  The Application and System logs 
are working fine.  When I try to look at the Security log, I get an error:

"Event Viewer cannot open the event log or custom view.  Verify that Event Log 
service is running or query is too long.  The instance name passed was not 
recognized as valid by a WMI data provider (4201)"

I have been searching the internet, and have found plenty of stuff on this 
error, but nothing has looked right.  Permissions are correct in the registry, 
permissions are correct in the file structure, the event log keys are correct 
value in the registry.  The Windows Event Log service is running, which was 
another symptom people were listing.  There are no custom views setup, or 
filters.

When I look at the properties of the Security log within Event Viewer, it shows 
the Log size as 0 bytes.  The max log size was up to 12.5GB (I did NOT set it 
to that).  The size of the actual log in the directory is 8GB.  I have manually 
reset the max size to 4GB, closed out the Event Viewer, reopened it, and the 
max size had changed to 8GB.

I have been digging on this for a few days now, and just can't find a solution. 
 We do have Splunk in place, and what it is seeing as far as Security logs, are 
521 entries, which say "Unable to log events to security log".  Which makes 
sense, since the security log is hosed.  Can I simply rename the actual log 
file, or move it out of the location, and the system would recreate it?  Any 
help/tips/advice you guys can offer would be greatly appreciated.

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] MBAM install questions

[Heaton, Joseph@Wildlife]

I've read that the TDE function is optional.  For those running MBAM, did you 
use an Enterprise SQL, and use the TDE function, or just Standard SQL?
Did you use a dedicated SQL server, or just add the databases to an existing 
server?
If I'm integrating with SCCM, do I still need to use SSRS on the SQL box, or 
does it use the SSRS for SCCM?


Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] RE: Bitlocker/MBAM

[Heaton, Joseph@Wildlife]

On the client side pre-requisites, it states that the client computer's hard 
disk must have at least two partitions and must be formatted with NTFS.

Do the partitions need to be normal, C: drive and D: drive, or are they talking 
about the hidden recovery partition type of thing that normally comes these 
days?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Patton, Uriah Allen
Sent: Friday, April 07, 2017 4:59 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Bitlocker/MBAM

We currently use MDOP/MBAM integrated with configmgr and we use Active 
Directory for key storage and it works great. We primarily use MBAM for 
encryption enforcement and compliance. I have the self-service and help desk 
recovery portal setup but I have never really had a use for it in our 
environment. The biggest catch is that MBAM is only compatible with Windows 
Enterprise Editions (link below).

A couple other things I ran into are (though it is entirely possible I was 
doing something wrong);

1) That it would not recognize more than one AD group for the "MBAM Advanced 
Helpdesk Users", "MBAM Helpdesk Users" or "MBAM Report Users" groups.

2) Changing the group members of those 3 groups in the local users and groups 
console had no effect. In order to change the groups (if I needed to) I had to 
go into IIS Navigate down to Sites>MBAM>HelpDesk>Application Settings and 
manually edit the values the fields for "HelpdeskAdminsGroupName" (MBAM 
Advanced Helpdesk Users), "HelpdeskUsersGroupName" (MBAM Helpdesk Users), and 
MbamReportUsersGroupName" (MBAM Report Users).

Thanks,

Uriah Patton
Systems Administrator
IUSM Department of Pediatrics

"It gives patience, to listen to error without anger." -Gandalf

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, April 6, 2017 6:18 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Bitlocker/MBAM

We're looking to implement Bitlocker when we migrate to Windows 10.  I'm 
starting research of MBAM, and how to best implement.  Does anyone have real 
world experience/advice on whether to integrate with Config Mgr, or go with the 
standalone topology?  For those that are using MBAM, are you saving the 
recovery data in SQL, or Active Directory?  Any major gotchas to look out for?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] RE: Bitlocker/MBAM

[Heaton, Joseph@Wildlife]

Is your SQL Enterprise, or Standard?  I'm reading that the TDE is optional, but 
to install that, the SQL version has to be Enterprise, right?  I was thinking 
that keeping the recovery key info in AD would be nice, but if I setup the 
Helpdesk portal, that would do the same thing, while keeping the recovery key 
info in SQL, correct?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Patton, Uriah Allen
Sent: Friday, April 07, 2017 4:59 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Bitlocker/MBAM

We currently use MDOP/MBAM integrated with configmgr and we use Active 
Directory for key storage and it works great. We primarily use MBAM for 
encryption enforcement and compliance. I have the self-service and help desk 
recovery portal setup but I have never really had a use for it in our 
environment. The biggest catch is that MBAM is only compatible with Windows 
Enterprise Editions (link below).

A couple other things I ran into are (though it is entirely possible I was 
doing something wrong);

1) That it would not recognize more than one AD group for the "MBAM Advanced 
Helpdesk Users", "MBAM Helpdesk Users" or "MBAM Report Users" groups.

2) Changing the group members of those 3 groups in the local users and groups 
console had no effect. In order to change the groups (if I needed to) I had to 
go into IIS Navigate down to Sites>MBAM>HelpDesk>Application Settings and 
manually edit the values the fields for "HelpdeskAdminsGroupName" (MBAM 
Advanced Helpdesk Users), "HelpdeskUsersGroupName" (MBAM Helpdesk Users), and 
MbamReportUsersGroupName" (MBAM Report Users).

Thanks,

Uriah Patton
Systems Administrator
IUSM Department of Pediatrics

"It gives patience, to listen to error without anger." -Gandalf

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, April 6, 2017 6:18 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Bitlocker/MBAM

We're looking to implement Bitlocker when we migrate to Windows 10.  I'm 
starting research of MBAM, and how to best implement.  Does anyone have real 
world experience/advice on whether to integrate with Config Mgr, or go with the 
standalone topology?  For those that are using MBAM, are you saving the 
recovery data in SQL, or Active Directory?  Any major gotchas to look out for?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

Nope.  Based on the context, I figured you meant MB, otherwise your argument 
totally would have been weird.  ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Wednesday, May 03, 2017 6:55 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Strange memory issue on a DC

Thanks for pointing that out. I meant to say 150 *MB*. This probably made 
things really confusing.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Rene de Haas
Sent: Wednesday, May 3, 2017 1:35 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

150 GB, now that's a huge one.

Op 2 mei 2017 20:46 schreef "Charles F Sullivan" 
<charles.sulliva...@bc.edu<mailto:charles.sulliva...@bc.edu>>:
That is a huge log file, at least compared to what I’m used to and the default 
size. Might that be the problem? Our Security Log maximum is 150 GB on DCs and 
I think even that is way above the default.

I totally understand your motivation for setting a large size because ours gets 
overwritten in as little as 1 hour. (We have ArcSight Log Collectors that 
archive them, so we’re set if we really need them.) Not sure, but my guess is 
that the size is the problem.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife

Sent: Tuesday, May 2, 2017 2:04 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

The log is set to a max of 4GB.  It is currently 3.88GB.  It is also set to 
Overwrite events as needed (oldest events first).

I am again getting the 521 events, but they are not the only events I’m getting 
yet.  But they are coming in every couple of minutes.

Memory is sitting at 93% right now.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Friday, April 28, 2017 7:39 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

Is that log set to a max size? You may be filling it and there’s no place for 
it to go.  In that case either make it bigger or circular. Given it’s the 
security log circular probably isn’t a good choice unless you’re actively 
watching the log in real time but it would prevent it from stopping if the 
problem is it getting filled.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, April 28, 2017 10:15 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

I found an issue with my Security log.  For quite a while, it has been unable 
to log security events, and instead, has been putting event id 521 entries in.  
This event id says Unable to log events to security log.  The resolution to 
that was to clear the log and reboot the server.  When I did that, the memory 
usage dropped dramatically.  However, this morning, it is back to around 85%, 
so I’m not sure I resolved the whole issue.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim
Sent: Thursday, April 27, 2017 7:46 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Strange memory issue on a DC

Joseph,

I had the exact same thing happen last night to a 2012R2 DC running on ESXi.  
Additionally, we have 2 2012 R2 IIS server that are exhibiting the same 
behavior.

Eric

On Thu, Apr 27, 2017 at 9:11 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we sc

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

We use Netwrix, and the 4GB is needed to ensure 24 hours of capture.  I’ve got 
26 DCs, and this is the only one that’s having an issue.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Tuesday, May 02, 2017 11:38 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Strange memory issue on a DC

That is a huge log file, at least compared to what I’m used to and the default 
size. Might that be the problem? Our Security Log maximum is 150 GB on DCs and 
I think even that is way above the default.

I totally understand your motivation for setting a large size because ours gets 
overwritten in as little as 1 hour. (We have ArcSight Log Collectors that 
archive them, so we’re set if we really need them.) Not sure, but my guess is 
that the size is the problem.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, May 2, 2017 2:04 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

The log is set to a max of 4GB.  It is currently 3.88GB.  It is also set to 
Overwrite events as needed (oldest events first).

I am again getting the 521 events, but they are not the only events I’m getting 
yet.  But they are coming in every couple of minutes.

Memory is sitting at 93% right now.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Friday, April 28, 2017 7:39 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

Is that log set to a max size? You may be filling it and there’s no place for 
it to go.  In that case either make it bigger or circular. Given it’s the 
security log circular probably isn’t a good choice unless you’re actively 
watching the log in real time but it would prevent it from stopping if the 
problem is it getting filled.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, April 28, 2017 10:15 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

I found an issue with my Security log.  For quite a while, it has been unable 
to log security events, and instead, has been putting event id 521 entries in.  
This event id says Unable to log events to security log.  The resolution to 
that was to clear the log and reboot the server.  When I did that, the memory 
usage dropped dramatically.  However, this morning, it is back to around 85%, 
so I’m not sure I resolved the whole issue.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim
Sent: Thursday, April 27, 2017 7:46 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Strange memory issue on a DC

Joseph,

I had the exact same thing happen last night to a 2012R2 DC running on ESXi.  
Additionally, we have 2 2012 R2 IIS server that are exhibiting the same 
behavior.

Eric

On Thu, Apr 27, 2017 at 9:11 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:(916)%20323-1284>

Eve

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

Plenty of free space on the drive.  21.5GB free of 50GB total.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: Tuesday, May 02, 2017 11:30 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Strange memory issue on a DC

Probably a reach but is there free space available on the drive?

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, May 2, 2017 2:04 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

The log is set to a max of 4GB.  It is currently 3.88GB.  It is also set to 
Overwrite events as needed (oldest events first).

I am again getting the 521 events, but they are not the only events I’m getting 
yet.  But they are coming in every couple of minutes.

Memory is sitting at 93% right now.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
Sent: Friday, April 28, 2017 7:39 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

Is that log set to a max size? You may be filling it and there’s no place for 
it to go.  In that case either make it bigger or circular. Given it’s the 
security log circular probably isn’t a good choice unless you’re actively 
watching the log in real time but it would prevent it from stopping if the 
problem is it getting filled.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, April 28, 2017 10:15 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

I found an issue with my Security log.  For quite a while, it has been unable 
to log security events, and instead, has been putting event id 521 entries in.  
This event id says Unable to log events to security log.  The resolution to 
that was to clear the log and reboot the server.  When I did that, the memory 
usage dropped dramatically.  However, this morning, it is back to around 85%, 
so I’m not sure I resolved the whole issue.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim
Sent: Thursday, April 27, 2017 7:46 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Strange memory issue on a DC

Joseph,

I had the exact same thing happen last night to a 2012R2 DC running on ESXi.  
Additionally, we have 2 2012 R2 IIS server that are exhibiting the same 
behavior.

Eric

On Thu, Apr 27, 2017 at 9:11 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:(916)%20323-1284>

Every Californian should conserve water.  Find out how at:
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

The log is set to a max of 4GB.  It is currently 3.88GB.  It is also set to 
Overwrite events as needed (oldest events first).

I am again getting the 521 events, but they are not the only events I’m getting 
yet.  But they are coming in every couple of minutes.

Memory is sitting at 93% right now.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: Friday, April 28, 2017 7:39 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Strange memory issue on a DC

Is that log set to a max size? You may be filling it and there’s no place for 
it to go.  In that case either make it bigger or circular. Given it’s the 
security log circular probably isn’t a good choice unless you’re actively 
watching the log in real time but it would prevent it from stopping if the 
problem is it getting filled.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, April 28, 2017 10:15 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Strange memory issue on a DC

I found an issue with my Security log.  For quite a while, it has been unable 
to log security events, and instead, has been putting event id 521 entries in.  
This event id says Unable to log events to security log.  The resolution to 
that was to clear the log and reboot the server.  When I did that, the memory 
usage dropped dramatically.  However, this morning, it is back to around 85%, 
so I’m not sure I resolved the whole issue.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Wittersheim
Sent: Thursday, April 27, 2017 7:46 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Strange memory issue on a DC

Joseph,

I had the exact same thing happen last night to a 2012R2 DC running on ESXi.  
Additionally, we have 2 2012 R2 IIS server that are exhibiting the same 
behavior.

Eric

On Thu, Apr 27, 2017 at 9:11 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:(916)%20323-1284>

Every Californian should conserve water.  Find out how at:
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

I found an issue with my Security log.  For quite a while, it has been unable 
to log security events, and instead, has been putting event id 521 entries in.  
This event id says Unable to log events to security log.  The resolution to 
that was to clear the log and reboot the server.  When I did that, the memory 
usage dropped dramatically.  However, this morning, it is back to around 85%, 
so I’m not sure I resolved the whole issue.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Eric Wittersheim
Sent: Thursday, April 27, 2017 7:46 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Strange memory issue on a DC

Joseph,

I had the exact same thing happen last night to a 2012R2 DC running on ESXi.  
Additionally, we have 2 2012 R2 IIS server that are exhibiting the same 
behavior.

Eric

On Thu, Apr 27, 2017 at 9:11 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:(916)%20323-1284>

Every Californian should conserve water.  Find out how at:
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

No.  there are only 44GB assigned to guests, out of 64GB total.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jonathan Link
Sent: Thursday, April 27, 2017 8:46 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Strange memory issue on a DC

Is the host's memory over-subscribed by all of the guests?

On Thu, Apr 27, 2017 at 10:11 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:(916)%20323-1284>

Every Californian should conserve water.  Find out how at:
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

I know that the VMTools are out of date on this guest, was thinking that would 
be an easy first step.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Eric Wittersheim
Sent: Thursday, April 27, 2017 7:46 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Strange memory issue on a DC

Joseph,

I had the exact same thing happen last night to a 2012R2 DC running on ESXi.  
Additionally, we have 2 2012 R2 IIS server that are exhibiting the same 
behavior.

Eric

On Thu, Apr 27, 2017 at 9:11 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:(916)%20323-1284>

Every Californian should conserve water.  Find out how at:
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

Unfortunately, this is a VM in a field office, which is a standalone host.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Thursday, April 27, 2017 8:00 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Strange memory issue on a DC

Are you in a position to migrate to a different host? That would be quick and 
easy. In any case, check other Windows VMs on the same host and see if they are 
having similar problems.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, April 27, 2017 10:11 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Strange memory issue on a DC

This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I’m not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn’t add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn’t shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Strange memory issue on a DC

[Heaton, Joseph@Wildlife]

This DC is 2012R2.  It is a VMWare guest.  It has been running at 95%+ memory 
utilization.  I'm not sure for how long, but I happened to see an alarm for CPU 
utilization on the guest when I was in vCenter yesterday afternoon.  When I RDP 
into the domain controller, it is very slow to login.  I open Task Manager, and 
on the Performance tab, Memory is at 98%, and steady.  I look at the Processes 
tab, and the memory shown as used doesn't add up.  There are lots of processes 
using memory, but the largest user is using around 100MB.  The box has 4GB 
assigned.  Looking at the Details tab doesn't shed any more light on the issue. 
 So, our first thought is some kind of memory leak, so we schedule and perform 
a reboot last night.  As soon as the box comes back up, I log in, and memory is 
right back at 98%.  I compare with a couple other DCs, and one of those has 
around the same number of processes running, but its highest user is right 
around 1GB, and its overall usage is around 60%.   What other tools can I use 
to help figure out where that memory is going?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] Bitlocker/MBAM

[Heaton, Joseph@Wildlife]

We're looking to implement Bitlocker when we migrate to Windows 10.  I'm 
starting research of MBAM, and how to best implement.  Does anyone have real 
world experience/advice on whether to integrate with Config Mgr, or go with the 
standalone topology?  For those that are using MBAM, are you saving the 
recovery data in SQL, or Active Directory?  Any major gotchas to look out for?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

RE: [NTSysADM] Asset Management Options

[Heaton, Joseph@Wildlife]

Well that was convenient.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Alex Nabicht
Sent: Friday, March 17, 2017 9:55 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Asset Management Options

After playing around with GLPI/Fusion, I found that it uses the exact same 
plugin as Samanage did as an agent for linux devices. The linux agents use an 
open source code located here: https://sourceforge.net/projects/ocsinventory/ 
all that had to be done was changing the Samanage conf file to point to the new 
server for GLPI and it inventoried the data no problem!

On Thu, Mar 16, 2017 at 8:11 AM, James M. Pulver 
> wrote:
GLPI + Fusion Inventory plugin?

James Pulver
CLASSE Computer Group
Cornell University


On 03/14/2017 08:25 PM, Kurt Buff wrote:
I haven't had a chance to use it yet, but this looks very interesting:
https://osquery.io/

Kurt

On Tue, Mar 14, 2017 at 2:42 PM, Alex Nabicht 
> wrote:
Greetings All,

Currently we are in the market for a new asset management system. We had
previously been using Samanage, which we will have to drop soon since they
will no longer be supporting Linux. Does anyone have any recommendations
that can support multiple systems? We have a somewhat mixed environment of
Apple, Windows, and Linux devices. Any feedback is appreciated.

Thanks,
Al

[NTSysADM] Office 365 licensing question

[Heaton, Joseph@Wildlife]

For the E1 licensing, I've heard a rumor that they have to be tied to Azure AD, 
not on-prem AD.  Does anyone know if that's correct?  We have several hundred 
employees that don't need a computer or Office, but do need e-mail, for 
timesheet purposes.  We want to give those folks E1 licenses.


Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

RE: [NTSysADM] Synology

[Heaton, Joseph@Wildlife]

Sure, that would be great, thanks Andrew.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Thursday, February 02, 2017 8:54 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Synology

I order things through VARs and avoid potential grief with manufacturers, etc.

I can give you the name of a VAR if you'd like…


Regards,



 ASB
 http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>

 Providing Expert Technology Consulting Services for the SMB market…

 GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842



Sent with 
Mixmax<https://mixmax.com/s/WMB47Rd39yDNPFfWo?utm_source=mixmax_medium=email_campaign=signature_link_content=sent_with_mixmax>
[https://track.mixmax.com/api/track/v2/g9GZyCFmzNmpt1ISR/gIt92YuwWah12ZAVmbvpnYzFmI/i02bj5Sb1J3bmRXa51mLzR3cpxGQtRWYzl3c05mI/i02bj5Sb1J3bmRXa51mLzR3cpxGQtRWYzl3c05mI]






On Thu, Feb 2, 2017 9:43 AM, Heaton, Joseph@Wildlife 
joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov> wrote:

We’re looking to replace our existing NAS in our field offices, and we’re 
trying to get some info from our Synology rep.  However, he doesn’t seem to be 
very interested in helping us out.  Has anyone else had issues with Synology 
sales reps?  Anyone have a good sales rep that I could reach out to, and see if 
there’s someone else in my area I could speak with?



Thanks,



Joe Heaton

Information Technology Operations Branch

Data and Technology Division

CA Department of Fish and Wildlife

1700 9th Street, 3rd Floor

Sacramento, CA  95811

Desk:  (916) 323-1284



Every Californian should conserve water.  Find out how at:

[SaveOurWater_Logo]<http://saveourwater.com/>

SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Group Policy question

[Heaton, Joseph@Wildlife]

I have an auditing software that can tell me where a user logged in.  I ran 
that on the user in question and myself.  We have not been logging in on the 
same DC, but I did look at both of the DCs that we were using, and compared the 
policy folder timestamp there with the timestamp on my main GP management 
server.  The timestamps are all the same.  That said, if I’m looking at the 
GPO, on Details tab, it shows Modified with a timestamp of yesterday.  The 
timestamp on the policy GUID folder in sysvol\domain\Policies is from April of 
2016.  Am I looking in the wrong place, or does that sound odd?  Also, I did 
run repadmin /showrepl, and repadmin /replsummary, and neither of those had any 
errors.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Wednesday, January 25, 2017 9:47 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Group Policy question

I’m pretty stumped, but maybe you could try making sure that when you run GPMC 
for the other user, that it uses the same DC as when you run it for yourself to 
confirm it’s not something like a replication issue.

Alternatively, get the GUID for the GPO, then check the respective folder under 
SYSVOL on each DC to make sure that gpt.ini has the same time stamp on each 
one. (Assuming you don’t have a large number of DCs to check!)

Also, if you could maybe inconvenience the user to log on to your workstation 
so that a profile is created, then you would be able to choose that account for 
the user settings next time you run RSOP.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Wednesday, January 25, 2017 11:58 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Group Policy question

The settings themselves are not being applied.  The last time group policy was 
processed:  1/25/2017 8:26:02 AM (from summary page)

Under Applied GPOs, the policy in question is listed as applied.  The odd thing 
is this:

[cid:image001.png@01D276FC.02DB7A60]

I’m wondering what the Revisions are off.  If I look at the GPO itself, on the 
Details tab, it shows the same revision in AD and sysvol.  On the specific 
policy I’m looking at (CDFW Proxy Policy), there are no WMI filters.  It’s 
linked to 2 OUs, not in a direct path of each other, and it is applied to 
Authenticated Users.  The above is for a user, on their machine.  If I run the 
same report for me on my machine, I do have the settings applied, the settings 
do appear in the report, and the revision info is as above.

This is not a new policy.  It was created 9/1/2015, and it is used to set the 
proxy settings in IE.  It has been working well since it was created, but in 
the past couple of days, I’ve heard of a couple of users that it is no longer 
working for.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F Sullivan
Sent: Wednesday, January 25, 2017 7:17 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Group Policy question

Is it only that the reporting is wrong, or does the user also not get the 
settings applied?

When you run the Results Wizard from GPMC on the Summary tab are there any 
errors and does it show a recent time stamp for the last user policy refresh? 
On the Details tab under User Details > Applied GPOs, if you show the details 
for the GPO in question does everything look right? Are there any Security 
Filters or WMI Filters that might affect the user? (Possibly certain 
permissions like Allow Read but not Apply GP might cause this, but I’m not 
certain.)

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, January 24, 2017 5:25 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Group Policy question

OK.  I’ve done the Group Policy Results wizard for the user in question on 
their PC, and for myself on my PC.  I have the policy applied correctly, the 
user does not.  The Group Policy Results wizard shows the policy in question is 
applied, but the settings don’t show up in the report.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F Sullivan
Sent: Tuesday, January 24, 2017 1:31 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Group Policy question

It worked correctly for me when I tried to reproduce the problem. Try the Group 
Policy Results Wizard in the GPMC for the same user 

RE: [NTSysADM] Group Policy question

[Heaton, Joseph@Wildlife]

The settings themselves are not being applied.  The last time group policy was 
processed:  1/25/2017 8:26:02 AM (from summary page)

Under Applied GPOs, the policy in question is listed as applied.  The odd thing 
is this:

[cid:image002.png@01D276E7.F7F865E0]

I’m wondering what the Revisions are off.  If I look at the GPO itself, on the 
Details tab, it shows the same revision in AD and sysvol.  On the specific 
policy I’m looking at (CDFW Proxy Policy), there are no WMI filters.  It’s 
linked to 2 OUs, not in a direct path of each other, and it is applied to 
Authenticated Users.  The above is for a user, on their machine.  If I run the 
same report for me on my machine, I do have the settings applied, the settings 
do appear in the report, and the revision info is as above.

This is not a new policy.  It was created 9/1/2015, and it is used to set the 
proxy settings in IE.  It has been working well since it was created, but in 
the past couple of days, I’ve heard of a couple of users that it is no longer 
working for.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Wednesday, January 25, 2017 7:17 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Group Policy question

Is it only that the reporting is wrong, or does the user also not get the 
settings applied?

When you run the Results Wizard from GPMC on the Summary tab are there any 
errors and does it show a recent time stamp for the last user policy refresh? 
On the Details tab under User Details > Applied GPOs, if you show the details 
for the GPO in question does everything look right? Are there any Security 
Filters or WMI Filters that might affect the user? (Possibly certain 
permissions like Allow Read but not Apply GP might cause this, but I’m not 
certain.)

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, January 24, 2017 5:25 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Group Policy question

OK.  I’ve done the Group Policy Results wizard for the user in question on 
their PC, and for myself on my PC.  I have the policy applied correctly, the 
user does not.  The Group Policy Results wizard shows the policy in question is 
applied, but the settings don’t show up in the report.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F Sullivan
Sent: Tuesday, January 24, 2017 1:31 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] Group Policy question

It worked correctly for me when I tried to reproduce the problem. Try the Group 
Policy Results Wizard in the GPMC for the same user to see if you get different 
results. The HTML output is better there anyway.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, January 24, 2017 3:50 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Group Policy question

What would cause gpresult /USER jsmith /R to show a specific group policy as 
being applied, but if you do a gpresult /USER jsmith /H c:\test.html, the 
report does not show any of the settings of that policy?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Group Policy question

[Heaton, Joseph@Wildlife]

OK.  I’ve done the Group Policy Results wizard for the user in question on 
their PC, and for myself on my PC.  I have the policy applied correctly, the 
user does not.  The Group Policy Results wizard shows the policy in question is 
applied, but the settings don’t show up in the report.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Tuesday, January 24, 2017 1:31 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Group Policy question

It worked correctly for me when I tried to reproduce the problem. Try the Group 
Policy Results Wizard in the GPMC for the same user to see if you get different 
results. The HTML output is better there anyway.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, January 24, 2017 3:50 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Group Policy question

What would cause gpresult /USER jsmith /R to show a specific group policy as 
being applied, but if you do a gpresult /USER jsmith /H c:\test.html, the 
report does not show any of the settings of that policy?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Group Policy question

[Heaton, Joseph@Wildlife]

What would cause gpresult /USER jsmith /R to show a specific group policy as 
being applied, but if you do a gpresult /USER jsmith /H c:\test.html, the 
report does not show any of the settings of that policy?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

RE: [NTSysADM] migrating to iPhone

[Heaton, Joseph@Wildlife]

We are fully iPhone here (not my choice).  We currently use AirWatch for MDM, 
but will be moving to Intune in the short term future.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kish N Kepi
Sent: Sunday, December 25, 2016 10:45 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] migrating to iPhone

Hello All,

As we reach the point where we need to upgrade our phones, currently the LG G3 
Android phones, we're considering offering the iPhone as well as a current 
Android model


1.   Can anyone recommend resources specifically devoted to the migration 
from Android to iPhone

2.   Is there a way to centrally create and manage Apple IDs? Is it even 
desirable, or do I let everyone manage themselves?

3.   Any recommendations for Mobile Device Management?

Happy Holidays to all
Kish n Kepi

[NTSysADM] Group Policy cleanup/maintenance

[Heaton, Joseph@Wildlife]

How do you guys deal with Group Policy objects, in regards to discovery and 
cleanup of "stale" objects?  I have to come up with a procedural document for 
this process.

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] Win 10 admx files

[Heaton, Joseph@Wildlife]

Just downloaded the Win 10 admx files, and getting ready to put them in the 
central store.  I did see some talk of issues with them;  other things that 
needed to be done after adding them, some older settings not being there 
anymore, etc.

Have those issues been ironed out, or are there still issues?  Currently, I'm 
running Win 7 on all my user machines, if that makes a difference in the answer.

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] RE: AAD Connect question

[Heaton, Joseph@Wildlife]

We had to reinstall AAD Connect, when we did that exact thing.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Christopher Bodnar
Sent: Friday, October 14, 2016 1:57 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] AAD Connect question

Does anyone know if you can install AAD Connect with the default SQL Express 
and then later move the database to a SQL server? I know you can do this going 
from WID to SQL on ADFS:

http://social.technet.microsoft.com/wiki/contents/articles/948.ad-fs-2-0-migrate-your-ad-fs-configuration-database-to-sql-server.aspx

But I can’t find anything about this on AAD Connect, which makes me think it’s 
not supported.

Thanks


Christopher Bodnar
Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image001.png@01D1326B.600058E0]

The Guardian Life Insurance Company of America

www.guardianlife.com




- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

[NTSysADM] RE: Modified date on distribution group AD object

[Heaton, Joseph@Wildlife]

Brian, that was perfect, thank you.  So, it looks like most of my distribution 
groups have had the msExchRequireAuthToSendTo attribute set to TRUE.  I need to 
reset that to not set for them, with the exception of any that have the 
dLMemSubmitPerms attribute filled in as well, which means the first attribute 
was intentional.

Anyone with better scripting skills than myself have anything lying around that 
could do this?  I'm going to work on it, but any help from the experts would be 
greatly appreciated.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian Desmond
Sent: Thursday, October 13, 2016 8:50 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Modified date on distribution group AD object

If you do a repadmin /showobjmeta on the object, it will give you timestamps 
per attribute which would be a good starting point.

Thanks,
Brian Desmond

(w) 312.625.1438 | (c) 312.731.3132

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, October 13, 2016 11:30 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Modified date on distribution group AD object

We have 16 distribution groups that are showing the exact same Modified 
timestamp.  A couple of these are used for automated message delivery for 
different applications.  Since this change date, those messages are no longer 
being delivered.  I use Netwrix to audit things, and it doesn't have anything 
for these distribution groups changing in that whole week.

What causes that modified timestamp to change?  Where else can I look to try 
and see what got modified?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

RE: [NTSysADM] Modified date on distribution group AD object

[Heaton, Joseph@Wildlife]

I found the issue, kinda.  We’re in the midst of preparing for migration to 
O365.  We have 2 DCs in Azure, setup in the ADFS area.  One of those DCs 
touched all these objects, and changed some mail-related attributes.  The one 
that messed us up, is that it set the msExchRequireAuthToSendTo attribute to 
TRUE, not only on these 16 DLs, but apparently all of our DLs.  Bad juju, if 
you’re not actually setting up the list of accounts that have those rights.  
I’m working on figuring out how to clean up the mess now.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Thursday, October 13, 2016 12:31 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Modified date on distribution group AD object

Do you see a lot of other objects that have the same time stamp? If you 
happened to have upgraded the domain’s functional level it would have changed 
the time stamp on all objects in AD. (Anything with a newer time stamp 
notwithstanding.)

I assume that’s not it, but just in case. Other things that change the time 
stamp are OU moves, PW changes (including machine PW changes every 30 days by 
default). For groups, additions and deletions of members as well as OU moves. 
Also, ACL changes. Might that be it? Is Netwrix auditing the ACLs or just the 
members?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, October 13, 2016 11:30 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Modified date on distribution group AD object

We have 16 distribution groups that are showing the exact same Modified 
timestamp.  A couple of these are used for automated message delivery for 
different applications.  Since this change date, those messages are no longer 
being delivered.  I use Netwrix to audit things, and it doesn’t have anything 
for these distribution groups changing in that whole week.

What causes that modified timestamp to change?  Where else can I look to try 
and see what got modified?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Modified date on distribution group AD object

[Heaton, Joseph@Wildlife]

We have 16 distribution groups that are showing the exact same Modified 
timestamp.  A couple of these are used for automated message delivery for 
different applications.  Since this change date, those messages are no longer 
being delivered.  I use Netwrix to audit things, and it doesn't have anything 
for these distribution groups changing in that whole week.

What causes that modified timestamp to change?  Where else can I look to try 
and see what got modified?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] RE: Java redirection tools

[Heaton, Joseph@Wildlife]

We're having issues with our testing of FSLogix, so I was asked to get the 
names of any others.  Browsium was the one I was thinking of.

Thanks, James

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, September 01, 2016 7:57 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Java redirection tools

FSLogix and Browsium are the two I am aware of.

FSLogix can actually completely hide the old Java version from exploitation - 
Browsium just hides it from the browser.


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 01 September 2016 15:46
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Java redirection tools

It's been quite a while, but there was a discussion about tools that can be 
used to tell specific applications/websites, etc. to use a specific version of 
Java, while everything else would use the latest version.  One of the companies 
doing this is FSLogix, but I need to find the other companies that offer this 
type of product.

Anyone remember that?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Java redirection tools

[Heaton, Joseph@Wildlife]

It's been quite a while, but there was a discussion about tools that can be 
used to tell specific applications/websites, etc. to use a specific version of 
Java, while everything else would use the latest version.  One of the companies 
doing this is FSLogix, but I need to find the other companies that offer this 
type of product.

Anyone remember that?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

RE: [NTSysADM] Re: Outlook desktop alert changes

[Heaton, Joseph@Wildlife]

Mine has been doing it randomly.  Sometimes when multiple messages come in, 
sometimes when one comes in, but I haven’t looked at Inbox for a while.  Maybe 
x number of messages within a certain time frame?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kevin Lundy
Sent: Wednesday, August 17, 2016 5:22 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Re: Outlook desktop alert changes

That is what mine used to do as well.   But now it does that for individual 
messages.

On Wednesday, August 17, 2016, Brian Desmond 
> wrote:
Mine does this when a whole bunch of mail piles in at once. Otherwise I get 
individual toasts.

Thanks,
Brian Desmond

w – 312.625.1438 | c – 312.731.3132

From: 
listsad...@lists.myitforum.com
 
[mailto:listsad...@lists.myitforum.com]
 On Behalf Of Kevin Lundy
Sent: Wednesday, August 17, 2016 4:04 PM
To: 
NTSysADM@lists.myITforum.com
Subject: [NTSysADM] Outlook desktop alert changes

Since the list has been very quiet lately, I'll ask a user level question.

My Outlook 2016 has recently stopped showing a preview of the message in the 
toast desktop alert.  It now just says "there are new items in your mailbox"

Did any of the recent Office patches take away the preview capability?

Kevin

RE: [NTSysADM] A petition to Microsoft asking them to stop removing management features

[Heaton, Joseph@Wildlife]

12 down, 88 to go :)

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: Tuesday, August 02, 2016 10:56 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A petition to Microsoft asking them to stop removing 
management features

8 down, 92 more to go.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Susan Bradley
Sent: Tuesday, August 2, 2016 1:24 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] A petition to Microsoft asking them to stop removing 
management features

I'm starting a tilting at windmill/petition asking Microsoft to stop removing 
management features

https://www.change.org/p/microsoft-microsoft-end-the-bait-and-switch-stop-removing-features-in-branch-releases?recruiter=27869210_source=share_for_starters_medium=copyLink

/Feedback hub item: 
/feedback-hub:?contextid=336=247d835c-6384-4a2a-88ee-1fcacdb1ff19=1=2//
//




--
===
Guess where I was on July 20th? 
http://forms.windowsitpro.com/Windows10-Enterprise-Main
Guess where I will be October 10-13?  Hint:  It's in Las Vegas --ask me for a 
discount code for $500 off!
  

[NTSysADM] RE: Compatibility View Settings for IE11

[Heaton, Joseph@Wildlife]

Hmm, never knew about those.  Just downloaded the lot.  Thanks!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Tuesday, August 02, 2016 10:30 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Compatibility View Settings for IE11

I seem to remember that's what we used in my last project, but can't remember 
the IE version - must have been 11 though, surely

Check the Microsoft Excel GPO ADMX spreadsheet to see what it applies to, that 
particular setting

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 02 August 2016 17:54
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Compatibility View Settings for IE11

I want to deselect the box in IE 11 Compatibility Settings that states:  
Display intranet sites in Compatibility View (seen below)

[cid:image001.png@01D1ECAE.0DBA1AA0]

I want to do this through Group Policy.  I've found a setting under Computer 
Configuration - Policies - Administrative Templates - Windows Components - 
Internet Explorer - Compatibility View - Turn on Internet Explorer Standards 
Mode for local intranet.

It seems like this will do what I want, but I'm not sure that it is intended 
for IE11, or not.  Does anyone know if this is the setting I need?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Compatibility View Settings for IE11

[Heaton, Joseph@Wildlife]

I want to deselect the box in IE 11 Compatibility Settings that states:  
Display intranet sites in Compatibility View (seen below)

[cid:image001.png@01D1ECA3.CCB826A0]

I want to do this through Group Policy.  I've found a setting under Computer 
Configuration - Policies - Administrative Templates - Windows Components - 
Internet Explorer - Compatibility View - Turn on Internet Explorer Standards 
Mode for local intranet.

It seems like this will do what I want, but I'm not sure that it is intended 
for IE11, or not.  Does anyone know if this is the setting I need?

Thanks,

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
SaveOurWater.com * 
Drought.CA.gov

RE: [NTSysADM] RE: Websites that only work in a specific browser

[Heaton, Joseph@Wildlife]

Gotcha.  Policy Pak Browser Router does that type of thing, as well.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Thursday, July 28, 2016 1:33 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: Websites that only work in a specific browser

Citrix secure browser


Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From:joseph.hea...@wildlife.ca.gov
Sent:28 July 2016 8:58 p.m.
To:ntsysadm@lists.myitforum.com
Reply to:ntsysadm@lists.myitforum.com
Subject:[NTSysADM] RE: Websites that only work in a specific browser


You're not testing Browser Router, by chance, are you?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Rankin
Sent: Tuesday, July 26, 2016 3:31 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Websites that only work in a specific browser

Anyone got an example of a website that only works in a specific browser? I 
need one to test a new product...I can only think of Ladbrokes which only works 
in Chrome, but it's not really a good example for a study :)



James Rankin
EUC Solutions Architect | 07809 668579 | ja...@htguk.com
One Trinity Green, Eldon Street, South Shields, Tyne & Wear, NE33 1SA
Tel: 0191 481 3446

[NTSysADM] RE: Websites that only work in a specific browser

[Heaton, Joseph@Wildlife]

You're not testing Browser Router, by chance, are you?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Tuesday, July 26, 2016 3:31 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Websites that only work in a specific browser

Anyone got an example of a website that only works in a specific browser? I 
need one to test a new product...I can only think of Ladbrokes which only works 
in Chrome, but it's not really a good example for a study :)



James Rankin
EUC Solutions Architect | 07809 668579 | ja...@htguk.com
One Trinity Green, Eldon Street, South Shields, Tyne & Wear, NE33 1SA
Tel: 0191 481 3446

RE: [NTSysADM] Powershell help

[Heaton, Joseph@Wildlife]

Thanks guys.  I found a script online that I was able to adjust a bit and it 
worked.

Still amazes me how many ways there are to skin a cat with Powershell.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Emin
Sent: Thursday, July 28, 2016 8:15 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Powershell help

Hi,
Replace
-Properties userPrincipalName
by
-Properties *
http://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx

Get-ADUser -Filter * -SearchBase 'ou=xxx,ou=xxx,ou=xxx,dc=xxx,dc=local' 
-Properties * |
% {
 try {
  $_ | Set-ADUser -UserPrincipalName "$($_.EmailAddress)" -ErrorAction Stop
 } catch {
  Write-Warning -Message "Failed because $($_.Exception.Message)"
 }
}

On Wed, Jul 27, 2016 at 4:27 AM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
I’m trying to set my users’ userPrincipalName to be the same as the 
emailaddress.  Here’s the snippet I’m trying to use:

Get-ADUser -Filter * -SearchBase 'ou=xxx,ou=xxx,ou=xxx,dc=xxx,dc=local' 
-Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName 
"$($_.emailaddress)"}

I know that last bit is wrong, I keep getting errors.  I’ve tried as-is, and 
$($_.emailaddress)}

Anyone have any advice?  I can’t think of any other attribute that has the same 
format as the email address (first.last).



Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284<tel:%28916%29%20323-1284>

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Powershell help

[Heaton, Joseph@Wildlife]

I'm trying to set my users' userPrincipalName to be the same as the 
emailaddress.  Here's the snippet I'm trying to use:

Get-ADUser -Filter * -SearchBase 'ou=xxx,ou=xxx,ou=xxx,dc=xxx,dc=local' 
-Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName 
"$($_.emailaddress)"}

I know that last bit is wrong, I keep getting errors.  I've tried as-is, and 
$($_.emailaddress)}

Anyone have any advice?  I can't think of any other attribute that has the same 
format as the email address (first.last).



Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

RE: [NTSysADM] Enterprise Admin best practice

[Heaton, Joseph@Wildlife]

What do you do about applications that “need” domain admin rights?  I think 
this is simply lazy coding on the vendors’ part, but sometimes we just can’t 
get the dang things working without DA.  That’s our weakest point, we have a 
ton of service accounts in the DA group.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Wednesday, June 29, 2016 7:22 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Enterprise Admin best practice

That’s more generous than what we do.

The Enterprise and Schema Admins groups are empty, enforced by a Restricted 
Groups GPO setting. There is another one of these that limits membership in 
Domain Admins to just the 5 of us who are supposed to be. In the rare case 
where something needs Enterprise or Schema Admin rights, we temporarily add one 
of the domain admins via the respective Restricted Group setting.

We only have one large domain, which makes this quite feasible. Possibly a more 
complex forest wouldn’t be.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, June 28, 2016 5:49 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Enterprise Admin best practice

I remember hearing, I believe on this list, that the best practice for the 
Enterprise Admin role was to only have a service account in that role, with a 
very complex password, that is written down and locked in a file cabinet.  I’ve 
just implemented that, but now I’m getting blowback.  Does anyone have anything 
in writing that talks about this process, and that yes, this is best practice?

Thanks,

Joe Heaton

RE: [NTSysADM] Enterprise Admin best practice

[Heaton, Joseph@Wildlife]

I had a talk with the other admin, and now the Enterprise Admin and Schema 
Admin groups are empty.  Thanks all!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Richard Stovall
Sent: Wednesday, June 29, 2016 2:49 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Enterprise Admin best practice


That's what I recall the recommendation to be.
On Jun 29, 2016 10:29 AM, "Charles F Sullivan" 
<charles.sulliva...@bc.edu<mailto:charles.sulliva...@bc.edu>> wrote:
That’s more generous than what we do.

The Enterprise and Schema Admins groups are empty, enforced by a Restricted 
Groups GPO setting. There is another one of these that limits membership in 
Domain Admins to just the 5 of us who are supposed to be. In the rare case 
where something needs Enterprise or Schema Admin rights, we temporarily add one 
of the domain admins via the respective Restricted Group setting.

We only have one large domain, which makes this quite feasible. Possibly a more 
complex forest wouldn’t be.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, June 28, 2016 5:49 PM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Enterprise Admin best practice

I remember hearing, I believe on this list, that the best practice for the 
Enterprise Admin role was to only have a service account in that role, with a 
very complex password, that is written down and locked in a file cabinet.  I’ve 
just implemented that, but now I’m getting blowback.  Does anyone have anything 
in writing that talks about this process, and that yes, this is best practice?

Thanks,

Joe Heaton

[NTSysADM] RE: Enterprise Admin best practice

[Heaton, Joseph@Wildlife]

History, and come to find out the old team lead had used that group for file 
access somewhere.  Thanks for the link, I'm going to download that so I can 
defend my position if it comes to that.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Tuesday, June 28, 2016 3:04 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Enterprise Admin best practice

What's the blowback?

There are very few things that require that level of permission. But there are 
a few.

See Appendices B - H in this whitepaper:

https://technet.microsoft.com/en-us/library/dn487446.aspx


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, June 28, 2016 5:49 PM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] Enterprise Admin best practice

I remember hearing, I believe on this list, that the best practice for the 
Enterprise Admin role was to only have a service account in that role, with a 
very complex password, that is written down and locked in a file cabinet.  I've 
just implemented that, but now I'm getting blowback.  Does anyone have anything 
in writing that talks about this process, and that yes, this is best practice?

Thanks,

Joe Heaton

[NTSysADM] Enterprise Admin best practice

[Heaton, Joseph@Wildlife]

I remember hearing, I believe on this list, that the best practice for the 
Enterprise Admin role was to only have a service account in that role, with a 
very complex password, that is written down and locked in a file cabinet.  I've 
just implemented that, but now I'm getting blowback.  Does anyone have anything 
in writing that talks about this process, and that yes, this is best practice?

Thanks,

Joe Heaton

[NTSysADM] RE: Microsoft buys Linkedin

[Heaton, Joseph@Wildlife]

LOL!  Now, that's funny!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Wednesday, June 15, 2016 4:59 AM
To: 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: Microsoft buys Linkedin

Not sure what to think, but I believe the new Windows 10 BSOD is related.

[cid:image001.jpg@01D1C6D5.8A1BB3A0]

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, June 14, 2016 3:27 PM
To: 'NT System Admin Issues Discussion list'
Subject: [NTSysADM] Microsoft buys Linkedin

Opinions?

https://redmondmag.com/blogs/the-schwartz-report/2016/06/microsoft-acquires-linkedin.aspx



Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> * 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Microsoft buys Linkedin

[Heaton, Joseph@Wildlife]

Opinions?

https://redmondmag.com/blogs/the-schwartz-report/2016/06/microsoft-acquires-linkedin.aspx



Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[NTSysADM] What do I lose if my MELA expires?

[Heaton, Joseph@Wildlife]

Subject says it all.  If our MELA expires, without a renewal/new agreement in 
place, what do I lose?


Joe Heaton

[NTSysADM] RE: OTish Back hoe bingo.

[Heaton, Joseph@Wildlife]

YAHTZEE!!!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Friday, May 20, 2016 1:01 PM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] OTish Back hoe bingo.


So you might remember a few months ago where at one of our buildings the 
electric company came out and back hoe'd our fiber.  Later that day the fiber 
company came out to fix it and back hoe'd the electric lines.

Yesterday at one of my son's companies, Binary Defense Systems in Hudson, the 
gas company sent out multiple crews to work in his area. One hit his primary 
fiber, one hit his backup fiber and one hit his last chance cable connection.  
And they ripped open a water main that flooded the basement of the building.

[NTSysADM] RE: Windows 10 Tech Preview for Enterprise

[Heaton, Joseph@Wildlife]

Thanks for this.  It was even easier than that.  Never asked me for a Microsoft 
ID, so I guess they changed it already.  Joined up fine and easy.  It is 
definitely going to take some time to get used to.  I've been working with 
Server 2012 and 2012 R2, so I'm not starting from scratch, but still...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kennedy, Jim
Sent: Friday, January 16, 2015 1:17 PM
To: NT System Admin Issues Discussion list
Subject: [NTSysADM] RE: Windows 10 Tech Preview for Enterprise

You can join a domain and you can install it without a MS ID.

http://www.baldnerd.com/install-windows-10-without-a-microsoft-account/


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, January 16, 2015 4:14 PM
To: NT System Admin Issues Discussion list
Subject: [NTSysADM] Windows 10 Tech Preview for Enterprise

Is this able to join a domain?  I was reading that you have to login with a 
Microsoft ID, so wasn't sure if you could join and test domain stuff.

Joe Heaton
Enterprise Server Support
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk: 916-323-1284

[NTSysADM] Windows 10 Tech Preview for Enterprise

[Heaton, Joseph@Wildlife]

Is this able to join a domain?  I was reading that you have to login with a 
Microsoft ID, so wasn't sure if you could join and test domain stuff.

Joe Heaton
Enterprise Server Support
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk: 916-323-1284

RE: [NTSysADM] RE: files not showing

[Heaton, Joseph@Wildlife]

I have that one pinned up on my cubicle wall.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Maglinger, Paul
Sent: Wednesday, December 31, 2014 9:44 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] RE: files not showing

[cid:image001.jpg@01D02665.15E90710]

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Wednesday, December 31, 2014 11:38 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] RE: files not showing

Yep.
I totally agree.


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of James Button
Sent: Wednesday, December 31, 2014 12:32 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: files not showing

So,
YOU have found out WHY it happens

Seems to me that YOU need to pose problems for some of your junior team members

I used to find that it was good practice to have the junior members of the team 
demonstrate their comprehension of the techniques I had shown them by having to 
pass on that knowledge to other team members.

Also some good natured competiveness within the team can help morale (and make 
people careful about leaving themselves open to being the butt of the day’s 
comedy ( facebook))

JimB

Sadist by nature, just grew into the team leader position!


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Link
Sent: Wednesday, December 31, 2014 5:16 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: files not showing

Just remember you get more with a kind word and clue-by-four than just a kind 
word.

On Wed, Dec 31, 2014 at 11:35 AM, David McSpadden 
dav...@imcu.commailto:dav...@imcu.com wrote:
Damn you!
Shut your filthy mouth!
☺
The bad thing is these are the people in my department.
(The IS/HelpDesk/Exchange Admin/Database Admin/Security/Systems Admin 
Department!)
At this point I can only blame myself for not training them better.


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Wednesday, December 31, 2014 11:32 AM

To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: files not showing

But tomorrow is the first day of the new year, and it all starts over again ☺

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Wednesday, December 31, 2014 6:07 AM
To: 'ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] RE: files not showing

I am so glad this is the last day of the year.
Turns out User A (windows 7, 32bit) opens a network folder to ‘see’ if files 
have been downloaded yet.
User A leaves said folder open and leaves for the day.
User A then dials in the following morning and sees files from previous day (No 
refreshing or closing and opening network folder.)
User B, C, D, etc…. open folder and see 0 files but User A still sees 3 files 
from previous day.

….

Refreshing User A’s network folder or closing and opening User A’s network 
folder resolves the issue.


I am very sorry for wasting your very valuable time.
Again
I am so glad this is the last day of the year.

Thank you for your input.


From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Gavin Wilby
Sent: Wednesday, December 31, 2014 9:01 AM
To: 'ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] RE: files not showing

Service pack, operating system,…

Gavin Wilby
IT Support Engineer

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Woody Blackman
Sent: 31 December 2014 13:57
To: 'ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com'
Subject: [NTSysADM] RE: files not showing

Permissions/ACLs, ABE settings, Client side Windows Explorer/SAMBA settings, 
they need new glasses?  - A little more detail as to the environment would be 
helpful.  What clients, what server, share settings, is DFS or Branch Cache 
involved?

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Wednesday, December 31, 2014 5:33 AM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] files not showing

Why can I see some files in a network folder but my fellow employees can not  
see the files.


This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union

RE: [NTSysADM] Dead body Wednesday report:

[Heaton, Joseph@Wildlife]

We never push patches on Patch Tuesday.  I wait a few days, at least, watching 
this list, as well as a couple of others.  If I don't hear any grumbling, then 
I push patches to my test group.  They have 2-3 weeks to play with the patches, 
to see if there are any issues.  If not, we push to the department.  Our cycle 
means desktops get patches about a month after they're released.  I don't 
particularly like waiting that long, but that decision was taken out of my 
hands.  Obviously, out-of-band, critical patches are evaluated and deployed 
much faster.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of J- P
Sent: Wednesday, December 10, 2014 12:59 PM
To: NT
Subject: RE: [NTSysADM] Dead body Wednesday report:

+1

Its gotten to the point that i'm contemplating converting patch Tuesday into a 
month-end process

I honestly don't know what is worse,  installing a faulty update vs remaining 
exposed




Subject: RE: [NTSysADM] Dead body Wednesday report:
Date: Wed, 10 Dec 2014 15:45:13 -0500
From: sc...@severnbank.commailto:sc...@severnbank.com
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Sure would be nice if Microsoft went back to testing their updates before 
unleashing them on us. And if they still are how could these get past software 
QA?


Steve Cain
Sr. System Administrator

-Original Message-
From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Susan Bradley
Sent: Wednesday, December 10, 2014 3:34 PM
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Dead body Wednesday report:

MS14-080 reports of IE 9 crashing after install of update - see
http://marc.info/?l=patchmanagementm=141823405324402w=2

Root cert update KB3004394 causing issues for Windows 7 and Server 2008R2 see
http://www.infoworld.com/article/2858014/operating-systems/botched-kb-3004394-triggers-uacs-diagnostic-tool-error-0x8000706f7-amd-catalyst-driver-fail-defende.html

MS14-075 Exchange 2010 sp3 update rollup 8  pulled see 
http://blogs.technet.com/b/exchange/archive/2014/12/09/exchange-releases-december-2014.aspx

--
Susan Bradley
http://blogs.msmvps.com/bradley
http://www.runasradio.com/default.aspx?showNum=390

[NTSysADM] RE: Firewalls / Web filtering

[Heaton, Joseph@Wildlife]

We're currently using ASAs and Websense.  Being forced to migrate to Palo Alto 
within the next 6 months or so.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Stefan Jafs
Sent: Wednesday, December 03, 2014 8:52 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Firewalls / Web filtering

I'm going around in circles trying to make a decision on a new Firewall and Web 
filtering appliance.

We currently have the SonicWall NSA240 * 2 for HA and iPrism for Webfiltering. 
We have increased our speed on Rogers fibre to 200 / 200 Mbs, the SonicWall is 
only 100 Mbs. Also the iPrism can't handle our 300 + users any more, delays 
when trying to open a web page.

So I have been looking at Cisco ASA, upgraded SonicWall, Barracuda, Fortinet 
and Sophos SG 330.

Cisco - looks very complicated to setup and $$$
SonicWall - probably ok with a separate Web filtering appliance, easy to 
install can upgrade current configs.
Barracuda - looks good, Googling and reviews not so good.
Fortinet - looks ok
Sophos - looks good on paper and I already have Sophos endpoint protection, 
leaning towards this solution.

Anyone that can give me real hands on recommendations?

Thanks

__
Stefan Jafs

RE: [NTSysADM] MS14-066 - secure channel vulnerability

[Heaton, Joseph@Wildlife]

What about web machines behind say, TMG?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Wednesday, November 12, 2014 5:57 PM
To: ntsysadm
Subject: Re: [NTSysADM] MS14-066 - secure channel vulnerability

There's nothing in the wild *as yet*, but given the wormable potential, I would 
expect exploit code within 4-6 business days.

Patch perimeter exposed systems as soon as you can, and work from there.

Be advised that if a client system gets hit, it will be able to hit all the 
systems that it has access to within your network.

Regards,






ASB
http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker
Providing Virtual CIO Services (IT Operations  Information Security) for the 
SMB market...




On Wed, Nov 12, 2014 at 3:06 PM, geoff taylor 
geoff_tay...@sympatico.camailto:geoff_tay...@sympatico.ca wrote:
Looking for opinions on how urgent this is, and your plan of attack.
No shortage of people crying Wolf.  As usual SANs is balanced and sane 
recognizing the possible severe implications and yet acknowledging that a well 
thought out patching approach (expedited perhaps) is the best defense.

http://preview.tinyurl.com/phz3my4

gt

RE: [NTSysADM] Size on Disk HUGE discrepancy

[Heaton, Joseph@Wildlife]

Because you're taking it out of a deduplicated location.  Read the article 
about the blocks being moved into the System area.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of J- P
Sent: Friday, October 31, 2014 10:27 AM
To: NT
Subject: RE: [NTSysADM] Size on Disk HUGE discrepancy

I can open the files, using domain admin, full permissions-
When i copy it to the desktop or any other location  , both sizes are then 
accurate


Jean-Paul Natola



Date: Fri, 31 Oct 2014 11:43:52 -0400
From: arnol...@optonline.netmailto:arnol...@optonline.net
Subject: RE: [NTSysADM] Size on Disk HUGE discrepancy
To: ntsysadm@lists.myitforum.commailto:ntsysadm@lists.myitforum.com
Definitely strange. What are the file sizes? I have 1,000 and total over 2.3 
GB of space. Can you open the files? Try and copy them to a USB stick and see 
what shows.

Regards,
Hank Arnold
[MVP Logo_Small]
Consumer Security

There are 10 kinds of people in the world...
Those who understand binary and those who don't.

My Blog: http://it.toolbox.com/blogs/personal-pc-assistant/
Twitter: @Hank_PCDoc
Facebook: https://www.facebook.com/hank.arnold.96

From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of J- P
Sent: Thursday, October 30, 2014 2:15 PM
To: NT
Subject: [NTSysADM] Size on Disk HUGE discrepancy

Hi all,

this may seem trivial ,however, this particular situation has me concerned;

We have a photo archive that's been around for about 15 years- it started on a 
2k server, moved to a 2003,2008 and now its on a 2012r2 server.

I know the norm is that the size on disk would be a bit bigger than size 
due to file system, cluster size etc..
but in this case its the reverse, and by A LOT, and NO, compression is not 
enabled

The directory 112 Gb, and contains 20,029 files and 414 folders, now size on 
disk only reports 26.3 MB (27,607,040 bytes) thats MEGS, NOT GIGS

Is this something to be alarmed with?

[NTSysADM] Security training

[Heaton, Joseph@Wildlife]

There's a new position being created in my organization that is supposed to 
be an infosec type of position.  My manager had told me to look into CISSP 
training/certification.  I know that's the pinnacle, and beyond the normal 
day-to-day stuff of being a systems administrator, working with a Windows 
domain, etc, I don't have a lot of hands-on in the trenches type of experience 
with security like I think they look for at that level.  But, I was thinking 
that the SSCP may be a good way to get my feet wet, and start working towards 
CISSP.  Any thoughts/advice/tips on that idea?  I've been working with networks 
since 1999, was CNE for Intranetware 4.11, and upgraded that to 5, but haven't 
touched Novell since.  I was MCSE for NT4, and never upgraded certs after that. 
 I've worked with Microsoft products from NT4 and up, we're currently upgrading 
our servers to 2012R2 now.  I've been the one-man shop, doing networking, and 
servers, and I've been part of a team doing just servers.  Anyway, I'm going to 
keep digging into requirements, etc, and looking for training materials, so if 
anyone has thoughts on that stuff as well, I'd be very appreciative.

Thanks,

Joe Heaton
Enterprise Server Support
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284

RE: [NTSysADM] Security training

[Heaton, Joseph@Wildlife]

That’s a good question, Erik.  Certification aside, would Shon Harris’ book be 
a good starting point to get the information that is tested overall?  I’m 
reading and hearing that her book(s) are the standard.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Erik Goldoff
Sent: Thursday, October 16, 2014 7:37 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Security training

Bear in mind the CISSP is a more vendor neutral, less technical certification 
that covers a broad scope of security issues (10 domains when I tested in 2012) 
to include physical security, business continuity, etc.

Do you want a security certification from the consultant/management perspective 
(CISSP) or more from a technical/engineer perspective (SANS) ?
The certification track you choose should depend very much on your career goals 
and job requirements.

On Thu, Oct 16, 2014 at 9:53 AM, Heaton, Joseph@Wildlife 
joseph.hea...@wildlife.ca.govmailto:joseph.hea...@wildlife.ca.gov wrote:
There’s a new position being created in my organization that is “supposed” to 
be an infosec type of position.  My manager had told me to look into CISSP 
training/certification.  I know that’s the pinnacle, and beyond the normal 
day-to-day stuff of being a systems administrator, working with a Windows 
domain, etc, I don’t have a lot of hands-on in the trenches type of experience 
with security like I think they look for at that level.  But, I was thinking 
that the SSCP may be a good way to get my feet wet, and start working towards 
CISSP.  Any thoughts/advice/tips on that idea?  I’ve been working with networks 
since 1999, was CNE for Intranetware 4.11, and upgraded that to 5, but haven’t 
touched Novell since.  I was MCSE for NT4, and never upgraded certs after that. 
 I’ve worked with Microsoft products from NT4 and up, we’re currently upgrading 
our servers to 2012R2 now.  I’ve been the one-man shop, doing networking, and 
servers, and I’ve been part of a team doing just servers.  Anyway, I’m going to 
keep digging into requirements, etc, and looking for training materials, so if 
anyone has thoughts on that stuff as well, I’d be very appreciative.

Thanks,

Joe Heaton
Enterprise Server Support
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284tel:%28916%29%20323-1284

RE: [NTSysADM] password expiration notices

[Heaton, Joseph@Wildlife]

Here's the default one.  Found in one of the sections we hadn't customized yet:

Hi Joseph,

 Your password for account JHeaton expires in 0 day(s). Please change the 
password as soon as possible to prevent further logon problems.

 Thank you!

 
 This is an automatically generated message from NetWrix Password Expiration 
Notifier.

 -Original Message-
 From: listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
 Sent: Thursday, August 14, 2014 8:48 AM
 To: 'ntsysadm@lists.myitforum.com'
 Subject: RE: [NTSysADM] password expiration notices
 
 That looks to be the admin report.  What's the user's email look like?  That
 was the one causing us issues.
 
 --
 There are 10 kinds of people in the world...
  those who understand binary and those who don't.
 
 
 -Original Message-
 From: listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
 Sent: Thursday, August 14, 2014 11:08 AM
 To: ntsysadm@lists.myitforum.com
 Subject: RE: [NTSysADM] password expiration notices
 
 The have taken those out, here's what it looks like these days (formatting
 screwy due to my cut and paste, the actual email is nicely HTML
 formatted):
 
 Passwords and/or accounts of the following users are about to expire:
 User name -Email  Expires in
 Steve steve@mydomain;4 day(s): password
 MBS  mbs@mydomain; 4 day(s): password
 Shook Shook@mydomain; 10 day(s): password
 
 --
 This is an automatically generated message (w7-management.mydomain)
 from NetWrix Password Expiration Notifier. Please visit www.netwrix.com
 for more products and updates.
 
 
 
 Dave
 
  We tried that for a while.  The challenge that we ran into was that at
  least at that time the email included links to their reset tools,
  etc., which didn't work (obviously) and couldn't be removed.  They
  created lots of confusion for our users, despite our repeated efforts
  to explain that the links were not valid and could and should be
  ignored.  You can probably imagine how well that went. :)
 
 
  --
  There are 10 kinds of people in the world...
   those who understand binary and those who don't.
 
 
  -Original Message-
  From: listsad...@lists.myitforum.com
  [mailto:listsad...@lists.myitforum.com] On Behalf Of John Cook
  Sent: Thursday, August 14, 2014 10:49 AM
  To: ntsysadm@lists.myitforum.com
  Subject: RE: [NTSysADM] password expiration notices
 
  So I had to check Netwrix out - there's a 100 user limit on the
  freeware version. Other than that it looks pretty good.
 
   John W. Cook
  Director of Network Operations
  Partnership For Strong Families
  5950 NW 1st Place
  Gainesville, Fl 32607
  Office (352) 244-1610
  Cell (352) 215-6944
 
  MCSE, MCP+I, MCTS,
  CompTIA  A+, N+, Security +
  VSP4, VTSP4
 
 
 
 
  -Original Message-
  From: listsad...@lists.myitforum.com
  [mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
  Sent: Thursday, August 14, 2014 10:16 AM
  To: ntsysadm@lists.myitforum.com
  Subject: RE: [NTSysADM] password expiration notices
 
  Agreed. In this regard Netwrix has been better than most, I've been
  using this free app for over a year and don't recall getting any calls.
 
  Emails are easy enough to unsubscribe/filter.
 
  Dave
 
  I hate these free apps that require I register and provide contact
  information. They always lead to calls and e-mails I'm not interested
  in and they often turn into aggressive sales pitches.
 
  Regards,
  Hank Arnold
 
  Consumer Security
 
  There are 10 kinds of people in the world...
  Those who understand binary and those who don't.
 
  My Blog: http://it.toolbox.com/blogs/personal-pc-assistant/
  Twitter: @Hank_PCDoc
  Facebook: https://www.facebook.com/hank.arnold.96
 
  -Original Message-
  From: listsad...@lists.myitforum.com
  [mailto:listsad...@lists.myitforum.com]
  On Behalf Of Dave Lum
  Sent: Wednesday, August 13, 2014 10:29 AM
  To: ntsysadm@lists.myitforum.com
  Subject: Re: [NTSysADM] password expiration notices
 
  I use Netwrix free password expiration tool. it notifies the user and
  optionally an administrator, so the user gets hey your password
  expires in x' days and you as an admin get a list of whose password
  expires soon.
 
  Uses task scheduler and can run on a Win7 box or a server OS.
 
  I used to use a PowerShell script that I kyped from someplace.
 
  Dave
 
  Hi all,
 
  I have a client that has an SBS 2011 network.  One of the owners
  claims that they no longer get notifications that passwords are
  expiring.  They said the other owner thinks he isn't getting them
  either.  I can't figure out how to track if this is true or they
  just don't notice the bubble pop up that happens with windows 7.
  The XP notification was much more unavoidable.  Is there 

RE: [NTSysADM] password expiration notices

[Heaton, Joseph@Wildlife]

Here's what ours looks like.  I have customized it from the default, but I 
don't remember any propaganda in it.

Hi Joseph,

 Your password for account JHeaton expires in 0 day(s). Please change the 
password as soon as possible to prevent further logon problems.

 If connected to the network, press CTRL-ALT-DEL, and choose Change Password. 
Then follow the on-screen prompts.

 If remote, follow the above steps, ensuring you are connected through the VPN 
first.

 If you have a department issued smartphone, once you change your password, you 
will need to enter it on the phone as well.

 If you need any assistance, please contact the Helpdesk: 916-123-5684.

 Thank you,

 Your System Administrator

 -Original Message-
 From: listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com] On Behalf Of Melvin Backus
 Sent: Thursday, August 14, 2014 8:48 AM
 To: 'ntsysadm@lists.myitforum.com'
 Subject: RE: [NTSysADM] password expiration notices
 
 That looks to be the admin report.  What's the user's email look like?  That
 was the one causing us issues.
 
 --
 There are 10 kinds of people in the world...
  those who understand binary and those who don't.
 
 
 -Original Message-
 From: listsad...@lists.myitforum.com
 [mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
 Sent: Thursday, August 14, 2014 11:08 AM
 To: ntsysadm@lists.myitforum.com
 Subject: RE: [NTSysADM] password expiration notices
 
 The have taken those out, here's what it looks like these days (formatting
 screwy due to my cut and paste, the actual email is nicely HTML
 formatted):
 
 Passwords and/or accounts of the following users are about to expire:
 User name -Email  Expires in
 Steve steve@mydomain;4 day(s): password
 MBS  mbs@mydomain; 4 day(s): password
 Shook Shook@mydomain; 10 day(s): password
 
 --
 This is an automatically generated message (w7-management.mydomain)
 from NetWrix Password Expiration Notifier. Please visit www.netwrix.com
 for more products and updates.
 
 
 
 Dave
 
  We tried that for a while.  The challenge that we ran into was that at
  least at that time the email included links to their reset tools,
  etc., which didn't work (obviously) and couldn't be removed.  They
  created lots of confusion for our users, despite our repeated efforts
  to explain that the links were not valid and could and should be
  ignored.  You can probably imagine how well that went. :)
 
 
  --
  There are 10 kinds of people in the world...
   those who understand binary and those who don't.
 
 
  -Original Message-
  From: listsad...@lists.myitforum.com
  [mailto:listsad...@lists.myitforum.com] On Behalf Of John Cook
  Sent: Thursday, August 14, 2014 10:49 AM
  To: ntsysadm@lists.myitforum.com
  Subject: RE: [NTSysADM] password expiration notices
 
  So I had to check Netwrix out - there's a 100 user limit on the
  freeware version. Other than that it looks pretty good.
 
   John W. Cook
  Director of Network Operations
  Partnership For Strong Families
  5950 NW 1st Place
  Gainesville, Fl 32607
  Office (352) 244-1610
  Cell (352) 215-6944
 
  MCSE, MCP+I, MCTS,
  CompTIA  A+, N+, Security +
  VSP4, VTSP4
 
 
 
 
  -Original Message-
  From: listsad...@lists.myitforum.com
  [mailto:listsad...@lists.myitforum.com] On Behalf Of Dave Lum
  Sent: Thursday, August 14, 2014 10:16 AM
  To: ntsysadm@lists.myitforum.com
  Subject: RE: [NTSysADM] password expiration notices
 
  Agreed. In this regard Netwrix has been better than most, I've been
  using this free app for over a year and don't recall getting any calls.
 
  Emails are easy enough to unsubscribe/filter.
 
  Dave
 
  I hate these free apps that require I register and provide contact
  information. They always lead to calls and e-mails I'm not interested
  in and they often turn into aggressive sales pitches.
 
  Regards,
  Hank Arnold
 
  Consumer Security
 
  There are 10 kinds of people in the world...
  Those who understand binary and those who don't.
 
  My Blog: http://it.toolbox.com/blogs/personal-pc-assistant/
  Twitter: @Hank_PCDoc
  Facebook: https://www.facebook.com/hank.arnold.96
 
  -Original Message-
  From: listsad...@lists.myitforum.com
  [mailto:listsad...@lists.myitforum.com]
  On Behalf Of Dave Lum
  Sent: Wednesday, August 13, 2014 10:29 AM
  To: ntsysadm@lists.myitforum.com
  Subject: Re: [NTSysADM] password expiration notices
 
  I use Netwrix free password expiration tool. it notifies the user and
  optionally an administrator, so the user gets hey your password
  expires in x' days and you as an admin get a list of whose password
  expires soon.
 
  Uses task scheduler and can run on a Win7 box or a server OS.
 
  I used to use a PowerShell script that I kyped from someplace.
 
  Dave
 
  Hi all,
 
  I have a client that has an SBS 2011