Re: [NTSysADM] Re: Advice: migrate to new file server - UPDATE

[Micheal Espinola Jr]

If its a matter of keeping the logs, you could post-process the log file
afterward and strip out all the garbage.

--
Espi


On Tue, Feb 6, 2018 at 6:33 AM, Michael Leone <oozerd...@gmail.com> wrote:

> Thanks. Yeah, I've seen it. It says:
>
> It seems that the /MIR option ignores the logging options. Also /MT messes
> it up. The only way I got working was " D:\robocopy>robocopy source
> destination /MIR /W:3 /R:100 /NS /NC /NFL /NDL /NP /LOG:log.txt". If you
> try /MT, it will still show the silly 100%
>
> So I may be out of luck. I like that multi-threading, it really seemed to
> speed things up for me. So I may have to live with the lines. I'll find out
> this weekend, when I run the /MIR /MT run again. I will try the /NC /NS
>
> On Tue, Feb 6, 2018 at 8:47 AM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> This may be helpful to you:
>>
>> https://superuser.com/questions/511702/how-do-i-hide-extra-
>> file-and-100-lines-from-robocopy-output
>>
>> --
>> Espi
>>
>>
>> On Tue, Feb 6, 2018 at 5:18 AM, Michael Leone <oozerd...@gmail.com>
>> wrote:
>>
>>> On Mon, Feb 5, 2018 at 7:01 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>>>
>>>> Right you are...
>>>>
>>>> But, if you want to see output on the console, and still log to a text
>>>> file, use both the /np and /tee switches.
>>>>
>>>
>>>
>>> In my case, I don't, as the job executes as a scheduled task, so no need
>>> for outputting to the console. I just want to see the log afterwards. I
>>> search it for "error". But it would help to not have a millions lines of
>>> "100%" in the log ...
>>>
>>>
>>> I do that with some regularity for small jobs like this.
>>>>
>>>
>>>> Kurt
>>>>
>>>> On Mon, Feb 5, 2018 at 3:49 PM, Micheal Espinola Jr <
>>>> michealespin...@gmail.com> wrote:
>>>>
>>>>> /NP is for the console display of progress.  As long as you are not
>>>>> logging by way of redirected output, this would have no effect.
>>>>>
>>>>> --
>>>>> Espi
>>>>>
>>>>>
>>
>

Re: [NTSysADM] Re: Advice: migrate to new file server - UPDATE

[Micheal Espinola Jr]

This may be helpful to you:

https://superuser.com/questions/511702/how-do-i-hide-extra-file-and-100-lines-from-robocopy-output

--
Espi


On Tue, Feb 6, 2018 at 5:18 AM, Michael Leone <oozerd...@gmail.com> wrote:

> On Mon, Feb 5, 2018 at 7:01 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>
>> Right you are...
>>
>> But, if you want to see output on the console, and still log to a text
>> file, use both the /np and /tee switches.
>>
>
>
> In my case, I don't, as the job executes as a scheduled task, so no need
> for outputting to the console. I just want to see the log afterwards. I
> search it for "error". But it would help to not have a millions lines of
> "100%" in the log ...
>
>
> I do that with some regularity for small jobs like this.
>>
>
>> Kurt
>>
>> On Mon, Feb 5, 2018 at 3:49 PM, Micheal Espinola Jr <
>> michealespin...@gmail.com> wrote:
>>
>>> /NP is for the console display of progress.  As long as you are not
>>> logging by way of redirected output, this would have no effect.
>>>
>>> --
>>> Espi
>>>
>>>

Re: [NTSysADM] Advice: migrate to new file server

[Micheal Espinola Jr]

Kicking it old-school:  I always set my optical drive to O:.  I avoid Z:
and, well, optical discs are circular so...

--
Espi


On Mon, Jan 29, 2018 at 7:23 PM, Kurt Buff  wrote:

> Youngsters these days...
>
> If I change the DVD/CD drive letter, I change it to Y:, because long
> ago, under some really old version of windows (3.1? wfwg 3.1x? I'm
> getting old - get off my lawn) logon scripts used Z:.
>
> You can find a vague reference to it here:
> http://www.oreilly.com/openbook/samba/book/ch06_06.html
>
> Heh.
>
> Kurt
>
> On Mon, Jan 29, 2018 at 2:42 PM, Dave Lum  wrote:
> > My typical buildout:
> >
> > Anything with a user share (other than a domain controller) gets a
> separate volume than the OS and the files live there. Database servers get
> at least two additional (logs for one, DB for the other). Server hosting
> applications with a lot of read/writes and or file growth get an additional
> volume as this allows easy movement/growth/reallocation of data volumes
> without impacting the host OS. Doing a file recovery can be simplified with
> this setup as there's lower risk of restoring the wrong applicaiotn
> file/setting*
> >
> > Single volume systems are infrastructure stuff like domain controllers,
> DHCP servers, and print server (depending on its load and if it's not also
> a file server).
> >
> > My OCD also sets the DVD drive to Z: so adding other drive letters is
> contiguous.
> >
> > Dave
> > * This is probably legacy thinking as I haven't run into this in many,
> many years.
> >
> >
> > -Original Message-
> > From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kurt Buff
> > Sent: Monday, January 29, 2018 2:10 PM
> > To: ntsysadm 
> > Subject: Re: [NTSysADM] Advice: migrate to new file server
> >
> > Don't know about everybody, but I do it - because I hate it when someone
> copies a ton of big files to the driver that data shares with the OS, and
> the machine chokes. Makes for a very unpleasant time for the users.
> >
> > I've also had to do this on machines with hyperactive print queues.
> > Now, if I'm building a print server, the spool directory goes on a
> separate partition - doesn't really matter how big the partition is, even
> just a few gigs, as long as it doesn't share the OS partition.
> >
> > Kurt
> >
> > On Mon, Jan 29, 2018 at 1:40 PM, Gantry Zettler 
> wrote:
> >> "I'm hoping that the data is on a separate partition from the OS.
> >> That's pretty critical. "
> >>
> >> Is this what everyone else does?  Even on VMs?
> >>
> >>
> >>
> >> On Mon, Jan 29, 2018 at 3:16 PM, Melvin Backus
> >> 
> >> wrote:
> >>>
> >>> Ditto. I usually do this over a span of days or weeks. Big initial
> >>> copy, then incrementals periodically depending on normal usage, etc.
> >>> Last pass as I’m ready to make the move.  By that time we’re talking
> >>> about a few minutes because everything should be the same anyway,
> >>> just the time to scan the file systems.
> >>>
> >>>
> >>>
> >>> --
> >>> There are 10 kinds of people in the world...
> >>>  those who understand binary and those who don't.
> >>>
> >>>
> >>>
> >>> ¯\_(ツ)_/¯
> >>>
> >>>
> >>>
> >>> From: listsad...@lists.myitforum.com
> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F
> >>> Sullivan
> >>> Sent: Monday, January 29, 2018 2:58 PM
> >>> To: ntsysadm@lists.myitforum.com
> >>> Subject: Re: [NTSysADM] Advice: migrate to new file server
> >>>
> >>>
> >>>
> >>> I always use the /mir option when doing a migration like that. The
> >>> reason is I have to do a "big" initial copy and then at least one
> >>> delta copy. (I usually do the final copy after removing access by
> >>> changing share perms or removing the share entirely so no further
> >>> changes are made.) If I don't use the /mir option, users will likely
> >>> end up with data that is no longer supposed to be present. (This
> >>> assumes they will continue to have access to the old server while
> >>> copy job is running.)
> >>>
> >>>
> >>>
> >>> It's completely safe despite the warning in the help, at least in
> >>> this scenario. Unless I'm missing something, the new server will not
> >>> be accessible to users until you finish the migration, thus there
> >>> should be no extra data which could get deleted.
> >>>
> >>>
> >>>
> >>> On Mon, Jan 29, 2018 at 2:27 PM, Michael Leone 
> >>> wrote:
> >>>
> >>> I'd like to impose once more for some advice and opinions. I have a
> >>> Win
> >>> 2008 R2 file server; I need to migrate everything (shares and user
> >>> home
> >>> folders) to a Win 2012 R2 Storage Server, and then retire the old
> server.
> >>> Everything is one 1 drive, with 3 main folders (Shares,Users,Scans),
> >>> total size in the neighborhood of 2TB. Both have 4 teamed 1G NICs, so
> >>> a total bandwidth of 4G.
> >>>
> >>>
> >>>
> >>> I'm thinking of use robocopy. I 

Re: [NTSysADM] OT - IP/Cloud Phones

[Micheal Espinola Jr]

100% what Andrew said, and also consider how the available bandwidth
factors into your disaster recovery and business continuity plans.  QoS is
a paramount consideration.

--
Espi


On Thu, Feb 1, 2018 at 6:31 AM, Andrew S. Baker  wrote:

> I've used 8x8 in various configurations since about 2004 (when they were
> focused on the residential market as "Packet8").
>
> Make sure you test, test, test whichever vendor you use in as real-world
> conditions as possible. I've seen 8x8 struggle for midsized orgs
> (200-300 users, 5-10 offices).   Their most recent software release
> (earlier this month) is considerably more stable than the previous edition.
>
> You must have sufficient bandwidth.  It must be quality bandwidth (low
> latency and jitter).Your LAN(s) should be well configured, and QoS is
> very helpful.
>
> Test, test, test.
>
> Regards,
>
>  *ASB*
>  *https://about.me/Andrew.S.Baker *
>
>  *Providing CyberSecurity and IT Operations Consulting for the SMB
> market…*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
> On Wed, Jan 31, 2018 at 8:28 AM, Bud Durland  wrote:
>
>> First,  apologies for the OT post, but I´m sure there are people in this
>> group that have crossed this bridge before me.  Our purchasing guy is
>> evaluating keeping our on-prem phone system vs. going with a cloud provider
>> like 8x8.  I'm looking for input from anyone who has real-world experience
>> making the change, or changing (back) from cloud to on-prem.  Please
>> contact me off-list with war stories or on-line references.
>>
>> Thanks
>>
>> --
>>
>> Bud Durland   |   Director Of Information Technology
>> Direct: 518.324.4850 | Cell: 518.726.0967 | Fax: 518.561.0017 |
>> b...@mrpcap.com
>> 1 Plant St., Plattsburgh, NY 12901
>> 
>> Website |  Twitter |  LinkedIn |  YouTube
>>
>>
>>
>>
>>
>>
>> NOTE -- This message contains legally privileged and confidential
>> information and is intended only for the individual named.
>> If you are not the named addressee you should not disseminate, distribute
>> or copy this e-mail.
>> Please notify the sender immediately by e-mail if you have received this
>> e-mail by mistake and delete
>> this e-mail from your system. Thank you.
>>
>>
>>
>>
>

Re: [NTSysADM] Re: Advice: migrate to new file server - UPDATE

[Micheal Espinola Jr]

/NP is for the console display of progress.  As long as you are not logging
by way of redirected output, this would have no effect.

--
Espi


On Mon, Feb 5, 2018 at 6:37 AM, Michael Leone  wrote:

> On Mon, Feb 5, 2018 at 9:23 AM, Melvin Backus 
> wrote:
>
>> That would be the /NP switch. (no progress)
>>
>
> No, I'm already using it, and still getting the 100% ...
>
>
>>Options : *.* /NDL /NFL /S /E /COPYALL /ZB /NP /MT:20 /R:0 /W:0
>>
>
>
>

Re: [NTSysADM] Hmmm....I thought it had reached EOL

[Micheal Espinola Jr]

It's a Christmas miracle!

--
Espi


On Tue, Dec 19, 2017 at 7:57 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

> Somebody just came in and showed us a package that was delivered today by
> DHL….
>
>
>
> Windows 2003 CDs sent to him by MS in 2006.
>
>
>
> Charlie Sullivan
>
> Sr. Windows Systems Administrator
>

Re: [NTSysADM] Remove original message in reply

[Micheal Espinola Jr]

I should have included the full proper quote for those that are new to it:

"There are seldom technological solutions for behavioral problems" -- Ed
Crowley

On Dec 13, 2017 3:34 PM, "Micheal Espinola Jr" <michealespin...@gmail.com>
wrote:

> Technically, yea you could do it.  But you'd have to be very careful and
> clever.  You'd be modifying multiple Content-Type containers (text/plain,
> text/html, etc).
>
> More importantly (to me), is what is the business need for this?
>
> --
> Espi
>
>
> On Wed, Dec 13, 2017 at 8:58 AM, Sean Chapman <schap...@coilcraft.com>
> wrote:
>
>> Hey all,
>> I got tasked with finding out how to not include the original message in
>> reply for email (using Office 365)  I know this is possible in Outlook but
>> its not available for outlook online or mobile.  Does anyone know of a way
>> to get this done?  I was thinking maybe some crazy exchange transport rule
>> or possibly some hardware like barracuda or mimecast etc?
>> Thanks!
>>
>>
>>
>>
>>
>>
>>
>> 
>>
>> The information contained in this communication and all accompanying
>> documents from Coilcraft may be confidential and/or legally privileged, and
>> is intended only for the use of the recipient(s) named above. If you are
>> not the intended recipient you are hereby notified that any review,
>> disclosure, copying, distribution or the taking of any action in reliance
>> on the contents of this transmitted information is strictly prohibited. If
>> you have received this communication in error, please return it to the
>> sender immediately and destroy the original message or accompanying
>> materials and any copy thereof. If you have any questions concerning this
>> message, please contact the sender.
>>
>
>

RE: [NTSysADM] Remove original message in reply

[Micheal Espinola Jr]

This is really what those involved must be aware of and accountable for.
It's their job.

"There are seldom technological blah blah blah ... - Ed Crowley"

On Dec 14, 2017 9:28 AM, "Michael B. Smith" <mich...@smithcons.com> wrote:

> Do this with Compliance Rules/Policies that prohibit the IP.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Sean Chapman
> *Sent:* Thursday, December 14, 2017 8:34 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Remove original message in reply
>
>
>
> There have been cases where very long email chains containing intellectual
> property information has been discussed and these go on for months at a
> time in some cases back and forth.  New people are added to conversations
> and some people are removed and the owners believe that it’s a good idea to
> limit previous information.
>
> I fully agree that this does not seem like a good idea but its already
> been implemented via GPO for our desktops with outlook and they are not
> backing down so unfortunately I have to do what the owners demand since
> they sign the checks.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Micheal
> Espinola Jr
> *Sent:* Wednesday, December 13, 2017 5:35 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Remove original message in reply
>
>
>
> Technically, yea you could do it.  But you'd have to be very careful and
> clever.  You'd be modifying multiple Content-Type containers (text/plain,
> text/html, etc).
>
>
>
> More importantly (to me), is what is the business need for this?
>
>
> --
> Espi
>
>
>
>
>
> On Wed, Dec 13, 2017 at 8:58 AM, Sean Chapman <schap...@coilcraft.com>
> wrote:
>
> Hey all,
>
> I got tasked with finding out how to not include the original message in
> reply for email (using Office 365)  I know this is possible in Outlook but
> its not available for outlook online or mobile.  Does anyone know of a way
> to get this done?  I was thinking maybe some crazy exchange transport rule
> or possibly some hardware like barracuda or mimecast etc?
>
> Thanks!
>
>
>
>
>
>
>
>
>
> 
>
> The information contained in this communication and all accompanying
> documents from Coilcraft may be confidential and/or legally privileged, and
> is intended only for the use of the recipient(s) named above. If you are
> not the intended recipient you are hereby notified that any review,
> disclosure, copying, distribution or the taking of any action in reliance
> on the contents of this transmitted information is strictly prohibited. If
> you have received this communication in error, please return it to the
> sender immediately and destroy the original message or accompanying
> materials and any copy thereof. If you have any questions concerning this
> message, please contact the sender.
>
>
>

Re: [NTSysADM] Remove original message in reply

[Micheal Espinola Jr]

Technically, yea you could do it.  But you'd have to be very careful and
clever.  You'd be modifying multiple Content-Type containers (text/plain,
text/html, etc).

More importantly (to me), is what is the business need for this?

--
Espi


On Wed, Dec 13, 2017 at 8:58 AM, Sean Chapman 
wrote:

> Hey all,
> I got tasked with finding out how to not include the original message in
> reply for email (using Office 365)  I know this is possible in Outlook but
> its not available for outlook online or mobile.  Does anyone know of a way
> to get this done?  I was thinking maybe some crazy exchange transport rule
> or possibly some hardware like barracuda or mimecast etc?
> Thanks!
>
>
>
>
>
>
>
> 
>
> The information contained in this communication and all accompanying
> documents from Coilcraft may be confidential and/or legally privileged, and
> is intended only for the use of the recipient(s) named above. If you are
> not the intended recipient you are hereby notified that any review,
> disclosure, copying, distribution or the taking of any action in reliance
> on the contents of this transmitted information is strictly prohibited. If
> you have received this communication in error, please return it to the
> sender immediately and destroy the original message or accompanying
> materials and any copy thereof. If you have any questions concerning this
> message, please contact the sender.
>

Re: [NTSysADM] Just another day in the life of a Network Engineer

[Micheal Espinola Jr]

A new classic!

--
Espi


On Wed, Dec 13, 2017 at 9:22 AM, Andrew S. Baker  wrote:

> https://www.linkedin.com/pulse/what-its-like-network-
> engineer-ron-buchalski/
>
> Regards,
>
>  *ASB*
>
>

Re: [NTSysADM] Accessing only a lower level folder in a share

[Micheal Espinola Jr]

fwiw, +1 on all counts from me as far as best practices go.

--
Espi


On Mon, Nov 27, 2017 at 11:14 PM, Kurt Buff  wrote:

> My apologies up front for the long ramble. Take this with the usual
> pinch/tablespoon/pound/kilo of salt. This is what works for me - you
> might need something different. Actually, I'd wager money that you do,
> as you seem to be in an educational environment, which most assuredly
> has different requirements than a business.
>
> However, up front, I'll just say this: Breaking inheritance for
> permissions in any environment is like telling lies - it's a bad idea,
> because you have to keep track of it all, and the more lies you tell
> (and the more places you break inheritance), the less likely you are
> to be able to keep track of the situation.
>
> So, mostly, the answer to your question depends on what you mean by
> "departmental folder", and where each lives in the directory
> structure. We have a Groups directory which is shared (i.e., G:\Groups
> (I don't create shares at the root of a drive for several reasons)),
> and which contains a subdirectory for each department (G:\Groups\HR),
> and other subdirectories at the same level as needed for
> cross-departmental efforts (G:\Groups\9001ISOAuditDocuments).
>
> However, the first thing I'd do is document the permissions as
> currently applied, then peruse them carefully. If there are any places
> where inheritance is broken, figure out why. If there's a defensible
> reason (there are no "good" reason for this, IMHO), then look for ways
> to fix it - with my favorite way being to move the directory that has
> inheritance blocked somewhere up the directory structure, to a point
> where inheritance no longer needs to be blocked.
>
> If there isn't a defensible reason for inheritance to be
> broken/blocked, refactor your permissions and re-enable inheritance.
>
> It will help to do a few other things:
>- take a careful look at the groups for which permissions are
> applied. If any individual accounts have explicit permissions, replace
> those with group permissions
>- create a dummy directory structure (possibly empty, or with only
> some zero-length files in it), and practice your script-fu on that,
> before tackling production directories
>- set up a dummy departmental directory as a model in your
> production structure, with a readme file in it to document how you
> want new departmental directories created
>
> The Groups directory is shared with Full Control to Everyone, and with
> NTFS permissions of read-only to all employees for that folder only
> (Admins get read-write, with full inheritance).
>
> Each departmental directory at its top level has read-only access to
> all employees, for that folder only. This gets everyone transit to its
> subdirectories.
>
> Each departmental directory has only three subdirectories:
>Public (read-only for all employees, read-write for department
> employees, with full inheritance )
>Private (read-write for department/project employees only, no
> access to other employees, with full inheritance)
>Manager (read-write for the department/project manager only, no
> access to other employees, with full inheritance)
>
> Permissions are not applied any further down the tree than that. If a
> directory needs different permissions, it is moved to the root of the
> departmental directory, and relevant permissions are applied to it
> there.
>
> A couple of other things I do:
>- Each departmental directory gets three groups of its own in AD:
> non-departmental read-only, departmental read-write and department
> manager owner(s).
>- I create an AD OU into which I stuff all of the groups for the
> server (file, SQL or other), and it's a sub-OU of the OU in which that
> server resides, and is named -permissions. Modify this as
> needed for DFSR environments.
>- I name each group explicitly for the directory to which it is
> applied, so it's obvious where and why it's used (USFSGroupsHR-RO -
> which means the US file server, the Groups Directory, the HR
> subdirectory, read-only permissions)
>
> This doesn't address SharePoint directly (although I think the general
> approach on how permissions are applied would translate fairly well),
> but I consider SP not a fit replacement for a file server. SP is a
> collaboration/workflow tool, IMHO, not a file repository - stashing
> massive amounts of files into a SQL Server makes me itch all over.
> Others disagree, I'm sure.
>
> Kurt
>
> On Mon, Nov 27, 2017 at 7:34 AM, Tammy George 
> wrote:
> > Our directory structure does need refactoring and as a solution to this,
> we're strongly encouraging our users to move their files to SharePoint
> Online.  Once we have departmental buy-in, we plan to "flip" all user
> permissions to read-only.  We have a mess of permissions - everything from
> group based, explicit, broken inheritance, etc.  Each top level folder on
> our network share 

Re: [NTSysADM] OS in the CPU

[Micheal Espinola Jr]

I think that really depends on your environment, your working relationship
with your boss, and how you give your notice.  I've quit some jobs
immediately, while others I have given 3-4 week notice to allow my employer
to find a suitable replacement.

Whichever way you choose to do it; you should be prepared for an immediate
lack of employment.  You should always be covering your own ass, and not
relying on the charity of those who are employing you.  No matter how nice
they are or seem to be, you are not their financial priority or
responsibility.

--
Espi


On Mon, Nov 27, 2017 at 8:18 AM,  wrote:

> And ten minutes after you’ve given your notice, you’re marched out of the
> building by two security goons, or the local constabulary with the comment
> from management, “We’ll pack your things and ship them to you.”
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kennedy, Jim
> *Sent:* Monday, November 27, 2017 8:56 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] OS in the CPU
>
>
>
> It matters to management when you give your 2 week notice, which is
> exactly what I would do if they treated me as you described. Any of us that
> are half way decent can find a new better higher paying gig just by picking
> up the phone on the drive home.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *
> john.matte...@gmail.com
> *Sent:* Saturday, November 25, 2017 5:23 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] OS in the CPU
>
>
>
> Since when does that matter to management? We’re all barely evolved pond
> scum as far as management goes when things are going right. When the
> environment blows up due to a zero day, or an undiscovered vulnerability
> and management is looking for retribution, IT people are the first to feel
> the axe on their necks.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Melvin
> Backus
> *Sent:* Tuesday, November 21, 2017 1:01 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] OS in the CPU
>
>
>
> And if the current stats are even close to accurate there are something
> like 20 unfilled cybersecurity jobs at the moment with only about 2
> qualified people to fill them, and the unfilled numbers are growing faster
> than the qualified people.  That would lead me to think that the ‘career
> ending event’ would actually be a gateway to a new job where they probably
> understand that you can’t possibly catch everything, particularly
> heretofore unknown things.
>
>
>
> How’s that saying go?  You can’t know what you don’t know.
>
>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>
> ¯\_(ツ)_/¯
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Andrew S.
> Baker
> *Sent:* Tuesday, November 21, 2017 11:43 AM
> *To:* ntsysadm 
> *Subject:* Re: [NTSysADM] OS in the CPU
>
>
>
> Sure, but there are lots of ways to lose jobs -- many of which have
> nothing to do with your own personal actions.
>
>
>
> InfoSec currently lends itself more to employment than unemployment.
>
>
> Regards,
>
>  *ASB*
>
>
>
>
>
> On Mon, Nov 20, 2017 at 12:05 PM, Jonathan Link 
> wrote:
>
> More like job insecurity. Missing an exploit might be a career ending
> event, even if it is heretofore an unknown exploit.
>
>
>
> On Mon, Nov 20, 2017 at 11:54 AM Melvin Backus 
> wrote:
>
> Some call them opportunities, we in IT call them job security. J
>
>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>
> ¯\_(ツ)_/¯
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kurt Buff
> *Sent:* Monday, November 20, 2017 11:34 AM
> *To:* ntsysadm 
> *Subject:* Re: [NTSysADM] OS in the CPU
>
>
>
> There are always more problems:
>
> https://www.thezdi.com/blog/2017/10/04/vmware-escapology-
> how-to-houdini-the-hypervisor
>
> https://www.youtube.com/watch?v=uRemWLNBSZg
>
>
>
> On Mon, Nov 20, 2017 at 8:05 AM, Andrew S. Baker 
> wrote:
>
> But wait!   There's more...
>
>
>
> https://www.youtube.com/watch?v=KrksBdWcZgQ
>
>
>
>
>
> ​(I see your "solution" and raise you two more problems)​
>
>
> Regards,
>
>  *ASB*
>
>
>
>
>
> On Sun, Nov 19, 2017 at 12:28 PM, Kurt Buff  wrote:
>
> The OS in question (minix), isn't in the main CPU - it's in the CPU of the
> management engine, which is completely separate, and doesn't, or at least
> shouldn't, affect system performance.
> 

Re: [NTSysADM] Looking for a global VPN solution - looking for input

[Micheal Espinola Jr]

+1

or Sonicwall Golbal VPN. Either way, I'd go hardware and away from
Microsoft.

--
Espi


On Mon, Nov 13, 2017 at 6:04 PM, Don Ely  wrote:

> Why can't Global Protect achieve all of your needs?  Did I miss some
> requirement they can't meet?
>
> On Mon, Nov 13, 2017 at 5:25 PM Kurt Buff  wrote:
>
>> Arg - that should be "seeking commercial services"..
>>
>> And, once I bring recommendations, it might well be that we just fall
>> back to a DirectAccess server in each office, with our without a
>> multi-site configuration, potentially with an SSP VPN appliance also
>> at each office for backup and contractors, and call it good.
>>
>> Kurt
>>
>> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff  wrote:
>> > I'm not sure either, but that's the task I've been given - not
>> > necessarily to implement at this stage, but to scope out the
>> > alternatives and come up with some possibilities.
>> >
>> > It's also why I'm seeing recommendations on commercial services, so
>> > that our implementation requirements are minimized.
>> >
>> > Kurt
>> >
>> > On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale
>> >  wrote:
>> >> I've done a lot of openvpn setups in a myriad of formats, site to
>> site, hub and spoke, client etc.
>> >> It works well and there are even some lesser documented features that
>> do some neat stuff but you are now rolling your solution and marinating it
>> manually.
>> >> Not sure how well that will scale unless you have a skilled team.
>> >>
>> >>> -Original Message-
>> >>> From: listsad...@lists.myitforum.com
>> >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
>> >>> Sent: Monday, November 13, 2017 5:22 PM
>> >>> To: ntsysadm 
>> >>> Subject: [NTSysADM] Looking for a global VPN solution - looking for
>> input
>> >>>
>> >>> All,
>> >>>
>> >>> 1) For staff, currently we're using DirectAccess on 2012R2 as our
>> >>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto
>> >>> Global Protect) as primary for our overseas offices and secondary for
>> >>> the US (Sonicwall).
>> >>>
>> >>> 2) In the US office, we also have contractors/consultants needing to
>> >>> use our SSL VPN for access to various resources, and that will likely
>> >>> expand to our overseas offices soon. Differentiation and securing
>> >>> resources is even more important here than in 1).
>> >>>
>> >>> 3) We also stand up IPSec tunnels for vendors/partners as needed (lab
>> >>> to lab), for interoperability/compatibility testing.
>> >>>
>> >>> We're looking to get into a solution that will take care of at least
>> >>> the first two (and ideally the third as well), so that we don't have
>> >>> so many platforms to support, and so that we can make sure that staff
>> >>> in the field get the fasted connection available.
>> >>>
>> >>> I've taken a quick gander at the websites for vyprvpn (Golden Frog),
>> >>> and OpenVPN (commercial client offering), but don't have much of an
>> >>> opinion on them, as info about them is a bit thin.
>> >>>
>> >>> Anyone have experience with solutions like this, and care to comment?
>> >>>
>> >>> Thanks,
>> >>>
>> >>> Kurt
>> >>>
>> >>
>>
>>
>>

Re: [NTSysADM] Interesting Fiber Problem

[Micheal Espinola Jr]

I'm certainly no expert on this tech, but I've never heard of a situation
like this or can I fathom how SFPs could be damaged like this. But the
coincidental recurring circumstance?  Fascinating!

I wonder what other commonalities could possibly be involved.

--
Espi


On Fri, Nov 10, 2017 at 12:41 PM, Dave Eldridge <dave.eldri...@gmail.com>
wrote:

> wow you got me.
> I could see a gbic going bad on one side, but not propagating to the other
> side and taking it out also.
>
> On Fri, Nov 10, 2017 at 12:18 PM, CSSU NetAdmin <cssunetad...@cvsdvt.org>
> wrote:
>
>> Once failed, the GBIC's do not work- we swapped them all over.  We
>> cleaned all connections and have patch cable replacements on order.  They
>> did give us a copy of the certification report- it looks clean.   The only
>> reason we put in the 1 GB gbic's is because we don't have 10 GB's spares
>> anymore.  I am worried that the 1 GB's will fail too in a week or so.
>>
>> On Fri, Nov 10, 2017 at 12:59 PM, Eldridge, Dave <d...@parkviewmc.com>
>> wrote:
>>
>>> So it failed, you replaced with 10gb gbics and it worked for a short
>>> period and it failed again and only now works at 1gb?
>>>
>>> Just curious if these “failed” gbics work in other fiber runs/switches
>>> of yours.
>>>
>>>
>>>
>>> You would have to match them at both ends, at least with my cisco’s.
>>>
>>> I have to say I have had to replace patch fibers before, especially
>>> single mode. Don’t be surprised.
>>>
>>> Have you cleaned all the connectors? The fact it works at the stepped
>>> down speed makes me suspicious.
>>>
>>> Did they give you a print out of the tdr test?
>>>
>>> dave
>>>
>>>
>>>
>>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>>> orum.com] *On Behalf Of *CSSU NetAdmin
>>> *Sent:* Friday, November 10, 2017 10:13 AM
>>> *To:* ntsysadm@lists.myitforum.com
>>> *Subject:* Re: [NTSysADM] Interesting Fiber Problem
>>>
>>>
>>>
>>> Yes, that is correct. We had to swap out the SFP's on both ends to get
>>> it working last Friday and again yesterday.
>>>
>>>
>>>
>>> On Thu, Nov 9, 2017 at 9:16 PM, Micheal Espinola Jr <
>>> michealespin...@gmail.com> wrote:
>>>
>>> You are saying that the original SFPs became completely inoperable?
>>> Power-cycling or reseating the SFPs had no positive effect?  You had to
>>> resort to replacing the SFPs with new/different units?  You had to do this
>>> simultaneously on both ends?
>>>
>>>
>>> --
>>> Espi
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Nov 9, 2017 at 2:26 PM, CSSU NetAdmin <cssunetad...@cvsdvt.org>
>>> wrote:
>>>
>>> We have an interesting situation with a dark fiber connection between
>>> two of our schools.  For 15 months, the connection was great- an HP switch
>>> with 10 GB SFP on one end and a Sophos 10 GB SFO on the other.  Last
>>> Friday, the connection dropped.  After switching out the switch, the SFP
>>> for the switch and the SFP and port on the Sophos, the connection only came
>>> up when we replace the SFP's on both ends.  It was fine until today- the
>>> connection dropped.  We could only bring it back by replacing the SFP's-
>>> with 1 GB units because we did not have 10 GB replacements.  Last week, our
>>> fiber provider test the fiber from both ends and it was clear all the way
>>> to other end- which is about 12 miles.   We talked to them today and they
>>> remain convinced that the fiber is fine.  We are going to replace the patch
>>> cables next but remain skeptical that it isn't an issue with the fiber
>>> somewhere along the line.
>>>
>>>
>>>
>>> Does anyone have suggestions on where else to look?  Thanks!
>>>
>>>
>>>
>>>
>>>
>>
>>
>

Re: [NTSysADM] Interesting Fiber Problem

[Micheal Espinola Jr]

You are saying that the original SFPs became completely inoperable?
Power-cycling or reseating the SFPs had no positive effect?  You had to
resort to replacing the SFPs with new/different units?  You had to do this
simultaneously on both ends?

--
Espi


On Thu, Nov 9, 2017 at 2:26 PM, CSSU NetAdmin 
wrote:

> We have an interesting situation with a dark fiber connection between two
> of our schools.  For 15 months, the connection was great- an HP switch with
> 10 GB SFP on one end and a Sophos 10 GB SFO on the other.  Last Friday, the
> connection dropped.  After switching out the switch, the SFP for the switch
> and the SFP and port on the Sophos, the connection only came up when we
> replace the SFP's on both ends.  It was fine until today- the connection
> dropped.  We could only bring it back by replacing the SFP's- with 1 GB
> units because we did not have 10 GB replacements.  Last week, our fiber
> provider test the fiber from both ends and it was clear all the way to
> other end- which is about 12 miles.   We talked to them today and they
> remain convinced that the fiber is fine.  We are going to replace the patch
> cables next but remain skeptical that it isn't an issue with the fiber
> somewhere along the line.
>
> Does anyone have suggestions on where else to look?  Thanks!
>

Re: [NTSysADM] Crosspost: Do you have a complex certificate services environment?

[Micheal Espinola Jr]

B!  Disqualified.

--
Espi


On Tue, Oct 31, 2017 at 4:18 PM, Sean Martin  wrote:

> Hey Michael,
>
> I wouldn't mind testing it out for you. We have a fairly simple CA
> environment (offline root, online intermediate) in a Windows 2008 R2 AD
> environment.
>
> - Sean
>
> On Tue, Oct 31, 2017 at 12:40 PM, Michael B. Smith 
> wrote:
>
>> Forgive the crosspost.
>>
>>
>>
>> Webster and myself have some mutual customers that had Certificate
>> Services issues. That being one of my areas of expertise, I worked through
>> the problems and got everyone happy, but then realized the job would’ve
>> been much much simpler with a script that dumped out everything that Active
>> Directory knows about AD Certificate Services.
>>
>>
>>
>> So, viola, I wrote one; and I’ve enhanced it while working through some
>> complex customer scenarios.
>>
>>
>>
>> Webster has offered to do the nice things he does to scripts (Word
>> output, HTML output, code-signing, etc.) but I’d like to make sure that the
>> script is complete before I hand it over to him.
>>
>>
>>
>> So I’m looking for a few good testers. I’d like for you to run the script
>> and send me the output. If it bombs, let me fix it and try again. IT
>> DOESN’T CHANGE ANYTHING. It just reads from AD and the registry.
>>
>>
>>
>> If you have a single server CA, you probably aren’t my target scenario –
>> unless it’s been migrated and upgraded more than once. Or it was installed
>> by someone who had no clue what they were doing and may have installed the
>> CA a dozen times (it happens – that was a PIECE of the problem at one of my
>> clients). I’m looking for environments with multiple roots, multiple
>> servers in a hierarchy, potentially offline roots with an enterprise
>> hierarchy, etc.
>>
>>
>>
>> If you are interested, please reply to me directly - OFF LIST. Again OFF
>> LIST.
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Regards,
>>
>> Michael B.
>>
>>
>>
>> P.S. There are some things the script could do that it doesn’t do – most
>> specifically, validate certs and cross-check CA certs between AIA, CA, CDP,
>> and KRA endpoints. It’s doable and a good idea (I needed that in a project
>> a year or two ago), but out of scope for this Version 1. But almost
>> anything else I can think of is fair game.
>>
>>
>>
>
>

Re: [NTSysADM] Application Whitelisting and PowerShell Constrained Language Mode - Problems With Trusted Login Scripts

[Micheal Espinola Jr]

Hmm, I thought in the replies there were a couple of workaround options for
types of whitelisting.  Absolute path use seemed to have worked in the
replies near the very end of the thread.  The options seemed dangerous
to me, but supposedly worked for those that tried.

Sorry if there weren't that didn't apply to your situation.  From what I've
also read, there does appear to be some bugginess to its application
between versions, but unfortunately, I don't have pervasive experience with
it.

--
Espi


On Fri, Oct 27, 2017 at 5:27 PM, Aakash Shah <aakash.s...@uci.edu> wrote:

> Hello Espi!  Thanks for your reply!  That thread describes how to disable
> Constrained Language mode (CLM), which I had to do on Win7/Server 2008r2
> last year (there is a bug with CLM in PSv5 on Win7/Server 2008r2 where no
> script would run).  On Win10 though, it appears to be working more as it’s
> supposed to, but I’ve encountered at least one of my login scripts which
> continues to trigger CLM regardless of being whitelisted in AppLocker.
>
>
>
> Thanks,
>
>
>
> -Aakash Shah
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Micheal Espinola Jr
> *Sent:* Friday, October 27, 2017 4:58 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Application Whitelisting and PowerShell
> Constrained Language Mode - Problems With Trusted Login Scripts
>
>
>
> This discussion in the Spiceworks forums discusses the root cause and has
> a couple of workarounds:
>
>
>
> https://community.spiceworks.com/topic/1451109-srp-whitelist-causing-odd-
> behavior-in-powershell-v5
>
>
>
> Unfortunately, I haven't seen anything more definitive. Maybe MBS has some
> insider knowledge on this.  IIRC, you can bypass this issue completely by
> going back to an older version of PS.
>
>
> --
> Espi
>
>
>
>
>
> On Fri, Oct 27, 2017 at 3:09 PM, Aakash Shah <aakash.s...@uci.edu> wrote:
>
> Hello!  I was hoping to see if anyone else in the community has
> encountered this problem:
>
>
>
> Windows 10 includes PowerShell v5 which includes a new security feature
> called Constrained Language Mode.  This feature is automatically activated
> when application whitelisting is enabled and prevents PowerShell from
> running “riskier” code.
>
>
>
> As I understand it based on everything I have read, as long as AppLocker
> has a whitelist rule for it, those whitelisted scripts should be exempt
> from Constrained Language.  However, this does not appear to be working on
> our Windows 10 computers.  One of my login scripts that is in a whitelisted
> folder path fails to run and gives the error “Cannot dot-source this
> command because it was defined in a different language mode” which I
> understand to mean it is being blocked by Constrained Language mode.  I
> have other scripts in this whitelisted folder path that are working, but
> they don’t appear to be triggering Constrained Language.
>
>
>
> I have confirmed that the script is not being blocked by AppLocker since
> the logs confirm that the script was allowed to run by AppLocker.
>
>
>
> To rule out AppLocker path rules being the problem, I also signed the
> PowerShell script, whitelisted the cert and tried to run it and encountered
> the same problem.
>
>
>
> Has anyone else encountered this problem?  If so have you found any
> workarounds for this?  My goal is to avoid disabling Constrained Language
> mode entirely since I am looking to only allow trusted/whitelisted scripts
> to be exempt from Constrained Language mode.
>
>
>
> Thanks!
>
>
>
> -Aakash Shah
>
>
>
>
>

Re: [NTSysADM] Application Whitelisting and PowerShell Constrained Language Mode - Problems With Trusted Login Scripts

[Micheal Espinola Jr]

This discussion in the Spiceworks forums discusses the root cause and has a
couple of workarounds:

https://community.spiceworks.com/topic/1451109-srp-whitelist-causing-odd-behavior-in-powershell-v5


Unfortunately, I haven't seen anything more definitive. Maybe MBS has some
insider knowledge on this.  IIRC, you can bypass this issue completely by
going back to an older version of PS.

--
Espi


On Fri, Oct 27, 2017 at 3:09 PM, Aakash Shah  wrote:

> Hello!  I was hoping to see if anyone else in the community has
> encountered this problem:
>
>
>
> Windows 10 includes PowerShell v5 which includes a new security feature
> called Constrained Language Mode.  This feature is automatically activated
> when application whitelisting is enabled and prevents PowerShell from
> running “riskier” code.
>
>
>
> As I understand it based on everything I have read, as long as AppLocker
> has a whitelist rule for it, those whitelisted scripts should be exempt
> from Constrained Language.  However, this does not appear to be working on
> our Windows 10 computers.  One of my login scripts that is in a whitelisted
> folder path fails to run and gives the error “Cannot dot-source this
> command because it was defined in a different language mode” which I
> understand to mean it is being blocked by Constrained Language mode.  I
> have other scripts in this whitelisted folder path that are working, but
> they don’t appear to be triggering Constrained Language.
>
>
>
> I have confirmed that the script is not being blocked by AppLocker since
> the logs confirm that the script was allowed to run by AppLocker.
>
>
>
> To rule out AppLocker path rules being the problem, I also signed the
> PowerShell script, whitelisted the cert and tried to run it and encountered
> the same problem.
>
>
>
> Has anyone else encountered this problem?  If so have you found any
> workarounds for this?  My goal is to avoid disabling Constrained Language
> mode entirely since I am looking to only allow trusted/whitelisted scripts
> to be exempt from Constrained Language mode.
>
>
>
> Thanks!
>
>
>
> -Aakash Shah
>
>
>

Re: [NTSysADM] RE: GPO application question.

[Micheal Espinola Jr]

Like James said; if the OS doesn't programmatically recognize a registry
entry, then it doesn't do anything with it.  However, this is a potential
rabbit hole if you get into this habit and start to push mismatched
settings without concern.

--
Espi


On Tue, Oct 24, 2017 at 11:06 AM, James Rankin  wrote:

> It will write the Registry key, I presume, but the OS will just ignore it.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Kennedy, Jim
> *Sent:* 24 October 2017 18:57
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] GPO application question.
>
>
>
> What happens with a setting that is in a GPO applied to a non-supported
> OS.  So for example the SMB setting below is on an OU with Win 10 boxes in
> it. Is it just ignored? So it will get ignored and not mess up the Win 10
> dependencies..correct?
>
>
>
>

Re: [NTSysADM] WOW!!! I had no idea I was going to be honored

[Micheal Espinola Jr]

Amazing, and indubitably well deserved.  Congratulations!

--
Espi


On Tue, Oct 24, 2017 at 9:17 AM, Webster  wrote:

> https://www.citrix.com/blogs/2017/10/24/announcing-ctp-fellow-award-a-new-
> classification/
>
>
>
> Deeply, deeply humbled and honored
>
>
>
> Thanks
>
>
>
>
>
> Carl Webster
>
> Citrix Technology Professional | iGel Tech Community Insider | Parallels
> VIPP
>
> http://www.CarlWebster.com
> 
>
> The Accidental Citrix Admin
>
>
>
>
>

Re: [NTSysADM] Pro tip for you: free...

[Micheal Espinola Jr]

Oy.  Glad to hear you got it sorted without it involving anything too
terrible!

--
Espi


On Mon, Oct 16, 2017 at 10:24 PM, Kurt Buff <kurt.b...@gmail.com> wrote:

> You might say that. This happened on Saturday the 8th.
>
> When you log into the target DC, and issue the Posh commands to demote
> and remove the computer from the domain, it does.
> (https://technet.microsoft.com/en-us/library/hh974714(v=wps.630).aspx).
> The DC ends up in a workgroup with the same name as the domain.
>
> But, if the computer account is protected from accidental deletion, it
> doesn't kill the account in the domain, so you have to go back and
> clean up.
>
> This was our physical 2012R2 DC - the others (one in HQ and one in
> each office overseas, all 2012R2) are VMs.
>
> I can't say for sure what caused it, but somewhere during this process
> about 10 out of the 70+/- GPOs got fubared, and I had to recover them
> - something I've never had to do before. Thank all the gods (and
> decent planning!) that I had snapshot backups of the DC holding all of
> the FSMO roles, and could mount the VMDK and pull out the sysvol
> directory and copy them back from the Friday night backup. Among other
> things, the damaged/empty/screwed up GPOs were applied to our
> DirectAccess server, which promptly decided it wasn't one anymore, and
> to a fair number of the DirectAccess clients, when then couldn't
> connect again, even after the DA server was put back together. We had
> to walk a number of people in the field through connecting to our SSL
> VPN and doing a 'gpupdate /force' to get them going again. There was
> also a mishmash of other problems, including drive mapping oddities,
> printer sharing oddities and other weird crap that had to be sorted.
>
> It was not a good time last week.
>
> One or more of the following could have caused the problem:
>- Maybe because I replaced the DC by formatting the disk and
> re-installing with the same name and IP address (doubtful)
>- Perhaps it was because during this process I replaced the old
> 2012R2 DC with a 2016 DC. (maybe - seems unlikely)
>- Perhaps it was when I tried to introduce the new 2016 machine
> into the domain and I discovered that the old account was still there
> (more likely than the first two)
>- Perhaps it happened during the cleanup after the failed domain
> account deletion during the demotion process (this seems most likely
> to me)
>- Or some combination thereof.
>- Or the phase of the moon and a lack of chicken blood.
>
> Kurt
>
> On Mon, Oct 16, 2017 at 7:09 PM, Micheal Espinola Jr
> <michealespin...@gmail.com> wrote:
> > Interesting...  did something odd happen?
> >
> > --
> > Espi
> >
> >
> > On Mon, Oct 16, 2017 at 4:25 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
> >>
> >> When you demote a DC, you really should make sure that the computer
> >> account in the domain isn't protected against accidental deletion.
> >>
> >> Further deponent sayeth not.
> >>
> >> Kurt
> >>
> >>
> >
>
>
>

Re: [NTSysADM] Pro tip for you: free...

[Micheal Espinola Jr]

Interesting...  did something odd happen?

--
Espi


On Mon, Oct 16, 2017 at 4:25 PM, Kurt Buff  wrote:

> When you demote a DC, you really should make sure that the computer
> account in the domain isn't protected against accidental deletion.
>
> Further deponent sayeth not.
>
> Kurt
>
>
>

Re: [NTSysADM] More on Kaspersky

[Micheal Espinola Jr]

I suspect it's going to get a lot worse before it gets better.  To add to
what Susan said; defend accordingly.

--
Espi


On Mon, Oct 16, 2017 at 1:36 AM, Michael B. Smith 
wrote:

> An interesting read, I thought. Especially this:
>
>
>
> The NSA bans its analysts from using Kaspersky anti-virus at the agency,
> in large part because the agency has exploited anti-virus software for its
> own foreign hacking operations and knows the same technique is used by its
> adversaries.
>
> The Israeli hack itself would be reason enough for the NSA or any other
> intelligence agency to ban Kaspersky products. It happens to other
> anti-virus packages, too. Recently, the South Korean military discovered it
> had been hacked, presumably by North Korean intelligence, using Hauri
> anti-virus software.
>
>
>
> YMMV.
>
>
>
> http://windowsitpro.com/security/if-kaspersky-bothers-
> you-so-must-its-rivals
>
>
>

Re: [NTSysADM] This pleases me...

[Micheal Espinola Jr]

Well done, and congrats!

--
Espi


On Fri, Oct 6, 2017 at 6:24 PM, Kurt Buff  wrote:

> It's a good start
> https://www.giac.org/certified-professional/kurt-buff/162966
>
> Passed with 85%, in 1h 12m.
>
>
>

[NTSysADM] Anyone familiar with "Visual Elements extension failed" errors?

[Micheal Espinola Jr]

Has anyone seen this error when attempting to install an AppxPackage via
PowerShell?  Here's an example of a full error text:

Add-AppxPackage : Deployment failed with HRESULT: 0x80073CF6, Package could
> not be registered.
> error 0x87AF0813: The Visual Elements extension failed while processing
> the Notification element.
> NOTE: For additional information, look for [ActivityId]
> 110f2272-33a4-0002-9b58-1211a433d301 in the Event Log or use the command
> line Get-AppxLog -ActivityID
> 110f2272-33a4-0002-9b58-1211a433d301
> At line:1 char:97
> + ... fest.xml' ; Add-AppxPackage -DisableDevelopmentMode -Register
> $manife ...
> + ~
> + CategoryInfo  : WriteError: (C:\Program
> File...ppxManifest.xml:String) [Add-AppxPackage], IOException
> + FullyQualifiedErrorId :
> DeploymentError,Microsoft.Windows.Appx.PackageManager.Commands.AddAppxPackageCommand


Here is the Get-AppxLog -ActivityID 110f2272-33a4-0002-9b58-1211a433d301
output:

404AppX Deployment operation failed for package
> Microsoft.WindowsStore_11708.1001.214.0_neutral_~_8wekyb3d8bbwe with error
>0x80073CF6. The specific error text for this failure is: error
> 0x87AF0813: The Visual Elements extension failed while
>processing the Notification element.


This is occurring on a Windows 10 Home system with a very broken Windows
Store.  Oddly enough, this error occurs with any AppxPackage installation,
and not just an attempt at reinstalling the Store.  This error
computer-wide, affecting any existing as well as new user accounts.

I'm gonna wipe it, but I'm really curious as to just what the heck happened
to this system and what this error is about.  My Google-Fu has failed me,
and I can't find anything online that has a resolution for this error.

--
Espi

Re: [NTSysADM] RE: Very painful install of Windows 7

[Micheal Espinola Jr]

If you want to be better prepared for unforeseen patching, keep a portable
drive with an updated WSUSOffline on it.  The full English catalog will run
~30 GB.

--
Espi


On Mon, Sep 25, 2017 at 4:25 PM, Raymond Peng 
wrote:

> Easiest way is to slipstream wsus updates into the default wim file using
> DISM.
>
>
>
> Articles below may be few a years old but still applicable.
>
>
>
> http://www.sysadminlab.net/mobile/creating-a-fully-patch-
> install-wim-for-windows-78-without-mdt-but-using-wsus-offline-updater
>
> https://4sysops.com/archives/use-dism-to-slipstream-updates/
>
>
>
> I thought MS had a latest ISO with Sp1/2 for Windows 7 but I could be
> mistaken.
>
>
> * Thank you,*
>
>
>
> *Ray*
>
>
> *[image: cid:9FE8CE67-4431-44CD-970D-6A632819929E]*
>
> *Raymond Peng*
>
> *Systems Engineer / IT Operations*
> *Direct:* *650-577-5399 <(650)%20577-5399>*
>
> *Email:* *raymond.p...@wageworks.com *
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Eric Levinson
> *Sent:* Monday, September 25, 2017 3:57 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Very painful install of Windows 7
>
>
>
> I have a laptop and needed to do a full re install of Windows 7 on it.
>
>
>
> The Windows setup application asked at the beginning if I wanted to
> download updates.  I said yes.
>
>
>
> Needless to say – after Windows 7 was installed – there were 398 critical
> updates waiting for me requiring some 10 reboots in between patches.
>
>
>
> It took about 16 hours after the initial reinstall to get the system back
> up to SP1, with all the new hotfixes and IE 11.
>
>
>
> I would have gone right to Windows 10 – but this laptop has an
> incompatibility which causes it to reboot during the setup process.
>
>
>
> Can anyone recommend a way to include all the patches and service packs
> into the initial install so everything is set up the way it should be?  I
> doubt I will have to do this reinstall again in the near future, but I’d
> like to hear from system administrators on this list.
>
>
>
> Thanks,
>
> Eric
>
>
>

Re: [NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[Micheal Espinola Jr]

CORRECTION for Google search:

https://www.google.com/search?q=ccleaner+infection
<https://www.google.com/search?q=ccleanup+infection>

--
Espi


On Mon, Sep 18, 2017 at 12:35 PM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> https://www.bleepingcomputer.com/how-to/security/ccleaner-ma
> lware-incident-what-you-need-to-know-and-how-to-remove/
>
> https://www.google.com/search?q=ccleanup+infection
>
> --
> Espi
>
>

[NTSysADM] CCleaner found to be backdoored for downloads between August 15 and September 12

[Micheal Espinola Jr]

https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/

https://www.google.com/search?q=ccleanup+infection

--
Espi

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

[Micheal Espinola Jr]

"Playing with my money^h^h^h^h^hopinion is like playing with my emotions,
Smokey."


On Sep 15, 2017 8:02 AM, "Erik Goldoff"  wrote:

> Disclaimer, I'm biased because I work for Symantec now (NOT in sales), and
> know many of you love to hate  but
>
> I was not a fan of early Symantec AV, and would not have come to work for
> them in the SAV days.
> I'd give SEP 14 another look, many advanced features, including some
> exploit protection.
>
> Couldn't hurt to download a trialware and test for yourself, and if you
> still don't like it, you'll have fact based decisions and not opinions and
> emotions
>
> On Fri, Sep 15, 2017 at 10:34 AM, Michael Leone 
> wrote:
>
>> On Thu, Sep 14, 2017 at 2:33 PM, Kurt Buff  wrote:
>> > On Thu, Sep 14, 2017 at 9:31 AM, Michael Leone 
>> wrote:
>> >>
>> >> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> >> well for us. It's certainly caught things that McAfee, our previous AV
>> >> solution, didn't. However, they have this slight problem with being a
>> >> covert arm of the Russian government, apparently ..
>> >
>> > Citation needed. I have not seen anything that supports the idea that
>> > Kaspersky is an arm of the Russian government.
>>
>> Tell that to the US government .. LOL
>>
>> >> So we need to drop them, as the federal agencies are doing.
>> >
>> > Is this a requirement by law/regulation for your departement? If not,
>> > don't drop them, at least not for the reason stated above.
>>
>> My boss says it's not meeting our needs, and it will be replaced, so
>> the requirement is for me to obey orders and keep my job. LOL
>>
>> Listen, I'm happy with Kaspersky, and I would recommend keeping it.
>> But I have an idea that this is a mandate from farther high up.
>> Especially seeing as to how we are a state agency, I guess my CIO
>> doesn't want to spend time explaining to our board of commissioners
>> why the feds are wrong, and we're keeping Kaspersky when they aren't
>> ...
>>
>> > We have Eset, and I'd drop them in a heartbeat, if I could. Not
>> > because it's a bad product of its kind - far from it. It's been fairly
>> > good.
>> >
>> > Instead, I'd go with Applocker, and removing admin privileges - we
>> > already do patching fairly well.
>>
>> The order was for AV, since we need to do local workstations and
>> remote devices. So we will.
>>
>> Also, no one here (including me) knows Applocker, and there's not a
>> lot of support here, besides me, for anything OS or AD related ..
>>
>>
>>
>

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

[Micheal Espinola Jr]

+1 for a lateral move of Kaspersky to ESET.  I'm not advocating a switch,
but if forced to, that's what I would do based on personal malware cleanup
experiences.

--
Espi


On Fri, Sep 15, 2017 at 4:47 AM, James M. Pulver  wrote:

> I've always liked ESET, and when we dropped Symantec, ESET was quoted to
> be the least expensive of a bunch we looked at. The ERA appliance is great,
> but a self install on Linux was buggy as hell. Glad I moved to the Virtual
> Appliance. Their tech support is B+ in my opinion. Upgraded to an A- as
> they don't run screaming from Linux. Some of the best I've dealt with, the
> main failing is no real route back to devs if there's a bug, but  in terms
> of using what's there and being aware of work-arounds - they're among the
> best I've ever interacted with.
>
> They seem to be pretty effective, but then so was Symantec in our
> environment - we don't give out admin, and seem to have enough e-mail
> screening via Office 365 and central IT to really limit ransomware,
> followed by decent user culture of asking before clicking so there's not a
> lot of chances for it to step in. It does kill a few "driveby" unwanted
> applications for us, but we haven't (knock on wood) seen much real malware
> anyway.
>
> So if you have to tick the box for AV, like we do, ESET is a pretty good
> choice IMO. The other obvious "tick the box" one would be Windows Defender
> if you don't have to be cross platform. However, I think ESET is more
> effective - but as others said, that's not a high bar.
>
> I should point out, even the "traditional AV" isn't traditional AV anymore
> - ESET isn't just scanning against signatures. They have HIPS as well as
> behavior analysis and the like.
>
> James Pulver
> CLASSE Computer Group
> Cornell University
>
>
> On 09/14/2017 12:31 PM, Michael Leone wrote:
>
>> We use Kaspersky for our AV needs, and to be honest, it's worked out
>> well for us. It's certainly caught things that McAfee, our previous AV
>> solution, didn't. However, they have this slight problem with being a
>> covert arm of the Russian government, apparently ..
>>
>> So we need to drop them, as the federal agencies are doing.
>>
>> There are lots of reviews, such as av-test.org, that we are looking
>> at. But tell me, who do you have? And - more importantly - if you had
>> your say in the matter, would you keep them?
>>
>> We're an sort of enterprise level organization, maybe 1K users, bunch
>> of laptops issued to remote users. So far, all Win 7 for workstations,
>> but obviously that will change in the future. Servers are all Win
>> 2008/2012 R2 (so far). So we need something with a centralized
>> console, to push out rules, updates, etc.
>>
>> We use Proofpoint as an email gateway, so it does mail scanning. We
>> have Checkpoint firewalls for managing that sort of traffic.
>>
>> Thoughts?  I know I've heard good things about ESET and Sophos, among
>> others. Just soliciting some real world opinions, along with our own
>> research.
>>
>>
>>
>
>

Re: [NTSysADM] Odd problem with GPO-mapped drives and SSL VPN

[Micheal Espinola Jr]

You should be able to raise the threshold of slow link detection to
compensate.  If you dont allow ping to traverse, the link will always
register as slow.

--
Espi


On Wed, Aug 23, 2017 at 7:21 PM, Kurt Buff  wrote:

> That's interesting. So, if it detects a slow link the GPO "unapplies",
> and the mapped drive stops working?
>
> I shall take a look at that.
>
> Kurt
>
> On Wed, Aug 23, 2017 at 3:57 PM, Joseph L. Casale
>  wrote:
> > Default behavior of slow link detection?
> >
> >> -Original Message-
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> >> Sent: Wednesday, August 23, 2017 4:47 PM
> >> To: ntsysadm 
> >> Subject: [NTSysADM] Odd problem with GPO-mapped drives and SSL VPN
> >>
> >> I've got a user in the field out of our AU office.
> >>
> >> We have a SonicWall SSL VPN to which he connects.
> >>
> >> We map a drive for him to the DFS share (\\example.com\au\share) via
> >> GPO, but it doesn't work well while he's in the field.
> >>
> >> While in the field, if he opens a command prompt, and does a 'gpupdate
> >> /force', the drive mapping works for a while, then he says it
> >> disconnects after about an hour or so.
> >>
> >> When he's in the office, it's solid.
> >>
> >> While in the field, if he maps another drive letter to \\machine\share
> >> that works either in or out of the office.
> >>
> >> I've not seen anything in particular in the event logs that seems
> >> relevant, but I'm going to look again when he's free.
> >>
> >> Has anyone seen behavior like this, and can point me in the general
> >> direction of an answer?
> >>
> >> I understand that drive mappings via GPO over a VPN connection are
> >> problematic, because the GPO is applied at login, and before VPN
> >> connection is made, but the fact that it fails after a 'gpupdate
> >> /force' is truly weird.
> >>
> >> Kurt
> >>
> >
>
>
>

RE: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0

[Micheal Espinola Jr]

As best as I can recall, it was listed as a requirement in the last SQL
clustering requirements doc I read on Microsoft's website.  I thought it
was up-to-date, but perhaps I am mistaken?


On Aug 17, 2017 6:55 AM, "Melvin Backus" <melvin.bac...@byers.com> wrote:

Windows clustering doesn’t require Enterprise any more. It moved to std
with 2012. We run both LB and FO clusters on 2012 std.  Please don’t tell
me they went back with 2016. L



--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.



*From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
myitforum.com] *On Behalf Of *Micheal Espinola Jr
*Sent:* Wednesday, August 16, 2017 9:24 PM
*To:* ntsysadm@lists.myitforum.com
*Subject:* Re: [NTSysADM] A new task for me - setting up a SQL Server
cluster on vSphere 6.0



The minimum requirement would be Windows.


--
Espi





On Wed, Aug 16, 2017 at 6:07 PM, Kurt Buff <kurt.b...@gmail.com> wrote:

Windows or SQL or both?


On Wed, Aug 16, 2017 at 5:27 PM, D R <drod...@gmail.com> wrote:
> Well, for 1, I think you're going to need Enterprise Edition for your
server
> clustering.
>
>
> On Wed, Aug 16, 2017 at 6:04 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>>
>> Does anyone have a good reference on setting up a 2-node cluster like
>> this?
>>
>> I'll be putting up SQL Server 2016 on Server 2016 Standard.
>>
>> I've found a starting place:
>>
>> https://kb.vmware.com/selfservice/microsites/search.
do?language=en_US=displayKC=2147661
>>
>> This is going to be a replacement for all of the little SQLServer
>> Standard/Express/WID implementations we have scattered about.
>>
>> But - does anyone have preferred documentation for implementation? Any
>> preferred configurations, and perhaps reasons why? Any nasty little
>> gotchas to avoid?
>>
>> Thanks,
>>
>> Kurt
>>
>>
>
>
>
> --
> Daniel Rodriguez
> drod...@gmail.com

Re: [NTSysADM] A new task for me - setting up a SQL Server cluster on vSphere 6.0

[Micheal Espinola Jr]

The minimum requirement would be Windows.

--
Espi


On Wed, Aug 16, 2017 at 6:07 PM, Kurt Buff  wrote:

> Windows or SQL or both?
>
> On Wed, Aug 16, 2017 at 5:27 PM, D R  wrote:
> > Well, for 1, I think you're going to need Enterprise Edition for your
> server
> > clustering.
> >
> >
> > On Wed, Aug 16, 2017 at 6:04 PM, Kurt Buff  wrote:
> >>
> >> Does anyone have a good reference on setting up a 2-node cluster like
> >> this?
> >>
> >> I'll be putting up SQL Server 2016 on Server 2016 Standard.
> >>
> >> I've found a starting place:
> >>
> >> https://kb.vmware.com/selfservice/microsites/search.
> do?language=en_US=displayKC=2147661
> >>
> >> This is going to be a replacement for all of the little SQLServer
> >> Standard/Express/WID implementations we have scattered about.
> >>
> >> But - does anyone have preferred documentation for implementation? Any
> >> preferred configurations, and perhaps reasons why? Any nasty little
> >> gotchas to avoid?
> >>
> >> Thanks,
> >>
> >> Kurt
> >>
> >>
> >
> >
> >
> > --
> > Daniel Rodriguez
> > drod...@gmail.com
>
>
>

Re: [NTSysADM] Block MAC address on CISCO L2 Switch

[Micheal Espinola Jr]

HI JEANNE!  I'M GLAD YOU GOT OUR MESSAGE!

--
Espi


On Mon, Aug 7, 2017 at 10:50 AM, Jeanne McGaffigan <
jeanne_mcgaffi...@haci.honda.com> wrote:

> *Return Receipt*
>
>Your document:
>
>
>RE: [NTSysADM] Block MAC address on CISCO L2 Switch
>
>
>was received by:
>
>
>jeanne_mcgaffi...@haci.honda.com
>
>
>at:
>
>
>08/07/2017 13:50:43
>
> --
> This message is intended only for the use of the individual(s) or
> entity(ies) to which it is addressed and may contain material that is Honda
> Aircraft Company confidential, proprietary, and/or exempt from disclosure
> under applicable law. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination or distribution
> of this communication to other than the intended recipient is strictly
> prohibited. If you have received this communication in error, please notify
> jeanne_mcgaffi...@haci.honda.com or 336.662.0246 <(336)%20662-0246>.
> Thank you.
>

Re: [NTSysADM] F5 project

[Micheal Espinola Jr]

I'm assuming its a Strongbox drop-in eval?

--
Espi


On Tue, Aug 1, 2017 at 7:34 PM, J- P  wrote:

> Hi all
>
>
> I received an email looking for an "F5 project eval "   (on the west coast
> 4 week project)  I'm in NY so its out of the question for me, (truth be
> told I'm not even sure what they are looking for )
>
>
> If anyone is interested let me know,
>
>
>
> Jean-Paul Natola
>
>

Re: [NTSysADM] An acquisition I can live with?!?

[Micheal Espinola Jr]

*A surprise to be sure, but a welcome one.*

--
Espi


On Wed, Aug 2, 2017 at 5:05 PM, Michael B. Smith 
wrote:

> I was also happy to see that news.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Andrew S. Baker
> *Sent:* Wednesday, August 2, 2017 7:44 PM
> *To:* ntsysadm
> *Subject:* [NTSysADM] An acquisition I can live with?!?
>
>
>
> https://www.digicert.com/news/digicert-to-acquire-symantec-
> website-security-business/
>
>
>
> Yeah, I think so...
>
>
>
> Regards,
>
>  *ASB*
>  *http://XeeMe.com/AndrewBaker *
>
>  *Providing Expert Technology Consulting Services for the SMB market…*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
>

Re: [NTSysADM] Boxed in on a Win10 VM

[Micheal Espinola Jr]

You should be able to modify that organically at boot with Windows 10:

https://www.tenforums.com/tutorials/2969-enable-disable-elevated-administrator-account-windows-10-a.html#option5

--
Espi


On Tue, Jul 18, 2017 at 8:52 PM, Kurt Buff  wrote:

> Dang. Completely forgot about that. I'll have to see if I can gin that up.
>
> Kurt
>
> On Tue, Jul 18, 2017 at 6:21 PM, Robert Cato 
> wrote:
> > The local accout(s) is disabled. NT password reset CD-ROM to reset
> password
> > and enable the local accout. It's a Win10 "feature"
> >
> >
> > On Tue, Jul 18, 2017 at 8:24 PM Kurt Buff  wrote:
> >>
> >> If nobody else comes up with a solution, that's the way I'll go.
> >>
> >> It's been a while since I've used it, but IIRC, it also enables the
> >> account if it's disabled/locked out.
> >>
> >> Kurt
> >>
> >> On Tue, Jul 18, 2017 at 4:55 PM, Michael B. Smith <
> mich...@smithcons.com>
> >> wrote:
> >> > I would try the pnordahl solution.
> >> >
> >> > -Original Message-
> >> > From: listsad...@lists.myitforum.com
> >> > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> >> > Sent: Tuesday, July 18, 2017 7:46 PM
> >> > To: ntsysadm
> >> > Subject: [NTSysADM] Boxed in on a Win10 VM
> >> >
> >> > All,
> >> >
> >> > A colleague stood up a Win10 VM that was a clone of an original
> >> > domain-joined machine, running on a ESXi/vSphere 6.0 host.
> >> >
> >> > I noticed this, and decided to help out - the VM clone was not fully
> >> > functional - it's trust relationship with the domain was broken.
> >> >
> >> > I was able to log in using cached credentials with administrative
> >> > privileges, so I set the local administrator password to something we
> know
> >> > (we use LAPS here, so there's no telling what the most recent
> administrator
> >> > password was).
> >> >
> >> > I then changed the machine name and joined the VM to a workgroup at
> the
> >> > same time - something I've done probably hundreds of times over the
> years
> >> > with never a failure before now.
> >> >
> >> > After reboot, the login screen shows only the username of the last
> >> > successful login (a domain account, not a local account, even though
> it's
> >> > not a member of the domain!).
> >> >
> >> > I cannot get it to switch to another account to log in, and since the
> >> > only account available on the login screen is the domain account, and
> it's
> >> > not joined to the domain, I can't use that account's password to log
> in.
> >> >
> >> > There are no backups, no restore points and no snapshots for this VM.
> >> >
> >> > I was able to boot into safe mode in the console, and start a command
> >> > prompt - when it asked for the local Administrator account, that
> worked, so
> >> > I know the password is good.
> >> >
> >> > I've tried to RDP into the machine, and am refused, no matter which
> >> > credentials I try.
> >> >
> >> > I even tried disconnecting the NIC for the VM to see if that would
> shake
> >> > loose some cached credentials, but no go, and it stubbornly refuses
> to show
> >> > me any other accounts to choose for login.
> >> >
> >> > I suppose I could do a reset, but I believe there's 3rd party software
> >> > that was installed in the interim, so I'm a bit hesitant to do that.
> >> >
> >> > Anyone have thoughts on how to proceed?
> >> >
> >> > I'm about ready to boot with a Nordahl iso, and see if that helps, but
> >> > if push comes to shove, I I'll re-clone the original, and try again,
> and let
> >> > the colleague know that he's lost any work done, but for the moment
> this is
> >> > an exercise in overcoming - something.
> >> >
> >> > Kurt
> >> >
> >> >
> >>
> >>
> >
>
>
>

Re: [NTSysADM] Sending email from Powershell via Yahoo (with app password)

[Micheal Espinola Jr]

It would have to be a Google/Apps account.  You use the generated app
password with your account email address.  You do not use your interactive
account login password.

--
Espi


On Wed, Jul 19, 2017 at 5:47 PM, Michael Leone <oozerd...@gmail.com> wrote:

> No, app passwords are not supported for my domain. I think they are
> supported for this Gmail account, but not for my domain "mike-leone.com",
> it says. Ideally that's the account I want to use, but if I can't, I can't.
>
> Supposing i get an app password for my oozerd...@gmail.com, how do I use
> it? Do I use that app password when sending email, instead of my account
> password?
>
>
> On Jul 19, 2017 8:35 PM, "Micheal Espinola Jr" <michealespin...@gmail.com>
> wrote:
>
>> The correct way is to generate an app password for Gmail as well.  Do not
>> lower your account security.
>>
>> <http://goog_1551210275>
>>
>> https://myaccount.google.com/apppasswords
>>
>>
>> --
>> Espi
>>
>>
>> On Wed, Jul 19, 2017 at 5:00 PM, Michael Leone <oozerd...@gmail.com>
>> wrote:
>>
>>> Using Win 10 1607, PSVersion  5.1.14393.1480
>>>
>>> I am seriously confused. I want to send an email using Powershell via
>>> my Yahoo account. (I would have liked to send via my gmail account,
>>> but GMail rejects Powershell connections, unless I reduce the security
>>> on my account, which I am unwilling to do. Yahoo provides an "app
>>> password", supposedly for situations just like this).
>>>
>>> So I generated an app password from my Yahoo account, and tried to
>>> send a test email like this:
>>>
>>> $Username = "oozerd...@yahoo.com"
>>> $Password = "-Yahoo generated app password-"
>>>
>>> $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
>>> $Credentials = New-Object System.Management.Automation.PSCredential
>>> -ArgumentList $Username, $SecurePassword
>>>
>>> $RcptTo = "tur...@mike-leone.com.com"
>>> $Subject = "Yahoo Test"
>>> $Body = "This is a test message"
>>> Send-MailMessage -From $Username -To $RcptTo -Subject $Subject -Body
>>> $Body -SmtpServer smtp.mail.yahoo.com -Port 587 -UseSsl -Credential
>>> $Credentials
>>>
>>> And yet it still fails:
>>>
>>> Send-MailMessage : The SMTP server requires a secure connection or the
>>> client was not authenticated. The server response was: 5.7.1
>>> Authentication required
>>> At C:\Scripts\Send-Email-from-PS1.PS1:27 char:1
>>> + Send-MailMessage -From $Username -To $RcptTo -Subject $Subject -Body
>>> ...
>>> + ~
>>> + CategoryInfo  : InvalidOperation:
>>> (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage],
>>> SmtpException
>>> + FullyQualifiedErrorId :
>>> SmtpException,Microsoft.PowerShell.Commands.SendMailMessage
>>>
>>>
>>> What am I missing here? How can I use Powershell to send email via
>>> Yahoo mail, preferably  using their generated app password? Anyone
>>> doing this?
>>>
>>> How are you sending email from Powershell?
>>>
>>>
>>>
>>

Re: [NTSysADM] Sending email from Powershell via Yahoo (with app password)

[Micheal Espinola Jr]

I meant to add:

hostname: smtp.gmail.com
port: 587
TLS/SSL: yes

Use your gmail address name.  Generate an app password for it.  Done.

--
Espi


On Wed, Jul 19, 2017 at 5:29 PM, Micheal Espinola Jr <
michealespin...@gmail.com> wrote:

> The correct way is to generate an app password for Gmail as well.  Do not
> lower your account security.
>
> <http://goog_1551210275>
>
> https://myaccount.google.com/apppasswords
>
>
> --
> Espi
>
>
> On Wed, Jul 19, 2017 at 5:00 PM, Michael Leone <oozerd...@gmail.com>
> wrote:
>
>> Using Win 10 1607, PSVersion  5.1.14393.1480
>>
>> I am seriously confused. I want to send an email using Powershell via
>> my Yahoo account. (I would have liked to send via my gmail account,
>> but GMail rejects Powershell connections, unless I reduce the security
>> on my account, which I am unwilling to do. Yahoo provides an "app
>> password", supposedly for situations just like this).
>>
>> So I generated an app password from my Yahoo account, and tried to
>> send a test email like this:
>>
>> $Username = "oozerd...@yahoo.com"
>> $Password = "-Yahoo generated app password-"
>>
>> $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
>> $Credentials = New-Object System.Management.Automation.PSCredential
>> -ArgumentList $Username, $SecurePassword
>>
>> $RcptTo = "tur...@mike-leone.com.com"
>> $Subject = "Yahoo Test"
>> $Body = "This is a test message"
>> Send-MailMessage -From $Username -To $RcptTo -Subject $Subject -Body
>> $Body -SmtpServer smtp.mail.yahoo.com -Port 587 -UseSsl -Credential
>> $Credentials
>>
>> And yet it still fails:
>>
>> Send-MailMessage : The SMTP server requires a secure connection or the
>> client was not authenticated. The server response was: 5.7.1
>> Authentication required
>> At C:\Scripts\Send-Email-from-PS1.PS1:27 char:1
>> + Send-MailMessage -From $Username -To $RcptTo -Subject $Subject -Body
>> ...
>> + ~
>> + CategoryInfo  : InvalidOperation:
>> (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage],
>> SmtpException
>> + FullyQualifiedErrorId :
>> SmtpException,Microsoft.PowerShell.Commands.SendMailMessage
>>
>>
>> What am I missing here? How can I use Powershell to send email via
>> Yahoo mail, preferably  using their generated app password? Anyone
>> doing this?
>>
>> How are you sending email from Powershell?
>>
>>
>>
>

Re: [NTSysADM] Sending email from Powershell via Yahoo (with app password)

[Micheal Espinola Jr]

The correct way is to generate an app password for Gmail as well.  Do not
lower your account security.



https://myaccount.google.com/apppasswords


--
Espi


On Wed, Jul 19, 2017 at 5:00 PM, Michael Leone  wrote:

> Using Win 10 1607, PSVersion  5.1.14393.1480
>
> I am seriously confused. I want to send an email using Powershell via
> my Yahoo account. (I would have liked to send via my gmail account,
> but GMail rejects Powershell connections, unless I reduce the security
> on my account, which I am unwilling to do. Yahoo provides an "app
> password", supposedly for situations just like this).
>
> So I generated an app password from my Yahoo account, and tried to
> send a test email like this:
>
> $Username = "oozerd...@yahoo.com"
> $Password = "-Yahoo generated app password-"
>
> $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
> $Credentials = New-Object System.Management.Automation.PSCredential
> -ArgumentList $Username, $SecurePassword
>
> $RcptTo = "tur...@mike-leone.com.com"
> $Subject = "Yahoo Test"
> $Body = "This is a test message"
> Send-MailMessage -From $Username -To $RcptTo -Subject $Subject -Body
> $Body -SmtpServer smtp.mail.yahoo.com -Port 587 -UseSsl -Credential
> $Credentials
>
> And yet it still fails:
>
> Send-MailMessage : The SMTP server requires a secure connection or the
> client was not authenticated. The server response was: 5.7.1
> Authentication required
> At C:\Scripts\Send-Email-from-PS1.PS1:27 char:1
> + Send-MailMessage -From $Username -To $RcptTo -Subject $Subject -Body  ...
> + ~
> + CategoryInfo  : InvalidOperation:
> (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage],
> SmtpException
> + FullyQualifiedErrorId :
> SmtpException,Microsoft.PowerShell.Commands.SendMailMessage
>
>
> What am I missing here? How can I use Powershell to send email via
> Yahoo mail, preferably  using their generated app password? Anyone
> doing this?
>
> How are you sending email from Powershell?
>
>
>

Re: [NTSysADM] Just Testing

[Micheal Espinola Jr]

Got it via the list.

--
Espi


On Tue, Jul 18, 2017 at 8:19 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

> I got this reply, so I want to know I’m getting through or not. I’ve
> posted to the list for years and never had it happen before:
>
> “Sorry, you do not have permission to post to the
> ntsysadm@lists.myitforum.com mailing list.”
>

Re: [NTSysADM] Looking for driver for...

[Micheal Espinola Jr]

Review your contract or purchase agreement with them (if you can find it).
I'm pretty sure some of their older contracts state that they will provide
driver updates for the life of the equipment.  You might be able to use
that against them.

--
Espi


On Tue, Jul 18, 2017 at 8:28 AM, Reimer, Mark 
wrote:

> e-imageData ScanPro 300i (fiche scanner).
>
> The computer that this scanner was hooked to died, and I can't seem to
> find the software CD anywhere :(.
>
> The latest drivers the company made was XP drivers (which is fine).
> However the company won't send me the drivers. They want me to buy a new
> scanner (read $5000 give or take).
>
> I looked at the PID entry when it was plugged in, and googled that. I
> tried the drivers that Google suggested (Mustek), but that didn't work.
> Also looked for the drivers on Google, and no luck.
>
> Does anyone by any chance have (or had) one of these units that I can get
> the drivers for?
>
> Thanks in advance.
>
> *Mark Reimer,* A+, MCSA.
> Servers and Network Administrator
>
> *Prairie College (Prairie Bible Institute)*
> Box 4000, Three Hills, AB T0M 2N0
> mark.rei...@prairie.edu  |   www.prairie.edu
> Office: 403-443-5511 ext. 3476 <(403)%20443-5511>  |  Toll-Free:
> 1-800-661-2425 <(800)%20661-2425>  |  Fax: 1-403-443-5540
> <(403)%20443-5540>
>
> *To Know Christ & Make Him Known...*
>
> *Prairie College equips spiritually transformed leaders through biblically
> integrated education to meet the greatest needs of the world.*
>
> *Follow us on:*   Facebook   |
> Twitter   |  Youtube
>   |  Instagram
>   |  iTunesU
> 
>
> *Information contained in this email message is intended only for the
> individual to whom it is addressed. *
> *If you are not the intended recipient, please destroy this email and
> notify the sender immediately by reply email. Thank you.*
>
>

Re: [NTSysADM] Popup Warning for Classified Data?

[Micheal Espinola Jr]

I can't speak for popups, but I would review these:



https://www.archives.gov/isoo/faqs/identifying-handling-classified-records.html

https://www.google.com/search?q=DOD+Guide+to+Marking+Classified+Documents


--
Espi


On Tue, Jul 18, 2017 at 6:22 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

> One of our Security people asked this question. It would be for shared
> data which mostly lives on NetApp NAS nodes, but also some Windows file
> servers. “Is there a way to mark a document or a folder such that if it is
> classified, then a pop up message displays its classification?” I can’t
> think of anything I’ve seen or read about which can do this. Has anyone
> come across something like this? I’m not so concerned about cross-platform
> functionality (Windows and NetApp), though that would be ideal. Even if
> it’s for Windows only it may be a good start. Someone would have to mark
> the data as having these classifications. They are not expecting something
> that looks for keywords within the documents. Though that may also work if
> it exists, as long as it shows a warning.
>
>
>
> Thanks.
>

Re: [NTSysADM] Running a command with parameters using PSEXEC - SOLVED

[Micheal Espinola Jr]

It's just a known thing/bug/feature with psexec.

--
Espi


On Tue, Jul 18, 2017 at 7:58 AM, Michael Leone <oozerd...@gmail.com> wrote:

> On Tue, Jul 18, 2017 at 10:42 AM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> This is likely because you needed to escape the quotes with backslashes.
>> But since you didnt need them at all, that worked too.
>>
>
>
> Why would the quotes have needed to be escaped at all, tho? The quotes
> don't need to be part of the actual passed parameters. Then again, once the
> parameter part of the invocation is reached, everything after that is
> presumed to be part of the parameters, I guess. Hence no need for quotes
> anywhere, I guess ..
>
>
>
>
>>
>> --
>> Espi
>>
>>
>> On Tue, Jul 18, 2017 at 7:22 AM, Michael Leone <oozerd...@gmail.com>
>> wrote:
>>
>>> On Tue, Jul 18, 2017 at 9:54 AM, Melvin Backus <melvin.bac...@byers.com>
>>> wrote:
>>>
>>>> Try killing the quotes entirely.
>>>>
>>>>
>>>
>>> Well, what do you know , that was it ..
>>>
>>> C:\SysinternalsSuite>psexec -h \\dctrweb026
>>>  c:\windows\system32\klist.exe -li 0x3e7 purge
>>>
>>> PsExec v2.11 - Execute processes remotely
>>> Copyright (C) 2001-2014 Mark Russinovich
>>> Sysinternals - www.sysinternals.com
>>>
>>>
>>>
>>> Current LogonId is 0:0xa28ef9e
>>> Targeted LogonId is 0:0x3e7
>>> Deleting all tickets:
>>> Ticket(s) purged!
>>> c:\windows\system32\klist.exe exited on dctrweb026 with error code 0.
>>>
>>> Thanks so much! Now for the 2nd command (gpupdate /force"). That should
>>> update everything from the new GPO settings, without having to wait for
>>> scheduled refresh.
>>>
>>>
>>
>

Re: [NTSysADM] Running a command with parameters using PSEXEC - SOLVED

[Micheal Espinola Jr]

This is likely because you needed to escape the quotes with backslashes.
But since you didnt need them at all, that worked too.

--
Espi


On Tue, Jul 18, 2017 at 7:22 AM, Michael Leone  wrote:

> On Tue, Jul 18, 2017 at 9:54 AM, Melvin Backus 
> wrote:
>
>> Try killing the quotes entirely.
>>
>>
>
> Well, what do you know , that was it ..
>
> C:\SysinternalsSuite>psexec -h \\dctrweb026  c:\windows\system32\klist.exe
> -li 0x3e7 purge
>
> PsExec v2.11 - Execute processes remotely
> Copyright (C) 2001-2014 Mark Russinovich
> Sysinternals - www.sysinternals.com
>
>
>
> Current LogonId is 0:0xa28ef9e
> Targeted LogonId is 0:0x3e7
> Deleting all tickets:
> Ticket(s) purged!
> c:\windows\system32\klist.exe exited on dctrweb026 with error code 0.
>
> Thanks so much! Now for the 2nd command (gpupdate /force"). That should
> update everything from the new GPO settings, without having to wait for
> scheduled refresh.
>
>

Re: [NTSysADM] oddball volumes I don't understand

[Micheal Espinola Jr]

VMS?  If yes, this is AFAIK an innocuous bug with snapshots.  If yes, AFAIK
they can be safely deleted.

--
Espi


On Sat, May 13, 2017 at 6:38 PM, Kurt Buff  wrote:

> I just finished removing iSCSI services from a 2012R2 file server.
> However, I've got some zero-size partitions that are still hanging around -
> highlighted in red:
>
> [image: Inline image 3]
>
> When I click on them, the display pane for the volume display below jumps
> around, but nothing in that pane is highlighted.
>
> However, diskpart seems to show them - note below the asterisks for disks
> 2,3,4,9, and the unknown partitions for each. Any particular risks if I
> delete these unknown partitions?
>
> Kurt
>
> #diskpart
> DISKPART> list disk
>
>   Disk ###  Status Size Free Dyn  Gpt
>     -  ---  ---  ---  ---
>   Disk 0Online  100 GB  0 B
>   Disk 1Online   80 GB  1024 KB
>   Disk 2Online 1792 GB  0 B*
>   Disk 3Online 1843 GB  1024 KB*
>   Disk 4Online 1740 GB  0 B*
>   Disk 5Online  100 GB  1024 KB
>   Disk 6Online 1024 GB  1024 KB
>   Disk 7Online  200 GB  1024 KB
>   Disk 8Online  210 GB  1024 KB
>   Disk 9Online 1638 GB  1024 KB*
>   Disk 10   Online 1536 GB  1024 KB
>
> DISKPART> select disk 2
>
> Disk 2 is now the selected disk.
>
> DISKPART> list partition
>
>   Partition ###  Type  Size Offset
>   -    ---  ---
>   Partition 3Unknown256 KB17 KB
>   Partition 1Reserved   127 MB   273 KB
>   Partition 2Primary   1791 GB   129 MB
>
> DISKPART> select disk 3
>
> Disk 3 is now the selected disk.
>
> DISKPART> list partition
>
>   Partition ###  Type  Size Offset
>   -    ---  ---
>   Partition 3Unknown256 KB17 KB
>   Partition 1Reserved   127 MB   273 KB
>   Partition 2Primary   1843 GB   129 MB
>
> DISKPART> select disk 4
>
> Disk 4 is now the selected disk.
>
> DISKPART> list partition
>
>   Partition ###  Type  Size Offset
>   -    ---  ---
>   Partition 3Unknown256 KB17 KB
>   Partition 1Reserved   127 MB   273 KB
>   Partition 2Primary   1740 GB   129 MB
>
> DISKPART> select disk 9
>
> Disk 9 is now the selected disk.
>
> DISKPART> list partition
>
>   Partition ###  Type  Size Offset
>   -    ---  ---
>   Partition 3Unknown256 KB17 KB
>   Partition 1Reserved   127 MB   273 KB
>   Partition 2Primary   1638 GB   129 MB
>
>
>

Re: [NTSysADM] RE: Free eBooks for those MicroSoft Products

[Micheal Espinola Jr]

FWIW:  My total downloads, skipping dupes (in preference for PDFs over
other available file types) totaled 259 files at 948 MB.

--
Espi


On Fri, Jul 14, 2017 at 6:28 AM, Michael B. Smith 
wrote:

> Thanks for this.
>
>
>
> In case anyone is curious, there are about 360 books and they consume
> about 3.5 GB of disk. However, in some cases there are duplicates (i.e.,
> the same book in 3 formats: PDF, MOBI, and EPUB).
>
>
>
> I found the PowerShell script provided to be a bit unforgiving of web
> errors. So, I enhanced it a bit. Here is my updated script:
>
>
>
> ###
>
> # Eric Ligmans Amazing Free Microsoft eBook Giveaway
>
> # https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/
> largest-free-microsoft-ebook-giveaway-im-giving-away-
> millions-of-free-microsoft-ebooks-again-including-
> windows-10-office-365-office-2016-power-bi-azure-windows-8-
> 1-office-2013-sharepo/
>
> # Link to download list of eBooks
>
> # http://ligman.me/2sZVmcG
>
> # Thanks David Crosby for the template (https://social.technet.
> microsoft.com/profile/david%20crosby/)
>
> ###
>
> $dest = "C:\Downloads\ebooks"
>
>
>
> if( -not ( Test-Path $dest ) )
>
> {
>
>New-Item -Path $dest -ItemType Directory
>
> }
>
>
>
> # Download the source list of books
>
> $downLoadList = "http://ligman.me/2sZVmcG;
>
> $bookList = Invoke-WebRequest $downLoadList
>
>
>
> # Convert the list to an array
>
> [string[]]$books = ""
>
> $books = $bookList.Content.Split("`n")
>
> # Remove the first line - it's not a book
>
> # $books = $books[1..($books.Length -1)]
>
> "retrieved a list of $( $books.Length ) books"
>
> # $books # Here's the list
>
>
>
> # Download the books
>
> foreach ($book in $books)
>
> {
>
>if( $book -and $book.Length -gt 0 -and $book.SubString( 0,
> 7 ) -eq 'http://' )
>
>{
>
>}
>
>else
>
>{
>
>   " skipping, line not book '$book'"
>
>   continue
>
>}
>
>
>
>try
>
>{
>
>   $hdr = Invoke-WebRequest $book -Method Head
>
>}
>
>catch
>
>{
>
>   " error retrieving header for $book"
>
>   continue
>
>}
>
>$title = $hdr.BaseResponse.ResponseUri.Segments[-1]
>
>$title = [uri]::UnescapeDataString($title)
>
>$saveTo = Join-Path $dest $title
>
>if( Test-Path $saveTo )
>
>{
>
>   "skipping... $saveTo"
>
>}
>
>else
>
>{
>
>   try
>
>   {
>
>  Invoke-WebRequest $book
> -OutFile $saveTo
>
>   }
>
>   catch
>
>   {
>
>  " error retrieving
> $saveTo ($book)"
>
>   }
>
>}
>
> }
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Fut Dey
> *Sent:* Thursday, July 13, 2017 12:33 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Free eBooks for those MicroSoft Products
>
>
>
> https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/
> largest-free-microsoft-ebook-giveaway-im-giving-away-
> millions-of-free-microsoft-ebooks-again-including-
> windows-10-office-365-office-2016-power-bi-azure-windows-8-
> 1-office-2013-sharepo/
>
> Largest FREE Microsoft eBook Giveaway! I’m Giving Away ...
> 
>
> blogs.msdn.microsoft.com
>
> It’s that time of year again, and today I am kicking off my annual FREE
> MICROSOFT EBOOK GIVEAWAY extravaganza! And this time, I’m posting MORE FREE
> ...
>
> Regards,
>
> Fut
>

Re: [NTSysADM] Chrome 54 and Flash

[Micheal Espinola Jr]

Thanks again for following-up!

--
Espi


On Fri, Jul 14, 2017 at 11:11 AM, Richard Stovall <rich...@gmail.com> wrote:

> Following up on the follow up.
>
> This has finally been fixed as of SEP 14 MP1  (MP2 is current.)
>
> From https://support.symantec.com/en_US/article.INFO4193.html
>
> ---
> Chrome Adobe Flash component fails to update with SMC started*FIX ID:*
>  4050141
>
> *Symptom:* Chrome fails to update the Adobe Flash component with the
> Symantec Management Client (SMC) enabled.
>
> *Solution:* Corrected an issue where Symantec Endpoint Protection blocked
> the Chrome Flash component update.
>
> On Mon, Jan 16, 2017 at 8:47 PM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> WOW, just...  wow.  Thanks for the follow-up on this!
>>
>> --
>> Espi
>>
>>
>> On Mon, Jan 16, 2017 at 8:02 AM, Richard Stovall <rich...@gmail.com>
>> wrote:
>>
>>> For anyone else that may be seeing the Flash update issues in Chrome.
>>> If you're using SEP, this may be your issue.
>>>
>>> https://bugs.chromium.org/p/chromium/issues/detail?id=651945
>>>
>>> -
>>>
>>> Symantec has confirmed that this is a known issue. Below is their response 
>>> to our case.
>>>
>>> After reviewing this case and the available data (primarily the provided 
>>> WPP logs) I have found that this is a known-issue with the SEP 12.1 and SEP 
>>> 14 products. SEP is attempting to obtain a hash of the Adobe Flash Player 
>>> file 'pepflashplayer.dll'; however, during the hash operation, Chrome is 
>>> attempting to move the file from a temporary folder (where SEP is 
>>> performing the hash) to Chrome's plugin folder; since SEP has a lock on the 
>>> file, Chrome's move operation fails and the plugin update process aborts.
>>>
>>> Symantec has identified a fix for this issue and is planning on including a 
>>> resolution in the next release of SEP 12.1 and SEP 14, both due out early 
>>> next year.
>>>
>>> It is possible to work around this issue by disabling deferred scanning for 
>>> AutoProtect; however, this is not generally recommended in production 
>>> unless absolutely needed, as it disables scan throttling based on I/O 
>>> activity.
>>>
>>> For more information on disabling deferred scanning, please see the 
>>> following KB document:
>>>
>>> How to disable deferred scanning in Auto-Protect for Symantec Endpoint 
>>> Protection 
>>> <https://support.symantec.com/en_US/article.TECH224108.html>https://support.symantec.com/en_US/article.TECH224108.html
>>>
>>> It is also possible to work around the issue by temporarily disabling SEP; 
>>> however, this is a potential security issue, as you will be temporarily 
>>> disabling the product from being able to scan files.
>>>
>>>
>>> On Mon, Oct 31, 2016 at 7:10 PM, Micheal Espinola Jr <
>>> michealespin...@gmail.com> wrote:
>>>
>>>> Right, for which if I understand the process correctly, you are
>>>> dependant on Google Updater to update various components after the fact -
>>>> that are not a part of the core application update.  So, you may have
>>>> download restrictions in place that are preventing the update of the flash
>>>> component.  This methodology appears to be acknowledged in the top 
>>>> response:
>>>>
>>>> Chrome is rolling out some optimizations to the Chrome install process,
>>>>> whereby the Flash Player component will automatically be installed a few
>>>>> minutes after the initial Chrome installation.
>>>>
>>>>
>>>> --
>>>> Espi
>>>>
>>>>
>>>> On Mon, Oct 31, 2016 at 3:41 PM, Richard Stovall <rich...@gmail.com>
>>>> wrote:
>>>>
>>>>> Well, this pretty much explains what I'm seeing.
>>>>> https://forums.adobe.com/thread/2221587.
>>>>>
>>>>>
>>>>> On Mon, Oct 31, 2016 at 6:23 PM, Micheal Espinola Jr <
>>>>> michealespin...@gmail.com> wrote:
>>>>>
>>>>>> I cant speak for Ninite-driven upgrades, but have you tested Google
>>>>>> Updater driven upgrades?  Perhaps the issue is with Ninite, and not 
>>>>>> Google
>>>>>> Chrome itself.  Or perhaps you need to review your methodologies inline
>>>>>> with your download 

Re: [NTSysADM] Free eBooks for those MicroSoft Products

[Micheal Espinola Jr]

Every single link is through Eric Ligman's personal bitly domain of ligman.
me  instead of direct from Microsoft, even though the actual downloads are
from download.microsoft.com.  Who is pulling what here?

--
Espi


On Thu, Jul 13, 2017 at 9:32 AM, Fut Dey  wrote:

> https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/
> largest-free-microsoft-ebook-giveaway-im-giving-away-
> millions-of-free-microsoft-ebooks-again-including-
> windows-10-office-365-office-2016-power-bi-azure-windows-8-
> 1-office-2013-sharepo/
>
> Largest FREE Microsoft eBook Giveaway! I’m Giving Away ...
> 
> blogs.msdn.microsoft.com
> It’s that time of year again, and today I am kicking off my annual FREE
> MICROSOFT EBOOK GIVEAWAY extravaganza! And this time, I’m posting MORE FREE
> ...
> Regards,
>
> Fut
>

Re: [NTSysADM] Odd DSN behavior

[Micheal Espinola Jr]

Are the DNS servers known, aka something you or your staff would use?  Any
possibility that there is a script using netsh, or similar, at play?

--
Espi


On Tue, Jul 11, 2017 at 6:40 AM, Melvin Backus 
wrote:

> We’ve run across a very strange DNS situation that we can’t explain.  We
> have suspicions and a temporary fix but I’m hoping someone on the list has
> seen it already and give us some pointers.
>
>
>
> Recently stood up 2 new Skype for Business servers to replace the existing
> Lync 2010 servers. One internal and one edge server in each case. We’ve
> successfully migrated the topology and everything is running of the new
> servers.  But now for the weird part.  Every day, the internal DNS entry
> for the edge server gets changed.  The static IPv4 entry for the internal
> interface (LAN facing) gets removed and there are new entries for the
> external interface IPs (public facing), both IPv4 and IPv6.  The weird
> part is that the new entries are static as well, no timestamps.
>
>
>
> After much digging and churning we finally disabled the DNS Client service
> on that server and it didn’t happen last night, but I’m trying to figure
> out how it was happening even with the DNS Client running. DNS on that box
> points to a DNS server on the public side, not the internal servers. DDNS
> updates should create a dynamic / timestamped entry. I’ve never seen a
> static entry created any way other than via manual intervention.
>
>
>
> Any one care to solve the puzzle?
>
>
>
> 
> Service Desk | 404-497-1599 <(404)%20497-1599> |
> https://servicedesk.byers.com
>
> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company |
> 404.497.1565 <(404)%20497-1565>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>

Re: [NTSysADM] Exchange time insanity.

[Micheal Espinola Jr]

I love you guys.

--
Espi


On Thu, Jul 6, 2017 at 8:39 AM, Michael B. Smith 
wrote:

> Stupid BIOS J
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Eldridge, Dave
> *Sent:* Thursday, July 6, 2017 11:30 AM
>
> *To:* 'ntsysadm@lists.myitforum.com'
> *Subject:* RE: [NTSysADM] Exchange time insanity.
>
>
>
> Wow! Thanks for sharing that.
>
> dave
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Kennedy,
> Jim
> *Sent:* Thursday, July 06, 2017 9:10 AM
> *To:* 'ntsysadm@lists.myitforum.com'
> *Subject:* RE: [NTSysADM] Exchange time insanity.
>
>
>
> Fixed.
>
>
>
> http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04557232
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Kennedy,
> Jim
> *Sent:* Thursday, June 29, 2017 3:55 PM
> *To:* 'ntsysadm@lists.myitforum.com'
> *Subject:* RE: [NTSysADM] Exchange time insanity.
>
>
>
> 2012 R2
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Miller
> Bonnie L.
> *Sent:* Thursday, June 29, 2017 3:45 PM
> *To:* 'ntsysadm@lists.myitforum.com'
> *Subject:* RE: [NTSysADM] Exchange time insanity.
>
>
>
> Is this on Server 2016?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Kennedy,
> Jim
> *Sent:* Thursday, June 29, 2017 12:32 PM
> *To:* 'ntsysadm@lists.myitforum.com' 
> *Subject:* RE: [NTSysADM] Exchange time insanity.
>
>
>
> So that is the issue, time on the server is freaking out during startup.
> If I let it settle out and sync with the domain and restart MS Information
> Store it is all better now.
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Kennedy,
> Jim
> *Sent:* Thursday, June 29, 2017 8:17 PM
> *To:* 'ntsysadm@lists.myitforum.com'
> *Subject:* RE: [NTSysADM] Exchange time insanity.
>
>
>
> There was a reboot before this started. Just did a shutdown to check the
> MB clock and time zone, it is correct.  Shutdown shows at 3:07 PM in the
> event log.  Power on came at 8:11 PM.  Services start, normal boot messages
> then Time Service corrects it.
>
>
>
>
>
> *From:* Kennedy, Jim
> *Sent:* Thursday, June 29, 2017 8:17 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [NTSysADM] Exchange time insanity.
>
>
>
> If I send to a 2010 box the received time on their end is ok.  But when
> they look at my email the sent time is incorrect.  You can see that below
> in your quote of me:   “On Thu, Jun 29, 2017 at 6:17 PM, Kennedy, Jim”
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Mike
> *Sent:* Thursday, June 29, 2017 3:11 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Exchange time insanity.
>
>
>
> What if you send to a mailbox still on 2010? Same behavior?
>
>
>
> On Thu, Jun 29, 2017 at 6:17 PM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
>
> Stood up an Exch 2016 server in my 2010 org.  Moved my mailbox over more
> than a week ago.  It has been fine.  Moved another box today and the below
> started happening to both of us.  What you are seeing is emails I sent to
> myself.   The send time is listed to the right of my name, so 1:47 pm, 1:48
> pm and so on.  Next you see the received time.  It makes no sense.  That
> happens with internal mail and external mail.
>
>
>
> Time zones on the mailboxes, Outlook and servers are correct.  They all
> have the correct time from the domain.
>
>
>
>
>
>
>
>
>
>
>

Re: [NTSysADM] User education and proper configuration prevents Powerpoint problems

[Micheal Espinola Jr]

oy vey.

--
Espi


On Sat, Jun 10, 2017 at 9:48 AM, Kurt Buff  wrote:

> Given the state of user education...
> http://www.dodgethissecurity.com/2017/06/02/new-powerpoint-
> mouseover-based-downloader-analysis-results/
>
>
>

Re: [NTSysADM] What is the argument for Windows Server Core/NanoServer over Linux?

[Micheal Espinola Jr]

Indeed.  Thanks from me as well.

--
Espi


On Sat, Jun 3, 2017 at 2:28 PM, Michael B. Smith 
wrote:

> Interesting read. Thanks.
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kurt Buff
> Sent: Friday, June 2, 2017 9:49 PM
> To: ntsysadm
> Subject: Re: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
>
> Sorry - my bad. They are Privileged Access Workstations:
> https://docs.microsoft.com/en-us/windows-server/identity/
> securing-privileged-access/privileged-access-workstations
> https://gallery.technet.microsoft.com/Privileged-Access-53a4673a
>
> Kurt
>
> On Fri, Jun 2, 2017 at 10:12 AM, Katherine M. Moss <
> km...@winterhillsolutions.com> wrote:
> > What are those again?
> >
> > -Original Message-
> > From: listsad...@lists.myitforum.com
> > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
> > Sent: Friday, June 02, 2017 1:03 PM
> > To: ntsysadm 
> > Subject: Re: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >
> > It's also a push to start implementing PAWs - Protected Access
> Workstations - which is how I'm going to configure my next machine.
> >
> > Kurt
> >
> > On Fri, Jun 2, 2017 at 9:34 AM, Katherine M. Moss <
> km...@winterhillsolutions.com> wrote:
> >> I prefer remote management, actually. The insane thing is how easy it
> is to build out Nano servers. That another reason; not having a local GUI
> will prevent me from always using RDP; trying to move away from that as
> much as possible.
> >>
> >> -Original Message-
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Matt Stork
> >> Sent: Friday, June 02, 2017 11:38 AM
> >> To: ntsysadm@lists.myitforum.com
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >> Running Core and Nano does not mean running without a GUI, they mean
> running without a GUI locally.  The majority of the server management GUI
> tools can connect to a remote server (Core, Nano or Desktop), it is a
> matter of having your firewall and authentication setup to allow this.  The
> transition is difficult but unless we wish to fall like the mainframe
> people who refused to adapt, this is technology we must learn.
> >>
> >> Nano is new but Core has been around since Server 2008.  I would not
> call that new.
> >> -Matt
> >>
> >> -Original Message-
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Katherine M.
> >> Moss
> >> Sent: Friday, June 02, 2017 9:18 AM
> >> To: ntsysadm@lists.myitforum.com
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >> That’s the difficulty I’m having; currently, I’m the only one in my
> group who sees any benefit to the ASP.net platform, for instance (I’m a
> DNNizen, and trying to rise in prominence in that community, for example).
> Why run ASP.NET when you can run Wordpress, they say. Why run IIS when
> PHP was born on Apache, they say. The other issue I have is that when
> dealing with creatures of habbit, it’s hard to get people to look at
> current stats. I tend to use what works, not what the market tells me I
> should, for the most part. Does it have to do with what you were brought up
> with? Plus because Core and Nano are new; so I think in my case the issue
> is getting people who are used to one thing to get used to another. There’s
> that saying, use the right tool for the job, so how to ensure that you
> choose the right one when both can perform equally well? I’m an explorer,
> so it’s easy for me to say, let’s try something new and fun.
> >>
> >>
> >>
> >> From: listsad...@lists.myitforum.com
> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Charles F
> >> Sullivan
> >> Sent: Friday, June 02, 2017 9:50 AM
> >> To: ntsysadm@lists.myitforum.com
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >>
> >>
> >> Yes, people usually do run Linux servers without a GUI. What I meant
> was that you can use Windows Server Core or Nano to avoid the Windows GUI,
> thus not having to use Linux to get those benefits.
> >>
> >>
> >>
> >> As someone else said, it depends on what the application is as to what
> platform is more appropriate. I think that’s the real answer.
> >>
> >>
> >>
> >> From: listsad...@lists.myitforum.com
> >> 
> >> [mailto:listsad...@lists.myitforum.com
> >>  ] On Behalf Of Rene de Haas
> >> Sent: Thursday, June 1, 2017 6:49 PM
> >> To: ntsysadm@lists.myitforum.com
> >> 
> >> Subject: RE: [NTSysADM] What is the argument for Windows Server
> Core/NanoServer over Linux?
> >>
> >>
> >>
> >> You can run linux 

Re: [EXTERNAL]Re: [NTSysADM] RE: Test

[Micheal Espinola Jr]

Awww... I meant the "funny" one from a long time ago on a distribution list
far, far away.

--
Espi


On Tue, May 30, 2017 at 3:15 PM, Michael B. Smith <mich...@smithcons.com>
wrote:

> http://myitforum.com/myitforumwp/newsletter/email-lists-2/
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
> orum.com] *On Behalf Of *Micheal Espinola Jr
> *Sent:* Tuesday, May 30, 2017 5:56 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [EXTERNAL]Re: [NTSysADM] RE: Test
>
>
>
> Someone be sure to supply the proper unsubscribe method.  I can't find my
> copy. :-(
>
>
> --
> Espi
>
>
>
>
>
> On Tue, May 30, 2017 at 7:01 AM, David McSpadden <dav...@imcu.com> wrote:
>
> Oh thank God.
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
> orum.com] *On Behalf Of *Erik Goldoff
> *Sent:* Tuesday, May 30, 2017 9:27 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [EXTERNAL]Re: [NTSysADM] RE: Test
>
>
>
> Yes, only a test.  In the event of an actual email event, you will be
> notified where to tune for additional details
>
>
>
> On Tue, May 30, 2017 at 8:48 AM, David McSpadden <dav...@imcu.com> wrote:
>
> Only a test?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
> orum.com] *On Behalf Of *Katherine M. Moss
> *Sent:* Tuesday, May 30, 2017 8:41 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Test
>
>
>
> Notice:  This email is from an outside source.  Please do not open any
> attachments, click on any hyperlinks, or respond without first confirming
> the authenticity of the email.
>
> This is a test.
>
> This e-mail and any files transmitted with it are property of Indiana
> Members Credit Union, are confidential, and are intended solely for the use
> of the individual or entity to whom this e-mail is addressed. If you are
> not one of the named recipient(s) or otherwise have reason to believe that
> you have received this message in error, please notify the sender and
> delete this message immediately from your computer. Any other use,
> retention, dissemination, forwarding, printing, or copying of this email is
> strictly prohibited.
>
>
>
> Please consider the environment before printing this email.
>
>
>
> This e-mail and any files transmitted with it are property of Indiana
> Members Credit Union, are confidential, and are intended solely for the use
> of the individual or entity to whom this e-mail is addressed. If you are
> not one of the named recipient(s) or otherwise have reason to believe that
> you have received this message in error, please notify the sender and
> delete this message immediately from your computer. Any other use,
> retention, dissemination, forwarding, printing, or copying of this email is
> strictly prohibited.
>
>
>
> Please consider the environment before printing this email.
>
>
>

Re: [EXTERNAL]Re: [NTSysADM] RE: Test

[Micheal Espinola Jr]

Someone be sure to supply the proper unsubscribe method.  I can't find my
copy. :-(

--
Espi


On Tue, May 30, 2017 at 7:01 AM, David McSpadden  wrote:

> Oh thank God.
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Erik Goldoff
> *Sent:* Tuesday, May 30, 2017 9:27 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [EXTERNAL]Re: [NTSysADM] RE: Test
>
>
>
> Yes, only a test.  In the event of an actual email event, you will be
> notified where to tune for additional details
>
>
>
> On Tue, May 30, 2017 at 8:48 AM, David McSpadden  wrote:
>
> Only a test?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Katherine M. Moss
> *Sent:* Tuesday, May 30, 2017 8:41 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Test
>
>
>
> Notice:  This email is from an outside source.  Please do not open any
> attachments, click on any hyperlinks, or respond without first confirming
> the authenticity of the email.
>
>
> This is a test.
>
> This e-mail and any files transmitted with it are property of Indiana
> Members Credit Union, are confidential, and are intended solely for the use
> of the individual or entity to whom this e-mail is addressed. If you are
> not one of the named recipient(s) or otherwise have reason to believe that
> you have received this message in error, please notify the sender and
> delete this message immediately from your computer. Any other use,
> retention, dissemination, forwarding, printing, or copying of this email is
> strictly prohibited.
>
>
>
> Please consider the environment before printing this email.
>
>
>
> This e-mail and any files transmitted with it are property of Indiana
> Members Credit Union, are confidential, and are intended solely for the use
> of the individual or entity to whom this e-mail is addressed. If you are
> not one of the named recipient(s) or otherwise have reason to believe that
> you have received this message in error, please notify the sender and
> delete this message immediately from your computer. Any other use,
> retention, dissemination, forwarding, printing, or copying of this email is
> strictly prohibited.
>
> Please consider the environment before printing this email.
>

Re: [NTSysADM] Test

[Micheal Espinola Jr]

Hi Katherine,

I've been getting your emails via the list again.  Were you able to
determine what the problem was?

--
Espi


On Tue, May 30, 2017 at 5:40 AM, Katherine M. Moss <
km...@winterhillsolutions.com> wrote:

> This is a test.
>

Re: [NTSysADM] RE: Managed Service Accounts

[Micheal Espinola Jr]

It's been years since I have used a product that "required" its MSA to be
in the Enterprise Admins group, and even then it was suspect.  I can't
recall the specific app to provide more details, but the oddity of it
stands out in my memory.  In the end, it depends on the app and what its
doing.

If your MSA doesn't require cross-domain permissions, then it doesn't
belong in the Enterprise Admins group.  This document highlights some
examples of Enterprise Admins group requirements:

http://www.w2k.vt.edu/docs/EAScenarios.pdf


--
Espi


On Thu, May 25, 2017 at 6:48 AM, Miller Bonnie L. <
mille...@mukilteo.wednet.edu> wrote:

> Thanks, and I already know what it’s used for and it doesn’t even need
> domain admin or local admin on the boxes it’s used on.  I just don’t have
> any others to compare it to but it didn’t seem right.  So nobody else sees
> this with their managed service accounts, that they are in their enterprise
> admins group?
>
>
>
> I’d love to use more, we just haven’t upgraded/replaced any on-prem
> systems in a while that would need one.  Locking the groups down via
> restricted is something we’ve discussed before but haven’t done, will bring
> it up again.
>
>
>
> -Bonnie
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Joseph L. Casale
> *Sent:* Wednesday, May 24, 2017 3:09 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] RE: Managed Service Accounts
>
>
>
> I make extensive use of them. Anytime I need a service account (for
> Windows based apps that can utilize them) I use an MSA or GMSA. They work
> great as they remove the manual password management task from you.
>
>
>
> For example, I always install MSSQL servers with them, the required
> permissions are well documented in regards to what each service requires in
> which scenarios.
>
>
>
> To be honest, I can’t fathom any app needing that level of permission and
> I am not sure I would automate one that did…  Find out what uses it, I
> doubt once you know that you will have any trouble inferring the genuine
> permission requirements…
>
>
>
> jlc
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Miller
> Bonnie L.
> *Sent:* Wednesday, May 24, 2017 2:59 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Managed Service Accounts
>
>
>
> So, I’m doing a regular review of admin accounts and found something odd I
> want to ask about before I change that I can’t find any reference to in
> Google-land.  Our “Enterprise admins” group has a managed service account
> in it, which I don’t think should be there, but I really don’t know as we
> had a new system installed this last year and it’s actually our first
> managed service account, so I don’t have another one to compare it to.
> Although I have participated in the some of the later setup, another domain
> admin helped with this portion while I was out.
>
>
> So, does anyone who is using managed service accounts see them show up in
> your Enterprise Admins group, or have any reference to documentation saying
> it should be there?  On the account properties there is no “member of” tab
> to look at.
>
>
>
> If it’s not supposed to be there I want to remove it and restart the
> related systems to make sure everything continues to work correctly, but
> wouldn’t want to change it if it’s supposed to be there.
>
>
>
> Thanks,
> Bonnie
>

Re: [NTSysADM] Disabling word macro's.

[Micheal Espinola Jr]

As odd as it seems, that's pretty much my experiences with this as well.

--
Espi


On Thu, May 25, 2017 at 6:59 AM, Kennedy, Jim <kennedy...@elyriaschools.org>
wrote:

> Yea, it appears each is a case by case basis.  Some had mangled their
> default template.  Others had an ActiveX add on from our smart board
> software installed that isn’t supposed to be installed. Just gave the
> tech’s a list of possible causes and when in doubt image them.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Micheal Espinola Jr
> *Sent:* Wednesday, May 24, 2017 4:19 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] Disabling word macro's.
>
>
>
> I've seen and heard of different causes and fixes over the years.  Are the
> affected staff using the same documents or are they unique situations?
>
>
> --
> Espi
>
>
>
>
>
> On Wed, May 24, 2017 at 8:06 AM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
>
> Office 2010
>
>
>
> So we block word macro’s for users, and have the setting set to disable
> and not warn.  We have a very small number of staff, like 6 or 8 that still
> get a pop up warning them macro’s are disabled.  It’s very odd as it
> happens even if the doc doesn’t contain macro’s.
>
>
>
> Anyone have any ideas?
>
>
>

Re: [NTSysADM] WAN acceleration for small office

[Micheal Espinola Jr]

Have you considered performance tuning your server/clients?  Which server
and client OSs are in question?

--
Espi


On Wed, May 24, 2017 at 6:51 PM, Tom Miller  wrote:

> I have a few staff in a remote office in Florida who spend most of their
> day working in RDS at our main site in Virginia.  We have decent bandwidth
> at both locations and decent firewalls, no issues there.   The Florida
> staff complain of latency/laggy experience in RDS.  I am wondering if these
> folks would be a fit for a WAN accelerator.  I have not used them in a few
> years, last experience was with Riverbeds.
>
>
> Any suggestions for something that won't cost a fortune like a Riverbed?
> I have SonicWall firewalls and they can take advantage of a SonicWall
> appliance, which I might also look at.
>
> Thanks,
> Tom
>

Re: [NTSysADM] Is 9389 required for External Trust?

[Micheal Espinola Jr]

AFAIK, 9389 shouldnt be. This may help you further sort out your port
requirements:



https://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx


--
Espi


On Wed, May 24, 2017 at 8:50 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> I’m setting up an external trust between two forests. There are firewalls
> between them. I’ve been using this as the basis for the firewall rules:
>
>
>
> https://support.microsoft.com/en-us/help/179442/how-to-
> configure-a-firewall-for-domains-and-trusts#method3
>
>
>
> It does NOT mention 9389 (AD DS Web Services). My understanding is that
> that is only needed for DC to DC communication within a Forest, not for a
> Trust. Can anyone confirm this?
>
>
>
> Right now, I haven’t been able to get the trust to work yet, and I do see
> that the outgoing side of the trust is trying to get to the incoming side
> over 9389, which is currently blocked.
>
>
>
>
>
> Thanks
>
>
>
>
>
> *Christopher Bodnar*
> Enterprise Architect II, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services
>
> Tel 610-807-6459 <(610)%20807-6459>
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
> [image: cid:image001.png@01D1326B.600058E0]
>
> * The Guardian Life Insurance Company of America*
>
> * www.guardianlife.com *
>
>
>
>
>
> --
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you.
>
>

Re: [NTSysADM] Disabling word macro's.

[Micheal Espinola Jr]

I've seen and heard of different causes and fixes over the years.  Are the
affected staff using the same documents or are they unique situations?

--
Espi


On Wed, May 24, 2017 at 8:06 AM, Kennedy, Jim 
wrote:

> Office 2010
>
>
>
> So we block word macro’s for users, and have the setting set to disable
> and not warn.  We have a very small number of staff, like 6 or 8 that still
> get a pop up warning them macro’s are disabled.  It’s very odd as it
> happens even if the doc doesn’t contain macro’s.
>
>
>
> Anyone have any ideas?
>

Re: [NTSysADM] Keylogger Found in Audio Driver of HP Laptops

[Micheal Espinola Jr]

On Thu, May 11, 2017 at 10:33 AM, Susan E Bradley 
wrote:

> Apparently, the functionality of capturing keystrokes is also extremely
> common, but outputting the data to a file for diagnostic or debugging
> purposes is new and (I concur) may not be a particularly wise
> implementation if the keystroke data is written anywhere except when in
> debug mode."
>


Yes, this is inherently the way most of these function-key trap functions
work. Nothing particularly new unfortunately.  But logging or otherwise
repurposing that data is a serious faux pas. Modzero's advisory is a bit
flamboyant, which is why I didn't link to it directly.

--
Espi

Re: [NTSysADM] Keylogger Found in Audio Driver of HP Laptops

[Micheal Espinola Jr]

We can only hope that its just HP's mistake of leaving this sort of debug
option enabled in the driver during testing, and that its not something
from the OEM chip provider.

--
Espi


On Thu, May 11, 2017 at 10:05 AM, Mike <craigslist...@gmail.com> wrote:

> The Conexant software must be present on other laptops in the OEM image. I
> wonder if this is HP specific somehow or if other manufacturers have the
> same issue.
>
> On Thu, May 11, 2017 at 10:08 AM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> https://www.bleepingcomputer.com/news/security/keylogger-fou
>> nd-in-audio-driver-of-hp-laptops/
>>
>> According to researchers, the keylogger feature was discovered in the
>>> Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
>>>
>>
>>
>> This is an audio driver that is preinstalled on HP laptops. One of the
>>> files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64
>>> .exe).
>>>
>>
>>
>> This file is registered to start via a Scheduled Task every time the user
>>> logs into his computer. According to modzero researchers, the file
>>> "monitors all keystrokes made by the user to capture and react to functions
>>> such as microphone mute/unmute keys/hotkeys."
>>>
>>
>>
>> *This behavior, by itself, is not a problem, as many other apps work this
>>> way. The problem is that this file writes all keystrokes to a local file
>>> at:*
>>
>>
>>> *C:\users\public\MicTray.log*
>>
>>
>> --
>> Espi
>>
>>
>
>

Re: [NTSysADM] Keylogger Found in Audio Driver of HP Laptops

[Micheal Espinola Jr]

We can only hope that its just HP's mistake of leaving this sort of debug
option enabled in the driver during testing, and that its not something
from the OEM chip provider.

--
Espi


On Thu, May 11, 2017 at 10:05 AM, Mike <craigslist...@gmail.com> wrote:

> The Conexant software must be present on other laptops in the OEM image. I
> wonder if this is HP specific somehow or if other manufacturers have the
> same issue.
>
> On Thu, May 11, 2017 at 10:08 AM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> https://www.bleepingcomputer.com/news/security/keylogger-fou
>> nd-in-audio-driver-of-hp-laptops/
>>
>> According to researchers, the keylogger feature was discovered in the
>>> Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
>>>
>>
>>
>> This is an audio driver that is preinstalled on HP laptops. One of the
>>> files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64
>>> .exe).
>>>
>>
>>
>> This file is registered to start via a Scheduled Task every time the user
>>> logs into his computer. According to modzero researchers, the file
>>> "monitors all keystrokes made by the user to capture and react to functions
>>> such as microphone mute/unmute keys/hotkeys."
>>>
>>
>>
>> *This behavior, by itself, is not a problem, as many other apps work this
>>> way. The problem is that this file writes all keystrokes to a local file
>>> at:*
>>
>>
>>> *C:\users\public\MicTray.log*
>>
>>
>> --
>> Espi
>>
>>
>
>

[NTSysADM] Keylogger Found in Audio Driver of HP Laptops

[Micheal Espinola Jr]

https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/

According to researchers, the keylogger feature was discovered in the
> Conexant HD Audio Driver Package version 1.0.0.46 and earlier.
>


This is an audio driver that is preinstalled on HP laptops. One of the
> files of this audio driver is MicTray64.exe
> (C:\windows\system32\mictray64.exe).
>


This file is registered to start via a Scheduled Task every time the user
> logs into his computer. According to modzero researchers, the file
> "monitors all keystrokes made by the user to capture and react to functions
> such as microphone mute/unmute keys/hotkeys."
>


*This behavior, by itself, is not a problem, as many other apps work this
> way. The problem is that this file writes all keystrokes to a local file
> at:*


> *C:\users\public\MicTray.log*


--
Espi

Re: [NTSysADM] RE: RDS timeout issues

[Micheal Espinola Jr]

I thought this was controlled with Connection Authorization Policies, with
the Remote Desktop Gateway Manager tool.  You should be able to manipulate
the timeout values as well as enable silent re-authorization - so you avoid
clients from getting that message.

YMMV: It's been a while, and I could be misreading or applying my notes on
the subject.

--
Espi


On Tue, May 9, 2017 at 9:11 PM, Bill Humphries  wrote:

> Wouldn’t it just disconnect the session if that was the case, rather than
> provide the message below?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Michael B. Smith
> *Sent:* Tuesday, May 9, 2017 11:00 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] RE: RDS timeout issues
>
>
>
> Just guessing, but I would take a look at the remote router and/or
> firewall to see if it has TCP timeouts configured.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Bill
> Humphries
> *Sent:* Tuesday, May 9, 2017 9:12 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] RDS timeout issues
>
>
>
> Hi all,
>
>
>
> I am once again, seeking wisdom from the group.
>
>
>
> I have a single RDS server running on 2012 R2 for a client.  Most users
> are in local office and connect to the RDS session on LAN.  A few users are
> remote.  We are using TSPrint as a printing solution because  users need to
> be able to print to each other’s local printers, even if they are in
> different locations.  To allow this printing, the user must be logged into
> the RDS server so that other users can print to the local printer.
>
>
>
> I have two users that are at a location in a different state.  These
> users’ remote sessions keep ending with “Your remote desktop services
> session has ended because the remote computer didn’t receive any input from
> you.”  I need this to not happen so that the printers remain available.  No
> one else complains about the time out issue.
>
>
>
> On the RDS server I have gone to:
>
>- *Computer Configuration\Policies\Administrative Templates\Windows
>Components\Remote Desktop Services\Remote Desktop Session Host\Session Time
>Limits*
>- *User Configuration\Policies\Administrative Templates\Windows
>Components\Remote Desktop Services\Remote Desktop Session Host\Session Time
>Limits*
>
> And set time out limits to never.  But these two users still get
> disconnected.  I do not manage the user PCs on the other end, but my
> understanding is that timeout limits would be managed at the RDS, not at
> the client computer.
>
>
>
> Any help is much appreciated.
>
>
>
> Bill
>
>
>

Re: [NTSysADM] Reset permissions on hard disk - Windows 10 Enterprise

[Micheal Espinola Jr]

Latest version of that script is on github:

https://github.com/raandree/NTFSSecurity


--
Espi


On Wed, Mar 29, 2017 at 1:14 PM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

> The problem I find with that scenario is that no matter what you use to
> correct it, some files get skipped for whatever reason. You can compare two
> files with the same perms and owner, where one will succeed and the other
> won’t.
>
>
>
> I did try this PS module with some success:
>
> https://gallery.technet.microsoft.com/scriptcenter/
> 1abd77a5-9c0b-4a2b-acef-90dbb2b84e85
>
>
>
> I think it was successful on maybe 95% or more of the files. I then
> remembered that we still had an old version of Security Explorer by
> ScriptLogic, which as it turns out has a perpetual license (just no upgrade
> or support). Security Explorer probably got 99.x% of them.
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Eric Levinson
> *Sent:* Wednesday, March 29, 2017 1:26 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Reset permissions on hard disk - Windows 10
> Enterprise
>
>
>
> I’ve come across this issue many times before and don’t really have an
> easy way to resolve.
>
>
>
> System has two hard disks – a C drive and a D drive.
>
>
>
> D has all the data, C is the OS and page.
>
>
>
> C drive goes bad, so it is replaced, OS is reinstalled clean (Windows 10
> Enterprise)
>
>
>
> After taking ownership of the D drive and everything below it, there are
> still lots of folders that won’t open or allow reads or writes.
>
>
>
> Even though effective permissions says I have full access to folders – I
> receive permission denied errors and can’t seem to figure out how to get
> the access back.
>
>
>
> Permissions on D are for previous OS – so there are a lot of GUID users in
> there with no user names.
>
>
>
> Is there an easy script I can run (cmd or bat) that will delete all the
> permissions on the D drive and reset the ownership of every object?  The
> GUI doesn’t seem to work properly.
>
>
>
> Any help would be greatly appreciated!
>
>
>
>
>
>
>
>
>

Re: [NTSysADM] Now this is just plain cool

[Micheal Espinola Jr]

Very cool. Thanks from me as well!

--
Espi


On Fri, Apr 14, 2017 at 12:24 PM, D R  wrote:

> Thanks for sharing that.
>
> On Fri, Apr 14, 2017 at 1:56 PM, Kurt Buff  wrote:
>
>> https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+
>> by+Process/22296/
>>
>>
>>
>
>
> --
> Daniel Rodriguez
> drod...@gmail.com
>

Re: [NTSysADM] Running exe from APPDATA..TEMP directory

[Micheal Espinola Jr]

Absolutely not.  That is extremely lazy programming. Many of us have
similar GPOs for antivirus purposes.

--
Espi


On Mon, Apr 10, 2017 at 7:25 AM, David McSpadden  wrote:

> Have a vendor that want so run his app from the APPDATA..TEMP directory.
>
> I have a GPO that denied .exe from running there or subfolders of there.
>
> Any reason I should allow this?
>
> I have the exact folder and program name but it’s opening up an exception
> to my rule??
> Any thoughts?
>
>
>
> *David McSpadden*
>
> System Administrator
>
> Indiana Members Credit Union
>
> P: 317.554.8190 <(317)%20554-8190>
>
> [image: Description: Description: imcu email icon]   [image:
> Description: Description: facebook email icon]
>   [image: Description:
> Description: twitter email icon] 
>
>
>
> [image: Description: Description: email logo]
>
> [image: http://www.amuletsolutions.com/images/mcp.gif]
> 
>
>
>
> This e-mail and any files transmitted with it are property of Indiana
> Members Credit Union, are confidential, and are intended solely for the use
> of the individual or entity to whom this e-mail is addressed. If you are
> not one of the named recipient(s) or otherwise have reason to believe that
> you have received this message in error, please notify the sender and
> delete this message immediately from your computer. Any other use,
> retention, dissemination, forwarding, printing, or copying of this email is
> strictly prohibited.
>
> Please consider the environment before printing this email.
>

Re: [NTSysADM] Re: Problems running VBS script from CMD file in Win 2008 R2 [SOLVED}

[Micheal Espinola Jr]

Thanks from me as well.  It was an interesting refresher reading and
thinking about this kind of issue - one which I haven't encountered in
years either.

--
Espi


On Thu, Apr 6, 2017 at 4:26 AM, Andrew S. Baker  wrote:

> Thanks for the follow-up.  That's an interesting resolution that I haven't
> had to touch in years!   And not for something like this...
>
> Regards,
>
>  *ASB*
>  *http://XeeMe.com/AndrewBaker *
>
>  *Providing Expert Technology Consulting Services for the SMB market…*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
> On Wed, Apr 5, 2017 at 9:51 AM, Michael Leone  wrote:
>
>> I needed to increase the IRPStackSize registry entry (to 22), and then it
>> all Just Worked.
>>
>> On Thu, Mar 23, 2017 at 11:22 AM, Michael Leone 
>> wrote:
>>
>>> I'll admit, I know practically nothing about VBS (altho I do understand
>>> PowerShell ...).
>>>
>>> Anyway, we have a vendor provided set of scripts that suspend, and then
>>> resume, an application, so we can back it up. (it's EMC SourceOne mail
>>> archiving). We use Networker as a backup program. So years ago I wrote
>>> small batch files that run the suspend and resume scripts.
>>>
>>> C:\Windows\SYSWow64\cscript "name.vbs"
>>>
>>> And it Just Worked. That was like 4-5 years ago.
>>>
>>> Last week I upgraded the Networker client software to the latest
>>> version. And the backup is failing. Do a test run, I see this, in the
>>> Networker log:
>>>
>>> CScript Error: Initialization of the Windows Script Host failed. (Not
>>> enough storage is available to process this command. )
>>>
>>> Oddly, if I execute the CMD file from a shell prompt, it all Just Works.
>>> I do not see this error. So it's only when it executes via Networker, that
>>> I see this problem.
>>>
>>> I've been searching the Interwebs, but not seem to be finding anything
>>> relevant to my issue.
>>>
>>> Anyone have any hints? I'll open a case with Networker, but it might be
>>> a Windows issue (some environment settings), so I thought I would ask here.
>>>
>>> Anyone?
>>>
>>>
>>
>

Re: [NTSysADM] UAC prompt when launching Chrome

[Micheal Espinola Jr]

To clarify, if you allow Chrome to run as admin once:  It will still
require a UAC elevation for the next launch?

Have there been any recent policy changes?  Any software updates that
feature browser integration?

--
Espi


On Wed, Apr 5, 2017 at 2:03 PM, Jimmy Tran  wrote:

> This issue has been happening for a while now. A user will launch Chrome
> and they will get a UAC prompt immediately. They can hit no to continue but
> they will eventually get another UAC prompt after opening Chrome. This
> happens across the board for all standard users. I’ve tried the Chrome
> browser for business as wells as the standard version but both eventually
> give us the same problem. This does happen randomly on different computers
> running windows 7 or 10.
>
>
>
> I’ve found a bunch of people having this issue on forums but the only
> solution that was found was to set chrome.exe to run as administrator for
> all users. The problem is the user account is a standard account so it will
> prompt for elevated credentials again. I have also tried the Google ADM
> templates to disable auto updates but it still occurs.
>
>
>
> Has anyone seen this issue and resolved it?
>
>
>
> -Jimmy
>

Re: [NTSysADM] Wireless bridge

[Micheal Espinola Jr]

$500!

--
Espi


On Mon, Apr 3, 2017 at 8:49 PM, Todd Lemmiksoo  wrote:

> You try the Netgear NightHawk 9000
>
> On Mon, Apr 3, 2017 at 7:09 PM, J- P  wrote:
>
>> I'm finding only 2 sellers on Amazon and both have BAD reviews, the only
>> other place i'm seeing them is on Ebay, makes me a little weary about where
>> to purchase from.
>>
>>  I'm in the US, so I'm concerned no legitimate
>>
>> vendors/resellers carry them.
>>
>>
>>
>>
>>
>>
>> --
>> *From:* listsad...@lists.myitforum.com 
>> on behalf of Kurt Buff 
>> *Sent:* Saturday, April 1, 2017 1:58 PM
>> *To:* ntsysadm
>> *Subject:* Re: [NTSysADM] Wireless bridge
>>
>> This has worked well for me:
>> https://www.amazon.com/gp/product/B019DZ1JGG/
>> Amazon.com: AFOUNDRY Dual Band Wireless AC Gigabit Router,6 External
>> Antennas,Three Processors,Metal Computer WiFi Router Used in
>> Home,Enterprise,Villas: Computers & Accessories
>> 
>> www.amazon.com
>> Buy AFOUNDRY Dual Band Wireless AC Gigabit Router, 6 External Antennas,
>> Three Processors, Metal Computer WiFi Router Used in Home, Enterprise,
>> Villas: Tools & Home Improvement - Amazon.com ✓ FREE DELIVERY possible on
>> eligible purchases
>>
>>
>>
>> I have two - one is acting as my router at the end of my house where
>> my Internet connection lives, the other is in the middle of my house
>> and is a bridge for coverage for the area that the first one doesn't
>> reach, which is mostly the basement and the far corner of the house
>> that has too many walls, heating ducts, etc. for the first one to
>> cover.
>>
>> Easy to set up, too.
>>
>> Kurt
>>
>> On Fri, Mar 31, 2017 at 6:59 PM, J- P  wrote:
>> > Hi all,
>> >
>> >
>> > Can anyone recommend (with actual real world use) a good wireless
>> bridge ,
>> > its purpose is for controlling theatre equipment so throughput /
>> bandwidth
>> > is not a great concern, just communication from the bridges to the
>> router.
>> >
>> >
>> > thx
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>
>
> --
> T. Todd Lemmiksoo
>

Re: [NTSysADM] You kids get off my lawn!

[Micheal Espinola Jr]

I can't thank you enough for pointing out that specific review.  That was
mazing!

--
Espi


On Fri, Mar 31, 2017 at 5:37 AM, Jeff Steward <jstew...@gmail.com> wrote:

> OT:  Did you see this review?  Truly epic:  https://www.amazon.com/gp/
> review/RXXPVOUH9NLL3?ref_=glimp_1rv_cl
>
>
> On Wed, Mar 29, 2017 at 4:10 PM Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> :-D  That must be incredible milk.
>>
>> --
>> Espi
>>
>>
>> On Wed, Mar 29, 2017 at 8:47 AM, Jonathan Link <jonathan.l...@gmail.com>
>> wrote:
>>
>> Wait until you try Tuscan Dairy Whole Milk.
>> <https://www.amazon.com/Tuscan-Dairy-Whole-Vitamin-Gallon/dp/B00032G1S0/ref=sr_1_1_s_it?s=grocery=UTF8=1490802380=1-1=tuscan+dairy+whole+vitamin+d+milk+gallon+128+oz>
>>
>> On Tue, Mar 28, 2017 at 5:31 PM, Micheal Espinola Jr <
>> michealespin...@gmail.com> wrote:
>>
>> I'm impressed with the ratings on that.
>>
>> --
>> Espi
>>
>>
>> On Tue, Mar 28, 2017 at 1:57 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>>
>> If I lose my reading glasses...
>> https://www.amazon.com/Screen-Magnifier-Dizaul-Amplifier-
>> Foldable/dp/B015VYVW7O
>>
>>
>>
>>
>>
>>

Re: [NTSysADM] You kids get off my lawn!

[Micheal Espinola Jr]

:-D  That must be incredible milk.

--
Espi


On Wed, Mar 29, 2017 at 8:47 AM, Jonathan Link <jonathan.l...@gmail.com>
wrote:

> Wait until you try Tuscan Dairy Whole Milk.
> <https://www.amazon.com/Tuscan-Dairy-Whole-Vitamin-Gallon/dp/B00032G1S0/ref=sr_1_1_s_it?s=grocery=UTF8=1490802380=1-1=tuscan+dairy+whole+vitamin+d+milk+gallon+128+oz>
>
> On Tue, Mar 28, 2017 at 5:31 PM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> I'm impressed with the ratings on that.
>>
>> --
>> Espi
>>
>>
>> On Tue, Mar 28, 2017 at 1:57 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>>
>>> If I lose my reading glasses...
>>> https://www.amazon.com/Screen-Magnifier-Dizaul-Amplifier-Fol
>>> dable/dp/B015VYVW7O
>>>
>>>
>>>
>>
>

Re: [NTSysADM] Has anyone here used this product, and can comment on it?

[Micheal Espinola Jr]

Depending on what you plan on doing with it, you should be able to buy an
older one at a significant discount.  I like that all the power is in the
tablet; so the wireless mouse that came with my wacom doesn't require power
(just like the stylus).  On the downside, it can be cumbersome if/when you
are limited for desk space.

I'd try to borrow one first.  In my experiences, it can be hit or miss if
you enjoy using it.

--
Espi


On Tue, Mar 28, 2017 at 11:48 PM, Kurt Buff  wrote:

> Then it's got to be easier than using the trackpoint in my laptop! :)
>
> Mice and touchpaads - I just don't like them any more.
>
> Maybe I can con my manager into buying one for me...
>
> Kurt
>
> On Tue, Mar 28, 2017 at 7:48 PM, Don Ely  wrote:
> > It's much easier than using a mouse to draw links!
> >
> > On Mar 28, 2017 7:45 PM, "Kurt Buff"  wrote:
> >>
> >> H.
> >>
> >> Wacom tablet and Visio?
> >>
> >> Never used a drawing tablet. Sounds useful.
> >>
> >> Kurt
> >>
> >> On Tue, Mar 28, 2017 at 5:42 PM, Don Ely  wrote:
> >> > Yeah, it was nearly 2 years ago we looked at it.  It wasn't as sexy as
> >> > that
> >> > sounds...  If we didn't already have good documentation (only happens
> if
> >> > you
> >> > get to build out net new infrastructure), then we might look harder at
> >> > this.
> >> > Frankly, a wacom tablet and Visio are still better than Netbrain.
> >> >
> >> > Now if I were in the professional services space...  The consulting
> >> > version
> >> > would be awesome for quickly documenting a network in order to make
> >> > recommendations...
> >> >
> >> >
> >> > On Tue, Mar 28, 2017 at 3:26 PM Michael B. Smith <
> mich...@smithcons.com>
> >> > wrote:
> >> >>
> >> >> I never installed or configured it, but I’ve got a client with
> offices
> >> >> all
> >> >> over NA, and seem to get intelligent diagrams – you click on a site
> and
> >> >> it
> >> >> expands, etc. etc.
> >> >>
> >> >>
> >> >>
> >> >> From: listsad...@lists.myitforum.com
> >> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Don Ely
> >> >> Sent: Tuesday, March 28, 2017 3:49 PM
> >> >>
> >> >>
> >> >> To: ntsysadm@lists.myitforum.com
> >> >> Subject: Re: [NTSysADM] Has anyone here used this product, and can
> >> >> comment
> >> >> on it?
> >> >>
> >> >>
> >> >>
> >> >> Possibly...  we looked at it and it was cool and if we didn't already
> >> >> have
> >> >> some pretty decent documentation of our network devices, it would
> have
> >> >> value.  The problem with it for me is in a very large network, I
> don't
> >> >> need
> >> >> one page with 200 devices on it.  I like multiple pages that break
> >> >> things
> >> >> down into a more manageable view and follow traffic flows...  Busy
> >> >> diagrams
> >> >> become very useless very fast...
> >> >>
> >> >>
> >> >>
> >> >> On Tue, Mar 28, 2017 at 12:23 PM Michael B. Smith
> >> >> 
> >> >> wrote:
> >> >>
> >> >> …and if you are big enough to need it, it’s worth the price.
> >> >>
> >> >>
> >> >>
> >> >> From: listsad...@lists.myitforum.com
> >> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Don Ely
> >> >> Sent: Tuesday, March 28, 2017 2:55 PM
> >> >> To: ntsysadm@lists.myitforum.com
> >> >> Subject: Re: [NTSysADM] Has anyone here used this product, and can
> >> >> comment
> >> >> on it?
> >> >>
> >> >>
> >> >>
> >> >> It is cool and it IS expensive
> >> >>
> >> >>
> >> >>
> >> >> On Tue, Mar 28, 2017 at 11:37 AM Kurt Buff 
> wrote:
> >> >>
> >> >> https://www.netbraintech.com/
> >> >>
> >> >> I just interviewed someone who mentioned using it, so I looked it up.
> >> >>
> >> >> The general rule of thumb I've used is that if the web site has a
> >> >> button to request a quote rather than listing prices, it's probably
> >> >> really expensive - and probably beyond the reach of my current firm.
> >> >>
> >> >> They have a bunch of youtube videos, which reinforces my impression
> >> >> that it's expensive, but it looks pretty cool, and I wondered if it's
> >> >> worth investigating.
> >> >>
> >> >> Kurt
> >>
> >>
> >
>
>
>

Re: [NTSysADM] NT posts lost in cyberspace

[Micheal Espinola Jr]

Oh how weird.  There are a few people primarily on the patchmanagement list
that constantly go to the spam folder because of sender auth issues, but
I've never notice problems with your emails from my end.

--
Espi


On Tue, Mar 28, 2017 at 4:28 PM, J- P  wrote:

> Hi all,
>
>
> I've noticed that sometimes when I post a question, or reply to a post it
> doesn't show up , case in point,  last night responding to Espi's inquiry
> of jitter and latency using ORBI, it never went through nor did I get
> rejection notice from the moderator.  Is there something going on , or am I
> missing something?
>
>
> tia
>
>
>
> Jean-Paul Natola
>
>

Re: [NTSysADM] Has anyone here used this product, and can comment on it?

[Micheal Espinola Jr]

https://en.wikipedia.org/wiki/Open-source_software

--
Espi


On Tue, Mar 28, 2017 at 1:48 PM, John Matteson 
wrote:

> Forgive the silly question but what does OSS stand for (other than Office
> of Special Services)?
>
> On Tue, Mar 28, 2017 at 4:12 PM, Kurt Buff  wrote:
>
>> For your use case, either NetDisco or NeDi might work. I've installed
>> the former a loggg time ago, but it worked well in the 1.x
>> days, and now with 2.x it supposedly integrates with Rancid and
>> Network WeatherMap, etc.
>>
>> Work currently has a phobia about OSS, however, so I haven't done
>> anything with it lately.
>>
>> I've also taken a look at LibreNMS, and it looks interesting, but
>> can't say much about it one way or the other without experience.
>>
>> None of these, however, seem to do all that NetBrains does, which is
>> why I find it so intriguing.
>>
>> Kurt
>>
>> On Tue, Mar 28, 2017 at 12:17 PM, James M. Pulver 
>> wrote:
>> > Well, it seems to be Windows only, which is quite a limitation. Ideally
>> (for
>> > me) it would be web based and run on a linux server. I do wish it was
>> less
>> > "flash" in the demo and more ideas about price and actual functionality.
>> > Yes, I saw it works with CISCO IOS devices. That's great. We don't run
>> > CISCO. We have IBM System Networking / Blade switches and HPe Procurve,
>> some
>> > with only web management. I doubt this can log in to that. Plus we have
>> > interconnects we don't have direct access to - how does it handle that?
>> >
>> > I'm not interested in trialing something that's "almost working" and
>> costs a
>> > lot of money - there's plenty of FLOSS thats "almost working" so the
>> time I
>> > put in is it, not also a large capital outlay.
>> >
>> > And like you, I just skip the companies who don't even give me an idea
>> of
>> > the pricing structure. I mean, are we talking 10K for 100 switches and
>> 20%
>> > maintenance? 10K/year? 100K? These are very different propositions for
>> > purchasing software. And what is support like? Do they include so many
>> new
>> > hardware integrations?
>> >
>> > Too little info for me to wast time on.
>> >
>> > James Pulver
>> > CLASSE Computer Group
>> > Cornell University
>> >
>> > On 03/28/2017 02:55 PM, Don Ely wrote:
>> >>
>> >> It is cool and it IS expensive
>> >>
>> >> On Tue, Mar 28, 2017 at 11:37 AM Kurt Buff > >> > wrote:
>> >>
>> >> https://www.netbraintech.com/
>> >>
>> >> I just interviewed someone who mentioned using it, so I looked it
>> up.
>> >>
>> >> The general rule of thumb I've used is that if the web site has a
>> >> button to request a quote rather than listing prices, it's probably
>> >> really expensive - and probably beyond the reach of my current
>> firm.
>> >>
>> >> They have a bunch of youtube videos, which reinforces my impression
>> >> that it's expensive, but it looks pretty cool, and I wondered if
>> it's
>> >> worth investigating.
>> >>
>> >> Kurt
>> >>
>> >>
>> >
>> >
>>
>>
>>
>

Re: [NTSysADM] You kids get off my lawn!

[Micheal Espinola Jr]

I'm impressed with the ratings on that.

--
Espi


On Tue, Mar 28, 2017 at 1:57 PM, Kurt Buff  wrote:

> If I lose my reading glasses...
> https://www.amazon.com/Screen-Magnifier-Dizaul-Amplifier-
> Foldable/dp/B015VYVW7O
>
>
>

Re: [NTSysADM] ORBI wifi

[Micheal Espinola Jr]

Any stats for how much of an increase in ping, jitter, etc?

These look very interesting.

--
Espi


On Mon, Mar 27, 2017 at 6:18 PM, J- P <jnat...@hotmail.com> wrote:

> There is one thing to note, orbi is NOT mesh (although they do market it
> that way), all sat's talk to the router, in a home or SoHo I guess that's
> really of no big deal.
>
>
> But it is worth noting, having Ethernet ports is a plus, we hooked up his
> slingbox to it and it streams great.
>
>
>
>
> --
> *From:* listsad...@lists.myitforum.com <listsad...@lists.myitforum.com>
> on behalf of Micheal Espinola Jr <michealespin...@gmail.com>
> *Sent:* Monday, March 27, 2017 6:29 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] ORBI wifi
>
> What is the performance like off of those satellites?
>
> --
> Espi
>
>
> On Mon, Mar 27, 2017 at 6:16 AM, J- P <jnat...@hotmail.com> wrote:
>
>> real world use,
>>
>>
>> So a friend of mine (total non techy ) got the Orbi set
>>
>> http://www.techradar.com/reviews/netgear-orbi
>>
>>
>> much to my amazement, he managed to get the router and 2 satellites setup
>> and covered his 3600 sq foot 3 story house covered.
>>
>> <http://www.techradar.com/reviews/netgear-orbi>
>> Netgear Orbi review | TechRadar
>> <http://www.techradar.com/reviews/netgear-orbi>
>> www.techradar.com
>> Design and setup. While it’s referred to as a single product, Netgear
>> Orbi is technically comprised of two parts: the Orbi Router and the Orbi
>> Satellite.
>>
>>
>>
>>
>>
>>
>
>

Re: [NTSysADM] ORBI wifi

[Micheal Espinola Jr]

What is the performance like off of those satellites?

--
Espi


On Mon, Mar 27, 2017 at 6:16 AM, J- P  wrote:

> real world use,
>
>
> So a friend of mine (total non techy ) got the Orbi set
>
> http://www.techradar.com/reviews/netgear-orbi
>
>
> much to my amazement, he managed to get the router and 2 satellites setup
> and covered his 3600 sq foot 3 story house covered.
>
> 
> Netgear Orbi review | TechRadar
> 
> www.techradar.com
> Design and setup. While it’s referred to as a single product, Netgear Orbi
> is technically comprised of two parts: the Orbi Router and the Orbi
> Satellite.
>
>
>
>
>
>

Re: [NTSysADM] Google vs Symantec

[Micheal Espinola Jr]

It continues to amaze me that Symantec has such a significant presence in
the security community.

--
Espi


On Fri, Mar 24, 2017 at 10:30 AM, Andrew S. Baker  wrote:

> This situation bears watching...
>
> https://arstechnica.com/security/2017/03/google-takes-
> symantec-to-the-woodshed-for-mis-issuing-3-https-certs/
>
> https://www.helpnetsecurity.com/2017/03/24/google-symantec-certificates/
>
> https://www.theregister.co.uk/2017/03/24/google_slaps_
> symantec_for_sloppy_certs_slow_show_of_snafus/
>
>
> Symantec is complaining that Google is exaggerating, and while I think
> that Google can take a hard line on remediation of any sort -- for other
> people -- I also have no love lost for Symantec and their sloppy way of
> doing various things (in my experience)
>
> Let's see where this goes.  To the courts!
>
> Regards,
>
>  *ASB*
>  *http://XeeMe.com/AndrewBaker *
>
>  *Providing Expert Technology Consulting Services for the SMB market…*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>

Re: [NTSysADM] w7 updates on new hardware

[Micheal Espinola Jr]

Wocka wocka wocka!

:-)

--
Espi


On Sat, Mar 18, 2017 at 4:20 PM, J- P  wrote:

> http://www.computerworld.com/article/3181714/windows-pcs/mic
> rosoft-ready-to-block-updates-for-windows-7-on-latest-pcs.html
>
>
> So if your org runs win7, do you buy older hardware?
>
> 
> Microsoft ready to block updates for Windows 7 on latest PCs
> 
> www.computerworld.com
> Microsoft may be prepping to enforce a new support policy for Windows 7
> and Windows 8.1 that blocks updates on newer machines with the latest
> processors.
>
>
>
>
> Jean-Paul Natola
>
>

Re: [NTSysADM] RE: Persisting access to an Azure shared folder

[Micheal Espinola Jr]

On Thu, Mar 16, 2017 at 3:48 PM, James Rankin  wrote:

> That's what I've been trying, but the net use command, when run at logon,
> doesn't execute early enough to get in "ahead" of the write to the share,
> sadly.



I'm out of my element here, but how about looking at it from the other end:
 Can you somehow delay the write to the share, or spawn a loop (with a
time-out of course) that does not write until write-access is confirmed?

--
Espi

Re: [NTSysADM] Funny stuff - and not wholly off topic

[Micheal Espinola Jr]

I do love me some Dogma, but JSBSB is a whole new level of funny since I
moved to Los Angeles and have been exposed to "Hollywood". It's a chuckle
having seen and been to just about all of the locations that they filmed
around here.

--
Espi


On Sun, Mar 12, 2017 at 12:21 PM, Kurt Buff <kurt.b...@gmail.com> wrote:

> Dogma is superior, in every way.
>
> On Sun, Mar 12, 2017 at 11:01 AM, Micheal Espinola Jr
> <michealespin...@gmail.com> wrote:
> > Afroman is pissed, and he knows whyyy...
> >
> > Is it time to rewatch Jay and Silent Bob Strike Back already?
> >
> > On Sat, Mar 11, 2017 at 7:29 PM Kurt Buff <kurt.b...@gmail.com> wrote:
> >>
> >> https://www.youtube.com/watch?v=9IG3zqvUqJY
> >>
> >>
> > --
> > -- Espi (via mobile)
>
>
>

Re: [NTSysADM] Funny stuff - and not wholly off topic

[Micheal Espinola Jr]

Afroman is pissed, and he knows whyyy...

Is it time to rewatch Jay and Silent Bob Strike Back already?

On Sat, Mar 11, 2017 at 7:29 PM Kurt Buff  wrote:

> https://www.youtube.com/watch?v=9IG3zqvUqJY
>
>
> --
-- Espi (via mobile)

Re: [NTSysADM] Change(s) in Windows 10 after Cumulative Update 1607 (KB3213986)

[Micheal Espinola Jr]

So, it turns out that after two additional reboots, my start menu's pin
menu obliterated itself.  All my shortcuts: POOF!  And, start menu search
typing also didnt work properly during that period (e.g. "cmd" wouldnt find
cmd.exe, etc).

Things appear to have returned to normal after the second reboot.
Right-click works as expected again.  I've never seen or heard of this
issue before.  But, this account was migrated from another system - so I'm
guessing that it was something related to that, that caused the problem.

Thanks for your eyes and ears.

--
Espi

[NTSysADM] Change(s) in Windows 10 after Cumulative Update 1607 (KB3213986)

[Micheal Espinola Jr]

I just got it on my personal laptop. It was a quick and relatively painless
install that required a reboot.

Immediately I've noticed that right-click functionality on the start menu
has been altered - and there appears to be no easy way to run an app as
administrator, etc.

Anyone else?

--
Espi

Re: [NTSysADM] Unable to obtain IP from DHCP server

[Micheal Espinola Jr]

   1. What has changed recently (have you consulted with other people that
   have authority/access to make changes)?
   2. What do your client/server logs say
   3. Is it only clients that are on the same switch (iphelper/forwarding
   issue)
   4. Are you out of IP addresses on the DHCP server?
   5. What's the hardware involved (switch, server, and clients - full
   details)


--
Espi


On Fri, Mar 10, 2017 at 2:40 AM, Pierre-Marie Camilleri <
pmcamill...@laferla.com.mt> wrote:

> Hi all
>
>
>
> We are encountering a problem with some of our Windows 7 workstations and
> which are on the same LAN. They are unable to obtain an IP from the DHCP
> server and the only solution is to set a static IP which of course works. I
> cannot understand why this is happening to just a few. The others work
> fine. Could this be due to some system corruption? I’ve tried resetting the
> TCP/IP network stack and the Winsock all to no avail.
>
> Has anyone encountered this issue before? Any help would be much
> appreciated.
>
>
>
> Thanks
>
> Pierre
>
>
> Pierre-Marie Camilleri
>   B.Sc. (Hons.), MBCS
> ICT Systems Engineer
> [image: Laferla]
> Direct  *(+356) 20939321* <(+356)%2020939321>
> Dept  *(+356) 20939300* <(+356)%2020939300>
> Mobile  *(+356) 79007864* <(+356)%2079007864>
> Email  *pmcamill...@laferla.com.mt* 
> Web  *www.laferla.com.mt* 
> Address 204A | Old Bakery Street | Valletta VLT 1453 | Malta
>
> [image: Facebook]  [image: Twitter]
>  [image: Google]
>  [image: YouTube]
>  [image: ITunes]
>  [image:
> Android]
> 
> Laferla Insurance Agency Limited is licensed to act as an insurance agent
> for Mapfre Middlesea p.l.c. and both companies are authorised to transact
> insurance business by the Malta Financial Services Authority.
> Consider the environment. Do you really need to print this email?
> *Disclaimer* 
>

Re: [EXTERNAL]Re: [NTSysADM] AWS East Outage

[Micheal Espinola Jr]

Same here.

--
Espi


On Fri, Mar 3, 2017 at 7:21 AM, Erik Goldoff <egold...@gmail.com> wrote:

> Jim, your link redirects to http://goodworks.sprint.
> com/1millionproject/index.cfm when I try.
>
> On Fri, Mar 3, 2017 at 10:09 AM, Kennedy, Jim <
> kennedy...@elyriaschools.org> wrote:
>
>> And FYI, O365 links in emails that are forwarded are being mangled all to
>> heck with the safelinks URL:
>>
>>
>>
>> https://na01.safelinks.protection.outlook.com/?url=http%3A%
>> 2F%2Fsetda.us1.list-manage.com%2Ftrack%2Fclick%3Fu%3D1f18
>> c643d052d9f509a7060f4%26id%3D4468f8ea88%26e%3Df6ca991d43&
>> data=01%7C01%7CKirk.Ross%40education.ohio.gov%7C37f0e0e
>> 838cb408d4bab08d46238bbff%7C50f8fcc494d84f0784eb36ed57c7c8a2
>> %7C0=b9EZV2pC5iDLa9skdivN6PkET49ceN01wFdK6GoB2L8%3D=0
>>
>>
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] *On Behalf Of *Kennedy, Jim
>> *Sent:* Friday, March 3, 2017 10:06 AM
>> *To:* ntsysadm@lists.myitforum.com
>> *Subject:* RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>>
>>
>>
>> What do we call it when URL detonation is detonated?
>>
>>
>>
>> https://www.trustedsec.com/blog/office-365-advanced-threat-
>> protection-features-shortfalls/
>>
>>
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Micheal
>> Espinola Jr
>> *Sent:* Friday, March 3, 2017 9:52 AM
>> *To:* ntsysadm@lists.myitforum.com
>> *Subject:* Re: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>>
>>
>>
>> Do you mean like this?
>>
>>
>>
>> https://blogs.office.com/2017/01/25/evolving-office-365-adva
>> nced-threat-protection-with-url-detonation-and-dynamic-delivery/
>>
>>
>> --
>> Espi
>>
>>
>>
>>
>>
>> On Thu, Mar 2, 2017 at 2:02 PM, Michael B. Smith <mich...@smithcons.com>
>> wrote:
>>
>> I was in an NDA call last week regarding some upcoming changes to a
>> particular vendor's anti-malware product, and was introduced to the term
>> "link detonation".
>>
>> -Original Message-
>> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] On Behalf Of Calvin McLennan
>> Sent: Thursday, March 2, 2017 4:10 PM
>> To: ntsysadm@lists.myitforum.com
>> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>>
>> I'm much more unnerved by the term 'blast radius'
>>
>> Cal
>>
>> -Original Message-
>> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] On Behalf Of Michael B. Smith
>> Sent: March 2, 2017 3:36 PM
>> To: ntsysadm@lists.myitforum.com
>> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>>
>> OMG.
>>
>>
>>
>> “we have not completely restarted the index subsystem or the placement
>> subsystem in our larger regions for many years.”
>>
>>
>>
>> That sentence scares me. But perhaps it shouldn’t.
>>
>>
>>
>> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] On Behalf Of Kennedy, Jim
>> Sent: Thursday, March 2, 2017 3:12 PM
>> To: ntsysadm@lists.myitforum.com
>> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>>
>>
>>
>> So the facts are out. Short version, basically someone fat fingered a
>> command and deleted a bunch of really important servers.
>>
>>
>>
>>
>>
>> https://aws.amazon.com/message/41926/
>>
>>
>>
>>
>>
>> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] On Behalf Of Melvin Backus
>> Sent: Thursday, March 2, 2017 9:47 AM
>> To: ntsysadm@lists.myitforum.com
>> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>>
>>
>>
>> That’s probably what caused the problem to being with. All that
>> conversion and somebody missed a decimal point.
>>
>>
>>
>> --
>> There are 10 kinds of people in the world...
>>  those who understand binary and those who don't.
>>
>>
>>
>> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf
>> orum.com] On Behalf Of David McSpadden
>> Sent: Thursday, March 2, 2017 7:17 AM
>> To: ntsysadm@lists.myitforum.com
>> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>>
>>
>>
>> I believe it was a

Re: [EXTERNAL]Re: [NTSysADM] AWS East Outage

[Micheal Espinola Jr]

What an amazing learning event.  You would think that dependency-related
functions/warning would be inherent in such a complex system.

--
Espi


On Thu, Mar 2, 2017 at 12:11 PM, Kennedy, Jim 
wrote:

> So the facts are out. Short version, basically someone fat fingered a
> command and deleted a bunch of really important servers.
>
>
>
>
>
> https://aws.amazon.com/message/41926/
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Melvin Backus
> *Sent:* Thursday, March 2, 2017 9:47 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
>
>
> That’s probably what caused the problem to being with. All that conversion
> and somebody missed a decimal point.
>
>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *David McSpadden
> *Sent:* Thursday, March 2, 2017 7:17 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
>
>
> I believe it was an US-Converted-Metric S-ton IMHO.
>
>
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Richard
> Stovall
> *Sent:* Thursday, March 2, 2017 7:05 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
>
>
> Is that a metric S-ton, or the other kind?
>
>
>
> The is a difference.
>
>
>
> On Mar 2, 2017 2:38 AM, "Don Ely"  wrote:
>
> It is pretty trivial if you're setup correctly, but the setup takes an
> S-Ton of work and testing...
>
>
>
> On Wed, Mar 1, 2017 at 3:30 PM Michael B. Smith 
> wrote:
>
> I have to say, what surprised me most about this outage was the lack of
> failover to alternate datacenters for some pretty big names.
>
>
>
> I have no idea how this works in AWS, but in Azure it’s fairly trivial; I
> would expect the same of AWS.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Andrew S. Baker
> *Sent:* Wednesday, March 1, 2017 12:22 PM
>
>
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] AWS East Outage
>
>
>
> If not S3, then what?
>
>
>
> You're always going to be relying on someone else's something.
>
>
> Some data center provider (okay, so you might run your own)
>
> Some power provider
>
> Some Internet provider
>
>
>
> It's not like they have internet outages every week, and it's not like
> various organizations relying upon them haven't had outages for their own
> reasons.
>
>
>
> Technology breaks, which is why we RAID, cluster, backup, failover and
> farm our systems, devices and data centers.
>
>
>
> Regards,
>
>
>
>  *ASB*
>  *http://XeeMe.com/AndrewBaker *
>
>  *Providing Expert Technology Consulting Services for the SMB market…*
>
>
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
>
>
> Sent with Mixmax
> 
>
>
>
>
>
> On Wed, Mar 1, 2017 8:37 AM, J- P jnat...@hotmail.com wrote:
>
> https://techcrunch.com/2017/03/01/the-day-amazon-s3-storage-stood-still/
>
>
>
> Would / should you hold your IT vendor responsible for relying on S3?
>
>
>
>
>
>
> Jean-Paul Natola
>
>
>
> --
>
> *From:* listsad...@lists.myitforum.com 
> on behalf of Andrew S. Baker 
> *Sent:* Tuesday, February 28, 2017 5:36 PM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* Re: [NTSysADM] AWS East Outage
>
>
>
> Indeed.
>
>
>
> Regards,
>
>
>
>  *ASB*
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
>
>
> Sent with Mixmax
> 
>
>
>
>
>
> On Tue, Feb 28, 2017 3:56 PM, David McSpadden dav...@imcu.com wrote:
>
> So the normal question 'is the Internet down?' Is valid today?
>
> Sent from my iPhone
>
>
> On Feb 28, 2017, at 3:44 PM, Andrew S. Baker  wrote:
>
> Notice:  This email is from an outside source.  Please do not open any
> attachments, click on any hyperlinks, or respond without first confirming
> the authenticity of the email.
>
> Indeed.
>
>
>
> It's like someone broke the whole Internet.   Or, at least, 80% of it.
>
>
>
> Regards,
>
>
>
>  *ASB*
>  *http://XeeMe.com/AndrewBaker *
>
>  *Providing Expert Technology Consulting Services for the SMB market…*
>
>
>
> * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
>
>
> Sent with Mixmax
> 
>

Re: [EXTERNAL]Re: [NTSysADM] AWS East Outage

[Micheal Espinola Jr]

Do you mean like this?

https://blogs.office.com/2017/01/25/evolving-office-365-advanced-threat-protection-with-url-detonation-and-dynamic-delivery/


--
Espi


On Thu, Mar 2, 2017 at 2:02 PM, Michael B. Smith 
wrote:

> I was in an NDA call last week regarding some upcoming changes to a
> particular vendor's anti-malware product, and was introduced to the term
> "link detonation".
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Calvin McLennan
> Sent: Thursday, March 2, 2017 4:10 PM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
> I'm much more unnerved by the term 'blast radius'
>
> Cal
>
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Michael B. Smith
> Sent: March 2, 2017 3:36 PM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
> OMG.
>
>
>
> “we have not completely restarted the index subsystem or the placement
> subsystem in our larger regions for many years.”
>
>
>
> That sentence scares me. But perhaps it shouldn’t.
>
>
>
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Kennedy, Jim
> Sent: Thursday, March 2, 2017 3:12 PM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
>
>
> So the facts are out. Short version, basically someone fat fingered a
> command and deleted a bunch of really important servers.
>
>
>
>
>
> https://aws.amazon.com/message/41926/
>
>
>
>
>
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Melvin Backus
> Sent: Thursday, March 2, 2017 9:47 AM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
>
>
> That’s probably what caused the problem to being with. All that conversion
> and somebody missed a decimal point.
>
>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of David McSpadden
> Sent: Thursday, March 2, 2017 7:17 AM
> To: ntsysadm@lists.myitforum.com
> Subject: RE: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
>
>
> I believe it was an US-Converted-Metric S-ton IMHO.
>
>
>
>
>
> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] On Behalf Of Richard Stovall
> Sent: Thursday, March 2, 2017 7:05 AM
> To: ntsysadm@lists.myitforum.com
> Subject: [EXTERNAL]Re: [NTSysADM] AWS East Outage
>
>
>
> Is that a metric S-ton, or the other kind?
>
>
>
> The is a difference.
>
>
>
> On Mar 2, 2017 2:38 AM, "Don Ely"  wrote:
>
> It is pretty trivial if you're setup correctly, but the setup
> takes an S-Ton of work and testing...
>
>
>
> On Wed, Mar 1, 2017 at 3:30 PM Michael B. Smith <
> mich...@smithcons.com> wrote:
>
> I have to say, what surprised me most about this outage
> was the lack of failover to alternate datacenters for some pretty big names.
>
>
>
> I have no idea how this works in AWS, but in Azure it’s
> fairly trivial; I would expect the same of AWS.
>
>
>
> From: listsad...@lists.myitforum.com [mailto:
> listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
> Sent: Wednesday, March 1, 2017 12:22 PM
>
>
> To: ntsysadm@lists.myitforum.com  myitforum.com>
> Subject: Re: [NTSysADM] AWS East Outage
>
>
>
> If not S3, then what?
>
>
>
> You're always going to be relying on someone else's something.
>
>
> Some data center provider (okay, so you might run your own)
>
> Some power provider
>
> Some Internet provider
>
>
>
> It's not like they have internet outages every week, and it's not like
> various organizations relying upon them haven't had outages for their own
> reasons.
>
>
>
> Technology breaks, which is why we RAID, cluster, backup, failover and
> farm our systems, devices and data centers.
>
>
>
> Regards,
>
>
>
>  ASB
>  http://XeeMe.com/AndrewBaker 
>
>  Providing Expert Technology Consulting Services for the SMB market…
>
>
>
>  GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>
>
>
>
>
> Sent with Mixmax  mixmax_medium=email_campaign=signature_link_
> content=sent_with_mixmax>
>
>
>
>
>
> On Wed, Mar 1, 2017 8:37 AM, J- P jnat...@hotmail.com
>   wrote:
>
> https://techcrunch.com/2017/03/01/the-day-amazon-s3-
> storage-stood-still/
>
>
>
> Would / should you hold your IT vendor responsible for
> relying on S3?
>
>
>
>
>
>
> Jean-Paul Natola
>
>
>
>
>
> 
>
>
> 

Re: [NTSysADM] is Bundlehunt legit?

[Micheal Espinola Jr]

This is a newer trend for trying to offload underselling or older version
software. Bundlehunt has been around for 4+ years.

--
Espi


On Sun, Feb 26, 2017 at 3:01 PM, Erik Goldoff  wrote:

> Just wondering if anyone on this list has heard of Bundlehunt before, and
> if so is it legit?  Pricing seems 'too good to be true' so thought I'd ask
> around.
>
> https://bundlehunt.com/
>
> Thanks
>
> Erik
>
>

Re: [NTSysADM] OT: Excel macro

[Micheal Espinola Jr]

Not discounting anyone here, but I would imagine that there are much better
support forums than this for this type of question. I would hit-up an
Excel-specific forum.

--
Espi


On Thu, Feb 23, 2017 at 9:20 AM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Sorry for OT, but know there is some great talent here.
>
>
>
> I’ve got a list in excel. All I want to do is create a blank row below
> each item in the list, then group that new row and the original one above
> it. So like this:
>
>
>
> TEST1
>
> TEST2
>
> TEST3
>
>
>
> Will be
>
> TEST1
>
> ==NEW ROW GROUPED WITH ROW ABOVE
>
> TEST2
>
> ==NEW ROW GROUPED WITH ROW ABOVE
>
> TEST3
>
> ==NEW ROW GROUPED WITH ROW ABOVE
>
>
>
> This is the macro I have that will add the blank row, but not sure how to
> get it to do the grouping:
>
>
>
> *
>
> Sub insertrow()
>
>
>
> Application.ScreenUpdating = True
>
> Dim count As Integer
>
> Dim X As Integer
>
>
>
> For count = 1 To 20
>
> If ActiveCell.Value <> "" Then
>
> ActiveCell.Offset(1, 0).Select
>
> Range(ActiveCell, ActiveCell.Offset(0, 0)).EntireRow.Insert
>
> ActiveCell.Offset(1, 0).Select
>
> For X = 1 To 1
>
> Next X
>
> Else
>
> ActiveCell.Offset(1, 0).Range("a1").Select
>
> End If
>
> Next count
>
>
>
> End Sub
>
>
>
> *
>
>
>
> Thanks
>
>
>
>
>
> *Christopher Bodnar*
> Enterprise Architect II, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services
>
> Tel 610-807-6459 <(610)%20807-6459>
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
> [image: cid:image001.png@01D1326B.600058E0]
>
> * The Guardian Life Insurance Company of America*
>
> * www.guardianlife.com *
>
>
>
>
>
> --
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you.
>
>

Re: [NTSysADM] FYI: check your installs

[Micheal Espinola Jr]

>
> Maybe he is right, maybe not.


...

It is on the EvLog home page with an IMPORTANT label next to it.


I almost expected him to finish-up with, "bfytw".


--
Espi


On Wed, Feb 22, 2017 at 10:56 AM, Sean Martin <seanmarti...@gmail.com>
wrote:

> The response from the company spokesperson doesn't reflect well on the
> organization.
>
> The comments are often more enlightening than the article itself:
>
> 
> Yeah, like I just said.
>
> https://www.ssllabs.com/ssltest/analyze.html?d=www.eventid.net
>
> HTTP server signature Microsoft-IIS/6.0
>
> Windows Server 2003 on the Internet almost two years after it became
> unpatchable because it went EOL.
>
> But it’s got a SHA256 cert on it so we’re good, right?
>
> 
>
> After further reading, the man himself commented on the article:
>
> I am the owner of the site that Brian is highlighting in his blog entry.
> He sent me an email on Feb 9 asking for details about our security notice.
> I was preparing an answer, though RSA had not yet released their article
> and I was under NDA with them and I had to think about can be disclosed.
> This morning I received another email from Brian: “contact me today or
> else” – I was adding more info to my response for his Feb 9 email and I did
> a quick check to see if RSA made their whitepaper public (it wasn’t a few
> days ago) when I found that Brian went ahead and published this, though I
> think it is still “today”. I doubt that any answer would’ve made any
> difference.
>
> We worked with RSA and provided a relevant part of the information in
> their Kingslayer whitepaper . I’ve been in contact with the author and
> discussed many aspects of the attack and its aftermath. We didn’t make any
> “deal” with RSA, they asked us to sign an NDA about their research and
> volunteered not to mention the company name though anyone can easily find
> it by searching some of the details in their document (and this blog post
> is living proof). I was asked to review the whitepaper before being
> published and I had no problem with it – what happened, happened. If Brian
> did talk to the authors, he didn’t mention that we fully cooperated with
> RSA and did all that’s been asked from us (but that would’ve been against
> the spirit of this blog post). The notification on the site is what RSA
> recommended. We don’t keep a list of EvLog users, anyone can download it.
> It is easy for a bank, for a social site, etc. to identify their users. Not
> so easy when your software is free to download. How many of us are using
> Linux and when is the last direct email that we received about a security
> problem with it?
>
> Other software is mentioned in the blog as “potentially” compromised. It
> was not compromised – is there a notification? No. This was an attack
> strictly directed at EvLog from what RSA estimated to be a state-sponsored
> threat actor.
>
> Of course we were not perfect in handling this. In hindsight is much
> easier to criticize. Should we now start plastering our sites with pop-ups
> about EvLog being the victim of an attack in 2015? Brian thinks that unless
> you do this, you are trying to “bury” an attack. Maybe he is right, maybe
> not. I don’t see any notices on Yahoo’s main page, on Target, on government
> sites, etc. RSA itself was breached – can anyone navigate to a security
> notice from their main page? Unless you heard about it and Google it you
> cannot find any notification. Is there a complain about this? On our site,
> the security notice is surely not buried. It is on the EvLog home page with
> an IMPORTANT label next to it. We didn’t have to do this.
>
> Whoever feels like throwing the first stone, good for you, you are a
> better company. We are still learning from our mistakes.
>
> On Wed, Feb 22, 2017 at 9:24 AM, Micheal Espinola Jr <
> michealespin...@gmail.com> wrote:
>
>> Eye openingly scary.
>>
>> --
>> Espi
>>
>>
>> On Tue, Feb 21, 2017 at 10:37 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>>
>>> https://krebsonsecurity.com/2017/02/how-to-bury-a-major-brea
>>> ch-notification/
>>>
>>
>>
>

Re: [NTSysADM] FYI: check your installs

[Micheal Espinola Jr]

Eye openingly scary.

--
Espi


On Tue, Feb 21, 2017 at 10:37 PM, Kurt Buff  wrote:

> https://krebsonsecurity.com/2017/02/how-to-bury-a-major-
> breach-notification/
>

Re: [NTSysADM] VW VIN Information

[Micheal Espinola Jr]

Nathan,

You should address the public dissemination of this information
immediately.  This has gone out through a large list, and has been publicly
archived.

--
Espi


On Tue, Feb 14, 2017 at 2:44 PM, Nathan Shelby  wrote:

> Foolish me and autocomplete, mod if you could kindly pull from the record.
>
> Thank you,
> Nathan Shelby
> ntshe...@gmail.com
> 425-205-9047 <(425)%20205-9047>
>
> -- Forwarded message --
> From: Nathan Shelby 
> Date: 2017-02-14 14:31 GMT-08:00
> Subject: [NTSysADM] VW VIN Information
> To: ntsysadm@lists.myitforum.com
>
>
> Passat:
> VIN:1VWCN7A33DC003332
> VW Credit Account Number:889682069
>
> Touareg:
> VIN:WVGEP9BP8DD011063
> VW Credit Account Number:881391266
>
> Nathan Shelby
> ntshe...@gmail.com
> 425-205-9047 <(425)%20205-9047>
>
>

Re: [NTSysADM] Finally found a good use for my android tablet...

[Micheal Espinola Jr]

Thanks for this.  Good info for reusing older devices.

--
Espi


On Fri, Feb 10, 2017 at 2:14 PM, Kurt Buff  wrote:

> I bought a Google Nexus 7 2nd gen a couple of years ago, just to see
> if the hype was about something real.
>
> I found almost nothing of interest to do with it, so it sat in a
> drawer for the most part.
>
> Every once in a while I would open it up and check the app store, and
> I finally found something really useful.
>
> Manage Engine has a free Wifi analyzer/surveyor that is coming in very
> handy for mapping our my environment.
>
> I've seen several Wifi analyzers, but this is the first free one that
> I've found that will actually let me import a jpg/gif/png of a floor
> plan and generate a heat map.
>
> The process is tedious, of course, but it's helping me situate the new
> Ruckus R600 WAPs that I'm using to replace our aging Cisco 1240AGs.
>
> Just one problem - if I try to save the generated map back to the
> local gallery, it generates a zero-length file, but it emails the
> map(s) just fine.
>
> Another thing that really isn't its fault is that it doesn't work well
> using my finger instead of a stylus. Such is life - I made it work.
>
> All in all, I'm very happy.
>
> Kurt
>
>
>

Re: [NTSysADM] RE: Any Lync / Skype gurus about?

[Micheal Espinola Jr]

Its been a while for me, but I concur that this could easily be a DNS
issue.  Also, isnt there a server setting where you have to manually put in
the external FQDN?

--
Espi


On Tue, Jan 24, 2017 at 7:31 AM, Michael B. Smith 
wrote:

> Not really my area of expertise, but in my limited experience this kind of
> thing is usually caused by a DNS error.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Melvin Backus
> *Sent:* Tuesday, January 24, 2017 8:01 AM
> *To:* ntsysadm@lists.myitforum.com
> *Subject:* [NTSysADM] Any Lync / Skype gurus about?
>
>
>
> We’ve been beating our heads against this one for a while with no luck.
> We’re running Lync 2010 servers and trying to get the mobile access
> working.  For some reason when mobile users try to connect to a meeting
> from outside the network the initial page comes up then immediately
> redirects to the internal address of the backend server. Since that is
> pointing to an internal only domain name it won’t resolve and they get a
> 404 error.  We’ve been through everything we can find and changed it to
> point to the external address but still no luck.  This all works fine for
> external PC clients, only fails with mobile.  Mobile works fine as well if
> it connects to the internal guest wireless.
>
>
>
> Lync Server 2010 Standard – 1 backend server, one frontend server, reverse
> proxy running on IIS with Adv URL rewrite.
>
>
>
> Any suggestions as to where we might have missed?  We’ve been Googling for
> weeks and while we obviously aren’t the only ones who’ve run into this, no
> one has published whatever fixed it, assuming that happened. J
>
>
>
> Thanks
>
>
>
> 
> Service Desk | 404-497-1599 <(404)%20497-1599> |
> https://servicedesk.byers.com
>
> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company |
> 404.497.1565 <(404)%20497-1565>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>

Re: [NTSysADM] Any Lync / Skype gurus about?

[Micheal Espinola Jr]

Have you reviewed this: Lync Server 2010 - Technical Requirements for
Mobility



--
Espi


On Tue, Jan 24, 2017 at 5:00 AM, Melvin Backus 
wrote:

> We’ve been beating our heads against this one for a while with no luck.  We’re
> running Lync 2010 servers and trying to get the mobile access working.  For
> some reason when mobile users try to connect to a meeting from outside the
> network the initial page comes up then immediately redirects to the
> internal address of the backend server. Since that is pointing to an
> internal only domain name it won’t resolve and they get a 404 error.  We’ve
> been through everything we can find and changed it to point to the external
> address but still no luck.  This all works fine for external PC clients,
> only fails with mobile.  Mobile works fine as well if it connects to the
> internal guest wireless.
>
>
>
> Lync Server 2010 Standard – 1 backend server, one frontend server, reverse
> proxy running on IIS with Adv URL rewrite.
>
>
>
> Any suggestions as to where we might have missed?  We’ve been Googling
> for weeks and while we obviously aren’t the only ones who’ve run into this,
> no one has published whatever fixed it, assuming that happened. J
>
>
>
> Thanks
>
>
>
> 
> Service Desk | 404-497-1599 <(404)%20497-1599> |
> https://servicedesk.byers.com
>
> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company |
> 404.497.1565 <(404)%20497-1565>
>
> --
> There are 10 kinds of people in the world...
>  those who understand binary and those who don't.
>
>
>

Re: [NTSysADM] Environment variable editing

[Micheal Espinola Jr]

Yes and no.  They can edit their own environment variables, but not
system.  You could however do this via computer scripts depending on what
it is you are trying to accomplish.  More information is needed.

--
Espi


On Wed, Jan 18, 2017 at 1:30 AM, Liby Philip Mathew <
lmat...@path-solutions.com> wrote:

> HI,
> I am trying to allow users to edit their environment variable both users &
> system on the laptop on which they don’t have local administrator
> privilege.  Is there a way that I can let the users edit the variable using
> GP?
> I am not looking for pushing the variable using GP from the DC, but trying
> to allow the users to do it as per their requirement.
> TIA
>
> Regards
> Liby
>
>
>
>
>
>
>
> Disclaimer
>
> [The information contained in this e-mail message and any attached files
> are intended solely for the use of the individual or entity to whom they
> are addressed. This transmission may contain information that is
> confidential, Path Solutions Private, or exempt from disclosure under
> applicable law and/or Path Solutions information security policy. The
> receiver of this communication shall not transmit any part of this message
> unless the email subject clearly classify it as “Public” or a written
> permission has been given by the information assets owner. If you have
> received this e-mail in error, please notify the sender immediately and
> delete all copies, any disclosure, copying, distribution, or use of the
> information contained herein is STRICTLY PROHIBITED. Path Solutions accepts
> no responsibility for any errors, omissions, computer viruses and other
> defects.]
>
> P Protect our planet: Do not print this email unless necessary.
>