understand the key infrastructure basics, everything flows pretty
nicely.
Tom
-Original Message-
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: Monday, March 14, 2011 11:41 AM
To: NT System Admin Issues
Subject: RE: DirectAccess HowTo?
This doc gives a good step-by-step
This doc gives a good step-by-step on configuring UAG DA. It's based on a
lab scenario, but the steps are relevant to a production deployment.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=71be4b7b-e0e9-42
04-b2b5-ac7f3c23b16d
-Malcolm
-Original Message-
From: Michael B.
Be sure you install the DirectAccess Connectivity Assistant on your client
PCs. It provides some good troubleshooting logs that will help considerably
if you have client connectivity failures. It also provides a visual
indicator of DA connectivity in the system tray. DCA 1.5 is part of the UAG
SP1
1. How many NICs you use depends on the load and bandwidth requirements
of your VMs. Use one NIC for managing the host and one or more for the
virtual network connections (aggregated or dedicated to specific VMs).
2. I would enable static addresses for all, or at least DHCP
Not sure what you are seeing. I have 3 signatures and OL2010 lets me choose
a default, but change that to any one of them when I create a new message
(from ribbon option or right-clicking the default inserted signature). To
me, it looks like the same functionality I saw in OL2007and 2003.
.
On Feb 23, 2011 8:56 AM, Malcolm Reitz malcolm.re...@live.com wrote:
Not sure what you are seeing. I have 3 signatures and OL2010 lets me
choose a default, but change that to any one of them when I create a new
message (from ribbon option or right-clicking the default inserted
signature). To me
Without praising or condemning SEP, if you have a large installation, it is
well worth your while to get Symantec support to assist you. There is no
simple answer to your query; SEP is a complex product with a lot of
configuration options and every installation environment is different. Talk
to
You are being too kind J
That said, once up, the SCCM infrastructure is pretty solid. The continual
struggle we have is with client health.
-Malcolm
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, February 04, 2011 14:40
To: NT System Admin Issues
Subject: RE:
James,
Glad to hear things are getting better and back to a sort-of-normal for you.
Thanks for taking the time to write down and share your thoughts. I passed
your note on to our DR planning team, who appreciated your insights as they
say they get great value from hearing real-world
Put the Windows install files on a bootable USB flash drive. Much faster
than DVD drives, too.
-Malcolm
From: Stephen Wimberly [mailto:riverside...@gmail.com]
Sent: Thursday, January 27, 2011 05:26
To: NT System Admin Issues
Subject: Re: AD Migration from 2003 to 2008
Make sure
We've used Microsoft's Windows SteadyState tool to lock down an XP desktop
in kiosk mode. This has worked well to control what users can do and what
web sites they can access through these kiosk machines.
In looking up a link for this, though, I notice that Microsoft has pulled
the tool as of
Same here. We have a pretty far-flung and well-entrenched Riverbed
implementation, though, so we haven't looked at anything else recently.
-Malcolm
From: Carol Fee [mailto:c...@massbar.org]
Sent: Monday, January 10, 2011 11:19
To: NT System Admin Issues
Subject: RE: WAN Link
Look at Microsoft Deployment Toolkit 2010. It will give you a platform for
creating OS and application builds that you can customize to your needs. We
use MDT's big brother, SCCM 2007's Operating System Deployment, for our most
of PC builds now.
Note that this is much easier in Windows 7 than
I do it infrequently enough that I just go old school with the copy /b
command line.
Copy/b dell_iso.001+dell_iso.002+dell_iso.003 dell.iso
-Malcolm
From: Ben N [mailto:bennordlan...@gmail.com]
Sent: Monday, January 10, 2011 14:27
To: NT System Admin Issues
Subject: Dell
I like to believe we do _some_ critical thinking and don't just blindly
follow Gartner's evaluations. :-)
-Malcolm
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, January 10, 2011 13:16
To: NT System Admin Issues
Subject: Re: WAN Link compression appliances
That's
Did you run SCOM 2007 R2 Setup on the SQL Server first (just choosing to
install the database component only)?
-Malcolm
From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Tuesday, January 04, 2011 11:55
To: NT System Admin Issues
Subject: Installing SC OM2007 - SQL Server
Yes, it works as you describe. I've done this before by blocking inheritance
of the default domain policy (easy to test without fooling with your default
domain GPO), but your method is probably easier to manage.
-Malcolm
From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
You actually don't need IPv6 anywhere inside your network. The DirectAccess
server is doing IPv4-IPv6 translations for you.
The downside of not enabling IPv6 on your servers is that the IPv4-IPv6
translation is very compute-intensive. That means that, the more translation
the DA server is
Yes.
From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com]
Sent: Tuesday, December 07, 2010 13:43
To: NT System Admin Issues
Subject: RE: Direct acces and multiple v-lans
Are you using the forefront uag server?
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent
Do you have your AD Sites properly defined? That's what should be controlling
where your PCs authenticate.
I don't understand why you are blocking access to remote DCs; this has the
potential to cause problems and I’m not sure I see any benefit.
-Malcolm
-Original Message-
From:
I'm with Carl - you have to save the email message after editing the
attachment.
-Malcolm
From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Thursday, December 02, 2010 16:41
To: NT System Admin Issues
Subject: RE: Editing Office Files from Outlook
It's always worked for me. Of
Where is DNS coming from? What exactly do you have the firewalls blocking
between the clients and the remote DCs?
-Malcolm
-Original Message-
From: Laurence [mailto:laurence.chi...@jalapeno-bs.co.uk]
Sent: Thursday, December 02, 2010 10:29
To: NT System Admin Issues
Subject: RE: DC
Confusingly enough, in some versions the switch is
/accepteula
-Malcolm
-Original Message-
From: Kevin W [mailto:ke...@latenightgeek.com]
Sent: Saturday, November 27, 2010 19:05
To: NT System Admin Issues
Subject: Re: BGINFO
It's also an argument to the executable.
/nolicprompt
We use an asset management and tracking tool to show the assignment of PCs
to users. The PC names don't have any relationship to the user. Putting user
information in the PC names doesn't scale well, as you note.
-Malcolm
From: David Lum [mailto:david@nwea.org]
Sent: Monday,
Technically, setting the screensaver and background via GPO is trivial. The
issue you'll have is with updating or changing them. We have a company
background with a calendar printed on it, so it changes every month. We use
a mandatory, hidden SCCM advertisement to update the background image (it
We just apply the screensaver/background GPOs to our workstations OU; the
servers get different policies which simply run the blank screensaver. I
learned to be very careful with server screensavers in the NT 4.0 days when
everyone wanted to run that cool 3-D Pipes screensaver and then wondered
I would never, ever, allow non-company-managed PCs to connect to our VPN. As
you think, that's just asking for all kinds of trouble.
Since most of your home users won't have MS Office on their home PCs,
they'll get more done if you give them TS access to your standard corporate
suite of
You need to get PowerShell v2 for your 2003/2008 boxes. Load the AD cmdlets
and you'll be good to go.
http://technet.microsoft.com/en-us/magazine/ee914610.aspx
-Malcolm
-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
Sent: Tuesday, November 02, 2010 13:23
To: NT
We have our Xerox WorkCentre machines fixed to only scan to email, not file
shares. Users have to log in to the Xerox via their AD account and the
machine automatically addresses the email to their mailbox. It is a bit of a
pain to log in with the Xerox keyboards (the newer models are better), but
1) Hyper-V is Windows - whatever drivers you need to run Windows on that
hardware is what you need for Hyper-V; no different than any other Windows
implementation. If you have a major name server, you'll have the drivers you
need from the vendor.
2) I can't speak to paid support from non-EA
, done.
-Original Message-
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: 26 October 2010 16:30
To: NT System Admin Issues
Subject: RE: VMWare vs Hyper-V
1) Hyper-V is Windows - whatever drivers you need to run Windows on that
hardware is what you need for Hyper-V; no different
.
-Original Message-
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: 26 October 2010 17:03
To: NT System Admin Issues
Subject: RE: VMWare vs Hyper-V
I get what you are saying, but I'm not really seeing that as an issue, though.
Downloading the VMware ISO with the drivers isn't much
The issue is probably the KMS host key you have installed. Did you use a Group
A/B/C key? Run cscript slmgr.vbs -dlv on the KMS host itself (not a client).
The description line should have a _A, _B or _C somewhere near the end.
If it just says KMS, the you need to change the key.
Look for System Center Updates Publisher.
http://technet.microsoft.com/en-us/systemcenter/bb741049.aspx
-Malcolm
From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Monday, October 25, 2010 16:47
To: NT System Admin Issues
Subject: RE: WSUS and non public patches
Not
We do all of our updates through SCCM, though I imagine your question
implies you need a non-SCCM-based solution.
-Malcolm
From: Erik Fog-Morrissette [mailto:e...@systek.dk]
Sent: Monday, October 18, 2010 13:28
To: NT System Admin Issues
Subject: Update servers in DMZ
Hello
How do
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
From:Malcolm Reitz malcolm.re...@live.com
To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com
Date:10/13/2010 07:41 PM
Subject:RE
MS made some changes with the last update to KMS. The activation threshold
for Server 2008/2008R2 has been moved down to 5 while remaining at 25 for
other clients. Virtual machines now count towards the threshold, too. That
said, with only 6 servers, Brian is correct in that MAK is the way to go
Didn't think about Office 2010 - the activation threshold there is 5.
-Malcolm
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Wednesday, October 13, 2010 18:39
To: NT System Admin Issues
Subject: RE: KMS Best Practices
Ah, misunderstood that part in TechNet. They did
It is fairly simple and the iPhone/iPad devices actually work pretty well
with Exchange. Here are a few links I found useful:
http://www.expta.com/2010/02/how-to-securely-deploy-iphones-with.html
http://www.sysadminlab.net/activesync/iphone-os-4-and-exchange-activesync-po
That's why the iPhone is more secure than most - try pulling the battery on
one of those :-)
We're a Blackberry shop now, but I'm keeping an open mind as I'm not too
happy with RIM selling out their encryption and security to India/UAE/etc.
Maybe Microsoft can figure out how to make a decent,
I have some special requirements for AD accounts which will need passwords
that don't meet our domain's password complexity policy. Is there any good
way to create these accounts and with the desired passwords without going
through a disable complexity, create account/pw, re-enable complexity
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: Monday, October 04, 2010 12:44 PM
To: NT System Admin Issues
Subject: Set password that doesn't meet complexity policy
I have some special requirements for AD accounts
, Malcolm Reitz malcolm.re...@live.com
wrote:
That's what I thought. I'm pushing our move to 2008, but it's a long road -
lots of older hardware that needs to be replaced.
-Malcolm
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, October 04, 2010 12:06
To: NT System Admin
Are you running it your Proofpoint server(s) in a VM or on an appliance?
We're in the process of moving ours to a virtual environment and have had to
make some adaptations to the recommended VM configuration to address
performance issues.
-Malcolm
From: Sean Martin
No, no, no - 1786 times no - I could not do that. Free-climbing to the top
of that tiny pole? I've climbed sailboat masts and that took all I could
manage.
I love the way the announcer says this is the tricky part when the guy is
about 1770 feed up already.
-Malcolm
From: Crawford,
You guys need to check again. The latest version of the 2003 KMS can support
Win7/2008 keys and Office keys at the same time.
-Malcolm
From: Don Ely - sc thinks I am a good man... [mailto:don@gmail.com]
Sent: Wednesday, September 22, 2010 12:23
To: NT System Admin Issues
Subject: Re:
Where is Stu when you need him to kill a thread? This one veered off in to
the weeds at least 95 messages ago and I suspect I'm not the only one tired
of hitting the delete key.
Let it go.
-Malcolm
From: William Robbins [mailto:dangerw...@gmail.com]
Sent: Wednesday, September 22, 2010
,DC=fabrikam,DC=com |% { add-adgroupmember groupname
$_.samaccountname }
.will do what you want.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: Monday, September 20, 2010 5:42 PM
To: NT
Annoyingly enough, SOX doesn't specify any retention period. However, it
does implicitly require a formalized and structured retention policy to be
applied. Of course, SOX doesn't apply to non-publicly-traded companies
anyway.
Even without SOX or other regulatory requirements, a retention policy
I'm trying to write a simple PS script to put the membership of an OU in to
a security group. I can do this with a bit of code like below, which seems
to work fine.
$users = get-aduser -filter * -searchbase OU=Test, OU=User Accounts,
DC=fabrikam, DC=com
foreach($user in $users)
{
You have set up domain admin accounts with mailboxes? You will run in to
this problem with the BESAdmin permissions on those accounts:
http://www.blackberry.com/btsc/search.do?cmd=displayKCdocType=kcexternalId
=KB12309
-Malcolm
-Original Message-
From: Joseph Heaton
Ah, but there is now (IE9 and 64-bit).
http://labs.adobe.com/downloads/flashplayer10.html
-Malcolm
-Original Message-
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, September 15, 2010 17:47
To: NT System Admin Issues
Subject: RE: IE9 beta
Well duh. That's not
True, that response didn't make a lot of sense. I'd think it more likely that
Compatibility mode isn't supported due to the GUI limitations and the fact that
Compatibility mode is largely targeted at interactive apps, something Server
Core definitely isn't designed for.
-Malcolm
-Original
The KMS has no idea about how many licenses you own. All it does is act as
an internal activation service.
-Malcolm
From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Thursday, September 02, 2010 13:31
To: NT System Admin Issues
Subject: re: Windows 7: buy PCs with license or withhout
If you haven’t already resolved this…
Don’t use the DC template. What you want is the RAS and IAS Servers
template. This certificate template needs to be permissioned and configured
properly one time. You may also need to adjust your default domain policy.
Then you add your NPS server to the
Fax: (610) 650-5306
don.gu...@prufoxroach.com
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: Thursday, September 02, 2010 3:56 PM
To: NT System Admin Issues
Subject: RE: Windows 7: buy PCs with license or withhout
The KMS has no idea about how many licenses you own. All it does
that same cert to the computer AD account?
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: Monday, August 02, 2010 11:12 AM
To: NT System Admin Issues
Subject: RE: Wireless Machine Authentication
We used the machine AD credentials, as that is the path of least resistance.
It is a pretty
We've found the remote media mount to be very useful. We have rebuilt
servers remotely just via the DRAC. The DRACs, on a whole, have been quite
reliable for us.
-Malcolm
-Original Message-
From: Fred Sawyer [mailto:fr...@sunbelt-software.com]
Sent: Tuesday, August 17, 2010 12:40
To: NT
My favorite site on this, www.returnproxy.com, seems to be offline, but here
are a couple of sites which cover the basics of a simple proxy.pac
functions:
http://helpdeskgeek.com/networking/proxy-pac-file/
http://www.aspfree.com/c/a/BrainDump/Controlling-Internet-Access-using-a-Pac
-File/
One of the things I like about KMS is that it doesn't expose our corporate
license keys. With a MAK, users could take your key and use it on
unauthorized PCs (i.e. home, family, friends, etc.). KMS keeps the key where
it can only be used when the computers attach to your network. KMS is also
No need to copy any files - the KMS server doesn't really track anything (it
keeps the last 50 activations as a rolling list, but that's it). If you're
worried about meeting the minimum number of systems for activation, note
that when you reinstall the KMS key on the same KMS server, you will
If you set the XP SP3 802.1x authentication mode back to its default, you
should get what you want. The default authentication mode allows a computer
to authenticate with PEAP under its computer account credentials. When a
user logs in to the computer, the auth process is repeated, this time with
We used the machine AD credentials, as that is the path of least resistance.
It is a pretty simple GPO configuration to set it all up, too.
-Malcolm
From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Monday, August 02, 2010 10:03
To: NT System Admin Issues
Subject: RE: Wireless
. Say your corporate network is using the
10.x.x.x IPv4 address space and a domain name of internal.mycorp.com.
DNS works by IP. How can you reach the DNS servers if what you are saying
above is true?
Thanks!
Jason
-Original Message-
From: Malcolm Reitz [mailto:malcolm.re...@live.com
kind of apps have you run into that don't play nice with it?
Kurt
On Fri, Jul 23, 2010 at 13:29, Malcolm Reitz malcolm.re...@live.com wrote:
I won’t say DirectAccess is just another VPN, because it isn’t, but it
is a VPN technology with pretty robust security. It isn’t an easy
setup
I won't say DirectAccess is just another VPN, because it isn't, but it is a
VPN technology with pretty robust security. It isn't an easy setup, as it
requires working with IPv6 and certificates, however, once it is running, it
is really slick in operation. Just connecting your laptop to the
How do you have the proxy defined? What browser are you using? There are
ways to configure the proxy setting so the same setting will work on or off
your network.
-Malcolm
From: Gavin Wilby [mailto:gavin.wi...@gmail.com]
Sent: Monday, July 12, 2010 07:38
To: NT System Admin Issues
That's what I was getting at. Very easy to publish wpad.dat or proxy.pac via
DHCP option 252 to all clients. Make sure you point to the wpad.dat/proxy.pac
by FQDN, not IP, so the proxy is gracefully ignored when the PC is off the
corporate network.
-Malcolm
-Original Message-
From:
McAfee has a product called Site Advisor. It has an optional web filtering
plugin that lets you set a PC-based filter policy for web browsing. The
filtering is pretty effective (the policy lives on the PC and it does URL
categorization lookups to a McAfee server over the Internet).
It works as a
I haven't used GFI, but have used a similar product. Do you have the proper
ISA rules in place to allow GFI to communicate with its administrative
console and its category download server?
-Malcolm
From: Farhan Khan [mailto:xs2far...@gmail.com]
Sent: Thursday, June 17, 2010 05:42
To: NT
I would prefer to run the host as VM host only. I would also create 3 VMs -
DC, file, Exchange. I don't like to mix file services in to a domain
controller as it creates security administration issues.
-Malcolm
From: Oliver Marshall [mailto:oliver.marsh...@g2support.com]
Sent: Monday,
Group Policy Preferences will let you just add members to the local
Administrator group without disturbing the existing contents of that group.
-Malcolm
From: Graeme Carstairs [mailto:loonyto...@gmail.com]
Sent: Thursday, June 10, 2010 11:14
To: NT System Admin Issues
Subject: Re: Heres a
Do you do anything to prevent random people outside your office from connecting
to your guest wireless network?
-Malcolm
-Original Message-
From: Joe Tinney [mailto:jtin...@lastar.com]
Sent: Tuesday, June 08, 2010 21:21
To: NT System Admin Issues
Subject: RE: OTish: Wireless network
The owner's account is an administrator on the SBS server, isn't it? That's
the problem.
http://support.microsoft.com/?kbid=907434
-Malcolm
From: Cesare' A. Ramos [mailto:cra...@idfllc.com]
Sent: Wednesday, June 09, 2010 10:59
To: NT System Admin Issues
Subject: Windows SBS 2003 User
I've always struggled with the point of Core. Core sounds appealing, until you
consider it doesn't save much patching and it requires a different support
model. I had a long discussion with a senior MCS guy about whether Core was a
fit for us and one of the things he said stuck with me, that
I know you can run the SCCM 2007 SP2 client and the latest SEP client on Core.
I would be a bit surprised if some of those other 3rd-party clients support
Core, though.
Additionally, I’d ask what you are trying to accomplish by running all your DCs
on Core. I’m not sure the small reduction
Yes, no reason to create a new domain.
I'd build the new server at the main office and join it to the domain. There
should be no issue with then moving it to the new office and giving it a new
IP address.
-Malcolm
From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Wednesday,
Sounds like maybe something from http://www.onguardonline.gov? I don't think
the more technical sites http://csrc.nist.gov or http://www.us-cert.gov
will have online tools like that.
-Malcolm
From: David McSpadden [mailto:dav...@imcu.com]
Sent: Friday, May 28, 2010 07:35
To: NT System
+1 on the separate accounts. We try to keep Domain Admins to as small a
number as possible and we don't allow anyone to use their Domain Admin
account to do regular work (such as email, web browsing, etc.).
Keeping the number of DAs to a minimum also minimizes the number of people
able to screw
Same here. Who calls IT “data processing” anymore? ;-)
-Malcolm
From: Free, Bob [mailto:r...@pge.com]
Sent: Wednesday, May 26, 2010 13:25
To: NT System Admin Issues
Subject: RE: Big Changes Ahead for IT - Anyone seen this?
+1
brings up very old memories :-]
From: Don Kuhlman
Whitelisting via simple GPO without AppLocker is only of limited
effectiveness, unfortunately. You can, for instance, get around it by
starting a rogue app from the command prompt or by renaming it to match a
whitelisted app.
I definitely agree with the suggestion to turn off AutoPlay.
There's not a specific event for Domain Admins group membership. You'll have
to look for the 632 security event and filter on the description containing
substring Domain Admins.
-Malcolm
From: David Lum [mailto:david@nwea.org]
Sent: Monday, May 24, 2010 16:03
To: NT System Admin
Pre windows 2008. For windows 2008 and after, the event id changes.
See
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?
eventid=632
And related entries.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Malcolm Reitz
Jenny, is that you?
-Malcolm
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Friday, May 21, 2010 17:14
To: NT System Admin Issues
Subject: Re: script SSID for wireless configs
On Fri, May 21, 2010 at 15:08, Ben Scott mailvor...@gmail.com wrote:
On Fri, May 21,
Your Windows 2000 clients won't be able to read the WMI filters no matter what
DC they authenticate to. The Vista clients should be fine regardless of which
DC authenticates them - WMI filters are not a new Windows 2008 function. If the
Vista clients aren't getting policies when they
There are places that prefer not to enable DHCP on server subnets for
security reasons. Also, managing DHCP reservations will be a non-trivial
operational workload in a dynamic data center.
-Malcolm
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Tuesday, May 18, 2010
and leg
work, or a good deal of scripting skill. Centralized control via DHCP is
also going to be easier to hand-off to other administrators.
--
ME2
On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com
wrote:
There are places that prefer not to enable DHCP on server subnets
- especially
when you take into account the environment and staff into consideration.
Certainly it may be the case that managing DHCP for servers might
over-complicate your environment. But, I always lean toward centralized
manageability.
--
ME2
On Tue, May 18, 2010 at 12:01 PM, Malcolm Reitz
That would be a much better idea. No way I'd want to put SCCM on any kind of
shared server.
-Malcolm
-Original Message-
From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Monday, May 17, 2010 11:09
To: NT System Admin Issues
Subject: RE: DPM, SCCM AND SCOM on same box???
Why
You wish :-) App-V is part of the MDOP (Microsoft Desktop Optimization Pack)
client license. It isn't terribly expensive, but it isn't free.
-Malcolm
From: Tom Miller [mailto:tmil...@hnncsb.org]
Sent: Wednesday, May 05, 2010 13:47
To: NT System Admin Issues
Subject: RE: Virtualizing
Don't know if it is better news or not, but Secure Computing was bought by
McAfee, not Symantec.
-Malcolm
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Friday, April 30, 2010 23:56
To: NT System Admin Issues
Subject: Re: Symantec Acquires PGP
On Thu, Apr 29,
Excellent - congrats! Post a pic of you in your green beret :-)
-Malcolm
From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, April 27, 2010 21:06
To: NT System Admin Issues
Subject: Webster is now employed
Webster is now employed by LPS Integration in Nashville, TN as Sr.
The TMG URL filtering is pretty good, but I doubt it will be any less costly
than SmartFilter.
There are cloud-based filtering options these days; McAfee offers a
SmartFilter cloud and ATT has one too.
-Malcolm
-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
Sent:
This complaint would probably elicit a that's the way it is - deal with it
response from me; a workaround such KLIST may help (are you sure the user
really has a Kerberos logon and ticket to the relevant CIFS service?), but
it complicates the scenario significantly and your users are just as
In VBScript, the _ character is a special character denoting a line
continuation. It is used as the last character on a line. Rewrite the lines
to look like this and give it a try.
Set objSiteSettings = GetObject(LDAP://cn= _
strSubnetName _
cn=subnets,cn=sites, _
Pretty simple to set the SNMP registry keys with a group policy...
Community strings go here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\ValidCo
mmunities
SNMP management servers go here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\Permitt
Passwords of sufficient complexity mitigate the threat of brute-force
attacks without having to be changed. And, if you know a user's password
this month, you are probably 95% of the way to knowing his password next
month (change a digit at the end, pick the next kid's name, etc.).
-Malcolm
+1
For the past few years, every time we've had a server compromised, it has
been because something was overlooked or done incorrectly by one of our own
people, such as not changing default administrator passwords, assigning
improper permissions to key folders or leaving vulnerable ports
Exchange 2010 requires DCs to be at least Server 2003 SP2 along with domain
and forest functional levels of at least Windows Server 2003, so Server 2008
DCs are not required. You could proceed with your Exchange upgrades and
leave the DCs alone until you can get updated hardware to replace them.
We're gonna try like heck not to use it. Don't want to have to support 2
OSes on a single PC for the reasons you've mentioned and more.
-Malcolm
-Original Message-
From: jgarciaitl...@gmail.com [mailto:jgarciaitl...@gmail.com]
Sent: Friday, March 19, 2010 19:44
To: NT System Admin
1 - 100 of 205 matches
Mail list logo