*When I think of a firewall I think of a layer 4 contraption. Layer 7
is like putting ISA or something on the box.*
* *
*Thanks,*
*Brian Desmond*
[EMAIL PROTECTED]
* *
*c - 312.731.3132*
* *
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Al Mulnick
*Sent:* Friday, June 09, 2006 9:54 AM
*To:* [email protected]
*Subject:* Re: [ActiveDir] PCs hang at "Applying computer settings"
after upgradingDCs to 2K3 SP1
Interesting. I'm fascinated by the architecture.
FWIW, I was hinting around at layer-7 firewalls being a better choice
than a traditional ACL on a router or a port-forwarding type of
firewall. Firewall technology gives fine control, but it also opens
pandora's box in terms of support, coordination, etc. It also doesn't
do anything for application layer attacks because for that only one
port is needed. The downside is that layer-7 firewalls have a hard
time reaching line speed due to the amount of work and analysis they
do. You almost need a grid cluster to power such a thing. :)
Thanks for the responses. It's helpful to me at least.
Al
On 6/9/06, *Clay, Justin (ITS)* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Sorry for the mega-delay in responding to my own thread, I've been sick!
I don't control our firewalls at all, but my understanding is that
this firewall is there for the exact reasons that Brian described.
It's especially important to us to separate the clients from the
servers and DCs in this case because all of the PCs in this forest are
public-facing (Public Library, Public Parks, etc). I believe we're
either going to go with the method that Brian is using, or they might
possibly use the application-level (I think that's the term they use)
filtering, where, as I understand it, the Checkpoint firewall would
dynamically open the high ports based on information it received by
looking inside the RPC packets and determining which high port the DC
is telling the client to connect on. I think there's a lot more
overhead with this method, but it seems like something our firewall
guys would like to at least try.
As to some of the earlier questions, our firewall guys only opened
such a large range for me so quickly so that the problem would go away
while we researched a more secure solution. It's amazing what they'll
do when they have the director of the Nashville Public Libraries on
the phone yelling at them.
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *Brian Desmond
*Sent:* Thursday, June 08, 2006 11:07 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* RE: [ActiveDir] PCs hang at "Applying computer settings"
after upgradingDCs to 2K3 SP1
*Yes. It isolates different applications and tiers. One of the big
isolation issues is in house managed vs vendor managed stuff. Database
tier vs app tier vs web tier. Web shouldn't be able to talk to
database at all, generally. Your HR database should not be in a subnet
that a vendor with TS access to another DB server has access to, and
so forth. *
* *
*Thanks,*
*Brian Desmond*
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>*
* *
*c - 312.731.3132*
* *
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *Al Mulnick
*Sent:* Thursday, June 08, 2006 7:50 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [ActiveDir] PCs hang at "Applying computer settings"
after upgradingDCs to 2K3 SP1
Interesting. So, more or less, the firewall between tiers is more of
a control mechanism? i.e. you can impose fine control over new
applications that should be there, while preventing malicious
applications from running amok on the network at the high port ranges?
Rather, you either use the proposed ports, else take your packets and
go home?
Or am I missing the idea of putting the FW's in between the tiers?
Does this provide you much benefit? What's been the trade-off?
On 6/7/06, *Brian Desmond* < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
*I haven't really read this thread thru (too busy) but I think I have
the gist of it. I'll generally throw a firewall between each of my
server tiers (some sort of trunked interface of course) and then of
course between my clients and these tiers. I'm not about to open TCP
1024-65535 between clients and the servers, might as well just put an
any rule in. Weird stuff that's not belonging on a box has a habit of
running on weird high range ports anyway, this is just conducive to it. *
* *
*I guess I also have the very large enterprise datacenter network
model of subnet for each little item burned in and being meticulous
yet logical about rules. *
* *
*Thanks,*
*Brian Desmond*
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>*
* *
*c - 312.731.3132*
* *
*From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>[mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>] *On Behalf Of *Al Mulnick
*Sent:* Wednesday, June 07, 2006 3:16 PM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [ActiveDir] PCs hang at "Applying computer settings"
after upgradingDCs to 2K3 SP1
I don't think I'll take that bait this time. :)
Keep in mind that as far as unwanted intrusions are concerned, it only
takes one port - what do you have to gain by reducing the number of
available authorized ports? If you don't watch it everyday, is there
an advantage? Or is it too late if something happens?
As for firewalls, I get the idea of a DC having a firewall - it's the
reason there are firewalls on the DC's with the adoption of R2/K3 sp1.
No problem. But a separate firewall has me interested.
Separating domains with firewalls is silly and trivial to overcome
IMHO. It does however reduce the possible spread of virii/malware/email.
-ajm
On 6/7/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]* <
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
One advantage of ISA server being on the DC (yes folks I told you we are
insane..but I do have a hardware firewall on the outside) is yeah...
I've got the data watching that crud...I turn into an atheist every now
and then and lose religion I will admit and don't review the daily
firewall report emails always like I should ...but Dana Epp's Scorpion
Software ISA (can be used on other firewalls) dashboard greatly helps to
narrow my investigation when I need it.
Why MS at 207.46.236.25 <http://207.46.236.25/> is wanting to connect
to my port 46844.. I don't
know..but ISA is blocking it nonetheless....
About once a month I throw up the real time monitor and just see what
the gang is doing (yes our AUP states that I can do this).. we now block
myspace.com <http://myspace.com/> as a result..(among other sites)
Honestly I don't do it as well as I should... but I try.
But if you had those blocks in place before... there was a reason... and
that firm has now done a major change management and especially with
firewalls... that's one big change management that you've done with
those domain controllers.
Isn't domain isolation a good thing?
IT's Showtime:
http://www.microsoft.com/australia/showtime/sessionh.aspx?videoid=115
Al Mulnick wrote:
> So... you watch those ports then? You have some sort of watching
> going on for that set of ports? Or are you just relying on the concept
> that, "hey, nothing should be talking to that set of ports, hence I
> shouldn't see anything in my firewall logs (which I'm reviewing
> religiously by the way) therefore this must be something amiss and or
> awry"? Detection of issues (with a lag time built in) vs. prevention?
>
> In the case of the original poster, the firewall is a separately
> controlled device that I believe is walling off one network of users
> from a network of servers. In this case, Active Directory servers.
> I'm just not sure why and I'm insanely curious. :)
>
> Al
>
>
> On 6/7/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]*
> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> <mailto:
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:
>
> Egress filtering so that there's less ports for me to keep an eye
> on...
> those high level ports can be used for backdoors, trojans and what
> not... I live in California.. I have SSNs in an encrypted
> database... I
> have sucky vendors that won't support encryption... so I'm
putting all
> the layers I can.
>
> I don't trust my secretary that 'has' downloaded malware on her
> machine
> (she's nonadmin these days along with many others in my firm).
>
> I have a tiny network in comparison to you guys (Joe would get
> claustrophobic just opening up the group policy snap in and seeing
> hardly anything in there) but each workstation has XP sp2 with the
> firewalls enabled..and believe you me... if some high level port is
> needed, I need, I want to know what the 'normal' baseline traffic
> is on
> my network.. should something change... that's a sign of a new
> piece of
> software.. or worse yet... malware, trojans, yadda yadda... and I'm
> having a heart attack and licking stamps on post cards informing
> clients
> of an intrusion.
>
> These days your interior "trusted network" can't be trusted
anymore.
> The bad guys want my desktops.. and most of my risks in my sized
> network
> is coming in from those users.. not my server.
>
>
> Al Mulnick wrote:
>
> > Hmm.. I'm surprised by that Susan. :)
> >
> > Anyhow, why would you lock it down? I'm curious as to what the
> > motivation is in this particular instance to use the firewall
like
> > that? What's the gain? What risk are you mitigating? What are
you
> > controlling?
> >
> > As I understand this, it is not an internet facing machine such
> that a
> > firewall is there to slow the rush. This is firewalled off from
> other
> > networks within the "trusted" networks (or not so trusted I
suppose,
> > since you did deploy a firewall.) I'm not sure I understand
> what's to
> > be gained by doing this, so I'm curious. I'm familiar with what
> other
> > companies have done this type of configuration for, but I'm
> interested
> > in this particular instance.
> >
> >
> >
> >
> > On 6/7/06, *Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]*
> > < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]><mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
> <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
<mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >> wrote:
> >
> > I think I'd be setting up a sniffer and figuring out exactly
> what
> > is wanting what open and why.
> >
> > ...that's an awful lot of ports....and exactly where is this
> firewall?
> >
> > I'm with Brian.. except I would probably not use the f
> word.. but
> > I think I'd be going "okay this is fine to keep the bosses
from
> > freaking out but we're getting to the bottom of this so I can
> > close those suckers back up or at least only open the
minimums".
> >
> >
> >
> >
> > Brian Desmond wrote:
> >
> >> *And fwiw you have some forgiving firewall people. I would
> have
> >> told you to f off and lock it down.*
> >>
> >> * *
> >>
> >> *Thanks,*
> >>
> >> *Brian Desmond*
> >>
> >> * [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
<mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
<mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>*
> >>
> >> * *
> >>
> >> *c - 312.731.3132*
> >>
> >> * *
> >>
> >> *From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
> >> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>>
> >> [mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>] *On Behalf Of *Clay,
> >> Justin (ITS)
> >> *Sent:* Friday, June 02, 2006 4:30 PM
> >> *To:* [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>
> >> <mailto: [email protected]
<mailto:[email protected]>
> <mailto: [email protected]
<mailto:[email protected]>>>
> >> *Subject:* RE: [ActiveDir] PCs hang at "Applying computer
> >> settings" after upgradingDCs to 2K3 SP1
> >>
> >>
> >>
> >> Well everyone, it's fixed. It's something that even MS is
a bit
> >> surprised at, although they say they have seen it before.
> >> Essentially, the last year since this forest has been
deployed,
> >> high ports (1024-65535) have been blocked at the firewall
> but for
> >> whatever reason, everything seemed to work fine. Installing
> SP1
> >> apparently changed something, or fixed something that
finally
> >> made it a requirement to have those high ports open.
> >>
> >>
> >>
> >> They opened 1024-65535 on our Checkpoint firewall and the
> login
> >> times instantly went from 4-8 minutes back down to the
> usual few
> >> seconds. It sucks to have to learn about things like this by
> >> killing a production environment for 4 hours and burning
some
> >> Premiere Support hours, but at least we know what to look
for
> >> when we upgrade some of our other domains to SP1!
> >>
> >>
> >>
> >> Thanks to everyone for all the suggestions and help, it's
> always
> >> appreciated!
> >>
> >>
> >>
> >> Also, to everyone else that was experiencing this issue,
I'd be
> >> interested to know if a firewall or router ACL blocking high
> >> ports is the cause of the problem for you!
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
>
------------------------------------------------------------------------
>
> >>
> >> *From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
> >> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>>
> >> [mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>] *On Behalf Of *Clay,
> >> Justin (ITS)
> >> *Sent:* Friday, June 02, 2006 2:31 PM
> >> *To:* [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>
> >> <mailto: [email protected]
<mailto:[email protected]>
> <mailto: [email protected]
<mailto:[email protected]>>>
> >> *Subject:* RE: [ActiveDir] PCs hang at "Applying computer
> >> settings" after upgradingDCs to 2K3 SP1
> >>
> >>
> >>
> >> Nope, I can get to them from the client PCs just fineā¦I was
> able
> >> to drill down into all of the policies that I tried.
> >>
> >>
> >>
> >>
>
------------------------------------------------------------------------
> >>
> >> *From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
> >> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>>
> >> [mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>] *On Behalf Of *Al Mulnick
> >> *Sent:* Friday, June 02, 2006 1:34 PM
> >> *To:* [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>
> >> <mailto: [email protected]
<mailto:[email protected]>
> <mailto: [email protected]
<mailto:[email protected]>>>
> >> *Subject:* Re: [ActiveDir] PCs hang at "Applying computer
> >> settings" after upgradingDCs to 2K3 SP1
> >>
> >>
> >>
> >> Any problems accessing
> >>
> >>
> >>
> >> \\domain\sysvol\domain\Policies
<file:///%5C%5Cdomain%5Csysvol%5Cdomain%5CPolicies>
> >>
> >>
> >>
> >> ?
> >>
> >>
> >>
> >> On 6/2/06, *Clay, Justin (ITS)* <
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
> >> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>>> wrote:
> >>
> >> Hopefully the attachment comes through. The interesting
> part, and
> >> where most of the time delay is seen is here:
> >>
> >>
> >>
> >> USERENV(42c.2f0) 12:36:47:528 ProcessGPOs: Machine role
is 2.
> >>
> >> USERENV(42c.2f0 ) 12:37:50:606 MyGetUserName: GetUserNameEx
> >> failed with 1753.
> >>
> >> USERENV(42c.2f0) 12:37:50:606 MyGetUserName: Retrying
call to
> >> GetUserNameEx in 1/2 second.
> >>
> >> USERENV(42c.2f0) 12:38:54:371 MyGetUserName: GetUserNameEx
> >> failed with 1753.
> >>
> >> USERENV(42c.2f0) 12:38:54:371 MyGetUserName: Retrying
call to
> >> GetUserNameEx in 1/2 second.
> >>
> >> USERENV(42c.2f0) 12:39:58:027 MyGetUserName: GetUserNameEx
> >> failed with 1753.
> >>
> >> USERENV(42c.2f0) 12:39:58:027 MyGetUserName: Retrying
call to
> >> GetUserNameEx in 1/2 second.
> >>
> >> USERENV(42c.2f0) 12:41:01:573 MyGetUserName: GetUserNameEx
> >> failed with 1753.
> >>
> >> USERENV(42c.2f0) 12:41:01:573 ProcessGPOs: MyGetUserName
failed
> >> with 1753.
> >>
> >> USERENV( 42c.2f0) 12:41:01:573 ProcessGPOs: No WMI logging
> done in
> >> this policy cycle.
> >>
> >> USERENV(42c.2f0) 12:41:01:573 ProcessGPOs: Processing
> failed with
> >> error 1753.
> >>
> >>
> >>
> >>
>
------------------------------------------------------------------------
> >>
> >> *From:* [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
> >> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>>
> >> [mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
> >> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>>] *On Behalf Of *Al
> >> Mulnick
> >> *Sent:* Friday, June 02, 2006 12:19 PM
> >> *To:* [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>
> >> <mailto: [email protected]
<mailto:[email protected]>
> <mailto:[email protected]
<mailto:[email protected]>>>
> >> *Subject:* Re: [ActiveDir] PCs hang at "Applying computer
> >> settings" after upgradingDCs to 2K3 SP1
> >>
> >>
> >>
> >> I think a different thread mentioned that DNS was about
90% of
> >> the cause of this type of behavior. It's not the only one
> however.
> >>
> >>
> >>
> >> What keeps rebooting? The DC? Or the workstations? If the
> >> workstations, not only ethereal but Darren's suggestion of
> >> logging is a good idea.
> >>
> >>
> >>
> >> On 6/2/06, *Za Vue* < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
<mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>> wrote:
> >>
> >> Finally..someone is also experiencing this problem. My
DCs are
> >> Windows 2003 SP1 also. It seems to hang every 3-4
reboots. My
> >> first thought was DNS DNS.. but NetDiag, Repl, DCDiag,
> Nslookup
> >> all show no error. Nothing is reported in logs. It is not
> >> firewall. I have play with NetBIOS, changing Provider
Order in
> >> Network Neighborhood->Advanced Settings..nada.
> >>
> >> This week has been quiet. If someone calls again I have
> ethereal
> >> setup and ready to capture. The thing about my
environment is I
> >> do not manage the switches or router. I don't know if
> someone is
> >> messing with something.
> >>
> >>
> >>
> >> - Z.V.
> >>
> >>
> >>
> >> , Justin (ITS) wrote:
> >>
> >> Hello,
> >>
> >>
> >>
> >> Last night we upgraded our 3 Win2K3 domain controllers to
SP1.
> >> This morning, we're getting tons and tons of calls from
> users who
> >> report that their computer sits at "Applying computer
> settings"
> >> for a good 10 minutes, then another 10 or so minutes at
> "Applying
> >> your personalized settings"
> >>
> >>
> >>
> >> After the upgrade we did start seeing DCOM errors in the
> System
> >> event log, which I've found many people online have
> experienced.
> >> I "fixed it" (or at least the DCOM errors went away) by
> granting
> >> Network Service the following rights:
> >>
> >>
> >>
> >> Local Launch
> >>
> >> Remote Launch
> >>
> >> Local Activation
> >>
> >> Remote Activation
> >>
> >>
> >>
> >> In the Launch and Activation Permissions dialog on the
Security
> >> tab of the netman component. However, even after the DCOM
> errors
> >> have gone away, we continue to see the same results on the
> clients.
> >>
> >>
> >>
> >> Any ideas? I'm considering calling Premier Support, but I
> figured
> >> you guys would be better help than them.
> >>
> >>
> >>
> >> Thanks,
> >>
> >>
> >>
> >> /Justin Clay/
> >> /ITS Enterprise Services/
> >> /Metropolitan Government of Nashville and Davidson County /
> >> /Howard School Building/
> >> /Phone: (615) 880-2573/
> >>
> >>
> >>
> >>
> >>
> >> ITS ENTERPRISE SERVICES EMAIL NOTICE
> >>
> >> The information contained in this email and any
attachments is
> >> confidential and may be subject to copyright or other
> >> intellectual property protection. If you are not the
intended
> >> recipient, you are not authorized to use or disclose this
> >> information, and we request that you notify us by reply
mail or
> >> telephone and delete the original message from your mail
> system.
> >>
> >>
> >>
> >>
> >>
> >> ITS ENTERPRISE SERVICES EMAIL NOTICE
> >>
> >> The information contained in this email and any
attachments is
> >> confidential and may be subject to copyright or other
> >> intellectual property protection. If you are not the intended
> >> recipient, you are not authorized to use or disclose this
> >> information, and we request that you notify us by reply
mail or
> >> telephone and delete the original message from your mail
> system.
> >>
> >>
> >>
> >>
> >>
> >>
> >> ITS ENTERPRISE SERVICES EMAIL NOTICE
> >>
> >> The information contained in this email and any
attachments is
> >> confidential and may be subject to copyright or other
> >> intellectual property protection. If you are not the intended
> >> recipient, you are not authorized to use or disclose this
> >> information, and we request that you notify us by reply
> mail or
> >> telephone and delete the original message from your mail
> system.
> >>
> >>
> >>
> >>
> >>
> >> ITS ENTERPRISE SERVICES EMAIL NOTICE
> >>
> >> The information contained in this email and any
attachments is
> >> confidential and may be subject to copyright or other
> >> intellectual property protection. If you are not the intended
> >> recipient, you are not authorized to use or disclose this
> >> information, and we request that you notify us by reply
mail or
> >> telephone and delete the original message from your mail
> system.
> >>
> >>
> >>
> >
>
> --
> Letting your vendors set your risk analysis these days?
> http://www.threatcode.com <http://www.threatcode.com/>
> The SBS product team wants to hear from you:
> http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx
> < http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
<http://www.activedir.org/ListFAQ.aspx>
> List archive: http://www.activedir.org/ml/threads.aspx
>
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com <http://www.threatcode.com/>
The SBS product team wants to hear from you:
http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx
<http://msmvps.com/blogs/bradley/archive/2006/05/18/95865.aspx>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
<http://www.activedir.org/ml/threads.aspx>
ITS ENTERPRISE SERVICES EMAIL NOTICE
The information contained in this email and any attachments is
confidential and may be subject to copyright or other intellectual
property protection. If you are not the intended recipient, you are
not authorized to use or disclose this information, and we request
that you notify us by reply mail or telephone and delete the original
message from your mail system.
