RE: Rod, give me a buzz?
Nothing wrong with that subject line at all... -Original Message- From: stu sjouwerman [mailto:s...@sunbelt-software.com] Sent: Monday, May 06, 2013 8:09 AM To: ntsysad...@gwsin01.mbox.net Subject: Rod, give me a buzz? I will get you the whole list so you can send an invite to everyone. Warm regards, Stu Sjouwerman Founder and CEO www.KnowBe4.com 601 Cleveland Street Suite 230 Clearwater, FL 33755 Direct: 727-493-5296 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: The list?
Nope it went away April 30th. From: James Kerr [mailto:cluster...@gmail.com] Sent: Wednesday, May 01, 2013 1:01 PM To: NT System Admin Issues Subject: Re: The list? is this thing still on? On Wed, May 1, 2013 at 9:52 AM, Jonathan Link jonathan.l...@gmail.commailto:jonathan.l...@gmail.com wrote: At the rate it delivers messages, I expect it will happen sometime next year. On Wednesday, May 1, 2013, Steven M. Caesare wrote: The listserv is still processing the list-deletion request. -sc From: John Cook [mailto:john.c...@pfsf.org] Sent: Wednesday, May 1, 2013 9:14 AM To: NT System Admin Issues Subject: RE: The list? And so the first of a new month has come and the list still exists - I think we've been hornswaggled! John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610tel:%28352%29%20244-1610 Cell (352) 215-6944tel:%28352%29%20215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Tuesday, April 30, 2013 12:49 PM To: NT System Admin Issues Subject: Re: The list? True I should lean to read a calendar Sent from my iPad mini On Apr 30, 2013, at 12:39 PM, John Cook john.c...@pfsf.orgmailto:john.c...@pfsf.org wrote: We haven't hit the end of the month yet. John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610tel:%28352%29%20244-1610 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: End of month plan B for list shutdown.
I vote do it. I prefer e-mail to web forum for this stuff. From: rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 5:23 AM To: NT System Admin Issues Subject: Re: End of month plan B for list shutdown. I can set up a list in a few minutes, just say the word. We already host over 25 lists and have plenty of bandwidth to spare. Sent from Microsoft Surface Pro From: Kennedy, Jim Sent: Monday, April 29, 2013 8:14 AM To: NT System Admin Issues The end of the month and allegedly the end of the list is tomorrow. We need a plan B to get back in contact to get this going again if possible. Someone got a blog we can bookmark for new/announcements that would be willing to post anything they hear? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
DFSR
I resolved my DFS issue from last week (pilot error :)). My question is this: Is there a reason not to leverage DFS for most file shares? It seems to me like it's a good way to be able to down a server (read: patch and reboot) and keep the file shares available, but I also know with something that's new to me makes it easy to overlook something simple. I'd guess it's not a good idea to DFS *every* file share, just mission-critical ones? In the scenario I care about the sites are all connected at 10Mbit or better and there's no more than 40 users connected to any one server at a time and 55 is the total user count. All storage is local, no SAN /iSCSI, etc. I did find this too: http://blogs.technet.com/b/askds/archive/2010/11/01/common-dfsr-configuration-mistakes-and-oversights.aspx Seems like the only downside - as long as you're paying attention to things listed in the link above - is using 2x/3x+ of the overall disk space as without DFSR, and possible traffic if you are a huge environment with very slow connections. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk space management software
I do exactly this for a small (55 user) SMB client. I have them map to an O: (for Old!) drive that sits on RAID1 SATA drives, make it read only, and I have a Robocopy job that kicks off every week and moves files older than 1825 days (5 years). On occasion we clean up that O: drive You may find you'll want to exclude some folders, but by and large it works very well for them. From: Tammy George [mailto:tammy.geo...@acadiau.ca] Sent: Friday, April 26, 2013 10:03 AM To: NT System Admin Issues Subject: RE: Disk space management software Thanks everyone. I'm downloaded Treesize and I like it! Ideally, we'd like to archive all files that haven't been accessed in the past 3 years. Any pointers/tips on how to approach something like that? From: Orland, Kathleen [mailto:korl...@rogers.com] Sent: April-26-13 11:57 AM To: NT System Admin Issues Subject: RE: Disk space management software Definitely tree size. From: Steve Ens [mailto:stevey...@gmail.com] Sent: Friday, April 26, 2013 10:14 AM To: NT System Admin Issues Subject: Re: Disk space management software It's not comprehensive, but treesize pro works quite well. On Fri, Apr 26, 2013 at 9:04 AM, Tammy George tammy.geo...@acadiau.camailto:tammy.geo...@acadiau.ca wrote: Looking for opinions on disk space management software. We're getting low on space and would like to analyze our user data to find out what is using up the space. Thanks in advance! - Tammy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: LoJack
Depending on the vendor, you might be able to flip the BIOS setting by running an EXE. I know Dell machines can have their BIOS settings changed without having to physically touch each system. Takes some work but depending on the # of systems it might be worth looking at. Dave From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, April 23, 2013 1:36 AM To: NT System Admin Issues Subject: Re: LoJack I've looked at the various options and I've even seen a computer with the BIOS stuff installed, but I can't get an answer to the primary query I've got If the BIOS agent is set to Deactivated (rather than Disabled), do you need to switch it to Activated before the anti-theft features kick in, or can you switch it from Deactivated to Activated remotely (even if the thief has flattened the OS or switched hard drives, etc.)? I considered contacting LoJack directly but I'm wondering if they'll think I'm a crook trying to get around the anti-theft features :-) I'm just asking this because if my client buys 100+ machines with the BIOS piece installed but not Activated, are they looking at touching all the machines to get it working properly or can it be switched from Deactivated to Activated remotely in a theft situation? Cheers, JR On 23 April 2013 01:11, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: You might want to take a look at the Dell web site. I believe they sell it as an option with their business line of laptops. I think the BIOS part does all the work but I also think that the software does some configuration changes. Jon Subject: LoJack To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com From: kz2...@googlemail.commailto:kz2...@googlemail.com Date: Sat, 20 Apr 2013 13:01:33 + Does anyone know if LoJack CompuTrace can be activated without the software installed? I am looking into this sort of software for a client but am not sure whether it needs to actually have the software installed or if the embedded BIOS feature does everything required? Their website isn't particularly clear about it and most Googling just turns up people complaining about civil liberties. TIA, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: LoJack
Sorry I don't know the answer to that part. I only know that in the past I have used a Dell utility to configure an EXE that I can use to flip just about any BIOS setting that I wanted and it would take effect at the next system boot. Surely your questions aren't unique enough to be worried about asking LoJack directly. I apologize for not having better answers. Dave From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, April 23, 2013 7:38 AM To: NT System Admin Issues Subject: Re: LoJack But it does need to be set to Activated to work, then? The default setting of Deactivated is useless without switching it over? If that's right, can you ask for them to be delivered Activated, or would you definitely have to at least set them up to run a certain program as you said? Cheers, JR On 23 April 2013 15:27, David Lum david@nwea.orgmailto:david@nwea.org wrote: Depending on the vendor, you might be able to flip the BIOS setting by running an EXE. I know Dell machines can have their BIOS settings changed without having to physically touch each system. Takes some work but depending on the # of systems it might be worth looking at. Dave From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Tuesday, April 23, 2013 1:36 AM To: NT System Admin Issues Subject: Re: LoJack I've looked at the various options and I've even seen a computer with the BIOS stuff installed, but I can't get an answer to the primary query I've got If the BIOS agent is set to Deactivated (rather than Disabled), do you need to switch it to Activated before the anti-theft features kick in, or can you switch it from Deactivated to Activated remotely (even if the thief has flattened the OS or switched hard drives, etc.)? I considered contacting LoJack directly but I'm wondering if they'll think I'm a crook trying to get around the anti-theft features :-) I'm just asking this because if my client buys 100+ machines with the BIOS piece installed but not Activated, are they looking at touching all the machines to get it working properly or can it be switched from Deactivated to Activated remotely in a theft situation? Cheers, JR On 23 April 2013 01:11, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: You might want to take a look at the Dell web site. I believe they sell it as an option with their business line of laptops. I think the BIOS part does all the work but I also think that the software does some configuration changes. Jon Subject: LoJack To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com From: kz2...@googlemail.commailto:kz2...@googlemail.com Date: Sat, 20 Apr 2013 13:01:33 + Does anyone know if LoJack CompuTrace can be activated without the software installed? I am looking into this sort of software for a client but am not sure whether it needs to actually have the software installed or if the embedded BIOS feature does everything required? Their website isn't particularly clear about it and most Googling just turns up people complaining about civil liberties. TIA, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/ ~ Finally, powerful endpoint security
RE: Synchronize booksmarks?
Yeah, I was not thrilled when I found out Chrome (and now other apps are following suit) installs into the user profile. Mainly an issue for shared systems because I have received support calls about this isn't in my favorites anymore only to find out they installed and set Chrome as their default browser and my GPO favorites push doesn't go to it... From: Jon Harris [mailto:jk.har...@live.com] Sent: Thursday, April 18, 2013 6:12 PM To: NT System Admin Issues Subject: RE: Synchronize booksmarks? Thanks guys I think an 19 almost 20 YO can make the decision it just sort of pissed me off having to remove it. She has the admin password so she could have done it on purpose but claimed she did not. I do email her when I need her to do updates and she has been good about doing them so I guess daddy needs to teach her to look before clicking again. Jon From: aakash.s...@uci.edumailto:aakash.s...@uci.edu To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Synchronize booksmarks? Date: Fri, 19 Apr 2013 00:49:31 + Yes, the default version of Chrome can install without admin creds into the user's profile. Application Whitelisting (or the built in Parental Controls) can help against this. -Aakash Shah From: Jon Harris [mailto:jk.har...@live.com] Sent: Thursday, April 18, 2013 5:32 PM To: NT System Admin Issues Subject: RE: Synchronize booksmarks? Speaking of which does Chrome still allow a user to install without Administrator permission? No I do not intend to put it on but guess I could crank up a virtual machine to test it. I found it on my daughters machine recently and wondered if she installed it or if it got installed by a jacked up Adobe/Java update. Thanks, Jon From: pmaglin...@scvl.commailto:pmaglin...@scvl.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Synchronize booksmarks? Date: Thu, 18 Apr 2013 13:33:40 + Mongo says, Chrome BAD! If you have the misfortune to accidently install it, then uninstall it, it jacks up the ability for Outlook to open links in email. From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, April 18, 2013 8:09 AM To: NT System Admin Issues Subject: RE: Synchronize booksmarks? Chrome ;-) John W. Cook Network Operations Manager Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Tom Miller [mailto:tominyorkt...@gmail.com] Sent: Thursday, April 18, 2013 9:09 AM To: NT System Admin Issues Subject: Synchronize booksmarks? Our users use Firefox and Internet Explorer. Are there any utilities that I could use so that the booksmarks between browsers are synchronized? Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage
RE: Endpoint backups
Files they keep on the desktop and My Documents. From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, April 17, 2013 7:49 AM To: NT System Admin Issues Subject: RE: Endpoint backups What is there to backup that is not in a centralized location backed up by a centralized backup system? Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: David Lum [mailto:david@nwea.org] Sent: Wednesday, April 17, 2013 9:57 AM To: NT System Admin Issues Subject: Endpoint backups Do any of you guys back up all your endpoints/PC's? We're trying to do that via Tivoli but troubleshooting clients is a major PITA. It seems to be ok 90% of the time, but the broken ones seem to take forever to find and repair, and it's not easy to automate resetting the password at the client PC without interaction on the client/endpoint side. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Endpoint backups
LOL. Yeah, we don't have home folders herethat's also been on my someday I want to get these guys there list. From: Guyer, Don [mailto:dgu...@che.org] Sent: Wednesday, April 17, 2013 8:57 AM To: NT System Admin Issues Subject: RE: Endpoint backups That's what home or personal drives stored out on the network are for. Anything they store locally is susceptible to being lost/corrupt. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: David Lum [mailto:david@nwea.org] Sent: Wednesday, April 17, 2013 11:28 AM To: NT System Admin Issues Subject: RE: Endpoint backups Files they keep on the desktop and My Documents. From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, April 17, 2013 7:49 AM To: NT System Admin Issues Subject: RE: Endpoint backups What is there to backup that is not in a centralized location backed up by a centralized backup system? Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: David Lum [mailto:david@nwea.org] Sent: Wednesday, April 17, 2013 9:57 AM To: NT System Admin Issues Subject: Endpoint backups Do any of you guys back up all your endpoints/PC's? We're trying to do that via Tivoli but troubleshooting clients is a major PITA. It seems to be ok 90% of the time, but the broken ones seem to take forever to find and repair, and it's not easy to automate resetting the password at the client PC without interaction on the client/endpoint side. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Push msi install package
I always have better luck with .MSI's vs. exe's. Have you tried the various other switches available with the .MSI file? Dave From: Tom Miller [mailto:tominyorkt...@gmail.com] Sent: Wednesday, April 10, 2013 12:36 PM To: NT System Admin Issues Subject: Push msi install package Hi Folks, We use Ricoh printers/copiers here. They provide an agent that can be installed onto desktops so we can manage print configuration, setup, and reporting. The agent is signed with a valid public certificate. The problem I am having is that the push installation (via System Center Essentails) fails, I think because users always receive the Open File Security Warning popup if this is run manually, but I try to surpress that with the /quiet switch, and it fails. I can disable that via GPO, but I do not wish to do that. Do I need to go back to the vendor and have them recompile as an EXE instead? Suggestions appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Blocking executables for the root of a share
I can actually block the creation/execution with McAfee, but assuming a broken or unprotected endpoint, GPO can block execution should a file get there. From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Tuesday, April 09, 2013 11:08 AM To: NT System Admin Issues Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Blocking executables for the root of a share
The one I am looking at is a computer policy: Computer..Policies...Windows Settings...Security SettingsSoftware Restriction policies From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share Can you make SRPs specific to a share? I thought they were user policies? (Long time since I used them though) Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Miller Bonnie L. mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu Date: Tue, 9 Apr 2013 11:07:37 -0700 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Blocking executables for the root of a share I would think David is referring to SRPs (Software Restriction Policies) for the GPO-based blocking. -Bonnie From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: Re: Blocking executables for the root of a share What GPO prevents execution from a specific folder? Is that a file server policy? I'm a little out of date in that area On the issue stated, I wouldn't let users have the permissions to drop files in the root of shared areas Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Tue, 9 Apr 2013 17:45:34 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Blocking executables for the root of a share Our last two virus incidents involved dropping an *.EXE at the root of our primary shared drive. Would it make sense to treat the root of a share the same as Windows 7 treats %OSDRIVE% and not allow the creation or running of executables in the share's root, or is that reacting too specifically to our latest events? Implementing this blocking is relatively straightforward. GPO can prevent the execution in specific folder, and McAfee can block the creation of said files. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: UPS vs Switch Sanity Check
LOL yeah, and simpler/faster to replace :-P. Unless a long steep downhill is in play here... From: Steven Peck [mailto:sep...@live.com] Sent: Monday, April 08, 2013 1:31 PM To: NT System Admin Issues Subject: RE: UPS vs Switch Sanity Check Do they also say to use the clutch to slow the car down when going downhill because they want to save the brakes? I mean brakes are more expensive then clutch replacements right? Steven Peck http://www.blkmtn.org From: sstri...@lrlaw.commailto:sstri...@lrlaw.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: UPS vs Switch Sanity Check Date: Mon, 8 Apr 2013 18:27:31 + Have them set the UPS units to turn themselves off when the battery level gets below a specified threshold. They should have complete control over this. Also, are you not creating a chance for the switches to be damaged by the various power surges. Sometimes the power company will have a on/off/on/off/on cycle in power. Thus doing the same thing to your switches. This is not good for them. But, you can set the UPS units to be at a certain battery level before they will turn back on. Thus, you can protect your switches, and the UPS units. This is what they are there for - use them. From: Mayo, Bill [mailto:bill.m...@pittcountync.gov] Sent: Monday, April 08, 2013 8:53 AM To: NT System Admin Issues Subject: UPS vs Switch Sanity Check I am in the midst of a debate with the folks who support our UPS's, and would appreciate some input. The situation was thus: We were notified of an extended power outage (6 hours) by our utility provider at a couple of our locations. At these locations we have wiring closets with switches (up to 3, in this case) that are plugged into an APC UPS. The UPS people wanted to go and turn off the UPS's and move the power of the switches over to a regular old surge suppressor. Their reason for this was because they contend that allowing the batteries to completely drain will damage them. They also contended that the off the shelf surge suppressor was sufficient to protect the switches from power spikes. My contention is that the switches are more valuable than the UPS's and need the protection that a real UPS affords, especially at a time where we know the power may fluctuate (spike, brownout) or blink repeatedly. I tried to do some research on whether there was any veracity to the claim about damage to drained batteries and have turned up some conflicting information. FA157446 at APC's site seems the most authoritative and says they will be OK as long as recharged within 72 hours, but I have read other comments that suggest that a total discharge will damage a UPS-type battery. What I really want is a sanity check. Is there really something to the UPS battery thing and I am being overly dramatic about the surge suppressor, or would you agree that you'd rather risk damaging the UPS (if that is even realistic) than the equipment behind it? Bill Mayo ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin For more information about Lewis and Roca LLP, please go to www.lewisandroca.comhttp://www.lewisandroca.com/. Phoenix (602)262-5311 Reno (775)823-2900 Tucson (520)622-2090 Albuquerque (505)764-5400 Las Vegas (702)949-8200 Silicon Valley (650)391-1380 This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail by return E-Mail or by telephone. In accordance with Internal Revenue Service Circular 230, we advise you that if this email contains any tax advice, such tax advice was not intended or written to be used, and it cannot be used, by any taxpayer for the purpose of avoiding penalties that may be imposed on the taxpayer. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource
RE: OT: Just A Bunch of Noise, or The Beginning of The End?
We have folks here that use Gartner magic quadrant info for decisions. -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Friday, April 05, 2013 9:05 AM To: NT System Admin Issues Subject: Re: OT: Just A Bunch of Noise, or The Beginning of The End? I just wish the media would just ignore everything Gartner says. I don't know why anyone takes their opinions seriously. They also said that Apple should get out of the hardware business and partner with Dell at some point. They predicted years ago that HP would be out of the PC business. Bill Roger Wright wrote: http://usmarketbuzz.com/msft-microsoft-corporation-nasdaqmsft-will-gro w-obsolete-by-2017-gartner-3206# Roger Wright ___ You can't believe most of the quotes you read on the internet. - Abraham Lincoln ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
In case you haven’t noticed, privacy is becoming history. The current young generation by and large expects to be able to find out where there friends and family are, where they eat and shop, and where they work, and they also have no problems sharing their own information with people. As these people become older and enter the corporate world, they will expect to know quite a bit about you whether or not your resume is any good, and they will likely influence company rules… The added twist is just by having family on social media, your information becomes public “I went to my dad’s 40th birthday party yesterday, not too far from the house he was born in”. Presto, your age, date and place of birth given up in one sentence by someone else. In many ways I see keeping privacy in the same vein as not having a car or a phone. You can do it, but it takes a concerted effort and a specific lifestyle to pull it off. (Oddly, I didn’t have this view until I went to a lunch/seminar that was all about security yesterday!). I’m sure when those first came out there were people who said “who needs such a thing!”. I went without a smartphone longer than many folks, but to be relevant/competitive in my field it became necessary to get one (although I still turn off location services except for the specific times I need them) and I am better off for it as it saves me a lot of time vs. if I were to be without it. Heck cellphones are now being used to inform different service providers traffic densities, average speeds, etc. so their mapping software can tell you how to avoid traffic. Big brother is here, the difference is it’s not like The Truman Show because the participants are also getting the benefits of said information. With social media you might not have to look for a new job, it might find you. I can see in a few years the conversation being “Remember when we had so send resume’s out? How lame!”. That Dilbert is spot-on whether we like it or not. From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 21, 2013 7:51 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media +1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.commailto:rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. -ASB: http://XeeMe.com/AndrewBaker ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin --_ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body:
RE: I almost always agree with the Bruce
+1 Good read, thanks for sharing that Kurt. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, March 22, 2013 6:12 AM To: NT System Admin Issues Subject: Re: I almost always agree with the Bruce H e makes a very good point... ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, Mar 21, 2013 at 11:52 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: And I do this time, too... http://www.darkreading.com/blog/240151108/on-security-awareness-training.html Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Advice on setting up a Win2012 RDS environment
My info is from 2008 R2, hopefully 2012 is similar Session Host (RDSH). Installed role: Remote Desktop Services. This server is what you'd install say, MS Office on and this is all you need to create an .RDP file to publish an app that folks can use if the endpoints are all on-network on the same domain. License server is self-explanatory. Need it if you want to operate more than 120 days RD Gateway and RD Web access in my environment are on the same server, but different than RDSH RD Broker is only needed if you have multiple RDSH. In my environment I put RDS Licensing on this broker server Does this help? Dave -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Wednesday, March 20, 2013 6:54 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment See, part of the problem is that all the documentation I am finding is about setting up Remote Desktop Services not as a Role (apparently), but I need it as a Role. When I inquired previously about this, James Hill told me: The guide you have followed is for a VDI installation an hence it uses the second option in the Add Roles and Features Wizard. And every other guide I am finding starts the same way - to install with the second option, but that's not what I want/need. And I am lost trying to figure out where to go from here, to start configuring my server. I don't want a VDI (Virtual Desktop Infrastructure), apparently. But even all the web sites that deal with setting up RemoteApp start off by installing RDS for VDI. I'm told that I can do this (use RDS but not as VDI, with the RDS host running as a VM). But I can't seem to get started on it. What base concept am I missing here? On Wed, Mar 20, 2013 at 9:06 AM, Michael Leone oozerd...@gmail.com wrote: So we use a Citrix environment (it's really old runs on Win2003, is Presentation Manager v 4.58, has 2 front end web servers as load balancing, and 2 back end servers in the farm that are running a single application ). And what we will be doing is to replace all that with a Win2012 environment, running Remote Desktop Services in a similar configuration (front end web servers, back end farm). Now, all these Win2012 servers will be VMware ESXi 5.0 Update 2 VMs (or that's what we want - all VMs). My task is a proof-of-concept environment - someone else will be involved in the actual migration. So what I need to do is publish a single app, in a similar fashion to my existing Citrix environment (via a front end web server) as a proof-of-concept that we can/should be able to do this as VMs. And I am having trouble understanding what I need to do to set this all up. I have a Win2012 server that I installed RDS onto (as a Role - I installed the Remote Desktop Connection Broker, Remote Desktop Session Host, and Remote Desktop Web Access - I haven't installed the Licensing Host yet) - . And I'm not sure where to go from here. I've seen lots of web sites that detail RDS, etc But they don't seem to be what I want - or, if they are, I'm Just Not Getting It. It has something to do with RemoteApp, near as I can figure. I'm completely unclear on how the front end web servers will enter into it, but one step at a time, I guess. Server Manager at the moment shows me Remote Desktop Services, and tells me a RDS deployment does not exist in the server pool. Right now I want to just set up a test app (even Notepad will do fine, as a test), and I want to see it work from a client's web browser (clients will be XP and Win 7). Can somebody point me at a beginner how to for this? Years back, I set up a Win2003 terminal server, but that was an entire desktop, not just specific published applications (which is what I need in this case). Thanks. I realize I will need to provide more info, please feel free to ask. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Manage JAVA updates
At two locations (%dayjob% and my biggest personal biz client) I use VMWare vCenter Protect (was Shavlik) to patch Java and other non-MS titles. I also notice GFI Vipre Business Premium (used at my other personal biz client) also does patching of Java and a few Adobe items (Flash, Shockwave, etc.), as well as Firefox and Chrome and a few other products. vCenter Protect v9 (beta just came out) has cloud-managed agents that you can manage via your local vCenter Protect console, means you can now manage systems that never or rarely VPN in, all they need is an Internet connection, you can even install their agents via Internet. I just watched the webinar on v9 this morning: http://www.shavlik.com/webinars/shavlik-video/resources.aspx?id=2212572976001 Dave From: Tom Miller [mailto:tominyorkt...@gmail.com] Sent: Monday, March 18, 2013 6:49 AM To: NT System Admin Issues Subject: Re: Manage JAVA updates System Center Essentials 2007, but I plan to update that to 2010, since that version is pretty much useless for anything. On Mon, Mar 18, 2013 at 9:04 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: What are you using now for patching? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CE23A6.779379A0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Tom Miller tominyorkt...@gmail.commailto:tominyorkt...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:03/18/2013 09:01 AM Subject:Manage JAVA updates Anyone have any suggestions for managing JAVA updates in a corporate environment? At my last job we used the kbox as it was part of the patch stream, but the product I use now does not include JAVA as part of the stream. I'd like to be able to control when updates are performed, do to it silently, and to turn off that annoying prompt to install the Ask toolbar. Thanks, Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Virtualization in small office
Even at that, if you have the same Hypervisor it's not all that hard to move it to a new system by moving the virtual disks and creating a new-to-that-Hypervisor VM. Worst case is you have to assign NIC properties and re-activate the OS. I'm just glad Server 2012 lets you merge deleted snapshots while the VM is running. One less advantage VMWare has (took MS long enough...). Dave -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, March 18, 2013 9:08 AM To: NT System Admin Issues Subject: Re: Virtualization in small office On Mon, Mar 18, 2013 at 9:21 AM, Andrew S. Baker asbz...@gmail.com wrote: Every VM has identical virtual hardware. Minor caveat: Every VM within the same physical architecture (AMD vs Intel) has the identical virtual hardware. Ohh... good point. I kind of knew that but the ramifications hadn't sunk in. Thanks for the tip! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Virtualization in small office
I VM even in single-server environments. If you have a SMB with SQL and are buying Server 2012, you're licensed for four VM's, so you can divorce SQL from the DC .If you have the resources (RAM, disk), I'd run the DC, SQL, and file/print each on different VM's. Or at minimum divorce the DC from everything else, since you can get away with small RAM/HDD requirements on a DC in a SMB. Dave From: Hank . [mailto:hgedr...@gmail.com] Sent: Friday, March 15, 2013 9:19 AM To: NT System Admin Issues Subject: Virtualization in small office I deal mostly with SMB. Virtualization is a great fit if you have a number of physical servers. But what about a single server situation? I have a couple replacements coming up where there is a single server that is a DC, file and print, runs SQL or some other database for their LOB and thats it. Is it overkill to say setup 2012 Hyper-V and set up one guest server? It doesn't cost any more because server standard comes with two virtual licenses. Both places currently backup to a NAS so I could just install Veeam in order to get incremental backups vs just installing a new physical server and OS and say using Shadowprotect to backup. Any thoughts appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Virtualization in small office
My bad, I sit corrected! From: Art DeKneef [mailto:art.dekn...@cox.net] Sent: Friday, March 15, 2013 10:08 AM To: NT System Admin Issues Subject: RE: Virtualization in small office Server 2012 Standard comes with TWO VM instances, not four. You're thinking of Server 2008 R2 Enterprise. Art From: David Lum [mailto:david@nwea.org] Sent: Friday, March 15, 2013 9:27 AM To: NT System Admin Issues Subject: RE: Virtualization in small office I VM even in single-server environments. If you have a SMB with SQL and are buying Server 2012, you're licensed for four VM's, so you can divorce SQL from the DC .If you have the resources (RAM, disk), I'd run the DC, SQL, and file/print each on different VM's. Or at minimum divorce the DC from everything else, since you can get away with small RAM/HDD requirements on a DC in a SMB. Dave From: Hank . [mailto:hgedr...@gmail.com] Sent: Friday, March 15, 2013 9:19 AM To: NT System Admin Issues Subject: Virtualization in small office I deal mostly with SMB. Virtualization is a great fit if you have a number of physical servers. But what about a single server situation? I have a couple replacements coming up where there is a single server that is a DC, file and print, runs SQL or some other database for their LOB and thats it. Is it overkill to say setup 2012 Hyper-V and set up one guest server? It doesn't cost any more because server standard comes with two virtual licenses. Both places currently backup to a NAS so I could just install Veeam in order to get incremental backups vs just installing a new physical server and OS and say using Shadowprotect to backup. Any thoughts appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Keeping 550+ systems maintained
I think we have the tools needed (We have KACE that can sit in the DMZ, we have an ePO server that agents can check in with currently), I was mainly trying to get an FTE estimate From: Art DeKneef [mailto:art.dekn...@cox.net] Sent: Friday, March 15, 2013 9:46 AM To: NT System Admin Issues Subject: RE: Keeping 550+ systems maintained Would Windows Intune be a possibility for those remote devices? From: Graeme Carstairs [mailto:loonyto...@gmail.com] Sent: Friday, March 15, 2013 12:12 AM To: NT System Admin Issues Subject: Re: Keeping 550+ systems maintained You could look at direct access As long as the remote machines ate Internet connected they can be managed Usually people may still access the web bit not VPN onto corporate On Friday, 15 March 2013, Ken Schaefer wrote: So, if I could summarise your requirements, and current state: Machines: In Office Remote: once-per-day connectivity Remote: once-per-month connectivity Remote: no connectivity 450 ~30 ~30 ~30 Requirement Metric Compliance Update AV Within 24 hours of release 100% of machines. Weekly report Update Acrobat/Java/Firefox/Chrome Within 14 days of release 100% of machines Weekly report Successful Backup (unsure what the scope is here) Unsure what the metric is here (Daily? Weekly? Monthly?) Weekly report Compliance Report Weekly 100% coverage If you need to meet 100% compliance (you don't mention meeting, say, 90% compliance within 1 day, 100% within a week, or dividing machines into in-office vs. remote) then I think your problem is the infrequently connected machines (~10% of the fleet), as they don't connect frequently enough for central enforcement and meeting your turn-around-times. So you might look at: a) A configuration management system that's able to communicate over the internet. Could be as simple as a script that runs as a scheduled task and posts the data back to a web server that you have centrally b) Some way of making remote configuration changes (Go-To-Meeting or something) to enforce updates (if/when required) You could look at using RDS or similar to publish the apps you need to update within 14 days (except the ones listed all have their own updating mechanisms). If that's not working well, then Citrix/RDS might be an option, as at least you can enforce the updating centrally Backup - I'm going to assume that TSM is not going to work for the machines that do not VPN in, so you need something separate for them. I'd also look at your configuration management procedures, and tighten up the link between asset lifecycle management - configuration management - AD configuration, to reduce the time being spent on machines that haven't been removed from AD. You might want to read the ITIL docs to see all the process areas you should have (not saying you should implement ITIL, but it'll help with proactive/consistent management of the environment. If you really need to hit the metrics you have above (including proving compliance), you could be devoting almost an entire FTE to the above. Cheers Ken From: David Lum [mailto:david@nwea.orgjavascript:_e(%7b%7d,%20'cvml',%20'david@nwea.org');] Sent: Friday, 15 March 2013 7:24 AM To: NT System Admin Issues Subject: RE: Keeping 550+ systems maintained Excellent questions Ken, thanks. Up to date at this point means 1. Current (within 1 day) of anti-virus signatures 2. Have the latest Acrobat/Java/Firefox/Chrome updates within two weeks 3. Successful backups (we use Tivoli to back up endpoints) 4. Weekly report to confirm the above Dave From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, March 13, 2013 8:01 PM To: NT System Admin Issues Subject: RE: Keeping 550+ systems maintained I think you need to know what your requirements are. How do you define up to date? e.g. - How quickly do you need to deploy something (or even have a range of critical/medium/low priority updates)? - And how do you need to report compliance (on demand? At pre-set intervals?) - And how do you measure your SLA? E.g. what is an acceptable level of 'unknown' state devices? And how long can they remain as 'unknown' Once you have an idea of what you need to meet, then you can start to work out what combination of technologies and people you need to meet it. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Wednesday, 13 March 2013 1:40 AM To: NT System Admin Issues Subject: Keeping 550+ systems maintained Scenario: * 550 Windows workstations, with 100 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:_e(%7b%7d,%20'cvml',%20'listmana...@lyris.sunbeltsoftware.com'); with the body
RE: Difference between port forwarding and DMZ
I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection. How does this work, then? RDS Gateway servers need to be domain-joined http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx Dave -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 14, 2013 9:34 AM To: NT System Admin Issues Subject: Re: Difference between port forwarding and DMZ On Thu, Mar 14, 2013 at 8:22 AM, David Lum david@nwea.org wrote: What’s the risk difference between a server in a DMZ (firewalls on each end) and port forwarding from the Internet to a machine inside a network perimeter? Scenario : I have PC’s that use port to talk to a management server, I’m wondering of that server needs to be in the DMZ (with that port opened), or if forwarding that port through is functionally the same thing? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 Go back to the fundamentals. Why do you have a DMZ - that is, what is the fundamental reason that you have a DMZ? It is to have a place where you can put machines that are untrusted, but to which your production network (and perhaps other untrusted networks) need access. So, if it's untrusted, and you need access, what is the fundamental thing you *DON'T* do? You don't allow untrusted machines unrestricted access to your production network. In particular, you don't allow machines in the DMZ to initiate traffic to the production network. Machines in a DMZ should only respond to requests for traffic from the production network, or if they need to initiate traffic to the production network, that traffic should be strictly limited and throughly examined by a proxy that understands the traffic in question. So: o- Where are the machines located that need access to your management server? o- Does the server initiate any traffic, or is it just the clients? If all of the clients are in the production network, and you have all of them under your control, then putting the management server in the DMZ is not required. If the clients are both in and out of the production network, put the management server in a DMZ and make sure you have a firewall that understands the traffic (an application layer gateway, or proxy). Simple port forwarding doesn't examine the traffic. I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection. It's possible that TMG could act as a proxy for something like this, but I'd be very nervous about it. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Difference between port forwarding and DMZ
Correct. How does Citrix handle this? Member server in the DMZ yes? -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, March 14, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Difference between port forwarding and DMZ And you make swiss cheese of your firewall. Thanks Webster -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, March 14, 2013 1:35 PM To: NT System Admin Issues Subject: RE: Difference between port forwarding and DMZ I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection. How does this work, then? RDS Gateway servers need to be domain-joined http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment- in-a-perimeter-network-firewall-rules.aspx Dave ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Keeping 550+ systems maintained
Excellent questions Ken, thanks. Up to date at this point means 1. Current (within 1 day) of anti-virus signatures 2. Have the latest Acrobat/Java/Firefox/Chrome updates within two weeks 3. Successful backups (we use Tivoli to back up endpoints) 4. Weekly report to confirm the above Dave From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, March 13, 2013 8:01 PM To: NT System Admin Issues Subject: RE: Keeping 550+ systems maintained I think you need to know what your requirements are. How do you define up to date? e.g. - How quickly do you need to deploy something (or even have a range of critical/medium/low priority updates)? - And how do you need to report compliance (on demand? At pre-set intervals?) - And how do you measure your SLA? E.g. what is an acceptable level of 'unknown' state devices? And how long can they remain as 'unknown' Once you have an idea of what you need to meet, then you can start to work out what combination of technologies and people you need to meet it. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Wednesday, 13 March 2013 1:40 AM To: NT System Admin Issues Subject: Keeping 550+ systems maintained Scenario: * 550 Windows workstations, with 100+ of them remote. * Active Directory (W2K8R2 and W2K3 DCs). * Windows 7 and Windows XP. * Users are local admins. * Some remote users VPN in daily, others only VPN in once/month, a few others almost never * 30+ onsite users frequently jump between wired and wireless (in my experience this occasionally trips up DNS and thus management agents for a bit) * Systems are cycled out at the rate of about 30 machines every quarter (relevant because finding a noncompliant machine often means knows if a system has been decommissioned or not). Systems are not always immediately removed from AD for various reasons. Task: Keep them up to date on anti-virus and patches, incl. 3rd party (Java/Adobe/Chrome/etc.). This includes coordinating (with select users) installing/testing the patches on their systems before full rollout to the rest of the org. Is this enough info to give a SWAG for how many hours/week you would you tell management this would take? A rough number works. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Keeping 550+ systems maintained
Tools in place: SMS (yes, SMS, not SCCM) KACE 1000 and 2000 (effectively replacing SMS for software distribution) McAfee ePO, including an Agent Handler in the DMZ to update remote clients not connection via VPN WSUS VMWare vCenter Protect (was Shavlik) We have two SE's and four Level1/2 tech's (we have no dedicated level 1 person, the level 2 guys do level 1 stuff as well), but only the SE's are tasked with the anti-virus/patching of the endpoints (along with our usual Active Directory/GPO/server maintenance/security and similar projects duties), the SD guys are break fix/PC deployment-redeployment/office and cell phones/conference set ups, etc. I have a loose benchmark on the anti-virus and looser on the patching. With the fluidity of our endpoints, to get to and maintain 97+% on the anti-virus via McAfee ePO is about 5-7hrs/week, and to get to 99% is another 3-4 hours, as occasionally one or two endpoints are simply time consuming. Patching currently occupies about 1-2hrs/week but I'd bet the compliance is only around 85% at any time. We don't have a good test/release process in place, it's largely throw it out a week or so after Shavlik has processed it and see if anyone reports anything. Kace and vCenter Protect are certainly underutilized at this point. With Kace all we currently do is see who uses what machine so when they call we know what machine we need to remote to and the like. Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, March 12, 2013 7:51 AM To: NT System Admin Issues Subject: Re: Keeping 550+ systems maintained Question: How long is it taking now? I'd be surprised if you don't have some sort of benchmark already. Even though you've provided some good info, so much of this is subjective and relies on other factors, like: -- what tools are currently in place? -- how many admins do you have, and how much scripting do they do? -- are your employees the kind that go for months without change, or require help every 5 min? In any event, that's a good bit of steady work for a couple admins. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Tue, Mar 12, 2013 at 10:39 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Scenario: * 550 Windows workstations, with 100+ of them remote. * Active Directory (W2K8R2 and W2K3 DCs). * Windows 7 and Windows XP. * Users are local admins. * Some remote users VPN in daily, others only VPN in once/month, a few others almost never * 30+ onsite users frequently jump between wired and wireless (in my experience this occasionally trips up DNS and thus management agents for a bit) * Systems are cycled out at the rate of about 30 machines every quarter (relevant because finding a noncompliant machine often means knows if a system has been decommissioned or not). Systems are not always immediately removed from AD for various reasons. Task: Keep them up to date on anti-virus and patches, incl. 3rd party (Java/Adobe/Chrome/etc.). This includes coordinating (with select users) installing/testing the patches on their systems before full rollout to the rest of the org. Is this enough info to give a SWAG for how many hours/week you would you tell management this would take? A rough number works. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: P2V DC/radius server - resolved [incl. troubleshooting steps]
We found the root cause of our wireless issues….turns out about 30-40% of our users were affected*, and the root cause had effectively nothing to do with the RADIUS P2V, it was (not surprising), self-inflicted. I had rebooted the Meru controller Monday morning as I was seeing some events in the event log of the RADIUS server that I wasn’t sure if it was due to the controller not picking up some change or another. Turns out when I did that, the startup config didn’t match what had been the running config, so all the AP’s that had been using 5GHz were set to 2.4GHz, and we have so much interference here that 5GHz is necessary for wireless to be reliable. The fix of course was to return the AP settings to what they had been, and click SAVE to make the startup config the same as the running config. Troubleshooting: · Send out e-mail to the wireless users to get a grasp of who was impacted · List OS and hardware affected (clue: WinXP, Win7, and Mac OS, Dell and Mac hardware affected) · Note the location and floor of the affected users where they experienced the issue (clue: most users reported problems in the same areas, contingent on the next clue) · Note date/time of problem (clue, no problems ever happened before 8am) · Walk the floors with known good machine and a ping tool to find the problematic areas · Work with Meru to confirm there are no problems between the Meru controller and the RADIUS server · Check the controller to see load per AP. This screen shows which AP’s are on 2.4GHz and 5GHz and was how we realized it was the root cause Sadly, it took a couple of days to get to the last step because we were concentrating on the RADIUS chase, and early on removing/re-adding the profile “fixed” one machine. For a while. * Depending on time of day, as it later turned out. Dave From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, March 06, 2013 7:13 AM To: NT System Admin Issues Subject: Re: P2V DC/radius server Can you point the controller to a different DC? Move the RADIUS server to a different machine to see if that resolves the issue? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE1BC5.945C5770] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:David Lum david@nwea.orgmailto:david@nwea.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:03/06/2013 08:52 AM Subject:P2V DC/radius server This weekend we did a P2V of a DC that also handles RADIUS and DHCP duties. Before the P2V I did make sure it held no FSMO roles as well DCPROMO it out of being a DC, then P2V, then DCPROMO back up. Once it came up as a VM, I assigned the IP info to the “new” NIC, checked replication, DCDIAG, DHCP requests, etc. and it all came up good. Our wireless system (Meru) uses RADIUS and since the P2V we have had many clients now have connect/disconnect/reconnect/disconnect issues. 1. We have 25 access points spread over six floors in our building 2. Meru connected via GotoAssist and was able to confirm their controller and the RADIUS server are passing auth requests as expected 3. Deleting and re-creating the wireless profile seems to fix this issue 4. Not 100% of our users are affected, but probable 75% of them are Anyone see anything similar before? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: RD Gateway creds
SSO should work, but they will still have to enter their domain credentials somewhere if they are logging in from a non-domain-joined computer. I forget the exact combination I have now, but from my home PC I only need to enter my credentials once to get past the RDS server and access resources. In my experience at %dayjob%, SSO is confused with don't ever need to enter credentials. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, March 04, 2013 6:56 AM To: NT System Admin Issues Subject: RE: RD Gateway creds Wooo, I bet it is because the public domain of the RD Gateway and the private domain of the Remote Desktop don't match. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, March 04, 2013 9:53 AM To: NT System Admin Issues Subject: RD Gateway creds Trying to set up a simple prepackaged RDP file for some users to hit our Remote Desktop Gateway. On the setup page for the RD Gateway is an option to 'Use my RD Gateway credentials for the remote computer'. Logic tells me that would create a single sign on for the users, present creds for the Gateway and end up on the Remote Desktop logged in. But that isn't happening. It stops at the logon screen for the remote desktop server. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Webster's question is very timely...
USB3.0 as it will plug into more things . I have found USB 3.0 will transfer the same speed as my eSATA (ie. from SATA -- USB 3.0 is as fast as SATA -- eSATA, or roughly 80-110MB/s). USB 3.0 truly rocks. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 28, 2013 11:37 AM To: NT System Admin Issues Subject: Webster's question is very timely... I didn't want to drag his thread off topic, so I'm starting a new one Not to brag (much), but I just picked up a Dell Precision 4600 laptop at a really good price - it's a quad-core machine with Win7 Pro, 16gb RAM and an ATI Firepro video card, 1920x1080 display (15.6) and a 256gb SSD. ($1600 - sale still going as far as I know.) Problem is, I'm pretty sure I made a small mistake. That 256gb drive just isn't big enough to hold the VMs I want. I should have gone with the 128gb minicard and a 1tb hard drive. So, I'm also looking for an external drive, either USB3 or eSATA - if you had the choice, which would you choose for putting in the laptop case for extra storage? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Prevent duplicate DNS entries
For VPN it's the ASA, which is different than where every other systems gets its IP from (a Windows DC). From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, February 27, 2013 12:39 PM To: NT System Admin Issues Subject: RE: Prevent duplicate DNS entries What hands out the IP addresses? Thanks Webster From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 27, 2013 1:40 PM To: NT System Admin Issues Subject: Prevent duplicate DNS entries Kind of related to my earlier query, is there a way to prevent multiple DNS entries for a given IP address range with Windows DNS? Our VPN systems have a specific range of IP's and for whatever reason there's a nasty habit of many systems showing the same IP address in DNS. Or perhaps the real fix is changing the VPN client (Cisco) to handle DNS registration correctly? That would be a different can of worms from my end, but... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: This can't be right (2008R2 - 2012)
That hadn't occurred to me :), I burned the ISO. From: Steve Ens [mailto:stevey...@gmail.com] Sent: Tuesday, February 26, 2013 9:01 AM To: NT System Admin Issues Subject: Re: This can't be right (2008R2 - 2012) Odd, didn't think that the 2012 server install disk actually came on a CD anymore. I've just used the ISO so far. Right click, mount and then run setup. On Tue, Feb 26, 2013 at 10:38 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: I upgraded my personal lab server from 2008 R2 to Server 2012 last night. The server is mainly a Hyper-V and not much else. 1. Inserted 2012 CD 2. Chose upgrade 3. Entered 2012 Key 4. Server reboots a couple of times then gives me the logon screen Everything works as before, just now with 2012 OS, even LogMeIn came over with no issue. Since when do server OS upgrades actually work as advertised? :) Once the new server was up I flipped my VM's to VHDX. Way too easy. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Servers in remote locations
I use VM's whenever possible, even if it's a 1:1. Moves/upgrades are simply much easier. I'd run 2VM's if licensing isn't an issue. Dave -Original Message- From: Tim Vander Kooi [mailto:tvanderk...@expl.com] Sent: Tuesday, February 26, 2013 9:24 AM To: NT System Admin Issues Subject: Servers in remote locations I have got a number of servers at remote locations which are currently serving as RODC and file and print servers. It is time to upgrade the hardware that they are running on and I am curious with hypervisors and the technology of today if people think it is of value to replace the existing servers with servers running 2 separate virtual servers: 1 RODC, DNS, DHCP, and 1 file print; or would you run it all as one physical server with all roles installed? The existing servers are 2008R2 and the new ones will be 2012. Ideas? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Remote Desktop Server (Formerly known as Terminal Server)
Does anyone have any insight to WTF MS was thinking when removing remote control? I'd like to think it was some sensible reason due to an architecture issue, but more likely it's a checkbox missed along the way. Oops we forgot that feature. Eh, like the START button on XP nobody used it... From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, February 22, 2013 5:13 AM To: NT System Admin Issues Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) Check this out: http://blog.wtslabs.com/?p=274 RDS 2012 and Remote Control. A workaround is found... Might not be a viable workaround for everyone but... Thanks Webster From: James Hill [mailto:falc...@gmail.com] Sent: Thursday, February 21, 2013 3:29 PM To: NT System Admin Issues Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) I've never been a fan of roaming profiles and prefer to use just folder redirection. With 2008 and above you have some new features that you may like to use. In particular Remote Desktop Gateway and RemoteApp. It all depends on what the current TS is being used for. If it's just for a particular app then you may look at just publishing Remoteapp's rather than a full session. Being 2008 (with increased security) Point and Print Restrictions is a common GP that needs to be configured. As Webster said, consider 2012 as well. The only downside is that if you regularly remote control/shadow desktops you will be disappointed to find that feature has been removed. So you'll have to use Remote Assistance or something else if you need that functionality. James. From: Kelli Sterley [mailto:kjsterley.li...@gmail.com] Sent: Friday, 22 February 2013 3:32 AM To: NT System Admin Issues Subject: Remote Desktop Server (Formerly known as Terminal Server) I currently have a 2003 Terminal Server which is getting ready to be replaced with the 2008 R2 Remote Desktop Server. Currently we are using roaming profiles and redirecting some user folders. Does anyone use roaming profiles anymore? Why or why not? I am also in the process of editing a group policy for both the server and users. Are there any policies I should add for sure .. Anyone willing to share their GP's with me? Also, I have been searching the internet for some good best practices for the new setup but have found little with regards to 2008. I want it set up as simple as possible so any ideas would be great. Thanks so much - Kelli ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Migrate DHCP from 2003 to 2008 R2
Pre-add...thanks for the heads up! Dave -Original Message- From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Wednesday, February 20, 2013 10:11 AM To: NT System Admin Issues Subject: RE: Migrate DHCP from 2003 to 2008 R2 Netsh works great, but one thing not mentioned in the KB is you may get strange errors if you are missing any options on the new server. If you've added special options for things, such as IP phones, make sure to pre-add them on your new server before importing your scopes. -Bonnie On Tue, Feb 19, 2013 at 9:20 AM, Brian Desmond br...@briandesmond.com wrote: I’ve used the KB mechanism many times Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Tuesday, February 19, 2013 7:43 AM To: NT System Admin Issues Subject: Migrate DHCP from 2003 to 2008 R2 Yes, I’ve Googled it… Does this method also work for 2008 R2? http://support.microsoft.com/kb/962355 Or should I use this route? http://www.networkworld.com/community/node/56296 Anyone care to share their experience? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup to cloud?
My initial question concerned cloud as if it's leaving the clients' building via Internet, the transfer data rate is the same weather it's just offsite or true cloud. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, February 13, 2013 3:56 PM To: NT System Admin Issues Subject: RE: Backup to cloud? Let's not get carried away with calling this proposal 'cloud backup'. IMHO you're offering offsite backup. For something to be cloud you should look at NIST (or similar definitions), which include elements like rapid elasticity, user self-service, broad network access and measured service: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Thursday, 14 February 2013 5:24 AM To: NT System Admin Issues Subject: RE: Backup to cloud? Yes, DR. Their Internet connection download is 10MBps, the size of their backups is 400+GB total, the smallest being Exchange DB @ 50GB, and if I am restoring their SBS VM it's 350GB plus another 200GB for their SQL VM. If could get the liability sorted, it would be far easier to have it backup to my shop, and recovery would be a matter of me bringing in the drive with the backups. I have unlimited space at my web host so I could back up to that but still the download from there -- my lab (25MBps) is 10+ hours. I have their local backups going to two places onsite (a RAID1 USB 3.0 drive + their other non-hyper-V capable server), my concern is building-wide DR need, kind of goes along with my spare server conversation a couple weeks ago. Very unlikely yes, but I still feel the not covered from that angle twinge. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, February 13, 2013 9:27 AM To: NT System Admin Issues Subject: RE: Backup to cloud? Why would retrieval take that long? Are you talking more about disaster recovery? From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 13, 2013 12:21 PM To: NT System Admin Issues Subject: Backup to cloud? Does backup to cloud even matter if the time to retrieve it spans 20+ hours? If I were to consider hosting a clients' backups at my location, where do I go to find what liabilities I need to worry about. Coincidentally the client in mind is a law firm of all places... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup to cloud?
Yes, DR. Their Internet connection download is 10MBps, the size of their backups is 400+GB total, the smallest being Exchange DB @ 50GB, and if I am restoring their SBS VM it's 350GB plus another 200GB for their SQL VM. If could get the liability sorted, it would be far easier to have it backup to my shop, and recovery would be a matter of me bringing in the drive with the backups. I have unlimited space at my web host so I could back up to that but still the download from there -- my lab (25MBps) is 10+ hours. I have their local backups going to two places onsite (a RAID1 USB 3.0 drive + their other non-hyper-V capable server), my concern is building-wide DR need, kind of goes along with my spare server conversation a couple weeks ago. Very unlikely yes, but I still feel the not covered from that angle twinge. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, February 13, 2013 9:27 AM To: NT System Admin Issues Subject: RE: Backup to cloud? Why would retrieval take that long? Are you talking more about disaster recovery? From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 13, 2013 12:21 PM To: NT System Admin Issues Subject: Backup to cloud? Does backup to cloud even matter if the time to retrieve it spans 20+ hours? If I were to consider hosting a clients' backups at my location, where do I go to find what liabilities I need to worry about. Coincidentally the client in mind is a law firm of all places... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup to cloud?
+1. It's the Recovery Time Objective (RTO) here that concerns me. Here's a thought, maybe I should ask the client what's tolerable. Why I didn’t think of that first... Dave -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 13, 2013 10:11 AM To: NT System Admin Issues Subject: Re: Backup to cloud? Someone once said something I now say: I don't care about backups. I care about restores. Of course, that includes time to restore, as well as integrity of restore. AFAICT, backups to the cloud, absent a local copy, aren't worth a whole bunch, if my 7tb file server falls over. Kurt On Wed, Feb 13, 2013 at 9:24 AM, Ben M. Schorr b...@rolandschorr.com wrote: That’s the dirty little secret of cloud backups – restore windows can be ENORMOUS, especially if the client is sitting behind a 3x1 Internet connection. Some cloud services will (for an extra fee) overnight a DVD of your data to you in case you need to do a full restore. Still… As for liabilities – I’d probably consult with your lawyers (not the client) to see what they think. I’d guess you’d need to have a pretty solid contract with them laying out what you are, and aren’t responsible for along with SLAs. Then you’ll want a good professional liability insurance policy to cover you for those things you are responsible for. Ben M. Schorr Chief Executive Officer Roland Schorr Tower www.rolandschorr.com / www.officeforlawyers.com / www.onenote-tips.com Member: American Bar Association - 01473703 Author: The Lawyer's Guide to Microsoft Outlook 2010: http://goo.gl.HWqKc Author: The Lawyer’s Guide to Microsoft Word 2010: http://tinyurl.com/abaword2010 From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 13, 2013 10:21 AM To: NT System Admin Issues Subject: Backup to cloud? Does backup to cloud even matter if the time to retrieve it spans 20+ hours? If I were to consider hosting a clients’ backups at my location, where do I go to find what liabilities I need to worry about. Coincidentally the client in mind is a law firm of all places… David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup to cloud?
There are currently no regulatory concerns, insofar as I have never been asked by them to make them compliant for anything. I will ask to make sure, however. Dave From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, February 13, 2013 10:39 AM To: NT System Admin Issues Subject: RE: Backup to cloud? Have you thought about the confidentiality aspects of putting your data in the cloud, especially if its under regulatory compliance ( PCI, HIPAA, Sox) if you haven't you might be getting yourself in a lot of hot water. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Sam Cayze [mailto:sca...@gmail.com] Sent: Wednesday, February 13, 2013 1:01 PM To: NT System Admin Issues Subject: RE: Backup to cloud? Amazon has some super high speed pipes linked to various centers for situations like this. (Called Direct Connect?). Not too familiar with it. I think connections as fast as 10Gbps. You could design your DR strategy around a data center supporting this. Mozy also supports shipping DVDs/Drives. There are also some solutions that allow you to 'spin-up' your backups at the cloud location on a VM. (Check out Unitrends. Veem?). Then, you don't have to download the backups. I put all my 'cloud' backups into the same remote data center I would restore to in a disaster. And some of that even gets backed up to the 'real' cloud (Amazon S3). From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, February 13, 2013 11:36 AM To: NT System Admin Issues Subject: Re: Backup to cloud? I have 498GB of data stored in the cloud that would take about six weeks to download. The send me it on a USB drive option that Ben mentioned is my DR choice :-) On 13 February 2013 17:27, Rod Trent rodtr...@myitforum.commailto:rodtr...@myitforum.com wrote: Why would retrieval take that long? Are you talking more about disaster recovery? From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Wednesday, February 13, 2013 12:21 PM To: NT System Admin Issues Subject: Backup to cloud? Does backup to cloud even matter if the time to retrieve it spans 20+ hours? If I were to consider hosting a clients' backups at my location, where do I go to find what liabilities I need to worry about. Coincidentally the client in mind is a law firm of all places... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: symlink c:\users?
In Terminal Server\RDS-land I moved users to a D: drive with very simple registry change and it works flawlessly, all new users drop to the new drive, and it was trivial moving the existing ones over. Depending on your environment it might be time consuming while you wait for all the files to move over... Dave -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, February 12, 2013 12:46 PM To: NT System Admin Issues Subject: symlink c:\users? I have an existing RDS 2008 R2 server that is used by students in a lab. I really need to get c:\users off the C drive. There are times they need to store items on the desktop as they are not allowed on their network storage. Anyone moved it using a symlink to another drive? I read it is unsupported but I don't see many reports of problems. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: symlink c:\users?
Ding ding ding. :-) -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, February 12, 2013 12:59 PM To: NT System Admin Issues Subject: RE: symlink c:\users? Ok, that was lazy of me. Google says Path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList Value: ProfilesDirectory -Original Message- From: Kennedy, Jim Sent: Tuesday, February 12, 2013 3:55 PM To: NT System Admin Issues Subject: RE: symlink c:\users? And that registry change was.. :) -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Tuesday, February 12, 2013 3:53 PM To: NT System Admin Issues Subject: RE: symlink c:\users? In Terminal Server\RDS-land I moved users to a D: drive with very simple registry change and it works flawlessly, all new users drop to the new drive, and it was trivial moving the existing ones over. Depending on your environment it might be time consuming while you wait for all the files to move over... Dave -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, February 12, 2013 12:46 PM To: NT System Admin Issues Subject: symlink c:\users? I have an existing RDS 2008 R2 server that is used by students in a lab. I really need to get c:\users off the C drive. There are times they need to store items on the desktop as they are not allowed on their network storage. Anyone moved it using a symlink to another drive? I read it is unsupported but I don't see many reports of problems. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Rename 2003 domain
Wow, Webster Desmond and MBS recommend against it. ...and I thought a couple of SBS swings were high on the things could go horribly wrong scale... From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, February 05, 2013 10:36 AM To: NT System Admin Issues Subject: RE: Rename 2003 domain To the OP: you already know your domain is broken. Good luck. You are going to need it. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Tuesday, February 5, 2013 1:29 PM To: NT System Admin Issues Subject: RE: Rename 2003 domain To add to Michael's point, this wasn't necessary and probably wasn't the best idea. The consultant obviously messed something up given you had to rejoin clients. The simple fact that the consultant was happy to (and possibly recommended) this domain rename tells me a lot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Tuesday, February 5, 2013 9:55 AM To: NT System Admin Issues Subject: RE: Rename 2003 domain We hired a consultant to move us to AD 2008 R2 and E2010. He renamed the domain to company.net this past weekend. We did have to manually rejoin the clients to the new domain (rebooting twice did not make the clients auto-join), but everything appears to be working fine. We have just extended the schema and have our first 2008 R2 domain controller up and running. Anything in particular I should check to verify that all is well? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, February 05, 2013 9:50 AM To: NT System Admin Issues Subject: RE: Rename 2003 domain Don't rename the domain. Just Say No. There is no need. Sent from my Windows Phone From: David Mazzaccaro Sent: 2/1/2013 9:50 PM To: NT System Admin Issues Subject: RE: Rename 2003 domain Thx I Just read through that thread. One comment was that you never need to register an internal name on a certificate But it doesn't go into detail as to why. The other bigger headache (which I understand) is to NOT use an internal name that will also be used externally. We only use company.com on in the internet. So if we never use company.NET on the outside, why couldn't/shouldn't I rename the domain to that? Thx From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, February 01, 2013 12:23 PM To: NT System Admin Issues Subject: RE: Rename 2003 domain Go to the archives and read the SSL and the new no internal names ruling thread. I think you are going in the wrong direction. Thanks Webster From: David Mazzaccaro [mailto:david.mazzacc...@hudsonmobility.com] Sent: Friday, February 01, 2013 9:48 AM To: NT System Admin Issues Subject: Rename 2003 domain I will be upgrading my domain from 2003 to 2008 R2 and Exchange 2003 2010. Apparently E2010 does not like my current domain name company.town.main It wants (needs?) a name that can be registered w/ an internet registrar in order to obtain a certificate. So... I will be renaming the domain to company.net this weekend. I have already registered the company.net name. From what I have read, it is fairly (?) straightforward: http://technet.microsoft.com/en-us/library/cc738208(v=ws.10).aspx Then there are specific Exchange changes: XDR-fixup Then it seems EVERY computer needs to reboot twice for them to see the new domain. I do have a script for this and a txt file w/ all the machines in it: for /f %%i in (machines.txt) do shutdown -m \\%%ifile:///\\%25%25i -f -r -t 05 My question is... has anyone here successfully renamed a 2003 domain (especially w/ Exchange 2003 in it)? Care to share your experience and any gotcha's that came up? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: SMB IT provider Q
I am similar, I am fortunate that my SMB clients run similar hardware and Hyper-V, and if my home server was powerful enough I wouldn't feel the need to try and charge for it. I too shoot for consistency (ok, except anti-virus vendors). I've been doing SMB support for 12 years now and also have yet to need this service but that doesn't mean it might not happen. Perhaps I'll give them the options and see how they vote. From: Art DeKneef [mailto:art.dekn...@cox.net] Sent: Sunday, February 03, 2013 4:41 PM To: NT System Admin Issues Subject: RE: SMB IT provider Q That is a service I provide my clients. But I haven't charged them for the service. Probably because in the past 20 years I have been running my own shop I had to bring in a temp server just twice. And because both times the office was broken into and the server was stolen. Different clients. At one client the thieves were kind enough to remove the backup tape from the server and left it on the table. All my servers are basically the same based on the software installed. Meaning all my physical single SBS 2011 servers are the same, servers for Hyper-V hosting are the same. I also work in the SMB space and this has worked well for me for several years. I like consistency. I have a 4 server lab currently. If a customer needed a server for something RIGHT NOW I would pull one of the lab servers. The lab servers are almost identical to customer servers. There have 32 GB instead of 16 GB RAM. Like Mike said, needing a server like this is very rare. Or has been in my experience. If there is a server problem you usually will have some kind of warning and can go from there. Having a good backup plan and disaster recovery options are better options I think. Art From: David Lum [mailto:david@nwea.org] Sent: Sunday, February 3, 2013 12:46 PM To: NT System Admin Issues Subject: RE: SMB IT provider Q This is actually the other idea I was considering, have this 2nd server host the patching/anti-virus, etc stuff on a VM and the host could also store the backup images and be leveraged in an emergency. From: Mike Hoffman [mailto:m...@drumbrae.net] Sent: Sunday, February 03, 2013 10:56 AM To: NT System Admin Issues Subject: RE: SMB IT provider Q Why not give the clients each a server which can be re-tasked at short notice? If you store the backup images on a device that you can hyper-v up if necessary then it has great value for the client to have available for themselves. We have a few servers running Hyper-v which we are reconfiguring to do some failover - the plan is that if we need a server at short notice we simply sacrifice the failovers and move the box. The licensing is taken care via a SPLA license or the clients existing licenses. It is very rate to actually need to deploy a spare server, think of recovery objectives. If the server is down they can still work, emails can back-up with the ISP, individual files can be recovered and any server repairs (e.g. new backplane) can be scheduled to minimise disruption. If a client really needs that level of redundancy then they can afford to pay fully for it. 25 users, $4 per user per month = $1200 per year. Don't promise what you can't deliver, but you know the clients well. It might be worth getting involved with a local IT company just to cover your back just in case. Mike From: Ben M. Schorr [mailto:b...@rolandschorr.com] Sent: 03 February 2013 17:31 To: NT System Admin Issues Subject: RE: SMB IT provider Q I'd probably offer it as a service for a nominal fee - maybe $25 a month per customer? Of course you run the risk of having multiple customers suffer failures at the same time and they'll be rightfully upset if you don't have the spare hardware available to get them back up when that happens... Ben M. Schorr Chief Executive Officer Roland Schorr Tower - Flagstaff Office 928-526-3970 www.rolandschorr.comhttp://www.rolandschorr.com/ * www.twitter.com/bschorrhttp://www.twitter.com/bschorr * www.facebook.com/RolandSchorrhttp://www.facebook.com/RolandSchorr From: David Lum [mailto:david@nwea.org] Sent: Sunday, February 3, 2013 10:11 AM To: NT System Admin Issues Subject: SMB IT provider Q I have a couple of clients and they both run SBS2011 Premium in their environments and in both cases I have them on Dell hardware and on top of Hyper-V hosts. It makes sense to me to have ready spare hardware, and it seems to me if I had one server in my lab ready to go as a temporary stand-in Hyper-V host I could offer this as a cheaper alternative as to asking them to have a full 2nd server onsite in a cluster. My thinking is: * Have one server, just powerful enough to work as a stand-in server in either environment (16GB RAM, enough SAS disk space to cover the biggest Hyper-V host) with an IT Garage licensed 2008 R2 Host OS (both my clients are running this). * If either client has a hard server failure, I run my hardware out
RE: Dell windows 8 COA
I don't know that the key is embedded in the BIOS so much that the OS install looks for some specific BIOS properties, I've been able to re-install via CD across various Dell models (I can install XPSP3 on a machine that came with XPSP2, for example). Dave From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Monday, February 04, 2013 6:49 AM To: NT System Admin Issues Subject: RE: Dell windows 8 COA The windows 8 PRO discs we get from MS as part of our enterprise agreement come with their own product key. I've used one to do a clean install on a dell ultrabook that came with windows 8 HOME. It automatically used the key embedded in bios and installed as home, not pro. Sent from my Windows Phone From: Ben Scott Sent: 2/4/2013 7:59 AM To: NT System Admin Issues Subject: Re: Dell windows 8 COA On Mon, Feb 4, 2013 at 7:13 AM, Nigel Parker nigel.par...@ultraframe.co.ukmailto:nigel.par...@ultraframe.co.uk wrote: Although the desktops have a bronze sticker on the back with the windows flag and the words windows 8 I cant find a COA sticker with a key anywhere on the machine inside, outside , top bottom A unique, unit-specific code is embedded in the firmware (ACPI BIOS). You don't get a Certificate of Authenticity or Product Ley. Microsoft is encouraging their large OEMs (like Dell) to do this. Toshiba laptop I just bought is the same way. Keywords: OA 3.0 SLP, OA = OEM Activation, SLP = System Locked Pre-Installation I've seen claims that if the motherboard is replaced, the OEM is supposed to provide a printed card with a new Product Key, to allow the existing install to continue to be used. Haven't confirmed that with a reliable source yet. I don't know what happens if you try to use a generic OEM disc to do a clean install (i.e., without vendor shovelware) in such cases. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Robocopy reliability
Alluding, but I digress :) I believe he is misinformed. I have *never* seen that. Sounds more like something he heard through a grapevine vs. experienced directly. I'd wager if pressed for details on this opinion he will be short on specifics. Don't trust pneumatic tires, they all leak, I know this because my friend's mother's teacher had a flat once... From: Tigran K [mailto:tigr...@gmail.com] Sent: Monday, February 04, 2013 10:13 AM To: NT System Admin Issues Subject: Re: Robocopy reliability So his reliability comment was directed more toward robocopy utility itself. Eluding to the fact that he's seen robocopy copy files that turned out to be not the same as the original. We're not doing anything complex. We want to copy some files from source control and catch deleted files at the same time. So instead of deleting the entire destination folder and copying new files from source control. I'm saying it's as simple as robocopy /mir and that's it. That way whatever file is removed from source control will get removed on the destination servers as well. On Mon, Feb 4, 2013 at 9:08 AM, Tom Miller tmil...@sfgtrust.commailto:tmil...@sfgtrust.com wrote: I've used it many times for file migration moves and even for permissions copies. Just this past weekend I migrated a pretty complex old Windows 2008 server shared to Windows 2008 R2 this past weekend. I didn't copy permissions since they were a mess. The only errors I've seen were my own, usually syntax or spelling. What are you trying to do? From: Tigran K [mailto:tigr...@gmail.commailto:tigr...@gmail.com] Sent: Monday, February 04, 2013 11:34 AM To: NT System Admin Issues Subject: Robocopy reliability Having a discussion with the boss on how we should do something I suggested robocopy. His reply was a strict NO. Reasoning was that it's not reliable. He said I've seen it break. So my question is have you seen it break? Is robocopy any more or less reliable than built in copy? I did point out that robocopy is built in to windows as well at least for Windows7. Didn't seem to help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Robocopy reliability
Fail. From: Tigran K [mailto:tigr...@gmail.com] Sent: Monday, February 04, 2013 10:49 AM To: NT System Admin Issues Subject: Re: Robocopy reliability He was saying we should use just plain old copy. -T On Mon, Feb 4, 2013 at 10:11 AM, Matthew W. Ross mr...@ephrataschools.orgmailto:mr...@ephrataschools.org wrote: I have never had a problem with Robocopy. It did exactly what I told it to do and gave me detailed information on what it did. I could not ask for more from a command line copy utility. I'm sensing that your Boss has a bias, perhaps due to a bad experience he had previously. If so, what does _he_ recommend? Maybe he has some awesome software I've never heard of. (It wouldn't be the first time!) --Matt Ross Ephrata School District - Original Message - From: Tom Miller [mailto:tmil...@sfgtrust.commailto:tmil...@sfgtrust.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 04 Feb 2013 09:08:33 -0800 Subject: RE: Robocopy reliability I've used it many times for file migration moves and even for permissions copies. Just this past weekend I migrated a pretty complex old Windows 2008 server shared to Windows 2008 R2 this past weekend. I didn't copy permissions since they were a mess. The only errors I've seen were my own, usually syntax or spelling. What are you trying to do? From: Tigran K [mailto:tigr...@gmail.commailto:tigr...@gmail.com] Sent: Monday, February 04, 2013 11:34 AM To: NT System Admin Issues Subject: Robocopy reliability Having a discussion with the boss on how we should do something I suggested robocopy. His reply was a strict NO. Reasoning was that it's not reliable. He said I've seen it break. So my question is have you seen it break? Is robocopy any more or less reliable than built in copy? I did point out that robocopy is built in to windows as well at least for Windows7. Didn't seem to help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SMB IT provider Q
This is actually the other idea I was considering, have this 2nd server host the patching/anti-virus, etc stuff on a VM and the host could also store the backup images and be leveraged in an emergency. From: Mike Hoffman [mailto:m...@drumbrae.net] Sent: Sunday, February 03, 2013 10:56 AM To: NT System Admin Issues Subject: RE: SMB IT provider Q Why not give the clients each a server which can be re-tasked at short notice? If you store the backup images on a device that you can hyper-v up if necessary then it has great value for the client to have available for themselves. We have a few servers running Hyper-v which we are reconfiguring to do some failover - the plan is that if we need a server at short notice we simply sacrifice the failovers and move the box. The licensing is taken care via a SPLA license or the clients existing licenses. It is very rate to actually need to deploy a spare server, think of recovery objectives. If the server is down they can still work, emails can back-up with the ISP, individual files can be recovered and any server repairs (e.g. new backplane) can be scheduled to minimise disruption. If a client really needs that level of redundancy then they can afford to pay fully for it. 25 users, $4 per user per month = $1200 per year. Don't promise what you can't deliver, but you know the clients well. It might be worth getting involved with a local IT company just to cover your back just in case. Mike From: Ben M. Schorr [mailto:b...@rolandschorr.com] Sent: 03 February 2013 17:31 To: NT System Admin Issues Subject: RE: SMB IT provider Q I'd probably offer it as a service for a nominal fee - maybe $25 a month per customer? Of course you run the risk of having multiple customers suffer failures at the same time and they'll be rightfully upset if you don't have the spare hardware available to get them back up when that happens... Ben M. Schorr Chief Executive Officer Roland Schorr Tower - Flagstaff Office 928-526-3970 www.rolandschorr.comhttp://www.rolandschorr.com/ * www.twitter.com/bschorrhttp://www.twitter.com/bschorr * www.facebook.com/RolandSchorrhttp://www.facebook.com/RolandSchorr From: David Lum [mailto:david@nwea.org] Sent: Sunday, February 3, 2013 10:11 AM To: NT System Admin Issues Subject: SMB IT provider Q I have a couple of clients and they both run SBS2011 Premium in their environments and in both cases I have them on Dell hardware and on top of Hyper-V hosts. It makes sense to me to have ready spare hardware, and it seems to me if I had one server in my lab ready to go as a temporary stand-in Hyper-V host I could offer this as a cheaper alternative as to asking them to have a full 2nd server onsite in a cluster. My thinking is: * Have one server, just powerful enough to work as a stand-in server in either environment (16GB RAM, enough SAS disk space to cover the biggest Hyper-V host) with an IT Garage licensed 2008 R2 Host OS (both my clients are running this). * If either client has a hard server failure, I run my hardware out and restore their backups to this hardware. This gets them up and running while I resolve whatever the issue might be on their production server * Once their primary system is back up, bring this hardware back to my lab It looks like I can get some hardware in the $1000 range for this, but the catch is I'd like to have my clients offset some if not all of the cost. Would it make sense to offer them this spare server available service with a monthly fee associated, or a one-time cost? Surely other IT shops offer the same thing in some fashion. I did a proof-of-concept of this this weekend, I grabbed a client's SBS2011 backup and restored it to my own ITG server (has just 8GB RAM through and SATA not SAS, so not enough oomph to run both SBS2011 and the 2008R2 server that comes with Premium) and restored to it and it worked beautifully. It's possible of course that both clients could have an outage on the same day, in which case I'd totally screwed in many ways, so not sure how to handle not being able to deliver something they've been paying for, except maybe a if this service can't be delivered then something as they do know that I am a one-man shop with a day job to boot. I may be overlooking some other options here as well, so I am open to suggestions. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage
RE: Password complexity question
That's actually the article I read that kicked off my e-mail to you guys, LOL. -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Thursday, January 31, 2013 7:36 PM To: NT System Admin Issues Subject: Re: Password complexity question On 31 Jan 2013 at 14:16, David Lum wrote: I have seen a few articles on password cracking and using unrelated words, so I have a question Given the Making complex passwords section here: http://www.digitaltrends.com/mobile/crack-this-how-to-pick-strong-password s-and-keep-them -that-way/ Could you use a fairly simple method to identify what the password is for and still have it tough to crack? I'm guessing no, but have to ask For a twitter account: Twitter1 vodka eagles! Then for a Facebook account:Facebook2 vodka eagles! Ebay: Ebay3 vodka eagles! Then follow that same pattern for the various accounts. While it seems like bad practice to include the service name as part of the password I thought I'd ask your guys' opinion. It's at least better than using the same password for everything...or is it? It is. But I would recommend using a password manager like LastPass or KeePass with one very strong password to access it rather than worry about individual passwords and patterns. FWIW, I came across this earlier today: More interesting news: passPHRASES aren't more secure, since the dictionary attacks now use them as well. Grammar badness makes cracking harder the long password | Ars Technica When it comes to long phrases used to defeat recent advances in password cracking, bigger isn't necessarily better, particularly when the phrases adhere to grammatical rules. ... A team of Ph.D. and grad students at Carnegie Mellon University and the Massachusetts Institute of Technology have developed an algorithm that targets passcodes with a minimum number of 16 characters and built it into the freely available John the Ripper cracking program. The result: it was much more efficient at cracking passphrases such as abiggerbetter password or thecommunistfairy because they followed commonly used grammatical rules-in this case, ordering parts of speech in the sequence determiner, adjective, noun. When tested against 1,434 passwords containing 16 or more characters, the grammar-aware cracker surpassed other state-of-the-art password crackers when the passcodes had grammatical structures, with 10 percent of the dataset cracked exclusively by the team´s algorithm. See: http://arstechnica.com/security/2013/01/grammar-badness-makes-cracking-harder-the-long-password/ One thing I do to mitigate dictionary attacks: m11spelll wuurds wh33n EEYYEE yuuse tthheemm iiNn P@@ssww00rdd5znot sure how long the black hats will take to add stuff like this ;-) but it's just an arms race. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: MS site?
Works from OR, USA From: Spencer Read [mailto:s93n...@gmail.com] Sent: Friday, February 01, 2013 7:00 AM To: NT System Admin Issues Subject: RE: MS site? Yep, no response from site! From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: 01 February 2013 14:54 To: NT System Admin Issues Subject: MS site? Anyone else having trouble getting to this link? http://support.microsoft.comhttp://support.microsoft.com/ Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE004B.FE9B9780] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: On a lighter note for a Friday, Passed my CISA exam
W00t! From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, February 01, 2013 11:54 AM To: NT System Admin Issues Subject: On a lighter note for a Friday, Passed my CISA exam Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: Been a long day today, but I won...
Nice job Kurt! -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 29, 2013 10:42 PM To: NT System Admin Issues Subject: Been a long day today, but I won... So, it's month end, and our UK office is noticing that emails are not processing outbound from their office. All of their emails come through the US server, to be delivered wherever, and there are some big emails (4-8mbytes) with proposals and orders and such, and they're getting desperate. Lots of little emails are stuck in queue too, though if left alone they seem to trickle out, while the big messages go to retry status. It's already been a long day for me, having been woken up at 3am because they switched over to a new DSL provider, and couldn't log into the router to set up the PPOA configuration. (pay attention - that's a clue...) While I'm trying to troubleshoot this, the nominal IT manager above me is freaking out and deleting messages from the outbound queue on the UK Exchange server, restarting services multiple times, rebooting the UK server, and generally showing all of the patience and investigative skill of a 4yo. I leave the office at 18:00 to pick up my son at daycare, and arrive home and start ignoring everything else except the problem with Exchange. (I have a very good wife, and I deeply appreciate her patience with me!) I get frustrated, and turn up logging on a bunch of Exchange services, then bounce both the UK and US servers remotely, just so I have a clean starting point in the logs. Finally I notice a 4000 message from MSExchangeTransport on the US server (along with some 4006 messages from the same source on the UK server), and hit paydirt. EventID.net turns up reference to MTU sizes. I adjust the firewall in our UK office from 1500 to 1450, and transport of my test message with a 12mbyte text attachment flies through. I test once more with the same attachment, just to be sure. Success. I am now going to bed. Good night. Kurt PS - I'll turn down the logging tomorrow, when I have a few minutes to breathe at work. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Multi-tenant campus security
Is it feasible to bill per MAC address? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, January 31, 2013 9:21 AM To: NT System Admin Issues Subject: Re: Multi-tenant campus security On Thu, Jan 31, 2013 at 12:18 PM, Ben Scott mailvor...@gmail.com wrote: One more thing if that's not enough... As management is selling per-port networking services, is there any way to identify or prevent someone from plugging in router inside their subnet and adding ports? P.S.: Most tenants are going to be using wireless extensively if not exclusively these days, so you're going to have to re-evaluate the entire bill per port concept anyway. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Ouch - UPnP
See the thread called Shocking? Somehow, not... Having a more descriptive subject line like yours is far too logical :) From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, January 31, 2013 9:30 AM To: NT System Admin Issues Subject: Ouch - UPnP http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/?tag=nl.e757s_cid=e757 Guess it would mostly affect home users but they are going to be the ones who would never hear about it for be able to fix it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Shocking? Somehow, not...
Rapid7 has a tool to scan for this vulnerability, it does require Java(!) and registration, but is otherwise free. From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Tuesday, January 29, 2013 1:01 PM To: NT System Admin Issues Subject: Re: Shocking? Somehow, not... Not surprisingly, you're going to see a lot of alerts coming out on this subject. Here's the Cisco one: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp which you can expect to be updated as more is learned about which products are affected. On Tue, Jan 29, 2013 at 9:44 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Windows Network Awareness and Public Network
Oy. Found It and made the change. A little slow today... From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Wednesday, January 30, 2013 7:07 AM To: NT System Admin Issues Subject: Re: Windows Network Awareness and Public Network Can't you just change it? I remember having to switch some lab systems to Private to get them to talkdon't remember if you can force the Domain profile though Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Wed, 30 Jan 2013 15:02:36 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Windows Network Awareness and Public Network Does anyone know what ports need to be open for Windows Network Awareness to believe it's on a domain? I have a DMZ server in a DMZ that thinks it's on a Public network - we can get it to talk to other systems but can't get any ingress traffic to it. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Limiting who can send all-staff e-mails
Nope, that already happens, and we have employees that REPLY ALL to those.. From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Friday, January 25, 2013 3:43 AM To: NT System Admin Issues Subject: Re: Limiting who can send all-staff e-mails Just wait till someone forwards a joke or scam report to your entire staff, or asks for someone to move their car. That should do it. Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: David Lum david@nwea.orgmailto:david@nwea.org Date: Fri, 25 Jan 2013 11:14:36 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Limiting who can send all-staff e-mails Does anyone have some links I can use to demonstrate to management why it's a bad idea to allow any of our 600 employees to send e-mails to all staff? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Limiting who can send all-staff e-mails
I brought up how easy it would be for a disgruntled employee to send an inappropriate message to the entire company That, and malware being sent to the big DL were my arguments. These in addition to the fact we just had several training sessions on how excessive e-mails result in lost productivity... From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, January 25, 2013 6:10 AM To: NT System Admin Issues Subject: RE: Limiting who can send all-staff e-mails No links, but management here clamped down because people were sending personal charity, business, and greeting cards emails to everybody. That, and I brought up how easy it would be for a disgruntled employee to send an inappropriate message to the entire company. -Paul From: David Lum [mailto:david@nwea.org] Sent: Friday, January 25, 2013 5:15 AM To: NT System Admin Issues Subject: Limiting who can send all-staff e-mails Does anyone have some links I can use to demonstrate to management why it's a bad idea to allow any of our 600 employees to send e-mails to all staff? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DC's and VM's
Hyper-V 2.0 also does this, at least the delay period for each VM. I have DC's always start 120 secs after host start and other VM's 300 secs after that. Server 2012 redundant DHCP...oh NICE! From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 22, 2013 8:41 AM To: NT System Admin Issues Subject: RE: DC's and VM's That is correct (you can have redundant DHCP without splitting the pool in Windows Server 2012). Hyper-V 3.0 also allows you to specify critical VMs that must start first, with X delay before starting other VMs, and allow Hyper-V clusters to come online BEFORE AD starts. From: N Parr [mailto:npar...@mortonind.com] Sent: Tuesday, January 22, 2013 11:24 AM To: NT System Admin Issues Subject: RE: DC's and VM's Speaking from experience DHCP is also nice to have on physical. Say you have to power the entire facility down for one reason or another, your hosts all have to start up cold. There is no way you will get your guest running DHCP online before all your devices elsewhere on the network are already up and looking for an address. Then the dumber devices will time out after a while and will have to be power cycled again to get their address. From my understanding 2012 also helps this problem since you can have redundant DHCP servers without splitting the pool? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 22, 2013 10:12 AM To: NT System Admin Issues Subject: RE: DC's and VM's Unless you have a fully Hyper-V 3.0 infrastructure and your DCs are all Windows Server 2012. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 22, 2013 11:06 AM To: NT System Admin Issues Subject: DC's and VM's Is this still current thinking? Note: Always have at least one DC that is on physical hardware so that failover clusters and other infrastructure can start. http://support.microsoft.com/kb/888794 David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
E-reader...although for all I know they do extra crap too. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 3:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Ouch today's outbreak
Welcome to my world...I had the GPO set up but was denied over a year ago. Guessing that will change. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 08, 2013 12:56 PM To: NT System Admin Issues Subject: RE: Ouch today's outbreak You still have autorun enabled? REALLY? From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 8, 2013 3:52 PM To: NT System Admin Issues Subject: Ouch today's outbreak This just in: W32/SillyFDC. Not new to the internet, but new here :( Bites David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Ouch today's outbreak
Update - brand new virus variant baby...as of yesterday. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 08, 2013 1:01 PM To: NT System Admin Issues Subject: RE: Ouch today's outbreak Welcome to my world...I had the GPO set up but was denied over a year ago. Guessing that will change. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 08, 2013 12:56 PM To: NT System Admin Issues Subject: RE: Ouch today's outbreak You still have autorun enabled? REALLY? From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 8, 2013 3:52 PM To: NT System Admin Issues Subject: Ouch today's outbreak This just in: W32/SillyFDC. Not new to the internet, but new here :( Bites David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
Word. Domain-joined system but they auto-login as a local user that belongs to the guest group in Vista, with a few other lockdowns that mimic Steadystate. Public machines are a completely different can of worms, and even the above isn't perfect but I can go several months at a time (been almost a year I think at this point) before getting a call for support on them. Dave From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Sunday, January 06, 2013 7:39 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I'm glad someone asked. I always assumed I was missing something. We've got lab computers for a couple thousand students and have any issues to speak of. Sent from my Windows Phone From: Brian Desmond Sent: 1/6/2013 3:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Occasional local admin needed
Thanks for everyone's replies on this! Dave From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 04, 2013 7:53 AM To: NT System Admin Issues Subject: RE: Occasional local admin needed Do a domain account as you describe and set the account to expire tomorrow. When they need it you re-enable it and set it to expire again the next day. Still manual intervention on your part but the automatic expire solves the ongoing access issue. From: David Lum [mailto:david@nwea.org] Sent: Friday, January 04, 2013 10:41 AM To: NT System Admin Issues Subject: Occasional local admin needed How would you guys handle this? I have a server that the developers use that they occasionally (once a month or so) need local admin access for to install/upgrade an app or feature they use. This is a new-ish server that previously I have just added a user (it's the same one each time) to the local admin group then a week later took them out, but that's cumbersome and I become the single point of failure on remembering to back them out. I could 1. create a special AD account for this user to be local admin, or 2. create an AD group, put this person in it, then GPO that group into local admins on that server. Suggestions? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Replacement for SteadyState
+1. Requires mindset change and buy-in of powers-that-be, which sometimes can be a hurdle... From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 07, 2013 7:09 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState how do you handle situations where students don't logout before they leave.. then student 2 has access to student 1's account. Self-correcting problem. Student 2 deletes all of Students 1's stuff and Student 1 never does it again. With 7,000 students we have very little trouble with this issue actually. Also we set inactivity timeouts so they auto log out. I would not go with generic accounts. There is no accountability, no tracking of what they do From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 07, 2013 10:04 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState No on the student login. We use a generic account per classroom. We've talked about moving to a individual student login, but I'm not sure we need or want that. For others that have gone that route, how do you handle situations where students don't logout before they leave. You either have a locked computer, logged on as said student or if not locked, then student 2 has access to student 1's account. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, January 07, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Sure so scenarios where you're teaching classes that require changes to the OS to accomplish the class makes good sense and I'd not argue against a solution like DeepFreeze in that case. In the case of things like wallpaper and user profile stuff, are you not using named user accounts for your students? That solves a bunch of this on the spot. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Monday, January 7, 2013 7:42 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState We teach classes and let the students make any and all changes to the desktop environment. Here's one example. Student comes in and sets the desktop wallpaper to his favorite pinup gal. Next student doesn't like it, but is a beginner and doesn't know how to change it to something else. Reboot and the pin up gal is gone. Also, I've seen some programs/apps that can now be installed without admin rights, Google Chrome for example. Not a problem with Deep Freeze. I'm sure there are other ways to do this, but DeepFreeze works great in our environment. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 06, 2013 4:36 PM To: NT System Admin Issues Subject: RE: Replacement for SteadyState I've worked at a lot of customers that use DeepFreeze and similar products and I'm not a huge fan of the concept in general. It makes the overall lifecycle maintenance of a desktop environment a heck of a lot more complicated. The question I always pose (and usually don't get much of a response to), is what problems/issues is DeepFreeze protecting you from that running as a local user wouldn't solve? Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Friday, January 4, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Replacement for SteadyState Not free, but we could not function at the school without DeepFreeze. From: Bambi J Saastad [mailto:bambi.j.saas...@seagate.com] Sent: Friday, January 04, 2013 11:36 AM To: NT System Admin Issues Subject: Replacement for SteadyState Hello I was wondering if any of you could suggest a replacement for SteadyState. I have a roomful of pc's that the factory users use for browsing etc that I am replacing with Windows 7 Pro that need to be locked down. Can anyone suggest a product that does the same thing, wipe out any changes on reboot? TIA B ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an
RE: Grrr....
Yeah, A08 which is the latest for the old bird. From: Guyer, Don [mailto:dgu...@che.org] Sent: Wednesday, January 02, 2013 8:49 AM To: NT System Admin Issues Subject: RE: Grrr BIOS updated? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 02, 2013 11:45 AM To: NT System Admin Issues Subject: Grrr Bought an SSD to put into an old Dell PowerEdge 840. Seems no matter what I try I can't get joy on it. The server doesn't pick it up if I plug it into one of the built-in SATA ports, and a PCI 2.0 SATAIII card (cheaper Highpoint card) causes the OS (2008 R2) to bluescreen. Anyone see anything similar and have a fix? If I use the SSD/USB transfer adapter, it works fine as a USB HDD, but an 840 only has USB 2.0 so it limits to about 50Mb/sec, kind of defeating the purpose of an SSD... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Grrr....
1. Hard drive: http://www.newegg.com/Product/Product.aspx?Item=N82E16820148525 2. Card: http://www.newegg.com/Product/Product.aspx?Item=N82E16816115072 3. Direct to MB via SATA cable. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, January 02, 2013 9:03 AM To: NT System Admin Issues Subject: Re: Grrr Questions: 1. Which SSD did you purchase? 2. Which Highpoint card did you purchase? 3. Are you trying to use the 840's swappable drive bays? Or are you plugging the SSD directly to the MB/PCI card via SATA cable? --Matt Ross Ephrata School District - Original Message - From: David Lum [mailto:david@nwea.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 02 Jan 2013 08:44:54 -0800 Subject: Grrr Bought an SSD to put into an old Dell PowerEdge 840. Seems no matter what I try I can't get joy on it. The server doesn't pick it up if I plug it into one of the built-in SATA ports, and a PCI 2.0 SATAIII card (cheaper Highpoint card) causes the OS (2008 R2) to bluescreen. Anyone see anything similar and have a fix? If I use the SSD/USB transfer adapter, it works fine as a USB HDD, but an 840 only has USB 2.0 so it limits to about 50Mb/sec, kind of defeating the purpose of an SSD... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Grrr....
Figures. I send these e-mails out, and now it works. I think I needed to format or otherwise initialize this drive, as since that I'd formatted the drive when it was USB, it now shows up when attached directly to the MB. -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 02, 2013 9:09 AM To: NT System Admin Issues Subject: RE: Grrr 1. Hard drive: http://www.newegg.com/Product/Product.aspx?Item=N82E16820148525 2. Card: http://www.newegg.com/Product/Product.aspx?Item=N82E16816115072 3. Direct to MB via SATA cable. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, January 02, 2013 9:03 AM To: NT System Admin Issues Subject: Re: Grrr Questions: 1. Which SSD did you purchase? 2. Which Highpoint card did you purchase? 3. Are you trying to use the 840's swappable drive bays? Or are you plugging the SSD directly to the MB/PCI card via SATA cable? --Matt Ross Ephrata School District - Original Message - From: David Lum [mailto:david@nwea.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 02 Jan 2013 08:44:54 -0800 Subject: Grrr Bought an SSD to put into an old Dell PowerEdge 840. Seems no matter what I try I can't get joy on it. The server doesn't pick it up if I plug it into one of the built-in SATA ports, and a PCI 2.0 SATAIII card (cheaper Highpoint card) causes the OS (2008 R2) to bluescreen. Anyone see anything similar and have a fix? If I use the SSD/USB transfer adapter, it works fine as a USB HDD, but an 840 only has USB 2.0 so it limits to about 50Mb/sec, kind of defeating the purpose of an SSD... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Enterprise task scheduler
We (not me personally) use something called Activebatch quite extensively here. http://www.advsyscon.com/products/activebatch/job-scheduling.asp Dave From: Adam Meixler [mailto:ad...@interlink1.com] Sent: Wednesday, January 02, 2013 10:33 AM To: NT System Admin Issues Subject: Enterprise task scheduler Happy New Year everyone! I was hoping to get The Lists opinion on a good, un-bloated enterprise task scheduler. Right now we have about a thousand tasks scattered across different servers using the windows scheduled task service and it's just not doing it for us. It'd be nice if jobs could be pushed down to workers as they were available vs. being scheduled on specific instances, but we at least want a central control of these jobs. We're open to any ideas that don't involve CA Thanks all ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Restore 2008 R2 including product activation
In my case I moved my 2008 R2 from a 1TB platter HDD drive to a 128GB SSD one, and the tokens manager tool didn't work in my case, so I simply re-activated. I'm guessing the HDD change was enough to trip up the reactivation tool, even though it tells me the backup and restores were successful. Holy crap 2008 R2 Hyper-V host boots fast from an SSD! Dave -Original Message- From: Mike Hoffman [mailto:m...@drumbrae.net] Sent: Wednesday, January 02, 2013 11:39 AM To: NT System Admin Issues Subject: RE: Restore 2008 R2 including product activation If you reformat a machine you might not need more activations as the hardware will match an existing license. You could use the VAMT to backup your activation info and then re-apply it - or just use a KMS and stop worrying. Mike -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: 02 January 2013 19:17 To: NT System Admin Issues Subject: Re: Restore 2008 R2 including product activation Is there a native way to do this, or are backups the reason when you look up # of activations on MS's VLSC site they list more activations available than actual licenses? I am unsure on why, exactly, there is a larger number of activations than what we have licensed on our VLSC site, but it was my understanding that it was set higher than what you need so you could do things like re-installs, re-imaging, etc. I have had to contact MS to have our activation number increased. They asked why, and I said Because we re-image the labs every year, and each re-image eats up an activation. They took that answer and us me more. I'm sure the artificial limit is there to prevent blatant theft of a VLSC product code. --Matt Ross Ephrata School District - Original Message - From: David Lum [mailto:david@nwea.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 02 Jan 2013 10:59:07 -0800 Subject: Restore 2008 R2 including product activation Is there a way to do a backup/restore of 2008 r2 and not have to Windows re-activation? I found some links that use a 3rd party tool called Advanced Tokens Manager. Is there a native way to do this, or are backups the reason when you look up # of activations on MS's VLSC site they list more activations available than actual licenses? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
RE: Disk encryption killer: Anyone see this?
Simple to get past the screensaver password then? -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, December 21, 2012 12:59 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Its not hard to get a memory dump from a PC that is running, and you have the tools and the appropriate skilset. If the box is open and running, then have a field day... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 3:39 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums
RE: Has anyone used ActiveRoles DNS Manager?
Solved. Need the 2005 client From: David Lum [mailto:david@nwea.org] Sent: Wednesday, December 19, 2012 12:16 PM To: NT System Admin Issues Subject: Has anyone used ActiveRoles DNS Manager? http://www.quest.com/activeroles-server/dnsm.aspx Trying to install it it's telling me I need to install SQL Native client (or later). Installing the 2008 R2 native client it still says I need it. I'd call Quest but I'm hesitant because they'll just send me to a sales droid, so if I can avoid it... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Advice re Workstation Backup Solution
You guys have used HRH enough recently I had to go look it upLOL -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, December 18, 2012 8:16 AM To: NT System Admin Issues Subject: RE: Advice re Workstation Backup Solution Again, my $0.02US worth is that you should have an automated build process. Why even HRH Old School MBS does automated builds. :) Automated builds provide consistency and less time on your part in the long run. Thanks Webster -Original Message- From: Pierre [mailto:pmcamill...@laferla.com.mt] Sent: Tuesday, December 18, 2012 9:48 AM To: NT System Admin Issues Subject: RE: Advice re Workstation Backup Solution Thanks for your reply. Data resides on the servers. Having an Acronis backup or RAID 1 config would save me time from having to build the workstation from scratch i.e. OS and apps. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Selling SMB-specific IT stuff
E-bay...wow how did I not think of that... Thanks! From: James Rankin [mailto:kz2...@googlemail.com] Sent: Monday, December 17, 2012 6:11 AM To: NT System Admin Issues Subject: Re: Selling SMB-specific IT stuff Ebay? On 17 December 2012 13:54, David Lum david@nwea.orgmailto:david@nwea.org wrote: A client of mine no longer uses a StorageTek L20 tape drive library so we are looking to give it a good home of it instead of sending it to scrap. Is there a better place than Craigslist to advertise this thing? It seems a little too specialized to expect a hit on CL. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Managed service
There are many threads on this if you search the archives, but I love this topic, so... Rate: It depends where you are. Portland, OR Metro IT consultants charge between $80-$125/hr. In fact I'm the only one I know below $100/hr, granted I don't know that many others, like three. Check the local competition and be aware of your differentiation from Geek squad, etc. will be the server side of things, so keep in mind they might consider that type of service and pricing as a barometer. Write up an SLA / expectations. Know what you're willing to take on and emphasize quality to your clients vs. number of clients - it's OK to say no to potential clients, as well as let this client know what you support and what you don't. If possible, set them up with Log Mein or equivalent (I have Log Mein on a system per client, then remote to their other systems from there) so you can do timely remote work. I also charge less for remote work vs. onsite ($55/hr. vs. $80/hr. onsite), and have it identified up front that emergency calls/work is additional rate. Agree on how often they can expect you onsite (once/mo. for patching maybe, and one other time/mo. perhaps). I also managed to work in a fixed monthly fee in agreement to respond to Help Desk tickets in-between my onsite days - previously I would only work on them the once day/week I was onsite, the fee is for me to work on them within 24hrs of being submitted. That fee offsets some work done that I wouldn't otherwise bill them for, like 5-10 min remote fixes that would take as much time to write up the invoice for as it does to perform the fix. Set expectations first, saves a lot of frustration later. From: Tigran K [mailto:tigr...@gmail.com] Sent: Thursday, December 13, 2012 11:35 PM To: NT System Admin Issues Subject: Managed service I'm starting an IT service side gig. The place has about 10 workstations and one server. The server is used for Exchange, AD, and fileshare. One of my tasks will be to migrate exchange to a provider. My tasks will be to provide general IT services. Help desk kind of stuff and server management. What's a going rate for this kind of service? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Noob networking Q
I had thought of that, but using HOSTS seemed too old school! From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, December 14, 2012 7:16 AM To: NT System Admin Issues Subject: RE: Noob networking Q Set the second nics on their own subnet. Add the ip's and names to hosts and lmhosts. That is how I do it physically with my DFS boxes. It will work virtually too. From: David Lum [mailto:david@nwea.org] Sent: Friday, December 14, 2012 10:10 AM To: NT System Admin Issues Subject: Noob networking Q Scenario: Two VM's on a 2008R2 Hyper-V host. Host has 3 NIC ports. How can I configure the 2 VM's to talk to each other via the virtual switch and not send traffic over the physical wire unless it's to client PC's? Two virtual NIC's each VM is the easy part, but how do I tell them to dedicate a NIC to each other? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Managed service
Searchable: http://www.mail-archive.com/ntsysadmin@lyris.sunbelt-software.com/ Search for consulting Monthly fee? Tough call. Is the fee supposed to cover x hours of work? From: Tigran K [mailto:tigr...@gmail.com] Sent: Friday, December 14, 2012 1:16 PM To: NT System Admin Issues Subject: Re: Managed service Thanks for the reply David. Two questions. Where is the archive? The company I'm working with wants to do a monthly fee type of a thing. For general support. Is this common? Do you know how much is reasonable for a monthly deal? We have a hourly rate set for projects. Thanks --T On Fri, Dec 14, 2012 at 6:39 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: There are many threads on this if you search the archives, but I love this topic, so... Rate: It depends where you are. Portland, OR Metro IT consultants charge between $80-$125/hr. In fact I'm the only one I know below $100/hr, granted I don't know that many others, like three. Check the local competition and be aware of your differentiation from Geek squad, etc. will be the server side of things, so keep in mind they might consider that type of service and pricing as a barometer. Write up an SLA / expectations. Know what you're willing to take on and emphasize quality to your clients vs. number of clients - it's OK to say no to potential clients, as well as let this client know what you support and what you don't. If possible, set them up with Log Mein or equivalent (I have Log Mein on a system per client, then remote to their other systems from there) so you can do timely remote work. I also charge less for remote work vs. onsite ($55/hr. vs. $80/hr. onsite), and have it identified up front that emergency calls/work is additional rate. Agree on how often they can expect you onsite (once/mo. for patching maybe, and one other time/mo. perhaps). I also managed to work in a fixed monthly fee in agreement to respond to Help Desk tickets in-between my onsite days - previously I would only work on them the once day/week I was onsite, the fee is for me to work on them within 24hrs of being submitted. That fee offsets some work done that I wouldn't otherwise bill them for, like 5-10 min remote fixes that would take as much time to write up the invoice for as it does to perform the fix. Set expectations first, saves a lot of frustration later. From: Tigran K [mailto:tigr...@gmail.commailto:tigr...@gmail.com] Sent: Thursday, December 13, 2012 11:35 PM To: NT System Admin Issues Subject: Managed service I'm starting an IT service side gig. The place has about 10 workstations and one server. The server is used for Exchange, AD, and fileshare. One of my tasks will be to migrate exchange to a provider. My tasks will be to provide general IT services. Help desk kind of stuff and server management. What's a going rate for this kind of service? Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Heads up: MS12-081 KB2758857 issue
On my corporate Win7 PC this update prevents me from connecting to Windows file shares. I am troubleshooting to get more specifics, as my user profile has redirected folders and we have our Exchange hosted and my Outlook would also not start, but I did confirm that removal of this KB restored access and re-installing it produced the same no file access result. It may be an hour or two before I have more details but figured I should give you guys a heads up ASAP. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
We had this EXACT issue a few weeks ago...I should have warned you guys. In our case, it was a regular attendee declining it. iOS 6.0.1 fixes that bug IIRC. From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 11:17 AM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say the help desk reported encountered some major difficulties with this today... http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer. For example, the attendee can send meeting updates or cancellations to all the original meeting attendees. part in the associated KB article. http://support.microsoft.com/kb/2768774 As in one of the more significant events was that a high-level exec declined a meeting and it got removed from 400 calendars. ouch PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs
...don't touch calendar events on a mobile device... That's our official corporate response to the org here. From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 11:57 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs I don't. We have an Exchange team that should. I pass them along stuff that you post here. I have a full time day job doing OtherStuff(tm) The highlighted part is taken to heart, thanks very much. My personal SOP has always been don't touch calendar events on a mobile device unless I have to. Starting with my iPaq :-p Yea old skool, I know From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, December 13, 2012 11:23 AM To: NT System Admin Issues Subject: RE: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs You don't read the Exchange group, do you? :) From a post I made there this morning: I can absolutely tell you that you are also running into a secondary issue - if the calendar processing agent is slow (which is going to happen with a single person being a delegate on 130+ mailboxes) the above problem is significantly exacerbated because it will take longer for the full calendar details to sync to the handheld device. iOS first syncs the push email notification and then gets the calendar details separately. I repeat - deal with meetings from the Inbox and not from Calendar. The highlighted section is very important. From: Free, Bob [mailto:r...@pge.com] Sent: Thursday, December 13, 2012 2:17 PM To: NT System Admin Issues Subject: iOS6 devices erroneously take ownership of meetings - Exchange Team Blog - Site Home - TechNet Blogs FYI- Our Exchange guys say the help desk reported encountered some major difficulties with this today... http://blogs.technet.com/b/exchange/archive/2012/10/23/ios6-devices-erroneously-take-ownership-of-meetings.aspx e.g- the Additionally, the Apple iOS 6 device may incorrectly let the device user (attendee) act as the meeting organizer. For example, the attendee can send meeting updates or cancellations to all the original meeting attendees. part in the associated KB article. http://support.microsoft.com/kb/2768774 As in one of the more significant events was that a high-level exec declined a meeting and it got removed from 400 calendars. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Hard set ports on Terminal Licensing server
Oops I mean this one. I think :) http://support.microsoft.com/kb/154596/en-us From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, December 13, 2012 1:56 PM To: NT System Admin Issues Subject: Hard set ports on Terminal Licensing server We have one of those environments that has those wonderfully random firewalls separating various parts for security and various regulatory compliance reasons. This of course complicates things like or 2008r2 RDS licensing server. My co-worker is trying to find if there is documentation on hard setting the high level randomly assigned ports to a range. If we can do this, evidently our security team will become more happy about letting us reduce how many licensing servers we need in our environment which would make my co-worker happy. I've been poking around looking but evidently my search terms are a big fail at the moment. Any pointers to links appreciated. With any luck I will find it 5 minutes after hitting send. :) Thanks, Steven Peck http://www.blkmtn.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Heads up: MS12-081 KB2758857 issue - Update
Update: KB2758857 appears to only effect a DFS folder redirects to a drive mapping I have via GPO on my Win7 systems. My desktop and start menu are redirected to the DFS share and at startup I get a cannot connect to \\DFS\file\share. Talking to my storage team, it may be an issue with our DFS implementation but I won't know more on that until tomorrow. * RDP in unaffected * Uninstalling the KB restores access to the DFS share * Access to non-DFS shares are unaffected * Windows XP is unaffected * DFS file share type is Domain (Windows 2000 server mode) I'm guessing that last bullet is the culprit, but cannot confirm at this time. Dave -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, December 13, 2012 11:18 AM To: NT System Admin Issues Subject: Heads up: MS12-081 KB2758857 issue On my corporate Win7 PC this update prevents me from connecting to Windows file shares. I am troubleshooting to get more specifics, as my user profile has redirected folders and we have our Exchange hosted and my Outlook would also not start, but I did confirm that removal of this KB restored access and re-installing it produced the same no file access result. It may be an hour or two before I have more details but figured I should give you guys a heads up ASAP. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: So we killed the CA server....
Thanks Steve, I *can* bring the old CA server up and take a look at what was issued - I remember looking at it a month or so ago and the only certs it issued were to DC's. I guess the ideal is bring up the old CA, migrate the CA to a 2008 R2 server (same name) on new hardware (read: VM instead of an old IBM HS20 blade), then later migrate to a different CA server completely (the current CA name indicates it's a domain controller). We restored it yesterday and I used the CA snap-in to back up the CA data, but forgot to grab the registry info, so I'm recovering that today. Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Tuesday, December 11, 2012 10:04 PM To: NT System Admin Issues Subject: Re: So we killed the CA server Well, supposing the old CA is truly gone and lost... in this case I'd look at purging the old CA enrollment endpoint info from AD (see the technet article on migrating CA servers), setting up a new CA, and superseding whatever certificate templates the old CA probably published. This is not a great place to be, as the certificate database is gone (so there's no solid list of the already-issued certs), you can't publish any new CRLs, etc., etc. Things will start to fail several months from now if the old CA has issued more certs than one can retroactively take stock of and these have not been replaced. I'd not suggest using the name of the old CA on its replacement; there is no way to rebuild it if the CA key or certificate database are lost. Do not put it on a DC if you can help it. DC certs are *mostly* used for LDAP/SSL, but might also be used for smartcard login and other purposes. You can learn the possible uses by examining the template As always, it is a good idea to read Brian Komar's book--it makes everything so much clearer. --Steve On Tue, Dec 11, 2012 at 4:49 PM, David Lum david@nwea.org wrote: Recap: 2003 DC (DC-SRV02) that was also a CA died a few days ago. Today I stood up a new (2008 R2 ,2nd one in this domain) DC and it is getting these errors: Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from DC-SRV02. Is there any way to stand up a new CA and have the DC get a domain controller cert from that? I'm thinking I'd like to separate the CA from the DC functions. Is my only recourse to re-create the old CA server? This environment is inherited, but I don't recall in SMB environments with multiple DC's ever installing a certificate authority in the first place. Part of it is I don't fully know what Domain Controller certificates are used for. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: I hate newegg...
I ignore rebates and pretend they don't exist From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, December 11, 2012 5:38 AM To: NT System Admin Issues Subject: RE: I hate newegg... I hate mail in rebates. Not that newegg does a lot of those, I think Tiger Direct has everyone beat there. From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Tuesday, December 11, 2012 8:27 AM To: NT System Admin Issues Subject: Re: I hate newegg... I go to Newegg... Then I go to Amazon. If they have it, too... On Tue, Dec 11, 2012 at 8:08 AM, Guyer, Don dgu...@che.orgmailto:dgu...@che.org wrote: Newegg rocks, propaganda or not. Unless I need it ASAP, then I drive 20 mins. to MicroCenter. Their prices and selection rival the Egg. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595tel:610.550.3595 | Cell: 610.955.6528tel:610.955.6528 | Fax: 610.271.9440tel:610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839tel:610-492-3839. [Description: Description: Description: InfoService-Logo240] From: James Kerr [mailto:cluster...@gmail.commailto:cluster...@gmail.com] Sent: Monday, December 10, 2012 6:45 PM To: NT System Admin Issues Subject: Re: I hate newegg... Part of my job is ordering computer stuff. I've done it for so long that it takes me forever to just go to new egg or some other site to order stuff that I need personally, I've needed to order a DVD burner and some RAM for about a month, still haven't got around to it or for that matter the winch locks for my truck. Neweggs propaganda doesn't work on me. On Mon, Dec 10, 2012 at 4:47 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Seems every time I buy something they give me coupon code to suck me into buying some related and irresistible item that I seem to think I really want. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Dead DC cleanup via GUI in 2008+
Good point and yes I did check DNS and found only a static entry. Sites and Services showed a it a as replication partner but it had additional stuff behind the name that made me think at next replication it might get removed, but I manually killed the entry. That's so much easier it's almost scary. DCDIAG on the other DC's come up good! Dave From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, December 11, 2012 7:17 AM To: NT System Admin Issues Subject: RE: Dead DC cleanup via GUI in 2008+ It is that easy. Right-click the dead DC in ADUC, select delete and you are done. I, personally, would still verify the DNS stuff for the dead DC is gone. Thanks Webster From: David Lum [mailto:david@nwea.org] Subject: Dead DC cleanup via GUI in 2008+ You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC and Sites and Services per this article: http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has anyone used this GUI method and still had to resort to command-line? Seems too easy...lol ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: -1) All your passwords are belong to us
As irritating to me is when a space is not an allowed character in the password. I can only guess it’s to make some back-end process less painful, or just lazy programming…. Dave From: MMF [mailto:mmfree...@ameritech.net] Sent: Tuesday, December 11, 2012 8:17 AM To: NT System Admin Issues Subject: Re: -1) All your passwords are belong to us The real problem as I see it is that some organizations ignore case sensitivity, and some do not allow special characters. I won’t name the companies that I’m aware of in the investment and finance industries, but I know for a fact that they don’t care if your password is case sensitive, they will accept upper or lower case for an individual letter. M. Free From: Jonathan Linkmailto:jonathan.l...@gmail.com Sent: Tuesday, December 11, 2012 12:39 AM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: Re: (SCL: -1) All your passwords are belong to us 8 characters not including common names/words? On Tue, Dec 11, 2012 at 1:34 AM, HELP_PC g...@enter.itmailto:g...@enter.it wrote: They are talking about 8 chars pwd I use 12+ chars (Aa+numbers+special chars ) since many years Guido Elia HELPPC - HELPPC SERVICE Da: Stefan Jafs [mailto:stefan.j...@gmail.commailto:stefan.j...@gmail.com] Inviato: lunedì 10 dicembre 2012 19.55 A: NT System Admin Issues Oggetto: (SCL: -1) All your passwords are belong to us I don't know if you have seen this: http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Dead DC cleanup via GUI in 2008+
I'm chasing this, but only on the DC I just stood up to replace the old one (new one reuses the old IP, but a different name). The other DC's aren't logging it: DCOM was unable to communicate with the computer using any of the configured protocols One thing I've found so far is name servers...the name server entries for the now-dead DC continued to exist in DNS, so I'm killing that from each zone (forward and reverse). From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, December 11, 2012 8:53 AM To: NT System Admin Issues Subject: RE: Dead DC cleanup via GUI in 2008+ I almost always see extra entries hanging around in _msdcs that need to be manually cleaned up. From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, December 11, 2012 10:17 AM To: NT System Admin Issues Subject: RE: Dead DC cleanup via GUI in 2008+ It is that easy. Right-click the dead DC in ADUC, select delete and you are done. I, personally, would still verify the DNS stuff for the dead DC is gone. Thanks Webster From: David Lum [mailto:david@nwea.org] Subject: Dead DC cleanup via GUI in 2008+ You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC and Sites and Services per this article: http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has anyone used this GUI method and still had to resort to command-line? Seems too easy...lol ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Cheapest way to get Hyper-V and 64GB
Cool. At home I have a 2008 R2 server running Hyper-V and 2 VM's on it, think I'll try the migration tonight myself Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, December 05, 2012 3:25 PM To: NT System Admin Issues Subject: Re: Cheapest way to get Hyper-V and 64GB Well, VM Host #1 just rebooted successfully after the upgrade, and it's looks like all is well. I'm going to practice moving around some VMs using the new Live Migration functionality and see how it plays out. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Expert Technology Consulting Services for the SMB market... On Wed, Dec 5, 2012 at 5:23 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: It only needs to host, I already have all those other functions being handled by the guest VM's. From: Christopher Bodnar [mailto:christopher_bod...@glic.commailto:christopher_bod...@glic.com] Sent: Wednesday, December 05, 2012 12:08 PM To: NT System Admin Issues Subject: RE: Cheapest way to get Hyper-V and 64GB I think it only comes down to what this box needs to do for you? If it requires any other roles (DHCP, WINS, DNS, DC, etc) then Hyper-V server isn't what your looking for. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CDD379.0F132970] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:David Lum david@nwea.orgmailto:david@nwea.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:12/05/2012 01:48 PM Subject:RE: Cheapest way to get Hyper-V and 64GB This makes it look like the free 2008 R2 Hyper-V server supports 1TB: http://technet.microsoft.com/en-us/library/jj647789 It can be argued that if I'm going to change Hyper-V host OS then why not go to 2012. Next questionhow nervous should I be about the guests if on the host I go from full 2008 w/ Hyper-V as the host to 2012 Hyper-V (effectively server core). Seems pretty simple on the surface, am I overlooking anything obvious? I guess the fallback would be to reinstall the full 2008 R2 OS, as least protecting the VM's themselves is pretty straightforward. Time eater, but technically simple. Time for more research. Dave From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, December 05, 2012 8:49 AM To: NT System Admin Issues Subject: RE: Cheapest way to get Hyper-V and 64GB And the Hyper-V version is free. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459tel:610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto:christopher_bod...@glic.com [cid:image001.jpg@01CDD379.0F132970] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Mike Hoffman m...@drumbrae.netmailto:m...@drumbrae.net To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:12/05/2012 11:28 AM Subject:RE: Cheapest way to get Hyper-V and 64GB What about 2012 - 4Tb limit. From: David Lum [mailto:david@nwea.org] Sent: 05 December 2012 16:15 To: NT System Admin Issues Subject: Cheapest way to get Hyper-V and 64GB I have a client system that can physically hold 64GB of RAM, is $2000+ 2008 R2 Server Enterprise the only way to use that much RAM with Hyper-V guests? 64-bit Server Standard only recognizes 32GB... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message
RE: Outlook web access MAC
Funny, yesterday I told one of my clients yesterday that their SBS2011 server was possibly the last onsite server they'd purchase. I'm glad I said possibly ... :-) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, December 05, 2012 7:19 AM To: NT System Admin Issues Subject: Re: Outlook web access MAC Going to the cloud for us is not very likely, but that feedback is good to hear... On Wed, Dec 5, 2012 at 5:10 AM, Ziots, Edward ezi...@lifespan.org wrote: Going to EX 2010 right now in Cloud and its been a PAIN... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, December 04, 2012 4:57 PM To: NT System Admin Issues Subject: Re: Outlook web access MAC We might go from E2k3 to E2010 this spring/summer... On Tue, Dec 4, 2012 at 1:48 PM, David Lum david@nwea.org wrote: Bah, he has until April of 2014, just like XP users! ...says the guy who pulled 2 clients off E2K3 just this year Dave -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, December 04, 2012 12:10 PM To: NT System Admin Issues Subject: RE: Outlook web access MAC Beyond time to migrate to a newer release. -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: Tuesday, December 4, 2012 11:02 AM To: NT System Admin Issues Subject: RE: Outlook web access MAC Ahh Ok we are running exchange 2003 -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: 04 December 2012 15:07 To: NT System Admin Issues Subject: RE: Outlook web access MAC Ok, then Michael nailed it. You need EWS for that not OWA. Is EWS enabled on that mailbox? Do you have auto discover set up? -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: Tuesday, December 04, 2012 9:58 AM To: NT System Admin Issues Subject: RE: Outlook web access MAC Hi Thanks No he wants to use Microsoft outlook on his mac and connect to our exchange front end Our outlook we access server #Thanks -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: 04 December 2012 13:56 To: NT System Admin Issues Subject: RE: Outlook web access MAC Safari and Chrome should work with Exchange 2010 and 2013. But you didn't give me enough information to help you beyond that. I don't think you mean OWA, I think you mean EWS. But I can't be sure. -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: Tuesday, December 4, 2012 7:40 AM To: NT System Admin Issues Subject: Outlook web access MAC Hi We have a director that wants to use his mac with office 2011 to connect remotely to our Exchange server via outlook web access Everything is in place and we have been using owa for a couple of years to sync to smart phones However the mac is unable to connect giving an error 17997 I have looked on various forums but not been able to resolve the issue Any help would be welcomed Nigel Parker Systems Engineer Ultraframe (UK) Ltd Tel: 01200 452329 Fax: 01200 452201 Web: www.ultraframe.com Email: mailto:nigel.par...@ultraframe.co.uk Please consider the environment before printing this e-mail. The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright and the information contained in it is confidential and may be legally privileged. It is sent out only for intended recipient(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, any disclosure, copying, distribution or other use or any action taken or omitted to be taken in reliance on it, is prohibited and unlawful. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Please consider the environment before printing this e-mail. The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright and the information contained in it is confidential and may be legally privileged. It is sent out only for intended recipient(s). Access to this email
RE: Cheapest way to get Hyper-V and 64GB
This makes it look like the free 2008 R2 Hyper-V server supports 1TB: http://technet.microsoft.com/en-us/library/jj647789 It can be argued that if I’m going to change Hyper-V host OS then why not go to 2012. Next question….how nervous should I be about the guests if on the host I go from full 2008 w/ Hyper-V as the host to 2012 Hyper-V (effectively server core). Seems pretty simple on the surface, am I overlooking anything obvious? I guess the fallback would be to reinstall the full 2008 R2 OS, as least protecting the VM’s themselves is pretty straightforward. Time eater, but technically simple. Time for more research. Dave From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, December 05, 2012 8:49 AM To: NT System Admin Issues Subject: RE: Cheapest way to get Hyper-V and 64GB And the Hyper-V version is free. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CDD2D5.39009960] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Mike Hoffman m...@drumbrae.netmailto:m...@drumbrae.net To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:12/05/2012 11:28 AM Subject:RE: Cheapest way to get Hyper-V and 64GB What about 2012 – 4Tb limit. From: David Lum [mailto:david@nwea.org] Sent: 05 December 2012 16:15 To: NT System Admin Issues Subject: Cheapest way to get Hyper-V and 64GB I have a client system that can physically hold 64GB of RAM, is $2000+ 2008 R2 Server Enterprise the only way to use that much RAM with Hyper-V guests? 64-bit Server Standard only recognizes 32GB… David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: Cheapest way to get Hyper-V and 64GB
It only needs to host, I already have all those other functions being handled by the guest VM’s. From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, December 05, 2012 12:08 PM To: NT System Admin Issues Subject: RE: Cheapest way to get Hyper-V and 64GB I think it only comes down to what this box needs to do for you? If it requires any other roles (DHCP, WINS, DNS, DC, etc) then Hyper-V server isn't what your looking for. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CDD2F4.2824DC90] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:David Lum david@nwea.orgmailto:david@nwea.org To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:12/05/2012 01:48 PM Subject:RE: Cheapest way to get Hyper-V and 64GB This makes it look like the free 2008 R2 Hyper-V server supports 1TB: http://technet.microsoft.com/en-us/library/jj647789 It can be argued that if I’m going to change Hyper-V host OS then why not go to 2012. Next question….how nervous should I be about the guests if on the host I go from full 2008 w/ Hyper-V as the host to 2012 Hyper-V (effectively server core). Seems pretty simple on the surface, am I overlooking anything obvious? I guess the fallback would be to reinstall the full 2008 R2 OS, as least protecting the VM’s themselves is pretty straightforward. Time eater, but technically simple. Time for more research. Dave From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, December 05, 2012 8:49 AM To: NT System Admin Issues Subject: RE: Cheapest way to get Hyper-V and 64GB And the Hyper-V version is free. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CDD2F4.2824DC90] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Mike Hoffman m...@drumbrae.netmailto:m...@drumbrae.net To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:12/05/2012 11:28 AM Subject:RE: Cheapest way to get Hyper-V and 64GB What about 2012 – 4Tb limit. From: David Lum [mailto:david@nwea.org] Sent: 05 December 2012 16:15 To: NT System Admin Issues Subject: Cheapest way to get Hyper-V and 64GB I have a client system that can physically hold 64GB of RAM, is $2000+ 2008 R2 Server Enterprise the only way to use that much RAM with Hyper-V guests? 64-bit Server Standard only recognizes 32GB… David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send
RE: Outlook web access MAC
Bah, he has until April of 2014, just like XP users! ...says the guy who pulled 2 clients off E2K3 just this year Dave -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, December 04, 2012 12:10 PM To: NT System Admin Issues Subject: RE: Outlook web access MAC Beyond time to migrate to a newer release. -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: Tuesday, December 4, 2012 11:02 AM To: NT System Admin Issues Subject: RE: Outlook web access MAC Ahh Ok we are running exchange 2003 -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: 04 December 2012 15:07 To: NT System Admin Issues Subject: RE: Outlook web access MAC Ok, then Michael nailed it. You need EWS for that not OWA. Is EWS enabled on that mailbox? Do you have auto discover set up? -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: Tuesday, December 04, 2012 9:58 AM To: NT System Admin Issues Subject: RE: Outlook web access MAC Hi Thanks No he wants to use Microsoft outlook on his mac and connect to our exchange front end Our outlook we access server #Thanks -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: 04 December 2012 13:56 To: NT System Admin Issues Subject: RE: Outlook web access MAC Safari and Chrome should work with Exchange 2010 and 2013. But you didn't give me enough information to help you beyond that. I don't think you mean OWA, I think you mean EWS. But I can't be sure. -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: Tuesday, December 4, 2012 7:40 AM To: NT System Admin Issues Subject: Outlook web access MAC Hi We have a director that wants to use his mac with office 2011 to connect remotely to our Exchange server via outlook web access Everything is in place and we have been using owa for a couple of years to sync to smart phones However the mac is unable to connect giving an error 17997 I have looked on various forums but not been able to resolve the issue Any help would be welcomed Nigel Parker Systems Engineer Ultraframe (UK) Ltd Tel: 01200 452329 Fax: 01200 452201 Web: www.ultraframe.com Email: mailto:nigel.par...@ultraframe.co.uk Please consider the environment before printing this e-mail. The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright and the information contained in it is confidential and may be legally privileged. It is sent out only for intended recipient(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, any disclosure, copying, distribution or other use or any action taken or omitted to be taken in reliance on it, is prohibited and unlawful. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Please consider the environment before printing this e-mail. The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright and the information contained in it is confidential and may be legally privileged. It is sent out only for intended recipient(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, any disclosure, copying, distribution or other use or any action taken or omitted to be taken in reliance on it, is prohibited and unlawful. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Please consider the environment before printing this e-mail. The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright
RE: Exchange 2010 - manage mobile phone
Whoa...it showed 4 devices. 1. Deleted these 2. Reassociated their user acct to my iPhone 3. Verification works (asks to accept a cert, I say yes, although it doesn't ask for the server name until after e-mail/domain/username/password) 4. 2nd phase of verification works (check boxes on each row) 5. Click Done to get out of iPhone mail settings 6. Open Exchange mailbox in iPhone mail app and I still get The connection to the server failed 7. Change the user's settings to use *my* ID instead but leave other server settings alone (same Exchange server, etc), it works as I can send/receive from my phone 8. Out of curiosity I tried changing right back to problem users settings, it still fails. I've looked at this users' mailbox settings and compared them to a user who can get mail via iPhone and nothing jumps out at me. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 29, 2012 8:47 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Sign in using OWA Lite. Go and clean Device Associations. Re-associate. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 11:16 AM To: NT System Admin Issues Subject: Exchange 2010 - manage mobile phone I have two Exchange 2010 users that can't get their accounts to work with an iPhone and I'm pretty sure it's specific to their account. I can get my account to work on their iPhone (and mine), but I can't get their accounts to work. It does go through the verify process OK, but when opening the mail app it stops at the inbox saying it cannot connect. Looking in the E2K10 console for the users with this issue (and it's only two users, it works for most others) if I go to recipient configuration/Mailbox the option to manage mobile phone is there but when choosing that option there's no device listed. (Other users the option lists the device, or the manage mobile phone is not listed as an option). It's as if a mobile device gets partially associated with their account. Ideas anyone? Maybe PowerShell is needed to strip some partial association? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Exchange 2010 - manage mobile phone
Thanks, fixed, and we have a winner! Because you're here and I am not on the Exchange list anymore. :) From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 29, 2012 10:39 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Check out permission inheritance on the user object. And why are you asking this question here, instead of the Exchange list? :P From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 1:05 PM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Whoa...it showed 4 devices. 1. Deleted these 2. Reassociated their user acct to my iPhone 3. Verification works (asks to accept a cert, I say yes, although it doesn't ask for the server name until after e-mail/domain/username/password) 4. 2nd phase of verification works (check boxes on each row) 5. Click Done to get out of iPhone mail settings 6. Open Exchange mailbox in iPhone mail app and I still get The connection to the server failed 7. Change the user's settings to use *my* ID instead but leave other server settings alone (same Exchange server, etc), it works as I can send/receive from my phone 8. Out of curiosity I tried changing right back to problem users settings, it still fails. I've looked at this users' mailbox settings and compared them to a user who can get mail via iPhone and nothing jumps out at me. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, November 29, 2012 8:47 AM To: NT System Admin Issues Subject: RE: Exchange 2010 - manage mobile phone Sign in using OWA Lite. Go and clean Device Associations. Re-associate. From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 11:16 AM To: NT System Admin Issues Subject: Exchange 2010 - manage mobile phone I have two Exchange 2010 users that can't get their accounts to work with an iPhone and I'm pretty sure it's specific to their account. I can get my account to work on their iPhone (and mine), but I can't get their accounts to work. It does go through the verify process OK, but when opening the mail app it stops at the inbox saying it cannot connect. Looking in the E2K10 console for the users with this issue (and it's only two users, it works for most others) if I go to recipient configuration/Mailbox the option to manage mobile phone is there but when choosing that option there's no device listed. (Other users the option lists the device, or the manage mobile phone is not listed as an option). It's as if a mobile device gets partially associated with their account. Ideas anyone? Maybe PowerShell is needed to strip some partial association? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AD Washout
This was a good thread for me, even though I wasn't affected it has been added to my brain as a wow, I would have never thought of that item. Hunter, how did you find that article? From: Coleman, Hunter [mailto:hcole...@mt.gov] Sent: Tuesday, November 20, 2012 1:41 PM To: NT System Admin Issues Subject: RE: AD Washout Maybe a long shot, but check http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Tuesday, November 20, 2012 9:04 AM To: NT System Admin Issues Subject: RE: AD Washout No to these questions. Actually it all seems centered around time sync problem that I have no idea the cause of. It seems the 2003 PDCe server developed a problem with access denied issues and that cascaded time sync errors to everything else. The 2 2000 DCs show the correct amount of uptime based on them being rebooted yesterday. The 2003 DCs however show correct time and date, but say uptime 4300+ days after their reboot. They are syncing with time server now, but clearly still have an issue. That is probably what is causing the one way replicate problem between just the 2 2003 DCs. I can actually replicate either one to a 2000 DC and then replicate that to the server that won?t replicate from the PDCe and changes show up. Still haven?t figured the best way to rectify the issue. I definitely do not favor a transfer of roles and dcpromo to demote and then promote again. Best Regards, Dan Bartley From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, November 20, 2012 07:54 To: NT System Admin Issues Subject: RE: AD Washout Tombstonelifetime error makes me think this might be an issues with lingering objects. Were any of the domain controllers migrated from physical to virtual recently? Or restored from a backup? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CDCC7E.ACC464B0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Dan Bartley bartl...@corp.netcarrier.commailto:bartl...@corp.netcarrier.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:11/19/2012 09:51 PM Subject:RE: AD Washout No. However, I just discovered that when I try to do a manual replication on one 2003 DC from the PDCe 2003 DC, I get an error that it can?t replicate due to tombstone lifetime being exceeded. It does replicate the other direction. I am not getting any Event errors in the Directory Service event log of either DC when I try the manual replication (such as 2042-which I did find references on). Best Regards, Dan Bartley Director - Security, IT, Billing, A-R NetCarrier Telecom Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310 From: Jon Harris [mailto:jk.har...@live.com] Sent: Monday, November 19, 2012 21:37 To: NT System Admin Issues Subject: RE: AD Washout Any new patches added just prior to this. Jon Subject: AD Washout Date: Mon, 19 Nov 2012 21:31:10 -0500 From: bartl...@corp.netcarrier.commailto:bartl...@corp.netcarrier.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com I mostly watch and learn, but today a question. Today I had an issue I can?t find any reason for. Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the 2003 DCs, except time server. Fully patched. Out of nowhere I started getting SCOM alerts from 2 of the DCs that various DC functions were failing when contacting one of the 2003 DCs. The 2 2000 servers could be RDP, but not accessed via MMC for services, etc. from a Win7 workstation. I saw various KCC NTDS Replication related errors on one of the 2003 DCs. I could attach to them via RPC (MMC) though. One of the 2000 DCs is still the time server. Neither of the 2003 DCs could update time with it having a server error 5, access denied error. The other 2000 DC could update time fine. Logins to various internal systems and DFS links started to fail with access denied errors. Eventually I rebooted the 2003 DC with the PDCe role and everything started to come back. There were no Directory Service errors or warnings in the event log at or before this happened. At the time this started this DC had system errors that the other 2003 DC had a time in the future, however it did not. In the application log there were errors when it started for ID 1058, Windows cannot access the file gpt.ini for GPO?? and ending with ?(There is a time and/or date difference between the client and server. ). Group Policy processing aborted.? All of the other DCs
RE: Free Windows 8?
That would 'splain it. From: Guyer, Don [mailto:dgu...@che.org] Sent: Tuesday, November 27, 2012 10:40 AM To: NT System Admin Issues Subject: RE: Free Windows 8? I thought I read somewhere that Enterprise is only available under Volume Licensing. Maybe that's why? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: David Lum [mailto:david@nwea.org] Sent: Tuesday, November 27, 2012 1:21 PM To: NT System Admin Issues Subject: RE: Free Windows 8? Interestingly, On our VLSC site, the keys are the same between Enterprise and Pro, it's the ISO that's different. Additionally, on the VLSC site Win8 Pro is under the Windows category for keys/downloads, but Win8 Enterprise is under Software Assurance area. Dave From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, November 27, 2012 10:04 AM To: NT System Admin Issues Subject: RE: Free Windows 8? Anyone tried this? The first link in the article is for a Windows 8 Enterprise download. Wondered if that download also includes Pro since the friend I shared this with said he couldn't add Media center to Enterprise. From: Roger Wright [mailto:rhw...@gmail.com] Sent: Wednesday, November 21, 2012 12:22 PM To: NT System Admin Issues Subject: Free Windows 8? http://www.techspot.com/news/50875-loophole-enables-anyone-to-get-a-windows-8-license-for-free.html Roger Wright ___ If you can't fix it with a hammer you have an electrical problem. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: AD Washout
I am amazed at how many times the lucky timing things hits me. There has to be dozens of times over the years I have just learned something and a month or less later it's info I really needed or at minimum was able to share with someone else that wanted it. On a help someone front, yesterday in the space of 5 minutes I received 2 e-mails regarding my ADFS/SAML solution for Concur from months ago, both found me based on my posts about it to *this* list. Here's your post, do you happen to have this document?. Reminds me, MBS was there a potential blog post on this I needed to edit once again? I can't remember whose court that was in... From: Coleman, Hunter [mailto:hcole...@mt.gov] Sent: Tuesday, November 27, 2012 9:19 AM To: NT System Admin Issues Subject: RE: AD Washout Lucky timing. I'm subscribed to the RSS feed for the AskPFE blog, and happened to see the posting not too long after Dan sent out his message. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, November 27, 2012 10:08 AM To: NT System Admin Issues Subject: RE: AD Washout This was a good thread for me, even though I wasn't affected it has been added to my brain as a wow, I would have never thought of that item. Hunter, how did you find that article? From: Coleman, Hunter [mailto:hcole...@mt.gov] Sent: Tuesday, November 20, 2012 1:41 PM To: NT System Admin Issues Subject: RE: AD Washout Maybe a long shot, but check http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Tuesday, November 20, 2012 9:04 AM To: NT System Admin Issues Subject: RE: AD Washout No to these questions. Actually it all seems centered around time sync problem that I have no idea the cause of. It seems the 2003 PDCe server developed a problem with access denied issues and that cascaded time sync errors to everything else. The 2 2000 DCs show the correct amount of uptime based on them being rebooted yesterday. The 2003 DCs however show correct time and date, but say uptime 4300+ days after their reboot. They are syncing with time server now, but clearly still have an issue. That is probably what is causing the one way replicate problem between just the 2 2003 DCs. I can actually replicate either one to a 2000 DC and then replicate that to the server that won?t replicate from the PDCe and changes show up. Still haven?t figured the best way to rectify the issue. I definitely do not favor a transfer of roles and dcpromo to demote and then promote again. Best Regards, Dan Bartley From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, November 20, 2012 07:54 To: NT System Admin Issues Subject: RE: AD Washout Tombstonelifetime error makes me think this might be an issues with lingering objects. Were any of the domain controllers migrated from physical to virtual recently? Or restored from a backup? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CDCC8D.777CB910] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Dan Bartley bartl...@corp.netcarrier.commailto:bartl...@corp.netcarrier.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:11/19/2012 09:51 PM Subject:RE: AD Washout No. However, I just discovered that when I try to do a manual replication on one 2003 DC from the PDCe 2003 DC, I get an error that it can?t replicate due to tombstone lifetime being exceeded. It does replicate the other direction. I am not getting any Event errors in the Directory Service event log of either DC when I try the manual replication (such as 2042-which I did find references on). Best Regards, Dan Bartley Director - Security, IT, Billing, A-R NetCarrier Telecom Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310 From: Jon Harris [mailto:jk.har...@live.com] Sent: Monday, November 19, 2012 21:37 To: NT System Admin Issues Subject: RE: AD Washout Any new patches added just prior to this. Jon Subject: AD Washout Date: Mon, 19 Nov 2012 21:31:10 -0500 From: bartl...@corp.netcarrier.commailto:bartl...@corp.netcarrier.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com I mostly watch and learn, but today a question. Today I had an issue I can?t find any reason for. Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the 2003 DCs, except time server. Fully patched. Out of nowhere I started getting SCOM alerts from 2 of the DCs that various DC functions were failing when contacting one of the 2003 DCs. The 2
RE: Window 8 on your PC
You no longer have to pre-tell Windows that you want to shut down and let it handle everything for you. Windows is now hardware aware enough that you just hit the power and Windows does whatever you told it to do (Power Settings) How enlightening! We've gotten so used to the scenario where we couldn't use the power button to turn a device off that now being able to do so seems weird. What? I can use the device's power button to turn the Windows device off? That's CRAZY!. Amazing what mind shift just one sentence can make... From: Tim Vander Kooi [mailto:tvanderk...@expl.com] Sent: Tuesday, November 20, 2012 5:06 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Running the same 4 here, except we went with the Samsung Slates instead of the Surface, they are excellent machines. Once I demonstrated to users that the Start Page is just where their Start Button went to they were totally onboard. It is a total mind shift (just like Office 2003 to Office 2007, but once you make that shift it is much more useful. As for Shutdown being hard to get to, what I was told by a friend at Microsoft (and which makes perfect sense once you think about it) is just use the power button on your device (whatever it might be). You no longer have to pre-tell Windows that you want to shut down and let it handle everything for you. Windows is now hardware aware enough that you just hit the power and Windows does whatever you told it to do (Power Settings). This won't work in some environments where the power button is not accessible, but for the majority of businesses it works just fine, and it is incredibly fast! Going to Sleep and waking back up take my machines on average 2 seconds. Tim From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Tuesday, November 20, 2012 3:59 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC :) I'm running all three - plus a desktop. From: Guyer, Don [mailto:dgu...@che.org] Sent: Tuesday, November 20, 2012 4:25 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Keep the Win 8 info coming! I've been tasked with kicking it around in our environment. Laptop, Surface and a phone. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Tuesday, November 20, 2012 4:16 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Unless all of your apps are from the Windows 8 store (with the modern UI), you practically run in desktop mode anyway. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, November 20, 2012 4:08 PM To: NT System Admin Issues Subject: Window 8 on your PC Are you guys changing your Windows 8 UI to be more like Win7 or leaving it as-is and learning new tricks? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send
RE: AD Washout
Allow Replication With Divergent and Corrupt Partner I think this is on my marriage certificate... From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Wednesday, November 21, 2012 7:18 AM To: NT System Admin Issues Subject: RE: AD Washout Ok, this was it. I simply created the Allow Replication With Divergent and Corrupt Partner registry key set to 1, did a forced replication and it worked. Then returned the key to 0. Lots of posts about this appearing now. It was a USNO server reboot that reset itself to year 2000 after the reboot. Guess nobody bothered to check it for accuracy before putting it back online. Our government at work. After resetting the key to not allow, tried another forced replication and it worked. SCOM is now reporting AD functions and replication as ok. Thank you very much for finding that in the first 24 hours. Best Regards, Dan Bartley From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Tuesday, November 20, 2012 17:15 To: NT System Admin Issues Subject: RE: AD Washout Wow, thanks. This sounds like exactly what happened to us. I'll follow the guides and see what happens. I'll update back when done. Best Regards, Dan Bartley From: Coleman, Hunter [mailto:hcole...@mt.gov] Sent: Tuesday, November 20, 2012 16:41 To: NT System Admin Issues Subject: RE: AD Washout Maybe a long shot, but check http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Tuesday, November 20, 2012 9:04 AM To: NT System Admin Issues Subject: RE: AD Washout No to these questions. Actually it all seems centered around time sync problem that I have no idea the cause of. It seems the 2003 PDCe server developed a problem with access denied issues and that cascaded time sync errors to everything else. The 2 2000 DCs show the correct amount of uptime based on them being rebooted yesterday. The 2003 DCs however show correct time and date, but say uptime 4300+ days after their reboot. They are syncing with time server now, but clearly still have an issue. That is probably what is causing the one way replicate problem between just the 2 2003 DCs. I can actually replicate either one to a 2000 DC and then replicate that to the server that won?t replicate from the PDCe and changes show up. Still haven?t figured the best way to rectify the issue. I definitely do not favor a transfer of roles and dcpromo to demote and then promote again. Best Regards, Dan Bartley From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, November 20, 2012 07:54 To: NT System Admin Issues Subject: RE: AD Washout Tombstonelifetime error makes me think this might be an issues with lingering objects. Were any of the domain controllers migrated from physical to virtual recently? Or restored from a backup? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CDC7B9.4CFFC480] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Dan Bartley bartl...@corp.netcarrier.commailto:bartl...@corp.netcarrier.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:11/19/2012 09:51 PM Subject:RE: AD Washout No. However, I just discovered that when I try to do a manual replication on one 2003 DC from the PDCe 2003 DC, I get an error that it can?t replicate due to tombstone lifetime being exceeded. It does replicate the other direction. I am not getting any Event errors in the Directory Service event log of either DC when I try the manual replication (such as 2042-which I did find references on). Best Regards, Dan Bartley Director - Security, IT, Billing, A-R NetCarrier Telecom Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310 From: Jon Harris [mailto:jk.har...@live.com] Sent: Monday, November 19, 2012 21:37 To: NT System Admin Issues Subject: RE: AD Washout Any new patches added just prior to this. Jon Subject: AD Washout Date: Mon, 19 Nov 2012 21:31:10 -0500 From: bartl...@corp.netcarrier.commailto:bartl...@corp.netcarrier.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com I mostly watch and learn, but today a question. Today I had an issue I can?t find any reason for. Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the 2003 DCs, except time server. Fully patched. Out of nowhere I started getting SCOM alerts from 2 of the DCs that various DC functions were failing when contacting one of the 2003 DCs. The 2 2000 servers could be RDP, but not accessed via MMC for
RE: Endpoint Protection with Device Control?
Speaking of Vipre, I noticed v6 of Vipre Business Premium has added mobile device (iOS, Android) policies. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, November 21, 2012 8:09 AM To: NT System Admin Issues Subject: Re: Endpoint Protection with Device Control? VIPRE Business/Enterprise has a policy that enforces scanning of inserted drives. Works well. Don't know if actually restricts access, however - it's been a while since I looked. Also, their newest version just came out (we're about to implement it), and I haven't had a chance to read the change notice for it, so can't tell you yet about anything new in it. I'm at home for the week, so am out of touch with the office, and can't immediately give you any more details. Kurt On Wed, Nov 21, 2012 at 7:55 AM, Paul Hutchings paul.hutchi...@mira.co.uk wrote: I may have asked this some months back so apologies but I can’t find the email in the archives. Our current antivirus product is up for renewal in three months and we have an interest in being able to monitor and restrict/allow access to removable drives, predominantly USB sticks. Has anyone any experience of either antivirus suites which have this functionality, or standalone products? Clients are Windows XP upwards with most being Windows 7 and a mix of 32bit and 64bit. Thanks, Paul MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
