RE: IIS W2KR2 Question
I think you're confusing yourself more :) A domain name is just that - a name e.g. www.yourcompany.comhttp://www.yourcompany.com. All the DNS does is resolve that name to an IP address A website is a logical collection of resources (web pages, images etc). It can be accessed by IP address, domain name etc. Now, I'm a bit confused when you write: I have been trying to create a rule to redirect a subdomain name to a web page under the main domain. You don't redirect domain names - a domain name points to an IP address. If you want it to point someone else, just update the DNS server. A domain name doesn't point to a webpage - it points to an IP address. Now, what I think you want to do is: Users who enter www.google.comhttp://www.google.com in their browser get a webpage from c:\inetpub\wwwroot Users who enter trial.google.com in their browser get a webpage from c:\inetpub\wwwroot\test (i.e. test is a folder that, coincidently, is located under the root of the first website, but is also the root of the second website). If that's the case, just follow the steps I posted immediately below (create two websites) If you actually want to do a redirect - that means that people are actually asking for http://trial.google.com in their browser, but the server tells them to make another request for http://google.com/test - is this what you want to happen? Cheers Ken From: Daniele Bartoli [mailto:danielebart...@gmail.com] Sent: Friday, 10 May 2013 3:12 AM To: NT System Admin Issues Subject: Re: IIS W2KR2 Question I seemed to have confused matters. Thanks for your patience. Let me try to explain this differently with the correct wording. I have been trying to create a rule to redirect a subdomain name to a web page under the main domain. For example, I want http://trial.google.com to redirect to http://google.com/test I am thinking that the URL Rewrite feature in IIS could accomplish this. However I am not sure how to write the rule? Also would the rule go on the server or the site in IIS? Or is there another option? On Wed, May 8, 2013 at 5:47 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: Easiest way is to: a) create a second website. b) Configure the second website with the host header trial.google.comhttp://trial.google.com c) Set the home directory of the second website to be the test folder But, what you are asking for now is not what you were asking for before... Cheers Ken From: Daniele Bartoli [mailto:danielebart...@gmail.commailto:danielebart...@gmail.com] Sent: Thursday, 9 May 2013 9:47 AM To: NT System Admin Issues Subject: Re: IIS W2KR2 Question There is one site in IIS. So all google.comhttp://google.com traffic goes to that one site (i.e. Default Web Site). Within that site there is a page (google.com/testhttp://google.com/test) that they are trying to associate to the other domain name (trial.google.comhttp://trial.google.com) How do I do that? On Wed, May 8, 2013 at 4:19 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Err, my reply should read: This is easier if google.comhttp://google.com and trial.google.comhttp://trial.google.com are actually different sites on separate IP addresses on the IIS server... Kurt On Wed, May 8, 2013 at 4:17 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: On Wed, May 8, 2013 at 3:13 PM, Daniele danielebart...@gmail.commailto:danielebart...@gmail.com wrote: Got an IIS question that I am hoping someone can help with. I am using the google domain name fictiously to illustrate the example. So I have my web server, and it has a web page at google.comhttp://google.com. I have an A record that points google.comhttp://google.com to an IP. Then I have anoher web page on that same server that is at trial.google.com/testhttp://trial.google.com/test. I have an A record that points trial.google.comhttp://trial.google.com to the same IP as google.comhttp://google.com. If I try to manually go to trial.google.com/testhttp://trial.google.com/test, all works just fine. My question is, how do I redirect traffic so that the trial.google.comhttp://trial.google.com automatically goes to trial.google.com/testhttp://trial.google.com/test? Meanwhile, I don't want to impact what is already working, google.comhttp://google.com this is easier if google.comhttp://google.com and trial.google.comhttp://trial.google.com are actually separate sites on the IIS server... In that case, just make the test page your default for trial.google.comhttp://trial.google.com But, in this case, from dim memory, you'll need to enable host headers, and you'll still want to make the test page as your default page for trial.google.comhttp://trial.google.com See this article: http://technet.microsoft.com/en-us/library/cc753195%28v=ws.10%29.aspx Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com
RE: IIS W2KR2 Question
There's insufficient information in your post to answer completely. Do you have two separate websites setup in IIS? If so, then you can simply use any number of redirect options (IIS has inbuilt redirect functions, or you can use .NET, or the optional ARR module) to redirect http://trial.google.com to http://trial.google.com/test What you didn't say is if you want to redirect anything else. E.g. what is someone requests http://trial.google.com/default.htm? DO you want to redirect that as well? (or just give a 404?) What about http://trial.google.gom/somethingelse? Secondly, what if you don’t have a second website? You just have two DNS entries pointing to the one website? In that case, it's a little more work (but not much). You just need to specify the matching host header that the browser must send for the redirect to kick in. It helps if you work through all the scenarios (use cases) first, so you have a set of outcomes. Then we can build a rule to match the expected outcomes. Cheers Ken -Original Message- From: Daniele [mailto:danielebart...@gmail.com] Sent: Thursday, 9 May 2013 8:13 AM To: NT System Admin Issues Subject: IIS W2KR2 Question Got an IIS question that I am hoping someone can help with. I am using the google domain name fictiously to illustrate the example. So I have my web server, and it has a web page at google.com. I have an A record that points google.com to an IP. Then I have anoher web page on that same server that is at trial.google.com/test. I have an A record that points trial.google.com to the same IP as google.com. If I try to manually go to trial.google.com/test, all works just fine. My question is, how do I redirect traffic so that the trial.google.com automatically goes to trial.google.com/test? Meanwhile, I don't want to impact what is already working, google.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IIS W2KR2 Question
Easiest way is to: a) create a second website. b) Configure the second website with the host header trial.google.com c) Set the home directory of the second website to be the test folder But, what you are asking for now is not what you were asking for before... Cheers Ken From: Daniele Bartoli [mailto:danielebart...@gmail.com] Sent: Thursday, 9 May 2013 9:47 AM To: NT System Admin Issues Subject: Re: IIS W2KR2 Question There is one site in IIS. So all google.comhttp://google.com traffic goes to that one site (i.e. Default Web Site). Within that site there is a page (google.com/testhttp://google.com/test) that they are trying to associate to the other domain name (trial.google.comhttp://trial.google.com) How do I do that? On Wed, May 8, 2013 at 4:19 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Err, my reply should read: This is easier if google.comhttp://google.com and trial.google.comhttp://trial.google.com are actually different sites on separate IP addresses on the IIS server... Kurt On Wed, May 8, 2013 at 4:17 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: On Wed, May 8, 2013 at 3:13 PM, Daniele danielebart...@gmail.commailto:danielebart...@gmail.com wrote: Got an IIS question that I am hoping someone can help with. I am using the google domain name fictiously to illustrate the example. So I have my web server, and it has a web page at google.comhttp://google.com. I have an A record that points google.comhttp://google.com to an IP. Then I have anoher web page on that same server that is at trial.google.com/testhttp://trial.google.com/test. I have an A record that points trial.google.comhttp://trial.google.com to the same IP as google.comhttp://google.com. If I try to manually go to trial.google.com/testhttp://trial.google.com/test, all works just fine. My question is, how do I redirect traffic so that the trial.google.comhttp://trial.google.com automatically goes to trial.google.com/testhttp://trial.google.com/test? Meanwhile, I don't want to impact what is already working, google.comhttp://google.com this is easier if google.comhttp://google.com and trial.google.comhttp://trial.google.com are actually separate sites on the IIS server... In that case, just make the test page your default for trial.google.comhttp://trial.google.com But, in this case, from dim memory, you'll need to enable host headers, and you'll still want to make the test page as your default page for trial.google.comhttp://trial.google.com See this article: http://technet.microsoft.com/en-us/library/cc753195%28v=ws.10%29.aspx Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: _Lumina_822_phone
Works great in Singapore, Brisbane and Sydney as well. Surprised that it doesn’t work, considering that Nokia bought Navteq, which is/was one of the two big mapping firms… From: rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Tuesday, 30 April 2013 8:24 PM To: NT System Admin Issues Subject: Re: _Lumina_822_phone Could be your area, I guess. Works great in Ohio. Sent from Microsoft Surface Pro From: Jo Sent: Tuesday, April 30, 2013 3:16 AM To: NT System Admin Issues Actually tried to do that, wheter it got properly installed or not I do not know. But the directions I got from Nokia was hairy. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DFSR
What happens when the WAN sh*ts itself, and your environment is cut in half? Cheers Ken From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, 30 April 2013 10:04 PM To: NT System Admin Issues Subject: RE: DFSR That can be mitigated with setting referral ordering on the namespace for common shares. I don't DFSR to load balance, I do it for uptime. All of the shares are referral ordered to just one server. To date, we have not had any double edit issues. Although I probably just jinxed myself. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, April 29, 2013 5:18 PM To: NT System Admin Issues Subject: RE: DFSR The big deal with DFS (IMO) is the double-edit issue. Two people can edit the same file at the same time and the last one that saves the file wins. From: David Lum [mailto:david@nwea.org] Sent: Monday, April 29, 2013 5:03 PM To: NT System Admin Issues Subject: DFSR I resolved my DFS issue from last week (pilot error :)). My question is this: Is there a reason not to leverage DFS for most file shares? It seems to me like it's a good way to be able to down a server (read: patch and reboot) and keep the file shares available, but I also know with something that's new to me makes it easy to overlook something simple. I'd guess it's not a good idea to DFS *every* file share, just mission-critical ones? In the scenario I care about the sites are all connected at 10Mbit or better and there's no more than 40 users connected to any one server at a time and 55 is the total user count. All storage is local, no SAN /iSCSI, etc. I did find this too: http://blogs.technet.com/b/askds/archive/2010/11/01/common-dfsr-configuration-mistakes-and-oversights.aspx Seems like the only downside - as long as you're paying attention to things listed in the link above - is using 2x/3x+ of the overall disk space as without DFSR, and possible traffic if you are a huge environment with very slow connections. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DFSR
FWIW Even full-mesh redundancy doesn't help you if your telco pushes some incorrect config to their core routers, or pushes some bad firmware to devices etc. You still end up with split network. Referral ordering relies on all users being able to access the current top target simultaneously. Once some users are accessing one top target, and other users think that a different target is the current top target, you run the risk of double edit issues. Main way to avoid that is to have a highly redundant #1 target (or individual site-specific targets which are backed by the highly redundant target as #2). You can replicate the content to additional servers (e.g. in another DC), but don't publish these as targets unless your highly redundant target (and any protocol-aware load balancers you have) go down. Cheers Ken From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, 30 April 2013 10:57 PM To: NT System Admin Issues Subject: RE: DFSR When my WAN sh*ts itself it is cut into 13ths and it is all over anyway. Full mesh redundancy is not on our radar. The ROI isn't there for us. We pay for 4 hour from Cisco and 24 hour from our fiber provider. But if I was meshed and had distributed servers my referral ordering would still work. The top priority server dies or that part of the network dies peeps would go to the second ordered referral. .com] Sent: Tuesday, April 30, 2013 8:50 AM To: NT System Admin Issues Subject: RE: DFSR What happens when the WAN sh*ts itself, and your environment is cut in half? Cheers Ken From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, 30 April 2013 10:04 PM To: NT System Admin Issues Subject: RE: DFSR That can be mitigated with setting referral ordering on the namespace for common shares. I don't DFSR to load balance, I do it for uptime. All of the shares are referral ordered to just one server. To date, we have not had any double edit issues. Although I probably just jinxed myself. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, April 29, 2013 5:18 PM To: NT System Admin Issues Subject: RE: DFSR The big deal with DFS (IMO) is the double-edit issue. Two people can edit the same file at the same time and the last one that saves the file wins. From: David Lum [mailto:david@nwea.org] Sent: Monday, April 29, 2013 5:03 PM To: NT System Admin Issues Subject: DFSR I resolved my DFS issue from last week (pilot error :)). My question is this: Is there a reason not to leverage DFS for most file shares? It seems to me like it's a good way to be able to down a server (read: patch and reboot) and keep the file shares available, but I also know with something that's new to me makes it easy to overlook something simple. I'd guess it's not a good idea to DFS *every* file share, just mission-critical ones? In the scenario I care about the sites are all connected at 10Mbit or better and there's no more than 40 users connected to any one server at a time and 55 is the total user count. All storage is local, no SAN /iSCSI, etc. I did find this too: http://blogs.technet.com/b/askds/archive/2010/11/01/common-dfsr-configuration-mistakes-and-oversights.aspx Seems like the only downside - as long as you're paying attention to things listed in the link above - is using 2x/3x+ of the overall disk space as without DFSR, and possible traffic if you are a huge environment with very slow connections. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: _Lumina_822_phone
Lumia 920 has worldwide free offline maps. So that’s at least one more +1 for the Lumia Also sent from Surface Pro From: rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Sunday, 28 April 2013 5:40 AM To: NT System Admin Issues Subject: Re: _Lumina_822_phone HTC 8x is a better phone than the Lumia. Lumia has a better camera, that's about it. Sent from Microsoft Surface Pro From: James Kerr Sent: Saturday, April 27, 2013 1:22 PM To: NT System Admin Issues Well, I had been a user of Windows phone back in the 6.x days then I got a Android device for work and another for personal use and I really got used to it and liked it a lot. I was however, excited to get a Windows phone again as it looked like it had come along a ways. When I got the Lumia and started using it, it just seemed unfinished/very basic. When I setup active sync on it, it didn't like the cheap cert we had for exchange (starfield?). Anyway, my new Andoid phone with Jelly Bean is far more devoloped and thought out. The fit and finish of the OS is much better. When I showed our CEO my Windows phone he just about laughed and said he would prefer to keep his DroidX, he ended up getting an iPhone (not his pick) and sent that back and asked for another Android. I think he is going to end up with a S4. On Sat, Apr 27, 2013 at 10:30 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Not questioning your choice – but what didn’t you like about the Lumia? From: James Kerr [mailto:cluster...@gmail.commailto:cluster...@gmail.com] Sent: Saturday, April 27, 2013 10:20 AM To: NT System Admin Issues Subject: RE: _Lumina_822_phone I got one from work and was pretty excited until I actually started using it. Then I sent it back and got a Droid DNA, much better. Sent from my MK-19 grenade launcher. On Feb 16, 2013 8:51 PM, joeu...@chronic.orgmailto:joeu...@chronic.org wrote: I have the HTC Trophy - WP 7.5 -- 7.8 on Verizon. Solid, stable, Superb. Only gripe is that HTC doesn't treat its users as well as Nokia (Nokia has many exclusive apps). They can take my Trophy - when they pry it out of my cold, dead hand. WP8 is pretty good. Some phones seem to have some issues and others don't. Wi-Fi connectivity, battery life, etc. I think once it gets a patch under it's belt it will be solid. Remind you of anything? Friends have got a phone with an issue, returned it for another - same model - no more issue. So... Regards, joeuser - Still looking for the 'any' key... ...now these points of data make a beautiful line... Original Message Subject: RE:_Lumina_822_phone From: rodtr...@myitforum.commailto:rodtr...@myitforum.com Date: Sat, February 16, 2013 7:47 am To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com I’m on Verizon and opted for the HTC 8X instead. In my opinion, after testing both, the HTC is a better device. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: _Lumina_822_phone
Lumia 920 has wireless charging as well. Also typed on Surface Pro From: rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Sunday, 28 April 2013 9:22 AM To: NT System Admin Issues Subject: Re: _Lumina_822_phone Some are. The Nokia Drive app is, for example. HTC also has wireless charging which doesn't get a lot of press. Sent from Microsoft Surface Pro From: Michael B. Smith Sent: Saturday, April 27, 2013 6:17 PM To: NT System Admin Issues I am very fond of the Nokia apps. Are those available on the HTC? From: rodtr...@myitforum.commailto:rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Saturday, April 27, 2013 3:40 PM To: NT System Admin Issues Subject: Re: _Lumina_822_phone HTC 8x is a better phone than the Lumia. Lumia has a better camera, that's about it. Sent from Microsoft Surface Pro From: James Kerr Sent: Saturday, April 27, 2013 1:22 PM To: NT System Admin Issues Well, I had been a user of Windows phone back in the 6.x days then I got a Android device for work and another for personal use and I really got used to it and liked it a lot. I was however, excited to get a Windows phone again as it looked like it had come along a ways. When I got the Lumia and started using it, it just seemed unfinished/very basic. When I setup active sync on it, it didn't like the cheap cert we had for exchange (starfield?). Anyway, my new Andoid phone with Jelly Bean is far more devoloped and thought out. The fit and finish of the OS is much better. When I showed our CEO my Windows phone he just about laughed and said he would prefer to keep his DroidX, he ended up getting an iPhone (not his pick) and sent that back and asked for another Android. I think he is going to end up with a S4. On Sat, Apr 27, 2013 at 10:30 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Not questioning your choice – but what didn’t you like about the Lumia? From: James Kerr [mailto:cluster...@gmail.commailto:cluster...@gmail.com] Sent: Saturday, April 27, 2013 10:20 AM To: NT System Admin Issues Subject: RE: _Lumina_822_phone I got one from work and was pretty excited until I actually started using it. Then I sent it back and got a Droid DNA, much better. Sent from my MK-19 grenade launcher. On Feb 16, 2013 8:51 PM, joeu...@chronic.orgmailto:joeu...@chronic.org wrote: I have the HTC Trophy - WP 7.5 -- 7.8 on Verizon. Solid, stable, Superb. Only gripe is that HTC doesn't treat its users as well as Nokia (Nokia has many exclusive apps). They can take my Trophy - when they pry it out of my cold, dead hand. WP8 is pretty good. Some phones seem to have some issues and others don't. Wi-Fi connectivity, battery life, etc. I think once it gets a patch under it's belt it will be solid. Remind you of anything? Friends have got a phone with an issue, returned it for another - same model - no more issue. So... Regards, joeuser - Still looking for the 'any' key... ...now these points of data make a beautiful line... Original Message Subject: RE:_Lumina_822_phone From: rodtr...@myitforum.commailto:rodtr...@myitforum.com Date: Sat, February 16, 2013 7:47 am To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com I’m on Verizon and opted for the HTC 8X instead. In my opinion, after testing both, the HTC is a better device. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: On the subject of security...
-Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Subject: Re: On the subject of security... Everything is about /management/ of risk, not 99.99% avoidance of risk. You manage risk by taking countermeasures, I believe, not by ignoring them. Where do you get this framework from? Most risk management people I've talked to would say that all the below are legitimate responses to risks a) mitigate b) transfer c) accept d) avoid OTOH, I think you seriously underestimate the risks of web browsing to your finances, identity and reputation, and also the costs of repairing them. OK - please educate us on these risks and costs. My understanding is that most fraud and identity theft occurs offline. Secondly some of the things you do (like encrypt drives) aren't going to help with dangerous web browsing habits. So, what's the real risks of browing the web? I've never seen any real research on this. Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: On the subject of security...
-Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Subject: Re: On the subject of security... I think it has everything to do with the comic, or at least my understanding of the comic. What I'm reading from it is that he's using poor web browsing techniques, and not protecting his personal data via the mechanisms I've outlined, including different IDs and passwords (and even different browsers) for different web sites, etc. Perhaps you have a different understanding of the meaning of that comic - if so, please provide me with illumination. The text in the comic does state if someone steals my computer whilst I am logged in...” in which case, disk encryption, multiple passwords, multiple browsers etc. would mostly be useless – the assumption being that the user is logged into these sites or apps already. I think explainxkcd.com does a good job of explaining the comic (emphasis added): http://www.explainxkcd.com/wiki/index.php?title=1200 quote Computer operating systems were initially written for the business environment. Thus they were made to be accessible to multiple employees, or users, but only fully accessible to administrators (or admins). Regular users can access and use programs on the computer, but only the admin is allowed to make changes to how the computer runs. This same split level of security continues to this day, even in privately owned, or home, computers. The joke here is that the most important things on a computer are no longer the programs that it runs, but the private personal data it accesses (usually online). Anyone who wished to do real mischief on an active computer could do considerable damage without ever caring what the admin password was. The admin password, in effect, now guards a vault no one cares about. This comic pokes fun at the authorization mechanisms surrounding most operating systems' administrator accounts. It makes the argument that the user's data is more valuable than the integrity of the system. (This is arguably true for most personal systems, although it is probably not true in a shared-server setup, where a system compromise could lead to the exposure of many users' data.) Essentially, once a user is logged in, he or she can typically access all of his or her data without any further restriction. Modifying the operating system (for example, to install drivers) requires a separate password. /quote ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Color me skeptical
I'd argue that Google's way of searching was/is sufficiently different to the competition (Alta Vista anyone) to be considered some kind of shift. If you're going to say that Google didn't revolutionise search because they didn't invent it, then arguably there's been nothing revolutionised for hundreds of years (which I think we both agree is false). It may be just that we disagree on the degree of change required to call something a 'paradigm shift', but I'd argue that Google Search, and the concept of giving people gigabytes of free storage for Gmail were both game changers that propelled those two products from challengers to dominance. Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, 23 April 2013 3:17 AM To: NT System Admin Issues Subject: Re: Color me skeptical They hit paydirt with search, don't sort and sell user data/advertising to others, not services to users. But that wasn't a paradigm shift. They didn't invent search, and they didn't invent selling advertising, and they didn't invent the freemium concept or the concept where the user is the product. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Color me skeptical
From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, 23 April 2013 10:13 AM To: NT System Admin Issues Subject: Re: Color me skeptical If you're going to say that Google didn't revolutionise search because they didn't invent it But they did not create a paradigm shift. Nothing shifted. We still use web mail like we did before, and we still search (largely) like we did before. I think this is where we might disagree. You see Gmail as web based email - maybe I can characterise this viewpoint as a looking at it as a technology stack. But if we look at it from a service use-case PoV, i.e. how do people use this service? I think it definitely changed the way people (outside tech circles where people were used to almost unlimited amounts of email storage) treated email (whether web based or not) All of a sudden you didn't need to worry about quotas. You needn't need to organise things into folders to manage large amounts of mail. Email became set and forget - just read and send email (and do the occasional search). All the other things we used to do with managing mail went out the window. That's what differentiated Gmail from Outlook or Hotmail or Eudora or Pine or anything else at the time: a) No need to organise, because search is both effective and instantaneous b) No need to delete things, because storage is (effectively) limitless So, large quota web based email isn't really a paradigm shift. But I think email as a service (and Google will take care of everything behind the scenes) is (for small values of paradigm) Search might be a harder question to tackle. Arguably from a technology PoV, we still type text into a HTML form and hit submit, so we still search like we did before Google. But the way we search is different now. Alta Vista was arguably the king of the hill before Google, but to use that I had to think like Alta Vista, using arcane syntax and logical operators to get the results I was looking for. I'm not sure how to describe how I use Google, but what I need to think about before searching for something is completely different to how I had to think to use any of its predecessors. This way of interacting with a computer system to find things was completely different IMHO. Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Color me skeptical
If you go back to the source, it's supposed to be a phrase used entirely for changing scientific views of our universe, but since then has become a debased phrase that can mean whatever you want it to mean: http://en.wikipedia.org/wiki/Paradigm_shift Would letting blind people see be a scientific breakthrough? A medical miracle? Or a paradigm shift? I'd call the technology that enables this one of the former two. If society's views subsequently change (e.g. on the capabilities or ability of blind people to engage with sighted society), that might be a paradigm shift. Cheers Ken From: Jon Harris [mailto:jk.har...@live.com] Sent: Tuesday, 23 April 2013 11:16 AM To: NT System Admin Issues Subject: RE: Color me skeptical Personally I question what a paradigm shift would be considered to be. I would then look at that is being proposed as such a thing. Most of the truly accurate futurist were not associated with a company selling hardware or software. They were academics and entertainers. Look at what Rodenberry saw when he invented Star Trek (Yeah I know maybe not a good choice but he did see things in his vision that we now have maybe due to that vision) He was looking not at what was or what was possible but what he saw as the future. Like many others of his ink he was able to see true paradigm shifts even if he was not going to be a part of inventing them. In my mind Jobs is and will forever be the king of salesmanship. He convinced people that what he was selling was better, faster, more cool, than anything in the market, despite the fact that others had made it before him. He was also not above allowing others to make claims that were patently false (Apple OS/iOS can't get bugs). Later once he had his market up and running when he knew his time on that statement was running out made sure his marketing people did not make that claim but would quietly say it was possible for it to get bugs. Google would not be in business except for companies like Microsoft and Yahoo. Microsoft itself was only able to get going due to the inventor of an earlier OS not really being interested in business, well that and having family in the right place at the right time. A paradigm shift would be something everyone could benefit from or helps those in special niche markets get equal to those in the larger market. If Google glass were to be able to allow the blind to see then that to me would be a paradigm shift. Jon From: k...@adopenstatic.commailto:k...@adopenstatic.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Color me skeptical Date: Mon, 22 Apr 2013 22:03:33 + I'd argue that Google's way of searching was/is sufficiently different to the competition (Alta Vista anyone) to be considered some kind of shift. If you're going to say that Google didn't revolutionise search because they didn't invent it, then arguably there's been nothing revolutionised for hundreds of years (which I think we both agree is false). It may be just that we disagree on the degree of change required to call something a 'paradigm shift', but I'd argue that Google Search, and the concept of giving people gigabytes of free storage for Gmail were both game changers that propelled those two products from challengers to dominance. Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, 23 April 2013 3:17 AM To: NT System Admin Issues Subject: Re: Color me skeptical They hit paydirt with search, don't sort and sell user data/advertising to others, not services to users. But that wasn't a paradigm shift. They didn't invent search, and they didn't invent selling advertising, and they didn't invent the freemium concept or the concept where the user is the product. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Dropsmack Malware CC via Dropbox
What do we do if we have a few thousand Excel spreadsheets with critical business processes and information in them? How do I whitelist only the good spreadsheets and macros? (i.e. is that level of granularity supported?) and secondly, what is the overhead in maintaining this - especially when is it analysts/traders etc (i.e. effectively end users and their IT support) that are developing these - something would be changing on a daily basis? Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 17 April 2013 11:33 PM To: NT System Admin Issues Subject: RE: Dropsmack Malware CC via Dropbox Agreed, same solution I am using, does the same function and if there is any blocks, its dealt with quickly before going live. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 16, 2013 11:47 PM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox The software I use has an endpoint analysis mode, kinda like a passive mode, that creates whitelists for you. Using this, you should be able to ensure everything works before going live. Add to this the alerting is very good so false positives get quickly dealt with. Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com Date: Wed, 17 Apr 2013 00:27:19 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Dropsmack Malware CC via Dropbox What happens when the business relies a lot on Access DBs, Excel spreadsheets etc.? Do I have to whitelist every macro? Am I still at risk of data loss/corruption/exfiltration? Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, 17 April 2013 12:54 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox Whitelisting can be a lot of work, if you haven't got a flexible technology. There are various vendors in the space and some of them take a lot of the donkey-work out of it for you, whilst still maintaining (as far as I've seen) decent security. But I totally agree that it's still at the whim of the person with their fingers on the controls - if the admin allows a bad executable, then you're in trouble. That can only be mitigated by belt-and-braces approaches, really, relying on old-style reactive AV or IDS/IPS or whatever to catch the bad executable that's somehow bypassed your processes and controls. There is another load of tech springing up around MDM, MIM, MAM or whatever TLA you choose to describe it. It's another big set of challenges though. At the moment I am concentrating on extending the agents I have to MacOS devices rather than worrying about tablets and mobiles yet. I can avoid some of the pain at the moment by deploying Windows apps and desktops via Citrix to the mobile devices rather than letting users manipulate corporate data directly, but it's something I will no doubt get asked to get involved in sometime in the future :-) But it's all so fun keeping up with user trends, isn't it? Maybe if we try really hard to get on top of the possibilities right now we can approach BYOD from a security perspective rather than just getting bullied into making it happen too quickly and having to catch all the security issues while firefighting :-) Cheers, JR On 16 April 2013 15:36, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: James, I agree on the application whitelisting front. But its a lot of work and its still based on trust. ( If you trust something bad) then you have still let the determined attacker in the door, but the caveat is if you control the code execution on your endpoints, then you change the game into your favor. Other aspects to think of: Will application whitelisting work for mobile devices: (Iphone, Android, Tablets, all of which can act like storage devices in a way. Questions to be answered: Which devices do you allow
RE: On the subject of security...
-Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, 18 April 2013 6:08 AM To: NT System Admin Issues Subject: Re: On the subject of security... If that's the case, then he didn't make his point at all clear. ... True again - and again unremarkable. My point is that you have to use the same methods to protect unprivileged accounts as you do root/administrator. ... That's the import of my remarks about screensavers, FDE, not caching passwords for web sites in browsers, etc. - it's all about protecting the data; that which resides on the machine, and that which resides on teh intarwebs. If anyone's being unclear here, I think it's you. My reading of your comments is that a lot of your suggestions are geared towards preventing access to the system. All your suggestions about encrypting disks, having screen savers etc. are overkill if all my data is burnt to CDs. I'm better off investing in a safe to house them. Additionally, if my only PC is the one sitting in my living room, then when someone has got access to that machine (by breaking into my house), then a lack of password protected screensaver, or the fact that the password to the machine is on the bottom of the keyboard, is probably the least of my problems. Security is about managing risk: identify what the threats are, and the mitigate, transfer, accept etc. Security is not a checklist of technologies and processes. I protect all of my accounts, privileged or not, in the same ways, and have been doing so for so long that it's completely natural to me. It just feels unnatural not to do so. No running executables from untrusted sources, turn off scripting in my browsers, view all email as plain text, no remembering/caching of passwords in browsers, using a unique password per web site and per other accounts, regular clearing of cookies, no linking of accounts between web sites, running current AV, no browsing with elevated accounts, laptops have full disk encryption, etc., etc., etc. Without an evaluation of risks, this would be a complete waste of time for most people IMHO. I run as an admin on my personal machine. I don't bother reading all mail in plain text, and I don’t full disk encrypt all my machines, and I don't clear my cookies. I've got better things to do with my time, and if I focus on protecting my identity and data instead, I'm probably just as likely as you to be safe. Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: On the subject of security...
-Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Subject: Re: On the subject of security... No running executables from untrusted sources, turn off scripting in my browsers, view all email as plain text, no remembering/caching of passwords in browsers, using a unique password per web site and per other accounts, regular clearing of cookies, no linking of accounts between web sites, running current AV, no browsing with elevated accounts, laptops have full disk encryption, etc., etc., etc. Without an evaluation of risks, this would be a complete waste of time for most people IMHO. Sure - if you don't browse the Internet, share USB sticks, etc., you probably don't need to do those things. But I do browse the internet, and I do share USB sticks. Yet I don't do most of what you list above. Everything is about /management/ of risk, not 99.99% avoidance of risk. Just as people don’t live in impenetrable fortresses, and keep their money in Fort Knox, it's not actually necessary (or even desirable IMHO) to do some of things you do to have an acceptable level of risk. The marginal benefit from each additional step you are taking vs. the cost to usability and time taken isn't worth it (again, IMHO) I run as an admin on my personal machine. I don't bother reading all mail in plain text, and I don’t full disk encrypt all my machines, and I don't clear my cookies. I've got better things to do with my time, and if I focus on protecting my identity and data instead, I'm probably just as likely as you to be safe. So, care to share how you protect your identity and data without any technologies or processes? Let's be clear - I'm not saying I have no technology, and my strategy is to rely on magic. I start by worrying about what my family needs/wants to be able to do, and then what apps and data we need to do it, and then work out what the threats/risks are. You can draw a parallel to business - info - technology architecture from TOGAF or similar framework if you want. Malware and hackers getting into my home network is probably about half-way down the list at the moment. Additionally, instead of inconveniencing end users with restrictions on either user experience, I want technology to work in the background to protect us (if possible). So, we use 802.1x for our wireless since we're all on an AD domain, and SOHO APs all support it now (there's a guest wireless network for visitors), and I use centralised malware scanning on the Exchange server. I'm researching some options for outsourcing the malware/junk scanning for incoming (it's a pity that Postini doesn't seem to be available anymore) But things I worry about more are hardware failure, lightning strikes (had two of those in two different homes), being burgled, having a fire or something else similar that destroys things. The information I worry about protecting isn't just what's electronic/digital, but also paper records, passports, birth certificates and so on. So, it's starting from a different starting point. It's not starting from you should encrypt your disk, delete your cookies, run as a non-admin. It's starting from what types of critical/important/throw-away data do I have in order to live/work/interact with friends, and then what are the risks to that data, and what can I do about it. And weigh all that against usability So, I'm not particularly worried about someone getting access to the password for the media centre PC's default user account. I'm more worried about that account somehow getting logged out, and whoever is using our media centre not being able to log back in again. I mitigate the risk of people knowing the password doing something bad by restricting what that account is allowed to do. Likewise I want to be able to share things with my family overseas, bank online and do various other things - at the same time without impacting my user experience significantly, so I take other measures to help reduce risk: I get notifications for purchases on my CCs over a certain amount. Most of my banks require (or at least offer) 2FA for authentication now. Etc. Cheers Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Some interesting thoughts about network security
Some thoughts on this: - A company going and buying 40,000 iPads isn't BYOD. Corps have been buying phones (e.g. Blackberries), laptops and tablets for staff for a long time. If the corp is providing it, it's not BYOD - The concept of remote VDI isn't new. That said I don't think it'll fly in many financial institutions outside retail banking in the short term. IME the type of work that needs to be done in wealth management, investment and institutional banking is very different to tellers working out in branches in retail banking. Retail banking's been dominated by thin clients for a long time (fixing thick client PCs out in suburbia or out in the country is support PITA). Not to say there isn't some scope to pull some apps back to a centralised location for wealth/institutional/investment, but there are other things (like Bloomberg terminals, Reuters feeds etc.) where the underlying network required and the physical kit, is going to result in stuff sitting on people's desks. - BYOD + remote VDI is becoming more popular, but I just don't think (in the short term) that it's going to dominate banks. There's simply too many issues still around (e.g. what to do when the employee's machine breaks down) that there aren't clear-cut best-practise answers to. Whilst I see people trialling things, I don't think the evidence is in yet on whether it's a good idea or not. I think it'll be another 3-5 years before we have enough data on whether it's sustainable and economic. - Compliance/Risk depts. Have issues around a central infrastructure providing the entire service: the cost providing a full redundant, HA, platform for a small trading office with 10-20 staff kinda crimps this initiative. And a non-redundant, non-HA setup will not fly because the bank is unable to consolidate and report its overall risk position to regulators. - The other stuff (like his networking proposals), I think is just silly. He obviously knows his Citrix stuff well. But maybe that's where he should stick to - get networking and security guys to help paint the rest of the picture. Cheers Ken From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, 16 April 2013 9:28 PM To: NT System Admin Issues Subject: RE: Some interesting thoughts about network security Most of the projects I work on are in the financial and healthcare sectors. 100% of them are doing BYOD. These are some of the largest companies in their respective industries. One healthcare related company just bought 40,000 iPads for their sales force. Where I am now they have 30,000 people using Citrix XenApp and are scaling up a XenDesktop project to 11,000 users. They are supporting almost every kind of device imaginable: iPhone, iPad, Androids, Surface, Mac OSX, Win7, etc. Brian Madden is a recognized name and thought leader in this space. But as a thought leader, his goal is to make you think. Think about the ways users are getting around IT (I see it daily at my current project), think about how IT really does not and cannot control every device. Back when Brian was in the trenches doing designs and installs, he designed and built some of the world's largest TS/RDS/XenApp environments. He does know his stuff. I think he is trying to stretch IT's way of thinking and can be considered more of a provocateur now. What we did in IT 5 or 10 years ago may not work with today's users and how they work and or want or need to access company data. Just my $0.02US worth Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Jon Harris [mailto:jk.har...@live.com] Sent: Monday, April 15, 2013 9:46 PM To: NT System Admin Issues Subject: RE: Some interesting thoughts about network security One of the things I saw in the article was part of his reasoning on this was the BYOD movement. I know a lot of places are looking at this and some have even gone for it but if it was a financial firm or a health care provider I don't know if I would want to do business with them. BYOD just opens too many cans of worms for me to feel comfortable with those firms doing that. IF they were using something like VDI or Citrix like work interface I would only be marginally comfortable. I don't see that happening unless a company really looks at where the data is stored and the risk of that data getting lost to parties unknown. From all that I am seeing it is more management wanting to push the cost of the workers hardware to the worker and little else is taken into account until they get bit hard and are faced with lawsuits due to their lack of use of their brains. Jon From: k...@adopenstatic.commailto:k...@adopenstatic.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Some interesting thoughts about network security Date: Tue, 16 Apr
RE: Dropsmack Malware CC via Dropbox
What happens when the business relies a lot on Access DBs, Excel spreadsheets etc.? Do I have to whitelist every macro? Am I still at risk of data loss/corruption/exfiltration? Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, 17 April 2013 12:54 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox Whitelisting can be a lot of work, if you haven't got a flexible technology. There are various vendors in the space and some of them take a lot of the donkey-work out of it for you, whilst still maintaining (as far as I've seen) decent security. But I totally agree that it's still at the whim of the person with their fingers on the controls - if the admin allows a bad executable, then you're in trouble. That can only be mitigated by belt-and-braces approaches, really, relying on old-style reactive AV or IDS/IPS or whatever to catch the bad executable that's somehow bypassed your processes and controls. There is another load of tech springing up around MDM, MIM, MAM or whatever TLA you choose to describe it. It's another big set of challenges though. At the moment I am concentrating on extending the agents I have to MacOS devices rather than worrying about tablets and mobiles yet. I can avoid some of the pain at the moment by deploying Windows apps and desktops via Citrix to the mobile devices rather than letting users manipulate corporate data directly, but it's something I will no doubt get asked to get involved in sometime in the future :-) But it's all so fun keeping up with user trends, isn't it? Maybe if we try really hard to get on top of the possibilities right now we can approach BYOD from a security perspective rather than just getting bullied into making it happen too quickly and having to catch all the security issues while firefighting :-) Cheers, JR On 16 April 2013 15:36, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: James, I agree on the application whitelisting front. But its a lot of work and its still based on trust. ( If you trust something bad) then you have still let the determined attacker in the door, but the caveat is if you control the code execution on your endpoints, then you change the game into your favor. Other aspects to think of: Will application whitelisting work for mobile devices: (Iphone, Android, Tablets, all of which can act like storage devices in a way. Questions to be answered: Which devices do you allow to be attached to your systems to transfer data? (Policies, procedures, enforcement with technical controls and auditing and followup with administrative controls for compliance? (Do we allow the Apple devices, but not the Android, or do we allow just Ironkey devices, and whom should have them and what data should they be able to take ( DLP/DRM etc etc) And we all should know by now that AV is next near worthless against current malware trends, so why does the compliance regulations still require this ( PCI-DSS especially). Working on App whitelisting right now, its been interesting and complex at the time, but at the end I feel it will be worth it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Some interesting thoughts about network security
My thoughts: a) One size fits all solutions simply don't fit most organisations. Some e.g.: a.(e.g. you support users connecting from home today, so obviously you can obviously scale to support the entire organisation doing the same at work, or b. give each user their own VLAN - yeah, we'll create 100,000 VLANs - imagine maintaining the FWs, routers, and how much more complex user provisioning and de-provisioning is going to be. What happens when users move between buildings? Telcos can make this happen, but telcos are in the networking business. b) Treating wireless users as external and then making them VPN in isn't new - that's been the thinking for 20 years. It was start of the art maybe in 2000, but it's not now c) I know Microsoft was arguing for the hard core and soft shell since circa 2006 or so - so even that's now new. However I disagree that there should be one boundary (around the data centre) and we ignore everything else. Obviously Brian doesn't understand how large organisations (and I'm guessing other sizes as well - I don't have that much experience) work. Most banks (for example) are stuffed full of knowledge workers that depend on data being on their client PCs. For example I've seen reconciliations in a large institutional bank being run on over 2,000 excel spreadsheets due to lack of straight through processing between diverse systems. You can treat them as being on the internet, but that's too difficult to do in practise with granularity. If you make them VPN in, you end up giving them wide-open access anyway. So why not just use 802.1x to guard your physical (including WiFi) access? Surely 802.1x is easier and cheaper to deploy than catering for 100,000+ VPN connections? This looks like just another magic bullet - simple solution to a complex problem that only works in simple (i.e. small) environments. Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com] Sent: Monday, 15 April 2013 10:24 PM To: NT System Admin Issues Subject: Some interesting thoughts about network security http://www.brianmadden.com/blogs/brianmadden/archive/2013/04/15/rethinking-network-security-all-your-on-premises-wifi-users-are-actually-quot-remote-quot-users.aspx -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: POSH PtH - this is...
If you're admin on the machine, can't you just run a keylogger? Then you've got the DA's credentials in the clear (assuming they use a password) Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, 9 April 2013 10:01 AM To: NT System Admin Issues Subject: Re: POSH PtH - this is... On Mon, Apr 8, 2013 at 4:17 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Apr 8, 2013 at 7:06 PM, Kurt Buff kurt.b...@gmail.com wrote: Amusing? Alarming? Both? http://labofapenetrationtester.blogspot.in/2013/04/poshing-the-hashes.html Neither? It seem to boil down to, if you steal credentials, you gain access to what those credentials protect. This should not be a surprise. :-) Not exactly neither - the use of WCE is the key, methinks. WCE allows theft of credentials from others accounts that are stored in RAM, with the possible upgrade of credentials that this would imply, if higher-security accounts such as DAs Agree with MBS that other tools could stand in for PowerShell, but WCE was actually new to me. Granted, you must be local admin to use WCE, but if you're local admin on a server or workstation, and a DA account logs in and leaves credentials in memory, well, your task is accomplished. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: POSH PtH - this is...
Why don't you use smart card login instead? Security is about managing risk, and not about avoiding every possible risk. Work in a big enough org, and the risks are so numerous there's simply no way to avoid them all - some of them just have to be accepted as is. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, 9 April 2013 1:29 PM To: NT System Admin Issues Subject: Re: POSH PtH - this is... On Mon, Apr 8, 2013 at 8:04 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Apr 8, 2013 at 8:01 PM, Kurt Buff kurt.b...@gmail.com wrote: Agree with MBS that other tools could stand in for PowerShell, but WCE was actually new to me. Well, then, you didn't say that, you seemed focused on PoSh. WCE in particular is new to me, too, but I've certainly read of attacks on the running system to recover credentials before. That's why trusting the computer you're logging into is really important. :) It's good to know there's an easy-to-use tool available, though. :) Didn't make it clear, true - wrong subject line, I suppose. Trusting computers is not something that comes easily to me, any more, unless I'm the only one who has touched it. Too many folks don't understand the implications of their actions. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Analysing process dumps
If you want to use WinDBG, this is probably a good start: http://www.adopenstatic.com/cs/blogs/ken/archive/2009/06/30/24910.aspx Dump a list of threads and see which are the longest running Then dump the managed and unmanaged stacks for those threads. The problem then is that you need to know what you're looking at. You can post some here if you want or at forums.iis.net Cheers Ken From: Sobey, Richard A [mailto:r.so...@imperial.ac.uk] Sent: Friday, 5 April 2013 9:37 PM To: NT System Admin Issues Subject: RE: Analysing process dumps Oh, wonderful, thanks. I tried windbg, but yes, the output is a bit mystifying and I'm not sure what I'm looking for. Thanks Ken Richard From: bounce-9597307-8267...@lyris.sunbelt-software.commailto:bounce-9597307-8267...@lyris.sunbelt-software.com [mailto:bounce-9597307-8267...@lyris.sunbelt-software.com] On Behalf Of Ken Schaefer Sent: 05 April 2013 11:19 To: NT System Admin Issues Subject: RE: Analysing process dumps IIS Debug Diagnostics tool does a bunch of things for you automagically, and is geared towards w3wp.exe issues. Otherwise you can simply download the Windows Debugging Toolkit (the main tool you want is WinDBG), or use any user mode debugger (even Visual Studio.Net) if you want to try to root cause yourself However actually understanding what you are looking at requires some knowledge (plus some knowledge of how the tool works) Personally, I would use IISDebugDiag, and post the output to forums.iis.net - a bunch of MS PSS folk and MVPs hang out there, and if they can't help you within bounds of reason, they will direct you to PSS support if required. Cheers Ken From: Sobey, Richard A [mailto:r.so...@imperial.ac.uk] Sent: Friday, 5 April 2013 7:19 PM To: NT System Admin Issues Subject: Analysing process dumps Hi all I'm troubleshooting a runaway process on one of my Exchange 2010 CAS boxes, the CPU is getting hammered and the w3wp.exe process is the culprit. I'm creating process dumps, as I saw suggested on a forum, but is there any tool that can usefully analyse the output without me opening a case with Microsoft PSS? Many thanks Richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Just A Bunch of Noise, or The Beginning of The End?
Gartner's just saying that Microsoft might be outsold by Apple and/or Android devices by 2017 (I'm not really sure because Gartner's not directly quoted anywhere) Then there's some quote from some completely different party. So, given we have no idea exactly what Gartner's actually saying, I don't think we should jump to conclusions. Cheers Ken From: Rene de Haas [mailto:rene.deh...@gmail.com] Sent: Saturday, 6 April 2013 8:34 PM To: NT System Admin Issues Subject: Re: OT: Just A Bunch of Noise, or The Beginning of The End? In my previous company as well. Maybe a form of cya. Instead of having to say I made a wrong decision. I was following Gartners recommendation. On Fri, Apr 5, 2013 at 7:05 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: We have folks here that use Gartner magic quadrant info for decisions. -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.commailto:nt...@hedgedigger.com] Sent: Friday, April 05, 2013 9:05 AM To: NT System Admin Issues Subject: Re: OT: Just A Bunch of Noise, or The Beginning of The End? I just wish the media would just ignore everything Gartner says. I don't know why anyone takes their opinions seriously. They also said that Apple should get out of the hardware business and partner with Dell at some point. They predicted years ago that HP would be out of the PC business. Bill Roger Wright wrote: http://usmarketbuzz.com/msft-microsoft-corporation-nasdaqmsft-will-gro w-obsolete-by-2017-gartner-3206# Roger Wright ___ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Analysing process dumps
IIS Debug Diagnostics tool does a bunch of things for you automagically, and is geared towards w3wp.exe issues. Otherwise you can simply download the Windows Debugging Toolkit (the main tool you want is WinDBG), or use any user mode debugger (even Visual Studio.Net) if you want to try to root cause yourself However actually understanding what you are looking at requires some knowledge (plus some knowledge of how the tool works) Personally, I would use IISDebugDiag, and post the output to forums.iis.net - a bunch of MS PSS folk and MVPs hang out there, and if they can't help you within bounds of reason, they will direct you to PSS support if required. Cheers Ken From: Sobey, Richard A [mailto:r.so...@imperial.ac.uk] Sent: Friday, 5 April 2013 7:19 PM To: NT System Admin Issues Subject: Analysing process dumps Hi all I'm troubleshooting a runaway process on one of my Exchange 2010 CAS boxes, the CPU is getting hammered and the w3wp.exe process is the culprit. I'm creating process dumps, as I saw suggested on a forum, but is there any tool that can usefully analyse the output without me opening a case with Microsoft PSS? Many thanks Richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: RT devices?
Hi, Windows RT is a version of Windows that runs on ARM CPUs – it doesn’t run on the Surface Pro (rather, Surface Pro runs the x86-64 version of Windows that we’re familiar with on regular Intel PCs) WinRT is something slightly different – it’s an application programming environment. Apps programmed for WinRT are capable of running on both ARM (Windows RT) and x86 (“regular” Windows) architectures. Cheers Ken From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, 25 March 2013 4:52 PM To: NT System Admin Issues Subject: RE: RT devices? I look at the Surface Pro as running both Windows RT (WinRT) and “regular Windows” or am I look at things completely wrong? From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, March 25, 2013 1:41 AM To: NT System Admin Issues Subject: RE: RT devices? I think Rod’s confusion stems from the fact that the Surface Pro runs regular Windows, not Windows RT. Windows RT is only available on the Surface RT Cheers Ken From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, 25 March 2013 4:35 PM To: NT System Admin Issues Subject: RE: RT devices? Sorry I was a not clear. I wanted to ask what can be managed within Windows RT on the Surface Pro via Group Policy if anything. From: rodtr...@myitforum.commailto:rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Sunday, March 24, 2013 11:07 PM To: NT System Admin Issues Subject: RE: RT devices? Within RT on the Pro? Not sure I understand that. RT contains much of the same policies, they are just local, but can be managed using Windows Intune. Sent from Microsoft Surface Pro From: Ryan Finnesey Sent: March 24, 2013 10:43 PM To: NT System Admin Issues Subject: RE: RT devices? Is there any GPO support within RT on the pro? Can you control what tiles and Apps are displayed? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, March 20, 2013 11:57 AM To: NT System Admin Issues Subject: RE: RT devices? I’m very fond of GPOs and full application support. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, March 20, 2013 11:28 AM To: NT System Admin Issues Subject: RE: RT devices? Why is the RT not appropriate for business? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, March 20, 2013 11:01 AM To: NT System Admin Issues Subject: RE: RT devices? The Pro is very slick and I’ve got a hospital client that is testing them. So far, they are very happy with them. I don’t think the RT is appropriate in a business environment. Just IMHO. From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, March 20, 2013 8:32 AM To: NT System Admin Issues Subject: RE: RT devices? Not RT but the project I am on, the IT virtual desktop team is testing the Pro device and they love them. They prefer them to the iPads. I can’t provide any specifics as that is not the part of the project I am working on. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Tuesday, March 19, 2013 11:42 PM To: NT System Admin Issues Subject: RT devices? I am curious to know if anyone is thinking or has deployed RT devices to their end users. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: RT devices?
I think Rod’s confusion stems from the fact that the Surface Pro runs regular Windows, not Windows RT. Windows RT is only available on the Surface RT Cheers Ken From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Monday, 25 March 2013 4:35 PM To: NT System Admin Issues Subject: RE: RT devices? Sorry I was a not clear. I wanted to ask what can be managed within Windows RT on the Surface Pro via Group Policy if anything. From: rodtr...@myitforum.commailto:rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Sunday, March 24, 2013 11:07 PM To: NT System Admin Issues Subject: RE: RT devices? Within RT on the Pro? Not sure I understand that. RT contains much of the same policies, they are just local, but can be managed using Windows Intune. Sent from Microsoft Surface Pro From: Ryan Finnesey Sent: March 24, 2013 10:43 PM To: NT System Admin Issues Subject: RE: RT devices? Is there any GPO support within RT on the pro? Can you control what tiles and Apps are displayed? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, March 20, 2013 11:57 AM To: NT System Admin Issues Subject: RE: RT devices? I’m very fond of GPOs and full application support. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, March 20, 2013 11:28 AM To: NT System Admin Issues Subject: RE: RT devices? Why is the RT not appropriate for business? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, March 20, 2013 11:01 AM To: NT System Admin Issues Subject: RE: RT devices? The Pro is very slick and I’ve got a hospital client that is testing them. So far, they are very happy with them. I don’t think the RT is appropriate in a business environment. Just IMHO. From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, March 20, 2013 8:32 AM To: NT System Admin Issues Subject: RE: RT devices? Not RT but the project I am on, the IT virtual desktop team is testing the Pro device and they love them. They prefer them to the iPads. I can’t provide any specifics as that is not the part of the project I am working on. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Tuesday, March 19, 2013 11:42 PM To: NT System Admin Issues Subject: RT devices? I am curious to know if anyone is thinking or has deployed RT devices to their end users. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Forefront client security
The Windows Defender in Win8 does the same as MSE (AFAICT), so it's just a name/rebranding exercise. Cheers Ken From: Jon Harris [mailto:jk.har...@live.com] Sent: Saturday, 23 March 2013 11:37 AM To: NT System Admin Issues Subject: RE: Forefront client security I think they are planning to at some point to kill of Security Essentials unless they decide to allow it to be installed on Win 8 machines. Those machines come with Defender as the malware protection. I am not to sure about that but I only have one running at home and so far I haven't seen anything bit it yet. Jon From: mille...@mukilteo.wednet.edumailto:mille...@mukilteo.wednet.edu To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Fri, 22 Mar 2013 08:04:17 -0700 Subject: RE: Forefront client security +1 I heard they will just be calling it Endpoint Protection. The home version is still Security Essentials at this time. From: Art DeKneef [art.dekn...@cox.net] Sent: Thursday, March 21, 2013 3:30 PM To: NT System Admin Issues Subject: RE: Forefront client security From what I remember. Forefront Client Security was the original product/name. The name changed to Forefront Endpoint Protection with the initial System Center products. It is now called System Center 2012 Endpoint Protection. I wonder what it will be called next? -Original Message- From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Thursday, March 21, 2013 2:12 PM To: NT System Admin Issues Subject: Forefront client security How is this different from SCEP? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
Networking has always been important to finding work. You used to do it at work, user groups etc. Now you can also do it via LinkedIn or a blog etc. I think you’re confusing Facebook (a specific social media implementation) with digital networking/reputation (as a general concept) Cheers Ken From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 1:51 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media +1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.commailto:rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Career and Social Media
I'm sure we'd all prefer to be off doing the things we like to do. But we still need to find jobs somehow. And finding jobs usually depends on your network (it's possible to get some jobs 'cold' but that isn't the norm IME). That the network is extending into the digital realm, I think, is ASB's point. Obviously if you have a large offline network already, then you may need do nothing more. But for people starting out in their careers today, it's probably going to become more important. ASB's comment: Who knows about you is becoming as important as what you know. Isn't specific to social media - it's always been the case IME Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 3:25 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media snippage I ... would rather be spending real time with either friends or a book. Kurt On Thu, Mar 21, 2013 at 8:58 PM, Ken Schaefer k...@adopenstatic.com wrote: Networking has always been important to finding work. You used to do it at work, user groups etc. Now you can also do it via LinkedIn or a blog etc. I think you’re confusing Facebook (a specific social media implementation) with digital networking/reputation (as a general concept) Cheers Ken From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 22 March 2013 1:51 PM To: NT System Admin Issues Subject: Re: OT: Career and Social Media +1000 I do not have a facebook account, nor any other social media account other than LinkedIn. Work and personal life are as separate as I can make them. Social media is a time stealer and a privacy invader. Kurt On Thu, Mar 21, 2013 at 5:47 PM, Jon Harris jk.har...@live.com wrote: I am glad I am getting close to the end of my career. I really dislike using things like Facebook for anything more than keeping in touch with family/friends. LinkedIN is about the only social media I use for business. I like to keep the two very separate from each other. Jon From: rodtr...@myitforum.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: OT: Career and Social Media Date: Thu, 21 Mar 2013 22:49:52 + I can attest to that. My last two jobs have come because social media. Sent from Microsoft Surface Pro From: Andrew S. Baker Sent: March 21, 2013 6:38 PM To: NT System Admin Issues Subject: OT: Career and Social Media http://www.dilbert.com/fast/2013-03-21/ This is the new reality, folks. You don't have to embrace it, but to fight it is going to be career limiting . Within 5 years, it will be a major factor in employment... Who knows about you is becoming as important as what you know. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Difference between port forwarding and DMZ
In general (not specifically to address this RDS issue): You could create a second Forest in the DMZ, which trusts the internal Forest, but not the other way around. Whilst the host In the DMZ would have FW ports open to internal hosts, it has no access, per se, to any internal hosts, and simply subverting the DMZ host doesn't give you any access to anything internally. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 15 March 2013 6:04 AM To: NT System Admin Issues Subject: Re: Difference between port forwarding and DMZ Section 2.2 says This is a more secure approach because an attacker has to break both firewalls in order to get to the internal network. This is incorrect. All he has to do is subvert the machine in the DMZ, and he has access to all of the resources in the production network to which the machine in the DMZ has access. You've already done the work of subverting the second firewall. I suppose you could set up IPSec connections, or perhaps as suggested an SSL tunnel, but ISTM that it my caveat about the subverted machine in the DMZ still holds. Kurt On Thu, Mar 14, 2013 at 11:34 AM, David Lum david@nwea.org wrote: I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection. How does this work, then? RDS Gateway servers need to be domain-joined http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-i n-a-perimeter-network-firewall-rules.aspx Dave -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 14, 2013 9:34 AM To: NT System Admin Issues Subject: Re: Difference between port forwarding and DMZ On Thu, Mar 14, 2013 at 8:22 AM, David Lum david@nwea.org wrote: What’s the risk difference between a server in a DMZ (firewalls on each end) and port forwarding from the Internet to a machine inside a network perimeter? Scenario : I have PC’s that use port to talk to a management server, I’m wondering of that server needs to be in the DMZ (with that port opened), or if forwarding that port through is functionally the same thing? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 Go back to the fundamentals. Why do you have a DMZ - that is, what is the fundamental reason that you have a DMZ? It is to have a place where you can put machines that are untrusted, but to which your production network (and perhaps other untrusted networks) need access. So, if it's untrusted, and you need access, what is the fundamental thing you *DON'T* do? You don't allow untrusted machines unrestricted access to your production network. In particular, you don't allow machines in the DMZ to initiate traffic to the production network. Machines in a DMZ should only respond to requests for traffic from the production network, or if they need to initiate traffic to the production network, that traffic should be strictly limited and throughly examined by a proxy that understands the traffic in question. So: o- Where are the machines located that need access to your management server? o- Does the server initiate any traffic, or is it just the clients? If all of the clients are in the production network, and you have all of them under your control, then putting the management server in the DMZ is not required. If the clients are both in and out of the production network, put the management server in a DMZ and make sure you have a firewall that understands the traffic (an application layer gateway, or proxy). Simple port forwarding doesn't examine the traffic. I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection. It's possible that TMG could act as a proxy for something like this, but I'd be very nervous about it. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: Keeping 550+ systems maintained
So, if I could summarise your requirements, and current state: Machines: In Office Remote: once-per-day connectivity Remote: once-per-month connectivity Remote: no connectivity 450 ~30 ~30 ~30 Requirement Metric Compliance Update AV Within 24 hours of release 100% of machines. Weekly report Update Acrobat/Java/Firefox/Chrome Within 14 days of release 100% of machines Weekly report Successful Backup (unsure what the scope is here) Unsure what the metric is here (Daily? Weekly? Monthly?) Weekly report Compliance Report Weekly 100% coverage If you need to meet 100% compliance (you don't mention meeting, say, 90% compliance within 1 day, 100% within a week, or dividing machines into in-office vs. remote) then I think your problem is the infrequently connected machines (~10% of the fleet), as they don't connect frequently enough for central enforcement and meeting your turn-around-times. So you might look at: a) A configuration management system that's able to communicate over the internet. Could be as simple as a script that runs as a scheduled task and posts the data back to a web server that you have centrally b) Some way of making remote configuration changes (Go-To-Meeting or something) to enforce updates (if/when required) You could look at using RDS or similar to publish the apps you need to update within 14 days (except the ones listed all have their own updating mechanisms). If that's not working well, then Citrix/RDS might be an option, as at least you can enforce the updating centrally Backup - I'm going to assume that TSM is not going to work for the machines that do not VPN in, so you need something separate for them. I'd also look at your configuration management procedures, and tighten up the link between asset lifecycle management - configuration management - AD configuration, to reduce the time being spent on machines that haven't been removed from AD. You might want to read the ITIL docs to see all the process areas you should have (not saying you should implement ITIL, but it'll help with proactive/consistent management of the environment. If you really need to hit the metrics you have above (including proving compliance), you could be devoting almost an entire FTE to the above. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Friday, 15 March 2013 7:24 AM To: NT System Admin Issues Subject: RE: Keeping 550+ systems maintained Excellent questions Ken, thanks. Up to date at this point means 1. Current (within 1 day) of anti-virus signatures 2. Have the latest Acrobat/Java/Firefox/Chrome updates within two weeks 3. Successful backups (we use Tivoli to back up endpoints) 4. Weekly report to confirm the above Dave From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, March 13, 2013 8:01 PM To: NT System Admin Issues Subject: RE: Keeping 550+ systems maintained I think you need to know what your requirements are. How do you define up to date? e.g. - How quickly do you need to deploy something (or even have a range of critical/medium/low priority updates)? - And how do you need to report compliance (on demand? At pre-set intervals?) - And how do you measure your SLA? E.g. what is an acceptable level of 'unknown' state devices? And how long can they remain as 'unknown' Once you have an idea of what you need to meet, then you can start to work out what combination of technologies and people you need to meet it. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Wednesday, 13 March 2013 1:40 AM To: NT System Admin Issues Subject: Keeping 550+ systems maintained Scenario: * 550 Windows workstations, with 100+ of them remote. * Active Directory (W2K8R2 and W2K3 DCs). * Windows 7 and Windows XP. * Users are local admins. * Some remote users VPN in daily, others only VPN in once/month, a few others almost never * 30+ onsite users frequently jump between wired and wireless (in my experience this occasionally trips up DNS and thus management agents for a bit) * Systems are cycled out at the rate of about 30 machines every quarter (relevant because finding a noncompliant machine often means knows if a system has been decommissioned or not). Systems are not always immediately removed from AD for various reasons. Task: Keep them up to date on anti-virus and patches, incl. 3rd party (Java/Adobe/Chrome/etc.). This includes coordinating (with select users) installing/testing the patches on their systems before full rollout to the rest of the org. Is this enough info to give a SWAG for how many hours/week you would you tell management this would take? A rough number works. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com
RE: Keeping 550+ systems maintained
I think you need to know what your requirements are. How do you define up to date? e.g. - How quickly do you need to deploy something (or even have a range of critical/medium/low priority updates)? - And how do you need to report compliance (on demand? At pre-set intervals?) - And how do you measure your SLA? E.g. what is an acceptable level of 'unknown' state devices? And how long can they remain as 'unknown' Once you have an idea of what you need to meet, then you can start to work out what combination of technologies and people you need to meet it. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Wednesday, 13 March 2013 1:40 AM To: NT System Admin Issues Subject: Keeping 550+ systems maintained Scenario: * 550 Windows workstations, with 100+ of them remote. * Active Directory (W2K8R2 and W2K3 DCs). * Windows 7 and Windows XP. * Users are local admins. * Some remote users VPN in daily, others only VPN in once/month, a few others almost never * 30+ onsite users frequently jump between wired and wireless (in my experience this occasionally trips up DNS and thus management agents for a bit) * Systems are cycled out at the rate of about 30 machines every quarter (relevant because finding a noncompliant machine often means knows if a system has been decommissioned or not). Systems are not always immediately removed from AD for various reasons. Task: Keep them up to date on anti-virus and patches, incl. 3rd party (Java/Adobe/Chrome/etc.). This includes coordinating (with select users) installing/testing the patches on their systems before full rollout to the rest of the org. Is this enough info to give a SWAG for how many hours/week you would you tell management this would take? A rough number works. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Normalizing a disk image
James mentioned pre-fetch which IIRC is a Vista/7 technology that pre-loads frequently used binaries into memory at boot/logon time Cheers Ken From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, 8 March 2013 5:29 AM To: NT System Admin Issues Subject: RE: Normalizing a disk image Maybe you are thinking of the .Net Framework compiling that happens in the background??? http://social.msdn.microsoft.com/Forums/en/clr/thread/62c082cd-819a-4aa0-b526-65c05b0b0f13 http://msdn.microsoft.com/en-us/magazine/cc163610.aspx Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, March 07, 2013 11:07 AM To: NT System Admin Issues Subject: RE: Normalizing a disk image http://community.citrix.com/kits/#/kit/1067009 Only because it applies to the project I am on, I went through ALL the optimization guides and saw nothing about multiple boots before sealing. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, March 07, 2013 10:34 AM To: NT System Admin Issues Subject: RE: Normalizing a disk image http://support.citrix.com/servlet/KbServlet/download/24559-102-647700/XD%20-%20Top%2010%20Mistakes%20Identified%20When%20Doing%20Desktop%20Virtualization.pdf Item #6, page 8 is about Antivirus. I have still not found anything about booting multiple times before sealing the image. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, March 07, 2013 5:43 AM To: NT System Admin Issues Subject: RE: Normalizing a disk image The AV one, yes, that is recommended. Boot 6 time, never heard of it. BUT I have heard of booting and waiting a long time so .net stuff has time to compile in the background but that was several years ago. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, March 07, 2013 5:32 AM To: NT System Admin Issues Subject: Normalizing a disk image Been doing a lot of work recently with Citrix Provisioning Services - for those of you that aren't familiar with it, it allows servers or desktops to boot from a gold or master read-only disk image that returns to the initial state at reboot time. Obviously prior to sealing a gold image you have to normalize it to make sure that software doesn't fail and optimize it for best performance. I've gone through a lot of the usual optimizations, defrag, flush DNS, etc., but came across another two possible optimizations online and was wondering if they were actually worth doing. One I heard about was running a full AV scan prior to sealing so that all files are already known to the antivirus software? Is this actually relevant, or does it depend on the AV in use? The other possible optimization was rebooting the system six times and waiting 120 seconds between each reboot to allow for boot prefetching. Again, is this something that would help a system run better? Thanks for any insights, -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage
RE: Semi-OT: Vsphere shutdown
Know who you need to call, in case things (storage, servers, apps, whatever) don’t come back up. You don’t want to be trying to find phone numbers when everything’s going to the dogs. Cheers Ken From: Richard Stovall [mailto:rich...@gmail.com] Sent: Saturday, 2 March 2013 5:24 AM To: NT System Admin Issues Subject: Re: Semi-OT: Vsphere shutdown Thanks, Steven. We're a small shop and the team is one other person and me. We had our meeting to go through everything yesterday. I've already created the plan of attack and written out configs for devices to my PC and a USB stick. The SQL DBA says his db backups are OK and he's ready. The only parts I'm deeply worried about are our HP blade chassis and EVA SAN. There shouldn't be any issues, but they were installed during a period when I did not work at the company and I have never gone through the shutdown procedure for them. The procedure itself seems straightforward enough, but those spindles have been going for about 4.5 years and it could mean a lot of restore time if more than two in any disk group decide that they don't want to spin up again. Cheers, Richard On Fri, Mar 1, 2013 at 12:57 PM, Stringham, Steven sstri...@lrlaw.commailto:sstri...@lrlaw.com wrote: Get your order dependence list down. Make a list of all the services/servers and decide what order they should be shut down in and what order they can come back up. I did this recently (moved my datacenter to another location) and it made all the difference to have hashed that out and have a full list to check box as things went down and came back up. Provide this list to your team, and walk through the list multiple times with them as you go. Don't forget to add switches/routers/fibrechannel switches/firewalls/SANs/NASs/managed power strips/etc. to the list. Everything matters. Get a config backup of these on a external device (thumbdrive/laptop) and do a write mem on them before powering them down. Make a note of where the SQL servers are in that list - as well as the vcenter server. Is it hosting it's own database is or is it elsewhere. Also, make a note of which physical host that the vcenter server was on so you can connect to it directly to bring it back up. Make sure you have whatever config cables available to connect directly to the switches/routers etc. in case of trouble on powering back up. Good luck. Steven Stringham -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Friday, March 01, 2013 10:25 AM To: NT System Admin Issues Subject: Re: Semi-OT: Vsphere shutdown On Fri, Mar 1, 2013 at 8:52 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: In a few days time I will have to completely shutdown my datacenter for some electrical maintenance. (Yes, I'm nervous. It's been online non-stop for 6.5 years.) I have 3 Vsphere ESX 4.1 hosts that I need to shutdown along with everything else. My vcenter server is virtualized. Two questions: 1) Do I need to put the hosts into maintenance mode before powering them off? All of the VMs will already be powered off. 1) I can poweroff two of the hosts using the vcenter client, but after I shutdown the vcenter VM how should I poweroff the final host? Just connect the client directly to the host and shut it down that way? I can't think why this wouldn't work. Thanks in advance, RS One more thing... If you have a multi-site environment, and your connectivity to the other sites will be affected, then when bringing things back up, make sure you have connectivity to the other sites before bringing up your DC - so firewall/router/VPN connections before the DC, in this case. Then, make sure your DC is communicating with DCs in other sites before bringing up the rest of the infrastructure. It's not that I think that anything *bad* will happen if you do it out of order - but it gave me much more peace of mind when I did that. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Webster's question is very timely...
USB3.0 - it is bus powered. Get a 512GB SSD, and put it into a USB3 enclosure. I have the Crucial M4 512GB - they can be had for a good price, plus 256GB internal SSD. Gives plenty of space for VMs in my experience. I also have a 128GB SD card for storing commonly used ISO files Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 6:37 AM To: NT System Admin Issues Subject: Webster's question is very timely... I didn't want to drag his thread off topic, so I'm starting a new one Not to brag (much), but I just picked up a Dell Precision 4600 laptop at a really good price - it's a quad-core machine with Win7 Pro, 16gb RAM and an ATI Firepro video card, 1920x1080 display (15.6) and a 256gb SSD. ($1600 - sale still going as far as I know.) Problem is, I'm pretty sure I made a small mistake. That 256gb drive just isn't big enough to hold the VMs I want. I should have gone with the 128gb minicard and a 1tb hard drive. So, I'm also looking for an external drive, either USB3 or eSATA - if you had the choice, which would you choose for putting in the laptop case for extra storage? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Webster's question is very timely...
If you think you can fit all your VMs onto a 256GB drive, then getting a 512GB would be a waste of money. In another year or two they'll be cheaper again and you can re-buy if you need more space down the track. However, if you need 256GB now, then I think $350 is a bargain for the space performance you get. I suppose it depends on what your time is worth to you. FWIW I paid about $500 for mine ~15 months ago. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 10:53 AM To: NT System Admin Issues Subject: Re: Webster's question is very timely... At $350 and up, I think that's a little spendy. However, the 256gb versions might well fit in my budget. Kurt On Thu, Feb 28, 2013 at 2:53 PM, Ken Schaefer k...@adopenstatic.com wrote: USB3.0 - it is bus powered. Get a 512GB SSD, and put it into a USB3 enclosure. I have the Crucial M4 512GB - they can be had for a good price, plus 256GB internal SSD. Gives plenty of space for VMs in my experience. I also have a 128GB SD card for storing commonly used ISO files Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 6:37 AM To: NT System Admin Issues Subject: Webster's question is very timely... I didn't want to drag his thread off topic, so I'm starting a new one Not to brag (much), but I just picked up a Dell Precision 4600 laptop at a really good price - it's a quad-core machine with Win7 Pro, 16gb RAM and an ATI Firepro video card, 1920x1080 display (15.6) and a 256gb SSD. ($1600 - sale still going as far as I know.) Problem is, I'm pretty sure I made a small mistake. That 256gb drive just isn't big enough to hold the VMs I want. I should have gone with the 128gb minicard and a 1tb hard drive. So, I'm also looking for an external drive, either USB3 or eSATA - if you had the choice, which would you choose for putting in the laptop case for extra storage? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Webster's question is very timely...
+1 - VHD/VMDK file fragmentation isn't really an issue once you go SSD. I'm finding that most of my testing VMs are around 10-15 GB in size Cheers Ken From: Steven Peck [mailto:sep...@gmail.com] Sent: Friday, 1 March 2013 11:35 AM To: NT System Admin Issues Subject: Re: Webster's question is very timely... Do thin provisioning for them? On Thu, Feb 28, 2013 at 4:29 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Agreed. At this point, however, with (at a guess) ~40gb per VM, that gives me about 6 VMs. For what I aim at doing, that should be sufficient. Kurt On Thu, Feb 28, 2013 at 4:00 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: If you think you can fit all your VMs onto a 256GB drive, then getting a 512GB would be a waste of money. In another year or two they'll be cheaper again and you can re-buy if you need more space down the track. However, if you need 256GB now, then I think $350 is a bargain for the space performance you get. I suppose it depends on what your time is worth to you. FWIW I paid about $500 for mine ~15 months ago. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 10:53 AM To: NT System Admin Issues Subject: Re: Webster's question is very timely... At $350 and up, I think that's a little spendy. However, the 256gb versions might well fit in my budget. Kurt On Thu, Feb 28, 2013 at 2:53 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: USB3.0 - it is bus powered. Get a 512GB SSD, and put it into a USB3 enclosure. I have the Crucial M4 512GB - they can be had for a good price, plus 256GB internal SSD. Gives plenty of space for VMs in my experience. I also have a 128GB SD card for storing commonly used ISO files Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 6:37 AM To: NT System Admin Issues Subject: Webster's question is very timely... I didn't want to drag his thread off topic, so I'm starting a new one Not to brag (much), but I just picked up a Dell Precision 4600 laptop at a really good price - it's a quad-core machine with Win7 Pro, 16gb RAM and an ATI Firepro video card, 1920x1080 display (15.6) and a 256gb SSD. ($1600 - sale still going as far as I know.) Problem is, I'm pretty sure I made a small mistake. That 256gb drive just isn't big enough to hold the VMs I want. I should have gone with the 128gb minicard and a 1tb hard drive. So, I'm also looking for an external drive, either USB3 or eSATA - if you had the choice, which would you choose for putting in the laptop case for extra storage? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Webster's question is very timely...
With SSD, you don't need to pre-provision/used fixed disks - trust me. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 3:51 PM To: NT System Admin Issues Subject: Re: Webster's question is very timely... Probably not. I'm going to pound on them fairly hard, by which I mean install lots of stuff and work on it. FreeBSD, CentOS, Win8, a couple of Server 2012s probably, maybe some others. On Thu, Feb 28, 2013 at 4:35 PM, Steven Peck sep...@gmail.com wrote: Do thin provisioning for them? On Thu, Feb 28, 2013 at 4:29 PM, Kurt Buff kurt.b...@gmail.com wrote: Agreed. At this point, however, with (at a guess) ~40gb per VM, that gives me about 6 VMs. For what I aim at doing, that should be sufficient. Kurt On Thu, Feb 28, 2013 at 4:00 PM, Ken Schaefer k...@adopenstatic.com wrote: If you think you can fit all your VMs onto a 256GB drive, then getting a 512GB would be a waste of money. In another year or two they'll be cheaper again and you can re-buy if you need more space down the track. However, if you need 256GB now, then I think $350 is a bargain for the space performance you get. I suppose it depends on what your time is worth to you. FWIW I paid about $500 for mine ~15 months ago. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 10:53 AM To: NT System Admin Issues Subject: Re: Webster's question is very timely... At $350 and up, I think that's a little spendy. However, the 256gb versions might well fit in my budget. Kurt On Thu, Feb 28, 2013 at 2:53 PM, Ken Schaefer k...@adopenstatic.com wrote: USB3.0 - it is bus powered. Get a 512GB SSD, and put it into a USB3 enclosure. I have the Crucial M4 512GB - they can be had for a good price, plus 256GB internal SSD. Gives plenty of space for VMs in my experience. I also have a 128GB SD card for storing commonly used ISO files Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, 1 March 2013 6:37 AM To: NT System Admin Issues Subject: Webster's question is very timely... I didn't want to drag his thread off topic, so I'm starting a new one Not to brag (much), but I just picked up a Dell Precision 4600 laptop at a really good price - it's a quad-core machine with Win7 Pro, 16gb RAM and an ATI Firepro video card, 1920x1080 display (15.6) and a 256gb SSD. ($1600 - sale still going as far as I know.) Problem is, I'm pretty sure I made a small mistake. That 256gb drive just isn't big enough to hold the VMs I want. I should have gone with the 128gb minicard and a 1tb hard drive. So, I'm also looking for an external drive, either USB3 or eSATA - if you had the choice, which would you choose for putting in the laptop case for extra storage? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IIS reporting/monitoring free tool
The best way you are going to get a true picture of this if is you run the tool on the client machine, or at the client's location. Not on the server. On the server you can look at the Time-Taken field in the IIS logs to get some idea of how long it takes IIS to put the page onto the wire. That's not the same as the client actually receiving the packet, and doesn't take into account any proxies, accelerators, caches etc. between the server and the client. Anyway, if you have some more requirements, then perhaps we can help with your searching. Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, 28 February 2013 7:56 AM To: NT System Admin Issues Subject: RE: IIS reporting/monitoring free tool Solarwinds, didn't give me the results I wanted, I need to know how long each page is taken to return to the client workstations for a particular app. Couldn't get AWSTATS to even give me one result.(Had it working on another server last year but can not get this one to configure properly.) IIS reporter but it is only giving me active connections to IIS not per page or duration times? I saw Beta 7.0 had a IIS reporting tool but dev decided it wasn't need for admin tools of IIS 7.5??? Seems like that would be a good thing, unless they were borrowing someones code to get their results??? Anyways, thought I would try here?? From: Andrew S. Baker [mailto:asbz...@gmail.com] Posted At: Tuesday, February 26, 2013 10:31 AM Posted To: itli...@imcu.commailto:itli...@imcu.com Conversation: IIS reporting/monitoring free tool Subject: Re: IIS reporting/monitoring free tool Given the number of google entries that cover this request, what have you already ruled out and why? ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Tue, Feb 26, 2013 at 10:19 AM, itli...@imcu.commailto:itli...@imcu.com itli...@imcu.commailto:itli...@imcu.com wrote: Looking for a free IIS monitoring or reporting tool for IIS 7.5 on server 2008 r2. Any suggestions? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [Bulk] RE: Remote control software
Mitigate, Transfer, Accept and Avoid are all legitimate risk management options. It's a management decision whether to avoid the risk (fork out a lot of money to upgrade), mitigate the risk through network isolation (but doing so may compromise the ability of the machine to work) or simply accept the risk (and cater for the consequences), or even to outsource the function to someone else (transfer the risk) Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, 28 February 2013 1:59 PM To: NT System Admin Issues Subject: Re: [Bulk] RE: Remote control software So, it *was* possible - they just didn't want to pay the price. Let's hope they mitigated the risk somehow - perhaps by making sure it wasn't connected to a network and by making sure they had replacement hardware on the shelf. Kurt On Wed, Feb 27, 2013 at 5:35 PM, Jon Harris jk.har...@live.com wrote: I hate to tell you this but sometimes it just is not possible to do upgrades whether is it due to no budget or there is just no software to run the attached hardware to run on newer systems. I faced this at former $dayjob$. Attached hardware was antique X-ray diffractmeter. Last software upgrade was to Windows 98, and I really mean Windows 98 not 98 SE, but the company had managed to get it to function with XP. $dayjob$ was told to either replace hardware, $150k+ just for the hardware and maybe $300k for the software, or pay them to custom write an upgrade or patch to get it to run under Vista, and they would not even estimate that price. Needless to say no upgrades were done. Jon From: korl...@rogers.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: [Bulk] RE: Remote control software Date: Wed, 27 Feb 2013 08:49:36 -0500 Some of us are constrained by budget. I still have W2K systems out there, but none of them have internet access or email. Some can't be upgraded because the software packages won't run on anything newer and the vendor does not offer it. I have no budget for new hardware. Zero. -Original Message- From: Paul Gordon [mailto:paul_gor...@hotmail.com] Sent: Wednesday, February 27, 2013 8:42 AM To: NT System Admin Issues Subject: [Bulk] RE: Remote control software Sorry... I really can't help it... I have to... HAHAHAHAHAHAHAHAHAHAHA! Laugh out loud... - you're running *PRODUCTION* systems on an 18 year old OS, that has been out of support for over a decade, and is about as secure as a whore's drawers...??? Are these systems running on similarly ancient hardware, or have you at least managed to virtualise them so they can be run on kit that isn't likely to expire at any moment? Sorry if I sound unsympathetic... but I do quite occasionally come across a similar blinkered attitude in $dayjob, and I really do take a pretty dim view of it... No offence intended Paul G. -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: 27 February 2013 11:47 To: NT System Admin Issues Subject: RE: Remote control software Hi tried vnc lite it didn't seem to work well on windows 7 I connected once then just had a a black screen, we tried various workarounds but none seemed to work! Will look at logmein And the group policy settings Upgrading 95 and nt4 isn't an option due to the expense Nigel Parker Systems Engineer Ultraframe (UK) Ltd Tel: 01200 452329 Fax: 01200 452201 Web: www.ultraframe.com Email: mailto:nigel.par...@ultraframe.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Servers in remote locations
I probably sound like a broken record, but what requirements and constraints do you have? E.g. I did a project to deploy something like this to ~600 branch sites. In that case, the SCCM, AD, File Print and Wintel teams are all separate, so that was a key consideration in designing the end state. In your case, what are the key considerations? a) Who's supporing this infrastructure? (one team? or many?) And how is it supported? (onsite? remote, and if remote, is it relying on in-band or do you have out-of-band?) b) What's your software licensing model? c) What's the current track record of incidents for your servers? Do you often have the print queues or file shares causing issues? Do you have a lot of hardware failures? As others have pointed out, virtualising does have benefits. But given the workloads, unless you have hardware failure, I don't particularly see restoring an RODC or backing up a file server (assuming you have access to some kind of replication technology) particularly hard. Virtualisation also has overheads - managing more software instances, potentially juggling storage etc Cheers Ken From: Tim Vander Kooi [tvanderk...@expl.com] Sent: Wednesday, February 27, 2013 4:23 AM To: NT System Admin Issues Subject: Servers in remote locations I have got a number of servers at remote locations which are currently serving as RODC and file and print servers. It is time to upgrade the hardware that they are running on and I am curious with hypervisors and the technology of today if people think it is of value to replace the existing servers with servers running 2 separate virtual servers: 1 RODC, DNS, DHCP, and 1 file print; or would you run it all as one physical server with all roles installed? The existing servers are 2008R2 and the new ones will be 2012. Ideas? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: MS Azure cloud evaporates
There is necessary complexity, and unnecessary complexity. Point (1) is the latter - if you subscribe to enterprise architecture theory, then your enterprise architecture would describe what your business needs to do, and whether it's automated (IT) or manual processes+people, or whatever. Then you don't build anything unnecessary, and avoid unnecessary complexity. Point (2) is the former. If the world wants cheap air travel (hence Airbus A380s, or Boeing 787s or whatever), or $250 computers, or aircraft carriers, then that's only going to be provided by large, complex organisations. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, 25 February 2013 10:57 PM To: NT System Admin Issues Subject: Re: MS Azure cloud evaporates On Sun, Feb 24, 2013 at 8:31 PM, Ken Schaefer k...@adopenstatic.com wrote: In large, complex environments, with lots of moving parts, things go wrong. ... Unfortunately, I don't know the answer to making it all work. Well, as has been noted, one mechanism that's been proven to work well is to avoid complexity and seek simplicity. Unfortunately: (1) Most of the IT world is addicted to complexity. We love to build ever-bigger toys. (1)(a) Case in point: Most of these so-called cloud solutions add large amounts of highly-coupled, low-cohesion moving parts. (2) Large orgs are by definition complex, and they don't seem keen on the idea of committing suicide for the greater good. (Also, teenagers these days drive too fast, and need to stay off my lawn.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: MS Azure cloud evaporates
In large orgs, it will be impossible (at least in the near future) to avoid all issues like this. There's simply too much that isn't automated, or where the full set of rules aren't loaded into your automation tool, or the tasks are divided between too many people. Large orgs have SEV1s every day, and it's not always because of negligence - there's simply too many interdependencies that are unknown. For kicks, who here knows that installing AD creates a self-signed cert that's the default EFS recovery agent for machine based EFS? And it expires after three years? Stuff like this just happens in the background and can break things, simply because the PKI team doesn't know about the cert (not issued by the CAs), the AD team doesn't manage encryption, and which ever app team decided to use machine based EFS didn't think to sorry about recovery agents. And this is just a technical problem - when you start to throw finance and HR and other areas into the mix, things will always fall through the gaps. Cheers Ken -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, 25 February 2013 3:13 AM To: NT System Admin Issues Subject: Re: MS Azure cloud evaporates On Sun, Feb 24, 2013 at 4:47 AM, sep...@gmail.com wrote: Things happen. I imagine meetings are happening and discussions on how to root this out again are occurring. Sure. But when the same sort of things keep happening, it stops being an accident and becomes negligence. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: MS Azure cloud evaporates
Not that this excuses failure, but starting from a pragmatic PoV that failure (of some kind) is inevitable allows the org to build the systems to manage and resolve incidents in a better way, than one that focuses on elimination of all major errors. Cheers Ken -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, 25 February 2013 9:23 AM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates In large orgs, it will be impossible (at least in the near future) to avoid all issues like this. There's simply too much that isn't automated, or where the full set of rules aren't loaded into your automation tool, or the tasks are divided between too many people. Large orgs have SEV1s every day, and it's not always because of negligence - there's simply too many interdependencies that are unknown. For kicks, who here knows that installing AD creates a self-signed cert that's the default EFS recovery agent for machine based EFS? And it expires after three years? Stuff like this just happens in the background and can break things, simply because the PKI team doesn't know about the cert (not issued by the CAs), the AD team doesn't manage encryption, and which ever app team decided to use machine based EFS didn't think to sorry about recovery agents. And this is just a technical problem - when you start to throw finance and HR and other areas into the mix, things will always fall through the gaps. Cheers Ken -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, 25 February 2013 3:13 AM To: NT System Admin Issues Subject: Re: MS Azure cloud evaporates On Sun, Feb 24, 2013 at 4:47 AM, sep...@gmail.com wrote: Things happen. I imagine meetings are happening and discussions on how to root this out again are occurring. Sure. But when the same sort of things keep happening, it stops being an accident and becomes negligence. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: MS Azure cloud evaporates
If only that was all that was required to avoid these issues... Cheers Ken -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Monday, 25 February 2013 10:16 AM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates If only Microsoft made software where one could automatically put things on a calendar and have the software automatically do a reminder of some kind. I wonder if there is an app for that? Thanks Webster -Original Message- From: Ben M. Schorr [mailto:b...@rolandschorr.com] Subject: RE: MS Azure cloud evaporates I realize we're operating on a MUCH smaller basis but whenever we create a record or certificate that expires on a schedule we also create a task with a reminder that pops up 30 days before that expiration so that nothing should quietly expire on us without us getting some eyeballs on it. Seems like having some kind of tickler system would make it a lot less likely for these kinds of routine tasks to go undone. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: MS Azure cloud evaporates
I agree - these types of SNAFUs shouldn't happen. There's just no simple solutions (in my experience) to avoid them happening. So try to plan for the contingency that 'bad stuff' will happen, and work out what risks you are prepared to mitigate and what you are prepared to accept. Maybe that means using more than one public cloud vendor... Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, 25 February 2013 3:32 PM To: NT System Admin Issues Subject: Re: MS Azure cloud evaporates Hi Ken, I hear you, and I don't disagree, for the most part. I've suffered a number of these issues on my own network which I fully manage (so there is no one else to blame, etc), and having managed different sized environments, I do appreciate the exponential increase in complexity. To Ben's point though, if you must fail in large and complex endeavors, at least try for different types of failures each time -- especially if you are tying more and more resources to the failure point. It's kind of dumb to have the same type of failure every few months, with the only change being the ever-increasing scope of impact from the failure. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Sun, Feb 24, 2013 at 8:31 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: Sure. But Ford/GM/Toyota sell cars - they're affected by recalls. Boeing sells planes - they seem to have issues (as does the A380 from Airbus - like the engine that exploded over Singapore). The FDA requires extensive testing of drugs in the US market, but still some drugs have unintended consequences despite the billions spent. In large, complex environments, with lots of moving parts, things go wrong. Language barriers, changing regulations, ambiguous requirements, staff turnover, in-flight projects - all of these things (in my experience) make it difficult to develop a solid baseline of what should be in the environment and what's actually there. Unfortunately, I don't know the answer to making it all work. Some people point to ITIL, but adding layers of process and documenting them just leads to lots of out-of-date documentation in my experience. The process writers can't keep up with the constant changes in the business. (I'm not saying don't use ITIL - that just leads to a huge mess - but it's not the panacea that some people make it out to be) Cheers Ken -Original Message- From: Tim Evans [mailto:tev...@sparling.commailto:tev...@sparling.com] Sent: Monday, 25 February 2013 12:13 PM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates I appreciate your thoughts from viewpoint of a large org, but if a company is selling these services, is it unreasonable to expect that they have this all worked out, at least as far as it affects the services they are selling? ...Tim -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Sent: Sunday, February 24, 2013 3:36 PM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates Sure - asset lifecycle management is a core ITIL concept. It should be built into your CMDB. But large orgs have tens, if not hundreds of thousands (or millions) of assets. Everything from certs to software licenses to supplier contracts. It's a full time job, for probably a small army of people, to put all these things into a system, and respond to the upcoming renewals. But alerting: that's just the first step: some alert comes up that says xyz fire suppressant system needs to be re-certified. So what? You need to have a team to hand this off to, and they need to have a process to follow to get it done (you don't want Ops people making up stuff on-the-fly - that leads to SEV1 as well). But the reality probably is, that in the 5 years since the alert was created, the DCFM team's been through several re-organisations, several business mergers/demergers have occurred, and some functions have now been outsourced. So whatever team or position was responsible for this before is long gone, and no one ever went and updated this alert. So now someone has to go negotiate with various managers to see who should take this on, who RR/OPEX budget this is coming out of, etc. And if that someone hasn't have the right understanding of the time criticality of getting this job done in time, then stuff will break. In large orgs, technology (like getting a warning about something ) is such a small part of actually getting anything working, or keeping it running. It's all the other stuff, which is mostly processes and human interaction where things are always breaking. Now, if you're lucky, then you never re-organise, and the same people hang around for a long time. Then you have a good understanding of responsibilities, and people have a lot of accumulated knowledge
RE: MS Azure cloud evaporates
From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, 25 February 2013 4:20 PM To: NT System Admin Issues Subject: Re: MS Azure cloud evaporates Maybe that means using more than one public cloud vendor... Starts to eat away (or totally devour) the value proposition... :) All explicit insurance (risk mitigation) affects ROI. One needs to weigh up the costs vs. benefits. Multiple cloud providers is another layer on-top of multiple servers, redundant network kit, SAN storage, multiple data centres and so on up the stack - each costing more money on top of the previous layer. Where you stop spending money has got to be a business decision. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Sun, Feb 24, 2013 at 11:57 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: I agree - these types of SNAFUs shouldn't happen. There's just no simple solutions (in my experience) to avoid them happening. So try to plan for the contingency that 'bad stuff' will happen, and work out what risks you are prepared to mitigate and what you are prepared to accept. Maybe that means using more than one public cloud vendor... Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Monday, 25 February 2013 3:32 PM To: NT System Admin Issues Subject: Re: MS Azure cloud evaporates Hi Ken, I hear you, and I don't disagree, for the most part. I've suffered a number of these issues on my own network which I fully manage (so there is no one else to blame, etc), and having managed different sized environments, I do appreciate the exponential increase in complexity. To Ben's point though, if you must fail in large and complex endeavors, at least try for different types of failures each time -- especially if you are tying more and more resources to the failure point. It's kind of dumb to have the same type of failure every few months, with the only change being the ever-increasing scope of impact from the failure. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Sun, Feb 24, 2013 at 8:31 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: Sure. But Ford/GM/Toyota sell cars - they're affected by recalls. Boeing sells planes - they seem to have issues (as does the A380 from Airbus - like the engine that exploded over Singapore). The FDA requires extensive testing of drugs in the US market, but still some drugs have unintended consequences despite the billions spent. In large, complex environments, with lots of moving parts, things go wrong. Language barriers, changing regulations, ambiguous requirements, staff turnover, in-flight projects - all of these things (in my experience) make it difficult to develop a solid baseline of what should be in the environment and what's actually there. Unfortunately, I don't know the answer to making it all work. Some people point to ITIL, but adding layers of process and documenting them just leads to lots of out-of-date documentation in my experience. The process writers can't keep up with the constant changes in the business. (I'm not saying don't use ITIL - that just leads to a huge mess - but it's not the panacea that some people make it out to be) Cheers Ken -Original Message- From: Tim Evans [mailto:tev...@sparling.commailto:tev...@sparling.com] Sent: Monday, 25 February 2013 12:13 PM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates I appreciate your thoughts from viewpoint of a large org, but if a company is selling these services, is it unreasonable to expect that they have this all worked out, at least as far as it affects the services they are selling? ...Tim -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Sent: Sunday, February 24, 2013 3:36 PM To: NT System Admin Issues Subject: RE: MS Azure cloud evaporates Sure - asset lifecycle management is a core ITIL concept. It should be built into your CMDB. But large orgs have tens, if not hundreds of thousands (or millions) of assets. Everything from certs to software licenses to supplier contracts. It's a full time job, for probably a small army of people, to put all these things into a system, and respond to the upcoming renewals. But alerting: that's just the first step: some alert comes up that says xyz fire suppressant system needs to be re-certified. So what? You need to have a team to hand this off to, and they need to have a process to follow to get it done (you don't want Ops people making up stuff on-the-fly - that leads to SEV1 as well). But the reality probably is, that in the 5 years since the alert was created, the DCFM team's been through several re-organisations, several
RE: Books about software
I'm not sure about this. Go and have a look at how many books exist on BMC Remedy (for example). Despite the fact that it's a very popular piece of software, there's zero third party books on it... Cheers Ken -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Thursday, 21 February 2013 7:51 AM To: NT System Admin Issues Subject: RE: Books about software Not at all. I got no help, permission or advice from Citrix on my XenApp 5 book. But what MBS says is correct, no slander, libel or anything else like that and you should be OK. Thanks Webster -Original Message- From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Subject: Books about software If you want to write a book about a particular piece of software, am I right in assuming you need to engage the vendor to some degree? I'm a complete newcomer to this sort of thing so any and all advice is gratefully appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup to cloud?
No - I disagree. Whilst, in IT, there is much marketing BS from vendors wanting to sell you stuff, the core cloud definitions are pretty well settled IMHO. Most people use a variation of what NIST has published: Features: * Perception of infinite capacity, with rapid elasticity (as far as the user is concerned the capacity is available on-demand) * Ability for user to perform self-service provisioning/deprovisioning (no need to involve the vendor) * Broad network access: access via widely accepted protocols (like web services) thus accessible on a variety of devices and thick/thin client models * Resource Pooling: multiple end users may be mixed together and spread across the available physical resources and fault domains * Measured service: automated monitoring and capacity management (e.g. dynamic provisioning and resource usage levelling). Also provides transparent resource (and thus cost) accounting to the end user Types: * IAAS (you get some compute, storage etc.), * PAAS (you get a platform, like SQL Server) or * SAAS (you get to use an application e.g. like SalesForce) Location: * Private (your DC), * Public (someone else's DC) and * Hybrid (in your DC, but you can expand or burst into someone else's) Just uploading some data to a DC is definitely not cloud. Most outsourcers and vendors struggle with implementing all the features unless they are building from the ground up. To build a pure cloud (and I've worked on a couple of large private ones) involves a lot of work to build the systems that automate everything, because there's a lot of stuff (provisioning, incident management) that's usually made up on the fly in most places. And you can't automate rules that don't exist. Cheers Ken From: Webster [mailto:webs...@carlwebster.com] Sent: Friday, 15 February 2013 4:41 AM To: NT System Admin Issues Subject: RE: Backup to cloud? The Cloud is nothing more than someone else's data center. So yes, that is The Cloud. Thanks Webster From: Guyer, Don [mailto:dgu...@che.org] Subject: RE: Backup to cloud? This is where the term the cloud becomes murky, in my opinion. If I'm sending data over a private circuit to a 3rd party data center, is that really the cloud? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: MCM certification
I suppose one issue is that for every person that says “$20,000 is too much, it should be $10,000 and lots more people would do it”, there’s another person that will say “$10,000 is too much, it should be $5,000 and lots more people would do it”, and so on. Cheers Ken From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Friday, 15 February 2013 7:45 AM To: NT System Admin Issues Subject: Re: OT: MCM certification Don't want to keep on this thread, it's obvious that most of you are in disagreement with me. I'm OK with that. But to your comment: I think I get who the certification is targeting. My point is that I think there is a larger population out there that might be interested in and possibly be valid candidates for, this certification in mid sized shops, but the cost is prohibitive. And I understand that there has to be a fee for this. And I even agree that MS isn't really making money off this. But just doing some basic numbers (I may be way off on these figures so don't crucify me on this). If there are 4 sessions a year in any given track (SQL, Messaging, DS, etc...)That's 100 people that need to pay for the course. Thats' $1.4milliion. Even say they cut this in half, they would only be reducing their revenue by $750K per track. In terms of MS, that is peanuts. This is not a revenue stream for MS, they are just trying to recoup some of the costs. But this would open it up to a much larger pool of potential candidates. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE0B5E.B1DA53F0] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ From:Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date:02/14/2013 02:59 PM Subject:Re: OT: MCM certification Chris, if you look at who that certification is targeting, the ROI is very, very straightforward. Lowering the price wouldn't lower the barrier that much, and the cost of the overall process must come from somewhere. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Wed, Feb 13, 2013 at 10:20 AM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: Was reading this yesterday: http://blogs.metcorpconsulting.com/tech/?p=1101 And got to thinking about this again. It still bothers me that the road to this certification is artificially blocked by monetary constraints. I think the certification is difficult enough without adding that as a factor to reduce the overall numbers just to increase the value of this certification. Maybe I'm in the minority, but I know I wont' even consider this certification, just based on the cost. Not that I think I would pass, or that I even think I'm ready for something like this. I don't work for MS and I'm not a consultant. Which from what I've seen are the 2 primary groups of people seeking this certification. My employer would never consider this strictly based on cost and ROI. Anyone else of the same opinion? Or am I way off base here? Chris ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: Backup to cloud?
Marketers will always hang their product on the 'latest' cool thing - that's the same in all markets, not just IT. What matters is how much is absorbed at face value by decision makers. We may be in different markets, or exposed to different people. But the architects and CIO/CTO type people that I've met all have (at least) a reasonably good idea of what cloud means, because they've all been looking at it for years. I wouldn't expect home users/consumers to use this definition, nor would I expect small business too either (my guess is that they don't have anyone who's dedicated to IT, and particularly IT strategy). But if you're a larger org, and you're looking to buy a cloud for something, then everything that comes out of HP, Oracle, SAP, DiData etc. tends to overlap with a framework like the NIST one. What they tend to do is oversell their capabilities/ability to execute, rather than completely mislabel something. Cheers Ken From: Steven Peck [mailto:sep...@gmail.com] Sent: Friday, 15 February 2013 10:52 AM To: NT System Admin Issues Subject: Re: Backup to cloud? Maybe you know a different group of 'most people' then I do. While I like your definition and wish it was more in use by 'most people' the only people that count are the ones that cut checks near you. I am all for agreed upon definitions and I have seen movement among some marketers to infer this feature set, there are a wealth of other service organizations and other companies that sell their variation labeled as 'cloud' and we're not going to settle on a given definition for general usage quite yet as we don't control their marketers. Once you get into a 'purchase' or 'contract' phase of a given discussion then of course you can insist on adhering to a more specific definition. AS long as the technical specifics are defined in a given discussion with a vender, support organization, etc. then the 'marketing words' don't really matter. i.e. I could argue over the definition of the word 'cloud services' for an hour or I could use the hour meeting to ensure that the specifics of someone's offering are spelled out and appropriate to my organizations needs. Steven Peck http://www.blkmtn.org On Thu, Feb 14, 2013 at 2:17 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: No - I disagree. Whilst, in IT, there is much marketing BS from vendors wanting to sell you stuff, the core cloud definitions are pretty well settled IMHO. Most people use a variation of what NIST has published: Features: * Perception of infinite capacity, with rapid elasticity (as far as the user is concerned the capacity is available on-demand) * Ability for user to perform self-service provisioning/deprovisioning (no need to involve the vendor) * Broad network access: access via widely accepted protocols (like web services) thus accessible on a variety of devices and thick/thin client models * Resource Pooling: multiple end users may be mixed together and spread across the available physical resources and fault domains * Measured service: automated monitoring and capacity management (e.g. dynamic provisioning and resource usage levelling). Also provides transparent resource (and thus cost) accounting to the end user Types: * IAAS (you get some compute, storage etc.), * PAAS (you get a platform, like SQL Server) or * SAAS (you get to use an application e.g. like SalesForce) Location: * Private (your DC), * Public (someone else's DC) and * Hybrid (in your DC, but you can expand or burst into someone else's) Just uploading some data to a DC is definitely not cloud. Most outsourcers and vendors struggle with implementing all the features unless they are building from the ground up. To build a pure cloud (and I've worked on a couple of large private ones) involves a lot of work to build the systems that automate everything, because there's a lot of stuff (provisioning, incident management) that's usually made up on the fly in most places. And you can't automate rules that don't exist. Cheers Ken From: Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Friday, 15 February 2013 4:41 AM To: NT System Admin Issues Subject: RE: Backup to cloud? The Cloud is nothing more than someone else's data center. So yes, that is The Cloud. Thanks Webster From: Guyer, Don [mailto:dgu...@che.org] Subject: RE: Backup to cloud? This is where the term the cloud becomes murky, in my opinion. If I'm sending data over a private circuit to a 3rd party data center, is that really the cloud? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana
RE: Backup to cloud?
I'm not really familiar with SkyDrive and GoogleDrive - they're more targeted at consumers right? What about the corporate offerings? Can you just get more and more storage as required? For Amazon EC2 - the scalability is in the number of machines you can buy, not in the configuration of each individual machine. Whilst there must be some finite limit to the total number of server instances that Amazon could provision at a given time, as far as an individual purchaser is concerned, there isn't only 8 RU of rack space left, so you could put in 8 1U servers, or we only have cooling for XYZ more watt/hours, or we only have 10 more vCPUs we can commit'. Instead, the data centre doesn't have a defined limit as far as the customer is concerned, and you can buy 1, 5 or 10 more servers without the need to evaluate against typical DC constraints. Now, much spare capacity (cloud design patterns call for reserve fault domains - i.e. extra capacity to cater for growth) is a capacity management issue. It's always possible that someone turns up and says I want to buy 1,000,000,000 server instances, but it's probably very unlikely. Based on what Amazon sees today, plus what they expect in the future, they pre-provision extra, spare, reserve capacity, so that customers can keep buying more capacity on-demand I think that's what's meant by perception of infinite capacity. I think Tom Shinder's now working at MS as one of their cloud architects. If he's still on the list, he could chime in, as Microsoft's follows that design pattern. Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, 15 February 2013 12:24 PM To: NT System Admin Issues Subject: Re: Backup to cloud? While I agree and support the NIST cloud definitions, I have to conclude that except for some private cloud configurations, no one is actually selling Perception of infinite capacity, today -- and maybe not for a while, either. Amazon EC2 is definitely cloud computing, but there are limits on how much computing you can get without instantiating a new server instance. DropBox is cloud storage, but the limit of space is not that fluid -- same for SkyDrive, GoogleDrive, Box.com, etc. What the cloud provides today in reality, is self-service and major flexibility for expansion or reduction, as desired. The other definitions are legit, but there are no complete implementations of them out there today. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, Feb 14, 2013 at 5:17 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: No - I disagree. Whilst, in IT, there is much marketing BS from vendors wanting to sell you stuff, the core cloud definitions are pretty well settled IMHO. Most people use a variation of what NIST has published: Features: * Perception of infinite capacity, with rapid elasticity (as far as the user is concerned the capacity is available on-demand) * Ability for user to perform self-service provisioning/deprovisioning (no need to involve the vendor) * Broad network access: access via widely accepted protocols (like web services) thus accessible on a variety of devices and thick/thin client models * Resource Pooling: multiple end users may be mixed together and spread across the available physical resources and fault domains * Measured service: automated monitoring and capacity management (e.g. dynamic provisioning and resource usage levelling). Also provides transparent resource (and thus cost) accounting to the end user Types: * IAAS (you get some compute, storage etc.), * PAAS (you get a platform, like SQL Server) or * SAAS (you get to use an application e.g. like SalesForce) Location: * Private (your DC), * Public (someone else's DC) and * Hybrid (in your DC, but you can expand or burst into someone else's) Just uploading some data to a DC is definitely not cloud. Most outsourcers and vendors struggle with implementing all the features unless they are building from the ground up. To build a pure cloud (and I've worked on a couple of large private ones) involves a lot of work to build the systems that automate everything, because there's a lot of stuff (provisioning, incident management) that's usually made up on the fly in most places. And you can't automate rules that don't exist. Cheers Ken From: Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Friday, 15 February 2013 4:41 AM To: NT System Admin Issues Subject: RE: Backup to cloud? The Cloud is nothing more than someone else's data center. So yes, that is The Cloud. Thanks Webster From: Guyer, Don [mailto:dgu...@che.org] Subject: RE: Backup to cloud? This is where the term the cloud becomes murky, in my opinion. If I'm sending data over
RE: OT: MCM certification
There can't be that many 750K seat Exchange deployments out there. Do they mean 75K? Cheers Ken -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, 14 February 2013 2:47 AM To: NT System Admin Issues Subject: RE: OT: MCM certification Microsoft loses money on the Exchange MCM classes. I suspect they do for all of the MCM tracks. The fee is to ensure that only serious people apply plus to cover the cost of the labs, meeting rooms, and presentation materials. Big companies need people with big experience. I don't pass the screening criteria for Exchange MCM (I've never done a 750K seat deployment of Exchange). But they've told me they'd let me in as a favor. :) But I can't afford the class, plus the travel, plus the loss of revenue (income) for 3 weeks. I wish I could. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 13, 2013 10:38 AM To: NT System Admin Issues Subject: Re: OT: MCM certification On Wed, Feb 13, 2013 at 7:20 AM, Christopher Bodnar christopher_bod...@glic.com wrote: Was reading this yesterday: http://blogs.metcorpconsulting.com/tech/?p=1101 And got to thinking about this again. It still bothers me that the road to this certification is artificially blocked by monetary constraints. I think the certification is difficult enough without adding that as a factor to reduce the overall numbers just to increase the value of this certification. Maybe I'm in the minority, but I know I wont' even consider this certification, just based on the cost. Not that I think I would pass, or that I even think I'm ready for something like this. I don't work for MS and I'm not a consultant. Which from what I've seen are the 2 primary groups of people seeking this certification. My employer would never consider this strictly based on cost and ROI. Anyone else of the same opinion? Or am I way off base here? Chris ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup to cloud?
Let's not get carried away with calling this proposal 'cloud backup'. IMHO you're offering offsite backup. For something to be cloud you should look at NIST (or similar definitions), which include elements like rapid elasticity, user self-service, broad network access and measured service: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Thursday, 14 February 2013 5:24 AM To: NT System Admin Issues Subject: RE: Backup to cloud? Yes, DR. Their Internet connection download is 10MBps, the size of their backups is 400+GB total, the smallest being Exchange DB @ 50GB, and if I am restoring their SBS VM it's 350GB plus another 200GB for their SQL VM. If could get the liability sorted, it would be far easier to have it backup to my shop, and recovery would be a matter of me bringing in the drive with the backups. I have unlimited space at my web host so I could back up to that but still the download from there -- my lab (25MBps) is 10+ hours. I have their local backups going to two places onsite (a RAID1 USB 3.0 drive + their other non-hyper-V capable server), my concern is building-wide DR need, kind of goes along with my spare server conversation a couple weeks ago. Very unlikely yes, but I still feel the not covered from that angle twinge. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, February 13, 2013 9:27 AM To: NT System Admin Issues Subject: RE: Backup to cloud? Why would retrieval take that long? Are you talking more about disaster recovery? From: David Lum [mailto:david@nwea.org] Sent: Wednesday, February 13, 2013 12:21 PM To: NT System Admin Issues Subject: Backup to cloud? Does backup to cloud even matter if the time to retrieve it spans 20+ hours? If I were to consider hosting a clients' backups at my location, where do I go to find what liabilities I need to worry about. Coincidentally the client in mind is a law firm of all places... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AD Domain upgrade: 2003 to 2008R2
I don't remember the details, but it appears that AES256 encryption for service tickets and TGTs can be a default in Windows Server 2008: http://technet.microsoft.com/en-us/library/cc749438(v=ws.10).aspx (there's a table about half way down) Cheers Ken From: Donovan Oliver [mailto:oliv...@ohsu.edu] Sent: Wednesday, 13 February 2013 9:11 AM To: NT System Admin Issues Subject: RE: AD Domain upgrade: 2003 to 2008R2 I thought AES256 was a type of Kerberos encryption that could optionally be applied to user objects, but did not operate elsewhere. Is there some background use of AES256 in a 2008 environment that is somehow on by default (thus imposing a forced change to devices that attempt to communicate using another Kerberos method)? Is sounds as though your example involved a customer that chose to attempt the use of AES256 and discovered an incompatible client. Short of a months-long investigation of software and devices, what about just turning off the last 2003 DC temporarily? How long can the rest of the 2008 DC's manage without replicating to one of its members? Would such a test only yield discoverable failed results if the clients are restarted during the outage? - Donovan From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, February 12, 2013 11:01 AM To: NT System Admin Issues Subject: RE: AD Domain upgrade: 2003 to 2008R2 The only issue I have come across is infrastructure devices that do AD Integration but can't handle AES-256. Those devices have to be switched to do LDAP. I have done many 2003 to 2008 R2 migrations, then removing the 2003 DCs and moving to 2008 R2 DFL/FFL. The above is the only issue I have come across. Research your software and infrastructure devices to make sure there is nothing that is going to bite you in the rear. Thanks Webster From: Donovan Oliver [mailto:oliv...@ohsu.edu] Subject: AD Domain upgrade: 2003 to 2008R2 I've seen it mentioned here a few times that domain upgrades from 2003 to 2008/2008R2 are really smooth (HW replacement, not in-place upgrades). It's also been mentioned that promoting the first DC is not an issue, but sometimes removing the last 2003 DC can create problems. What I haven't seen an answer to is: what sort of problems? Aside from NT4.0 issues (i.e. don't expect them to work), what can be done beforehand to check for potential breakage? What steps can be taken? How do you ensure that last DC removal won't hurt you? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Domain upgrade: 2008 R2 or 2012 ?
Are you doing a technical evaluation or a business case? From a technical PoV, I think the posts already have this covered: there are some incremental enhancements and no real downsides (platform is stable, covered in your EA etc.) From a broader perspective, is your project going to have to pick up shared costs like a new Win2k12 build, updating CMDB, deployment and support capability blah, blah? That might impact your business case. Cheers Ken From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Friday, 8 February 2013 8:34 AM To: NT System Admin Issues Subject: Domain upgrade: 2008 R2 or 2012 ? Has anyone done this evaluation recently? We are a 2003 R2 shop. We were in the process of planning a migration to a 2008 R2 domain last year (hardware was bought and deployed), when the funds got cut. From what I hear, we will have funding and approval this year for the project. So the question is now, 2008 R2 or 2012. I've had very little time with 2012 so far. Hopefully that will change in the near future. The benefits of going from 2003 to 2008 R2 i've already captured. From what I've seen so far, 2012 seems stable and an incremental upgrade for our environment. Some of the things that might push me towards 2012 don't apply in our environment. for Example RDS and Hyper-V. We are a big Citrix and VMWare shop. So I don't really see us making use of those specific features, or the enhancements in them from previous versions. From my understanding 2012 is included in our EA agreement. So I don't think it will really be a licensing issue. Love to hear thoughts and comments from others who are going through this right now, or have done this evaluation recently. Thanks, Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DFSR question regarding RDC
You just need to be aware of things like encrypted files, where changing the file and re-encrypting will typically change the entire file. Also, for very large data sets, be aware of the need to size your DFS-R cache on each server. Cheers Ken From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, 7 February 2013 7:21 AM To: NT System Admin Issues Subject: RE: DFSR question regarding RDC Yes it's block level. IIRC down to like 64KB blocks that it does the diff at. Once you put the first image out there, you should only expect to replicate the diffs in all the other images. Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, February 6, 2013 10:41 AM To: NT System Admin Issues Subject: DFSR question regarding RDC Got a question about this: http://msdn.microsoft.com/en-us/library/windows/desktop/bb540025(v=vs.85).aspx Replicating data to multiple servers increases data availability and gives users in remote sites fast, reliable access to files. DFSR uses a new compression algorithm called Remote Differential Compression (RDC). RDC is a diff over the wire protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and rearrangements of data in files, enabling DFSR to replicate only the deltas (changes) when files are updated. Just curious if anyone has really looked at this in regards to the RDC feature in larger files. Got a replication set we are going to setup. These will be larger files (17-25G), they will be images for Citrix Provisioning server. Wanted to know if it's really doing delta's in larger images files as they change, or replicating the whole thing. Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.commailto: [cid:image001.jpg@01CE051B.D520DE40] The Guardian Life Insurance Company of America www.guardianlife.comhttp://www.guardianlife.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: OT: Guest network security
Wired connectivity is going to be around for a while - even for EUC. Lots of orgs (governments, banks etc.) have limited or no wireless available for various reasons. Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, 7 February 2013 5:22 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I didn't know that Sophos had gotten into the hardware world. That's very interesting, and I'll have to take a look at it. Just as an aside - I think that wired end-point connectivity is going the way of the dodo, except for the most demanding loads, so it make a deal of sense for them to do that. Kurt On Wed, Feb 6, 2013 at 6:04 PM, Richard Stovall rich...@gmail.com wrote: My bad. I bought a Sophos AP 30 to go along with the firewall hardware. This AP alone was about 45% of the total cost of the project, but I still saved a good chunk of change over the SonicWall TZ + SonicPoint solution that I had been planning on buying before finding the Sophos home license. On Wed, Feb 6, 2013 at 8:42 PM, Kurt Buff kurt.b...@gmail.com wrote: So your wireless is served elsewise? Kurt On Wed, Feb 6, 2013 at 5:31 PM, Richard Stovall rich...@gmail.com wrote: I chose to build a new system so it would be small and silent rather than use an old computer lying around the house. I went with: Intel D2500CCE fanless mini-ITX motherboard (Dual core 1.86 GHz Atom CPU with dual Intel NICs onboard) 4 GB RAM 128GB Vertex 4 SSD It has been in 'production' for a couple of weeks now, and is stable and very fast. I also really like having the content filtering and antivirus capabilities of a UTM firewall at home. The management interface is a little weird at first, but you get used to it. I demo'ed the software in a VirtualBox VM for a week or so before pulling the trigger on the hardware expense. If anyone is interested, the page at Sophos describing the offering is: http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edi tion.aspx ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: New Article on Documenting a XenApp 6.5 Farm
A few thoughts: a) Loosely coupled code allows greater reuse (SOA and all that jazz). I'd recommend one script to output data to an XML file or ini file (or whatever format) in whatever schema you decide. Another script picks that up and creates a Word document. Then, from now on you have one script to create Word documents for whatever documentation scripts you create b) Having done a ton of Office automation ~15-20 years ago, if you are having to use the COM object model, then there's resources out there if using VB/VBA/VBScript - that might be easier than trying to use PowerShell (or .NET natively) Cheers Ken From: Webster [mailto:webs...@carlwebster.com] Sent: Monday, 28 January 2013 10:18 PM To: NT System Admin Issues Subject: New Article on Documenting a XenApp 6.5 Farm New Article: Documenting a Citrix XenApp 6.5 Farm with Microsoft PowerShell and Word - Version 3 http://carlwebster.com/documenting-a-citrix-xenapp-6-5-farm-with-microsoft-powershell-and-word-version-3/ Thanks Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DC eventid 1168, bizarre behavior
Maybe you are running out of system resources (like non-paged pool). You can try using poolmon to diagnose that (there's an old blog post on my blog about using that tool) Cheers Ken -Original Message- From: Elijah Buck [mailto:elijah.b...@gmail.com] Sent: Tuesday, 29 January 2013 12:10 PM To: NT System Admin Issues Subject: Re: DC eventid 1168, bizarre behavior Yes, we ran adprep /rodc from the server 2008 cd. The RODC appears to be functioning correctly. The servers with event id 1168 are not rodc, by the way, if that wasn't clear. Elijah Sent from my iPhone On Jan 28, 2013, at 6:57 PM, Greg Olson gol...@markettools.com wrote: Did you prep the domain for the read-only dc using the adprep /rodcprep cmd? http://technet.microsoft.com/en-us/library/cc771055(v=ws.10).aspx Even if you have no 2003 servers if I remember right (and I could be wrong) you still need to do the above with certain versions of Samba. -Greg -Original Message- From: Elijah Buck [mailto:elijah.b...@gmail.com] Sent: Monday, January 28, 2013 1:58 PM To: NT System Admin Issues Subject: DC eventid 1168, bizarre behavior Hello, I've been battling an odd issue with our domain controllers, and am completely stumped. This seems to have been precipitated by adding a Read Only Domain Controller and adding a number of Linux samba servers. The symptoms of the issue follows: On DC11 (2008 sp2 ReadWrite DC, 2GB ram, virtual machine on ESXi 5.0u2): 0.) cpu usage is low, typically under 5%. Memory is 800M cached. 118M free. 1.) In the Directory Service event log the following two errors are logged: *Event ID 1168 - Internal error: An Active Directory Domain Services error has occured. Additional data: Error value (decimal): 1450, Error Value (hex): 5aa, Internal ID: 124048b *Event ID 1168 - Internal error: An Active Directory Domain Services error has occured. Additional data: Error value (decimal): 1450, Error Value (hex): 5aa, Internal ID: 1240627 2.) This has happened three times on DC11, and once on DC10 (also 2008 sp2). The time that it affected both DC11 and DC10, manually pushing passwords-to-be-cached to the RODC failed. 3.) Trying to read the properties of an object with ADSI edit (connected to DC11) returns: Windows could not load the values for all the attributes. Operation failed. Error Code: 0x2121. The search failed to retrieve attributes from the database. 2121: SvcErr: DSID-0312048E, problem 5012 (DIR_ERROR), data 1450. 4.) Attempting to run Windows Update gives Error 0x800705AA, which I believe is ERROR_NO_SYSTEM_RESOURCE. 5.) Running 'runas /user:me cmd' fails with 5: Access is denied 6.) The server appears to continue to service auth requests, and LDAP binds still work. However, we seem to encounter intermittent issues with the samba servers during this time. Site topology: CORP: DC4, DC5 (server 2003, auto-site coverage disabled by registry) DC10, DC11 (server 2008 sp2) CAL: connected to CORP RODC1 (server 2008 R2, read only domain controller) NY: connected to CORP and DRSITE NYDC4 (server 2003) DRSITE: connected to CORP and NY DC3 (server 2003) DC20 (server 2008 R2) DC4 is the Schema Master. All other roles are on DC5. repadmin /showrepl and dcdiag don't show any errors. Two additional bits of information. (1) For some reasons, IIS is installed on the DC10 and DC11 domain controllers. (2) a similar thing recently happened with our Exchange 2010 server (2008 R2). The same error with 'runas' failing occured, IIS app pools couldn't restart, and the windows process activation service couldn't be restarted (also with error 5 access denied). I am planning on setting up a new RWDC, physically in CORP but in the CAL AD site, and seeing if the issue follows the new server or stays with DC11. Any help would be appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Max Password Age
Curious to know what you needed to do to come to the last conclusion? How many users do you have? Cheers Ken From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Thursday, 10 January 2013 3:39 AM To: NT System Admin Issues Subject: RE: Max Password Age It's a pretty nice place to work. Unfortunately, I don't go out into the field much at all, but it's a really good team that I work with. We're getting ready to start Wave 1 of our massive upgrade from XP on the desktops, Novell for file/print and Groupwise for e-mail, moving to Win7 on desktops, Active Directory, and Exchange. Oh, and replacing 400 Blackberries with iPhones. Then, when we're done with that, we get to migrate the mail to the cloud, due to the Governator making a law requiring it. Even though we can run it much more efficiently and cost effective in-house. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, January 09, 2013 7:39 AM To: Heaton, Joseph@Wildlife; NT System Admin Issues Subject: Re: Max Password Age I would have thought the latter BTW that sounds like an interesting place to work! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Hmm - the more I think about this, the more I think this is not really an issue. You have three options: a) Fully provision your VMWare disks (with some spare raw capacity for expansion) - what you do today b) You thin provision your Hyper-V disks, but leave oodles of spare capacity to let them grow to full size (what you don't want to do) However both (a) and (b) require roughly the same amount of raw disk space, but (b) gives you more flexibility IMHO, since across hundreds of servers, not all are going to go cuckoo at the same time. Or you go for option (c): Implement thin provisioned disks, but don't provision oodles of spare disk space - provision enough based on what you expect capacity growth for 6-12 months will be (whatever your project lifecycle is), plus has a reserve capacity domain that you can migrate VMs to in the event that something unexpected occurs. That will involve a bit more up-front architecture to give you that flexibility, but save you money in buying spare disk capacity. The flexibility would be useful for all sorts of resource constraints (disk, RAM, CPU), and also to give you automated ways of dealing with hardware failures as well, without having to over provision to start with. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Wednesday, 9 January 2013 1:29 AM To: NT System Admin Issues Subject: RE: Time sync We use SCOM to monitor everything, and we have some homegrown stuff on top of that. So, we do monitor. However, what we saw in the early days of virtualization was that dynamic disks could cause things to go south *very* quickly. I personally would not be comfortable in a situation where we've over-allocated disk without having a fairly large free host disk space buffer. I know at least one of the other admins here feels the same way. As far as I'm concerned, I will not implement thin disks UNLESS I can add up all of the file system sizes and verify the host store has enough capacity to handle them fully grown. To do otherwise just seems like an invitation for problems. If I can't add up all the filesystem sizes, we'll either use thick disks and overestimate the sizes, or we'll use thin disks and just insure that we keep 100's of gigs of free space on each host store. Management can worry about the explosion of disk costs. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, January 07, 2013 11:21 PM To: NT System Admin Issues Subject: RE: Time sync Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker
RE: Time sync
SCOM is just the lowest level of tool you need for something to monitor and manage an environment - what are you doing for your non-Wintel devices (network, *nix, security appliances etc?) You feed all of that into an event management tool - it can auto ticket into your ITSM system and resolve for you e.g. if disk space is growing by x% an hour, then migrate the machine into a temporary location that has spare disk space, and alert the relevant business unit to look into their app. A problem ticket is raised for the business unit, and they can migrate the machine back to the normal production host once they've identified the root cause of the issue. There's no need to keep vast amounts of spare storage just sitting around just in case, provided you architect the solution correctly. That could handle unexpected incidents. Capacity management is handled via a proper reporting tool that'll summarise the data coming out of SCOM (or Tivoli or whatever you are using) and provide proper reporting on the issues that are expected to arise in the next 3-6 months, so you can initiate the necessary capacity improvement project and/or BAU work. Cheers ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Wednesday, 9 January 2013 1:29 AM To: NT System Admin Issues Subject: RE: Time sync We use SCOM to monitor everything, and we have some homegrown stuff on top of that. So, we do monitor. However, what we saw in the early days of virtualization was that dynamic disks could cause things to go south *very* quickly. I personally would not be comfortable in a situation where we've over-allocated disk without having a fairly large free host disk space buffer. I know at least one of the other admins here feels the same way. As far as I'm concerned, I will not implement thin disks UNLESS I can add up all of the file system sizes and verify the host store has enough capacity to handle them fully grown. To do otherwise just seems like an invitation for problems. If I can't add up all the filesystem sizes, we'll either use thick disks and overestimate the sizes, or we'll use thin disks and just insure that we keep 100's of gigs of free space on each host store. Management can worry about the explosion of disk costs. From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, January 07, 2013 11:21 PM To: NT System Admin Issues Subject: RE: Time sync Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin
RE: Time sync
You might not want them - but other people might. Personally I've never had to extend a VM disk outside a maintenance window, so it's never really been an issue for me. Hyper-V supports shared-nothing migration as well - does VMWare do that? Actually, the statement was that Hyper-V has nothing that VMWare doesn't have. That statement is patently untrue. That was the point I was trying to make. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 12:31 AM To: NT System Admin Issues Subject: RE: Time sync Lol, how many times do you need 64 vCPUs or 4TB of guest Ram versus needing to extend a disk? From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Friday, January 04, 2013 8:50 PM To: NT System Admin Issues Subject: RE: Time sync Can ESX support 64 vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? Seems like there are all sorts of corner cases where one product has functionality the other doesn't yet. For 99% of things they are feature compatible. It's all about the management and operations tools now. Hypervisors are almost commoditised, and will be within the next version or two. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Saturday, 5 January 2013 6:26 AM To: NT System Admin Issues Subject: RE: Time sync Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
Seriously? Are you an ITIL shop? Do you not have capacity management plans and systems/tools in place? Or do you just fly by the seat of your pants? Everything should be monitored, and you're getting nice trending graphs. Sure, sometimes things go unexpectedly wrong - but that can happen for all sorts of reasons and is a fact of IT - you need a proper incident system and recovery to handle it. This whole cloud thing you hear about is making sure you have resilient services Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Tuesday, 8 January 2013 7:33 AM To: NT System Admin Issues Subject: RE: Time sync How do you manage your capacity properly? I'm not being facetious - I really want to know since it looks like we are switching to HyperV. Microsoft's recommendation is to create thin disks for more than you ever think you need. Then, when creating the OS, use disk manager to create the file system with the minimum you can get by with. This allows the VHD file to only grow up to the size of the file system it contains. Then, if a virtual's file system runs out of space, you can use storage management to extend the disk into some the free space you allocated in the VHD file. This allows you to have room for expansion, but keeps any one virtual from exhausting free physical disk. For example: Let's say we need a SQL server. We think we can get by with the following disks: C: - 40GB (os) D: - 30GB (logs) E: - 100GB (data) Microsoft is telling us to create thin disks of, say, 1TB each. However, when we install the OS, we create NTFS file systems on each disk with the desired sizes of 40GB, 30GB, and 100GB. We now know that in the current state, this virtual can only grow its thin disks to a total of 170GB. If the E: runs out of space, we can use disk manager to extend the NTFS file system, which will grow the thin disk up to the new NTFS file system size. This gives you the ability to easily grow disks at will, but prevents any one virtual from hogging all the free host disk. This sort of seems reasonable, but it complicates disk management immensely. Now, in order to know the max my virtuals might take, I have to look at each host store, find all of the virtual machines with VHD files on that store, then figure out each virtual's drive letter for that VHD (is that even possible?), then add up all the file system sizes. Seems like a lot of work, even if you script it up. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 12:08 PM To: NT System Admin Issues Subject: Re: Time sync Yes, over subscribing can be an issue if you don't manage your capacity properly. It hasn't proved to be an issue in any of the environments where I have been. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Jan 7, 2013 at 11:35 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Thin provisioning seems risky to me. Seems like you are always in danger of non-critical virtuals deciding to use more disk space thus exhausting physical space which would cause critical VMs to pause if they happen to need more space. We tried thin provisioning back in the old VirtualServer days, and I ran into this problem a few times. -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.commailto:mich...@smithcons.com] Sent: Monday, January 07, 2013 10:28 AM To: NT System Admin Issues Subject: RE: Time sync Because the overhead associated with dynamic disks in Hyper-V v3 is in the very low single digits. We don't spend any time on this process, thin provisioning still works seamlessly, and we get on with our lives. :) -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.commailto:ken.corne...@kimball.com] Sent: Monday, January 7, 2013 10:06 AM To: NT System Admin Issues Subject: RE: Time sync We are running ESX 5. To conserve SAN storage, we provision virtuals with the bare minimum needed disk space because it is so easy to extend disks later (extend the VMDK in VMWare, extend in Windows, done). No down time, and no wasted disk. We don't have to spend a lot of time trying to anticipate how big the disks will get and wasting disk if we guess too high. In HyperV, you can't extend disks without shutting down the virtual - seriously. I can't for the life of me figure out why MS isn't fixing this instead of adding silly features like 4TB of guest RAM. And, I also wonder why HyperV users aren't howling about this. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.commailto:oozerd...@gmail.com] Sent: Monday, January 07, 2013 9:43 AM To: NT System Admin Issues Subject: Re: Time sync On Mon, Jan 7, 2013 at 8:31 AM, Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com wrote: Lol, how many times do you need 64 vCPUs or 4TB
RE: Enterprise task scheduler
I'd hazard a guess that task scheduling includes the ability to run 'repeatable jobs' at a set time. Repeatable jobs on the other hand could be as simple as a VBScript file - but VBS files don't run themselves at a set time per day (and all the reporting, delegation etc. that comes with that type of app) Cheers Ken From: Steven Peck [mailto:sep...@gmail.com] Sent: Saturday, 5 January 2013 8:01 AM To: NT System Admin Issues Subject: Re: Enterprise task scheduler That was where I was confused as well. On Fri, Jan 4, 2013 at 6:51 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Honestly, I'm not sure I see a difference between repeatable jobs and scheduled tasks, other than nomenclature. :) I use Orchestrator for this at a couple of clients and it seems to work just fine and the reports are sweet. YMMV. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, January 2, 2013 6:09 PM To: NT System Admin Issues Subject: Re: Enterprise task scheduler Yep - Opalis. Shame that - there aren't many packages in that spot. Winbatch might be your better bet, in that case. It's been a long time since I played with those products, too. Kurt On Wed, Jan 2, 2013 at 1:08 PM, Adam Meixler ad...@interlink1.commailto:ad...@interlink1.com wrote: I had thought the same thing! (was Opalis?) Some googling seems to suggest that it's not meant for Task Scheduling any more. It can be made to do it, but its strong suit is repeatable Jobs rather than scheduled tasks now. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, January 02, 2013 3:30 PM To: NT System Admin Issues Subject: Re: Enterprise task scheduler It's been a lot of years since I touched it (more than 10!) and it's since been acquired by MSFT and rolled into the SC suite, but Orchestrator comes to mind... Might be worth a look. Kurt On Wed, Jan 2, 2013 at 10:33 AM, Adam Meixler ad...@interlink1.commailto:ad...@interlink1.com wrote: Happy New Year everyone! I was hoping to get The Lists opinion on a good, un-bloated enterprise task scheduler. Right now we have about a thousand tasks scattered across different servers using the windows scheduled task service and it's just not doing it for us. It'd be nice if jobs could be pushed down to workers as they were available vs. being scheduled on specific instances, but we at least want a central control of these jobs. We're open to any ideas that don't involve CA Thanks all ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Time sync
Can ESX support 64 vCPUs or 4TB RAM per guest yet? Or 64 hosts per cluster? Seems like there are all sorts of corner cases where one product has functionality the other doesn't yet. For 99% of things they are feature compatible. It's all about the management and operations tools now. Hypervisors are almost commoditised, and will be within the next version or two. Cheers Ken From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Saturday, 5 January 2013 6:26 AM To: NT System Admin Issues Subject: RE: Time sync Cost. HyperV give something that VMWare doesn't? I laughed so hard I think I peed myself a little... Sheesh, you can't even extend disks on a running virtual under HyperV. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, January 04, 2013 11:43 AM To: NT System Admin Issues Subject: RE: Time sync I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DC server 2003 Time service
You need to read this: http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, 4 January 2013 3:33 AM To: NT System Admin Issues Subject: DC server 2003 Time service I am bringing 2008 R2 servers on line to take the FSMO jobs. I have set one of them as a W32time server but my pc's are still getting time from the old 2003 DC SNTP server??? Any ideas on how to correct this? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
Do you mean, snag the clear-text version of the user's files? If the user has 500GB of data on their laptop, that could take a while to exfiltrate. Suppose you are Chinese/US/whatever intelligence. You wish to get the contents of the laptop belonging to a visiting business leader/dignitary/etc. The laptop is protected with Bitlocker or some other FDE technology. If you can trick them into installing this software, then exfiltrate the key, then you can break into the guy's/gal's hotel room, clone the disk, and decrypt it at your leisure. The other alternative, of exfiltrating all the data whilst the laptop is online, might be tedious, not be complete by the time the person leaves, and probably more prone to be uncovered. Cheers Ken -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, 23 December 2012 12:17 PM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? On Fri, Dec 21, 2012 at 7:20 PM, Ken Schaefer k...@adopenstatic.com wrote: Another option would be to trick the user into installing this software, or trick the user into somehow giving away access to the machine (aka these APTs we keep hearing about) and layering this on top. But if you can do that, why bother with trying to attack the encryption? Just wait for the user to use it, and snag the cleartext version. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
Don't steal the laptop. :) Break into the room - clone the drive, leave the laptop in place. Use the exfiltrated encryption key to decrypt the cloned disk at your leisure. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, 24 December 2012 3:37 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? Good point. (Although I bet stealing the laptop would be prone to being uncovered, too. ;-) (Yes, I get that it's before vs after the data theft. :) ) ) On Sun, Dec 23, 2012 at 7:03 AM, Ken Schaefer k...@adopenstatic.com wrote: Do you mean, snag the clear-text version of the user's files? If the user has 500GB of data on their laptop, that could take a while to exfiltrate. Suppose you are Chinese/US/whatever intelligence. You wish to get the contents of the laptop belonging to a visiting business leader/dignitary/etc. The laptop is protected with Bitlocker or some other FDE technology. If you can trick them into installing this software, then exfiltrate the key, then you can break into the guy's/gal's hotel room, clone the disk, and decrypt it at your leisure. The other alternative, of exfiltrating all the data whilst the laptop is online, might be tedious, not be complete by the time the person leaves, and probably more prone to be uncovered. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk encryption killer: Anyone see this?
One option would be to debug via a FW port. Another option would be to trick the user into installing this software, or trick the user into somehow giving away access to the machine (aka these APTs we keep hearing about) and layering this on top. Cheers Ken -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Saturday, 22 December 2012 7:39 AM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? So I'm hearing we shouldn't be concerned about a PGP-encrypted laptop *unless* it's hibernation file is unencrypted (read, no full disk encryption)? A fully encrypted disk that has a screen saver password is going to be pretty secure? You'll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack.. Ok how easy is it to get a memory dump from a running PC? Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off If the hiberfil.sys is encrypted, how do they get to it? Dave -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Friday, December 21, 2012 10:59 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? I don't find this alarming at all: it requires access to the key data, and is useful if you have a memory dump or a cleartext hibernation file (hiberfil.sys is going to be *encrypted* on a hibernating machine with whole-disk encryption). This tool appears to be a good time-saver, given a memory dump, because it knows where to look in for the keys and how to extract them, but it does not attack any inherent cryptographic weakness or key management problems in PGP, TC, etc.. --Steve On Fri, Dec 21, 2012 at 1:34 PM, Matthew W. Ross mr...@ephrataschools.org wrote: I'm no security expert. But I do assume that if the physical machine is compromised, then the data it holds is as good as compromised as well, no matter what level of encryption you have. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 21 Dec 2012 09:57:51 -0800 Subject: RE: Disk encryption killer: Anyone see this? I would say off the record no, if you used popular encryption software and a repeatable process, but when you lose physical security of an asset, given a reasonable amount of time and effort the encryption will be cracked and data will be obtained. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, December 21, 2012 12:37 PM To: NT System Admin Issues Subject: RE: Disk encryption killer: Anyone see this? Oh, great. I wonder what view CMS will take if a laptop is stolen\lost and it's encrypted. Will they still say it's a HIPAA violation? From: David Lum [mailto:david@nwea.org] Sent: Friday, December 21, 2012 12:29 PM To: NT System Admin Issues Subject: Disk encryption killer: Anyone see this? Comments anyone? Looks like bad news... http://thenextweb.com/insider/2012/12/20/this-299-tool-is-reportedly- cap able-of-cracking-bitlocker-pgp-and-truecrypt-disks-in-real-time/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: emergency sharepoint 2007 file dump?
Would still need to target each site is using SharePoint Workspace IIRC To OP: Dump a list of all sites, and then feed that into a tool like http://blog.krichie.com/my-sharepoint-tools/ SPIEFolder Cheers Ken From: Jon Harris [mailto:jk.har...@live.com] Sent: Thursday, 20 December 2012 12:23 PM To: NT System Admin Issues Subject: RE: emergency sharepoint 2007 file dump? Okay not a solutions but what about upgrading to 2010 then dumping it? Just a thought based on what Ken said. Jon Date: Wed, 19 Dec 2012 18:12:58 -0500 Subject: Re: emergency sharepoint 2007 file dump? From: klu...@gmail.commailto:klu...@gmail.com To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com I would look at any of the Sharepoint migration tools. Some of them may be able to solve your requirement. On Wednesday, December 19, 2012, Rick Berry wrote: It's 2007. And I lied about 'dozens', it's 'hundreds' of document libraries nested under this puppy. Desperate for a way to recurse the whole thing from the top instead of having to target each library individually. -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, December 18, 2012 9:15 PM To: NT System Admin Issues Subject: RE: emergency sharepoint 2007 file dump? Is this SharePoint 2010? If so, do you have access to SharePoint workspace as part of Office 2010? That will create an offline copy of your document libraries (and other supported lists). You can then cut-n-paste the lot out to a folder on your local disk. Cheers Ken -Original Message- From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, 19 December 2012 7:06 AM To: NT System Admin Issues Subject: emergency sharepoint 2007 file dump? I'll preface this by saying it's all approved by legal entities involved ... Customer is declaring Chapter 7, yet has sharepoint information that needs to be dumped off to files and shared with a variety of stakeholders. I'm generalizing, but basically: http://sharepoint/sites/site1 document content goes into folder site1 http://sharepoint/sites/site2 document content goes into folder site2 and there's about a bazillion /sites/insertname_here along with further nesting underneath each site with their own doc libraries. (by bazillion, I think I mean 'many dozens') Is there a magical way to recursively dump all that out, even if it's one big sloppy pile of documents instead of something relatively organized into folders that reflect the 'sites' subdirectories? I have tried a few tools via Google Fu (bamboo, spiefolder) but my kungfu is weak on sharepoint and there is a whole 'chapter 7' timing issue behind the scenes. Bamboo seems to work, but I think I have to keep retargeting manually each /darn/subdirectory/site and it's maddening and pretty time consuming. Wish I could figure out how to have it recursively troll through all of the subdirectories from http://sharepoint/*http://sharepoint/%2a but believe I'm expecting the impossible in that regard. I don't care about anything in sharepoint outside of the actual documents (word, pdf, excel mostly) ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: emergency sharepoint 2007 file dump?
Is this SharePoint 2010? If so, do you have access to SharePoint workspace as part of Office 2010? That will create an offline copy of your document libraries (and other supported lists). You can then cut-n-paste the lot out to a folder on your local disk. Cheers Ken -Original Message- From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: Wednesday, 19 December 2012 7:06 AM To: NT System Admin Issues Subject: emergency sharepoint 2007 file dump? I'll preface this by saying it's all approved by legal entities involved ... Customer is declaring Chapter 7, yet has sharepoint information that needs to be dumped off to files and shared with a variety of stakeholders. I'm generalizing, but basically: http://sharepoint/sites/site1 document content goes into folder site1 http://sharepoint/sites/site2 document content goes into folder site2 and there's about a bazillion /sites/insertname_here along with further nesting underneath each site with their own doc libraries. (by bazillion, I think I mean 'many dozens') Is there a magical way to recursively dump all that out, even if it's one big sloppy pile of documents instead of something relatively organized into folders that reflect the 'sites' subdirectories? I have tried a few tools via Google Fu (bamboo, spiefolder) but my kungfu is weak on sharepoint and there is a whole 'chapter 7' timing issue behind the scenes. Bamboo seems to work, but I think I have to keep retargeting manually each /darn/subdirectory/site and it's maddening and pretty time consuming. Wish I could figure out how to have it recursively troll through all of the subdirectories from http://sharepoint/* but believe I'm expecting the impossible in that regard. I don't care about anything in sharepoint outside of the actual documents (word, pdf, excel mostly) ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Aero and Remote Admin
If the target computer is Windows 7 (or Windows Server 2008 R2), then Aero should work in the RDP session: http://blogs.msdn.com/b/rds/archive/2009/06/23/aero-glass-remoting-in-windows-server-2008-r2.aspx Cheers Ken From: Evan Brastow [mailto:ebras...@automatedemblem.com] Sent: Friday, 14 December 2012 9:51 AM To: NT System Admin Issues Subject: Aero and Remote Admin Hi peoples, Just my Dumb Question of the Month. I use Remote Admin (Radmin) to do remote administration on my company's PC's. Recently a user asked why Aero wasn't working on his Win7 pc. (We use very few Win7 PC's) Doing a little research, I see that the mirror driver needed for Aero effect isn't compatible with remote admin software (apparently this includes Microsoft's own Remote Desktop, too?) But it seems to me that what used to happen is that users could run Aero, then, if I needed to remote in, it would simply pop a little balloon up saying Aero has been disabled. Then, when I was done, it would work again. But now it doesn't seem like it's even an option for users. Weird. Has something changed just recently? Not sure why I'm just seeing this now. Thanks, Evan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IPv6 deployments
What's the business justification for IPv6? Seems like you're just wasting money if you have no reason to deploy. For internal networks using private IPv4 addressing today, I'm not sure that there's a compelling case that can be made for deploying IPv6 for most organisations. You can still have IPv6 DHCP if you want - not sure I understand your position on that - unless you have something in your deployment plan to not have DHCPv6 for your network. Cheers Ken From: m b [mailto:midphan12...@gmail.com] Sent: Thursday, 13 December 2012 8:47 AM To: NT System Admin Issues Subject: IPv6 deployments We are a Windows shop, currently 2K8 R2 native. We've got a block of IPv6 addresses, and a perfectly-functioning IPv4 global WAN across three dozen city centers, and in the face of If it works, don't fix it, we're planning to deploy IPv6 in 2013. Those of you who have done a deployment, did you go stateful or stateless? Walking away from a world that includes DHCP servers feels foreign to me, so I'm interested to hear the experience of people I trust. We stay fairly current with technology, don't anticipate difficulty with router/switch/device capability. I hope to deploy v6 in addition to the in-place v4, and without using any transition technologies (ISATAP). Am I a dreamer? Were their any gotcha challenges that you ran into? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: File Services Clustering in Server 2012
You can create a cluster of VMs sitting on top of your existing ESX (or Hyper-V or Xen) infrastructure. That way, you can keep your SQL Server up, regardless of what's happening at the application, OS or hardware level. Not sure how you're calculating - if an event happens 5 times a year, and it costs $300k/event, then that's $1.5m/year. You can discount that to NPV if you want, but I'm pretty sure I'd be willing to spend a lot more than $3900 to avoid $1.5m in expected lost revenue/year. I think you're thinking $3900 *a day* Cheers Ken -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, 7 December 2012 2:50 AM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 This is a valid case, but how many times in a year does this happen. ( ALE= SLE X ARO). So it's a 300,000 event that say happens 5 times a year .005 300,000 X .013 (5/365)=3,900 dollars you can afford to spend to fix the issue and the cost of the control is in line with the Annual Lost Expectancy of the event factored over the year. I am sure a cluster and hardware costs more than 3,900, therefore cost of control is higher than the expected loss, you usually don't implement that control. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Thursday, December 06, 2012 10:29 AM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 Yep setting up a cluster just to protect against a service dying is overkill. I think that statement might be a bit to general. What if that service doesn't simply restart and 2500 people have their work impacted for 4 hours while its resolved? 2500*$30*4=$300,000.00 as an example... Does that application cluster investment still sound unrealistic? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: File Services Clustering in Server 2012
If the service (e.g. SQL Server or the File Service) fails then VMWare has limited options for detected and failing that service over to another node. Likewise if a part of the operating system stops responding/working. What VMWare does provide well is the ability to cater for faults at the hardware level. Stuff like vMotion and storage motion you can, give or take a few features, get with Hyper-V v3 Cheers Ken -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, 6 December 2012 11:03 AM To: NT System Admin Issues Subject: Re: File Services Clustering in Server 2012 erm... I'm not sure what you mean by OS failover vs. hardware failover. VMware, depending on the version you've purchased, will indeed provide what I would think of as OS failover, in one of two ways, depending on how much money you've spent - perhaps you can enlighten me on that point. With Essentials Plus, if your physical host blows up/melts down,the VMs on that node appears on another node of your cluster as if they've been rebooted. You can also seamlessly migrate a running VM from one host to another via vMotion, if both are in working order. With more expensive versions of VMware, if the physical host faults, the VMs on that node will seamlessly migrate to one of your other nodes - no down time at all. Also with the more expensive versions of VMware, you get Storage vMotion, which allows you to move a VM, while it's running, from one SAN LUN to another, along with regular vMotion. Depending on version purchased, VMware nodes can also monitor VMs and if one fails or stops responding they can restart the VM. Granted, this isn't the same kind of functionality a (for instance) SQL cluster provides, but it's pretty dang cool, IMHO. Whether you should do an MS cluster on top of your VMware cluster is something I don't have experience with, however, so can't speak to it. I also do not as yet have any experience with HyperV, so can't compare it meaningfully to VMware products. Kurt On Wed, Dec 5, 2012 at 2:23 PM, Jim Holmgren jholmg...@xlhealth.com wrote: That's a pretty bold statement. ESX clustering does not provide application or OS failover - only hardware failover. I would not call ESX clustering vastly superior to Microsoft clustering. They provide different functionality. Jim Jim Holmgren Director of Technology Infrastructure XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com -Original Message- From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Wednesday, December 05, 2012 5:04 PM To: NT System Admin Issues Subject: RE: File Services Clustering in Server 2012 Why in the world would you use a Microsoft cluster when you have the vastly superior and easier ESX clustering to provide failover? -Original Message- From: Patrick Hasenjager [mailto:phasenja...@kcumb.edu] Sent: Wednesday, December 05, 2012 4:33 PM To: NT System Admin Issues Subject: File Services Clustering in Server 2012 We are just getting into clustering services, now that we have been allowed to purchase a SAN (we have only been asking for more years than I can count!). I created a failover cluster in Server 2012 Standard and attached 4 nodes to it (all virtuals with VMware ESXi 5.1 - the same problem exists whether 1 node is connected or up to all 4). They are connected to common LUNs on a NetApp appliance. Yesterday, everything went to hell. It started off that I could not access one of the file shares and then two... then all 4 that we had configured. Because this system was not yet being utilized for anyone other than myself, I decided to just recreate it. Now that I have done that, I cannot configure any file shares. When I click the Add File Share to the cluster role (File Server), the volumes is blank and I cannot use the browse button. I can type a path, but it states that it is not valid for the particular server. According to the console, everything is Running and Online. I also cannot access the administrative share for the drive which is attached to the role. I am at a complete loss for ideas and Internet searches have turned up absolutely nothing regarding the problem I am having. I'm sure I am missing something simple, but cannot come up with what that is. Can anyone assist me? Feel free to contact me off-list if it is more convenient. PATRICK HASENJAGER | Network Administrator Kansas City University of Medicine and Biosciences | Information Technology phone 816.654.7712 | fax 816.654.7701 email phasenja...@kcumb.edu | www.kcumb.edu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: SQL account management
The application owners (typically business people) shouldn't have any permissions to do anything of the sort... DBAs would make the changes, and this should be caught in Dev/Test prior to Prod Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Saturday, 1 December 2012 1:14 AM To: NT System Admin Issues Subject: RE: SQL account management Thanks guys! What drove this question is the app owner deleted a SQL account that they had realized had other dependencies on it, but this checks and balances if operating both ways would have caught it. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, November 30, 2012 5:51 AM To: NT System Admin Issues Subject: RE: SQL account management I agree with this approach, Usually this is a default build where service accounts are created and the SQL services are installed with the dedicated windows accounts running the services. As for SQL server accounts, I would recommend if possible do it by Global Groups, instead of regular SQL accounts, but if you had too the approach given by Brian is definitely on par. Data/Bussiness process owners specify the permissions that need to be granted to users and the DBA's (Data Custodians) implement them. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, November 29, 2012 6:33 PM To: NT System Admin Issues Subject: RE: SQL account management I'd expect a checks and balances type process here - app owner (business) approves access changes implemented by DBAs (IT). Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 29, 2012 4:35 PM To: NT System Admin Issues Subject: SQL account management For those of you with sizable environments, who manages SQL server accounts? DBA's, or the application owners whose application uses the SQL account? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: windows phone 8
If you are outside the US, then Windows Phone is sadly lacking, compared to iPhone and Android I've been a big WinMo/WP user (and currently have an Omnia 7), but when I look at the apps and info available on iPhone and Android, it's just depressing. Mapping is poor on WP (well, maybe not compared to the latest IOS5 :) ) and many of the apps you'd love to use as a traveller on iPhone or Android just aren't available (e.g. apps to find local restaurants, public transport, book taxis). Apps like Instagram and Pandora don’t exist, nor does Google Maps. Bing search is poor (maybe not in the US, but it's just rubbish in every other country I've tried). Everything else, there's about one main option on WP, instead of several. If you have more than one LiveID (e.g. one for work, one for personal, one for Messenger), then working out how to get these to work together on your phone is a pain. Personally I don't care for Facebook integration with my phone contacts - and this is probably the one thing that WP does well. And there's a trial mode for all the games, so you don’t have to buy up-front. Cheers Ken -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Tuesday, 27 November 2012 7:15 AM To: NT System Admin Issues Subject: RE: windows phone 8 Agreed, on not missing Android. I've been using Android on phone and tablet for a couple years, and just finished moving to all Win devices. I feel liberated. -Original Message- From: Tim Vander Kooi [mailto:tvanderk...@expl.com] Sent: Monday, November 26, 2012 2:22 PM To: NT System Admin Issues Subject: RE: windows phone 8 I have the 8X while my wife has a Nokia 810 (doesn't have any of the issues mentioned about the 920) and they are both excellent phones. We went with different phones based on personal preference regarding size and feel and we are both very happy with our choices 2 almost 2 weeks later. I certainly don't miss Android, Windows Phone 8 is far superior for everyday use and don't even get me going on battery life. Tim -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, November 21, 2012 8:44 AM To: NT System Admin Issues Subject: RE: windows phone 8 I'm digging the 8x. Of course, it still has that new car smell, so give me a few days to see if the coolness wears off. -Original Message- From: Alan Davies [mailto:adav...@cls-services.com] Sent: Wednesday, November 21, 2012 9:02 AM To: NT System Admin Issues Subject: RE: windows phone 8 Just had a look at the two together. Nokia is a lot thicker and heavier and less pleasant to hold in the hand IMHO. I prefer the 920 in spec to the 8X, but think as something to carry around all day every day I might go down the HTC route ... -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: 19 November 2012 19:18 To: NT System Admin Issues Subject: RE: windows phone 8 Lots of folks complaining about it. Also complaining of reboots and hung screens. The HTC 8x seems to be the better of the two releases. Mine just showed up an hour or so ago. -Original Message- From: joeu...@chronic.org [mailto:joeu...@chronic.org] Sent: Monday, November 19, 2012 1:13 PM To: NT System Admin Issues Subject: RE: windows phone 8 Sure, you might be a lucky one... google - 920 battery life Regards, joeuser - Still looking for the 'any' key... ...now these points of data make a beautiful line... Original Message Subject: Re: windows phone 8 From: Steven Peck sep...@gmail.com Date: Mon, November 19, 2012 3:43 am To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com It does? Mine's been lasting a day or two. I have turned off NFC because well, I have no NFC devices. I also avoid ad based apps, just purchased. My wife's been lasting as well. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please
RE: windows phone 8
Also, you have to change your settings to English (US) to get a bunch of apps to show up (e.g. AroundMe). I have always just assumed that this is because the developer has said that it supports English (US) rather than English (UK)/English (Australia)/English(Singapore)/English(…). Changing this setting, in turn, requires a reboot of your phone. Cheers Ken From: rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Tuesday, 27 November 2012 12:44 PM To: NT System Admin Issues Subject: RE: windows phone 8 I have friends in the UK who have recently picked up the Lumias. I’ll have to see what they think. Sent from Windows Mail From: Ken Schaefer Sent: November 26, 2012 7:47 PM To: NT System Admin Issues Subject: RE: windows phone 8 If you are outside the US, then Windows Phone is sadly lacking, compared to iPhone and Android I've been a big WinMo/WP user (and currently have an Omnia 7), but when I look at the apps and info available on iPhone and Android, it's just depressing. Mapping is poor on WP (well, maybe not compared to the latest IOS5 :) ) and many of the apps you'd love to use as a traveller on iPhone or Android just aren't available (e.g. apps to find local restaurants, public transport, book taxis). Apps like Instagram and Pandora don’t exist, nor does Google Maps. Bing search is poor (maybe not in the US, but it's just rubbish in every other country I've tried). Everything else, there's about one main option on WP, instead of several. If you have more than one LiveID (e.g. one for work, one for personal, one for Messenger), then working out how to get these to work together on your phone is a pain. Personally I don't care for Facebook integration with my phone contacts - and this is probably the one thing that WP does well. And there's a trial mode for all the games, so you don’t have to buy up-front. Cheers Ken -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Tuesday, 27 November 2012 7:15 AM To: NT System Admin Issues Subject: RE: windows phone 8 Agreed, on not missing Android. I've been using Android on phone and tablet for a couple years, and just finished moving to all Win devices. I feel liberated. -Original Message- From: Tim Vander Kooi [mailto:tvanderk...@expl.com] Sent: Monday, November 26, 2012 2:22 PM To: NT System Admin Issues Subject: RE: windows phone 8 I have the 8X while my wife has a Nokia 810 (doesn't have any of the issues mentioned about the 920) and they are both excellent phones. We went with different phones based on personal preference regarding size and feel and we are both very happy with our choices 2 almost 2 weeks later. I certainly don't miss Android, Windows Phone 8 is far superior for everyday use and don't even get me going on battery life. Tim -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Wednesday, November 21, 2012 8:44 AM To: NT System Admin Issues Subject: RE: windows phone 8 I'm digging the 8x. Of course, it still has that new car smell, so give me a few days to see if the coolness wears off. -Original Message- From: Alan Davies [mailto:adav...@cls-services.com] Sent: Wednesday, November 21, 2012 9:02 AM To: NT System Admin Issues Subject: RE: windows phone 8 Just had a look at the two together. Nokia is a lot thicker and heavier and less pleasant to hold in the hand IMHO. I prefer the 920 in spec to the 8X, but think as something to carry around all day every day I might go down the HTC route ... -Original Message- From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: 19 November 2012 19:18 To: NT System Admin Issues Subject: RE: windows phone 8 Lots of folks complaining about it. Also complaining of reboots and hung screens. The HTC 8x seems to be the better of the two releases. Mine just showed up an hour or so ago. -Original Message- From: joeu...@chronic.org [mailto:joeu...@chronic.org] Sent: Monday, November 19, 2012 1:13 PM To: NT System Admin Issues Subject: RE: windows phone 8 Sure, you might be a lucky one... google - 920 battery life Regards, joeuser - Still looking for the 'any' key... ...now these points of data make a beautiful line... Original Message Subject: Re: windows phone 8 From: Steven Peck sep...@gmail.com Date: Mon, November 19, 2012 3:43 am To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com It does? Mine's been lasting a day or two. I have turned off NFC because well, I have no NFC devices. I also avoid ad based apps, just purchased. My wife's been lasting as well. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful
RE: DPM licensing questions
1) Go to www.microsoft.com/systemcenterhttp://www.microsoft.com/systemcenter 2) Click the link: Get Licensing Details in the top right 3) Profit Cheers Ken From: Graeme Carstairs [mailto:loonyto...@gmail.com] Sent: Friday, 23 November 2012 7:25 PM To: NT System Admin Issues Subject: Re: DPM licensing questions Ill have another look at the MS Site today, though since it went all windows 8 it's difficult to ffind anything worth while. On Friday, 23 November 2012, Ken Schaefer wrote: I've always found DPM licensing to be pretty straight forward, and explained on the Microsoft website. Prior to SC 2012, you bought licenses for the servers you wanted to protect (plus whatever was required for DPM itself - e.g. a Windows Server license, and optionally an SQL Server license) SC 2012 is likewise licensed by the servers you want to protect/monitor, and the server components are free Did you look on the Microsoft website? Any particular item which is not clear? Cheers Ken From: Graeme Carstairs [mailto:loonyto...@gmail.comjavascript:_e(%7b%7d,%20'cvml',%20'loonyto...@gmail.com');] Sent: Friday, 23 November 2012 6:08 PM To: NT System Admin Issues Subject: Re: DPM licensing questions That's the thing we are a VAR but I've never done System centre And the disties don't seem to have a clue. And neither do MS partner licensing team. I thougt it would be a simple question with a simple answer but everyone starts going in about CAKS for their users to protect them. And I'm like but we just want to back up the servers FFS can't believe I'm gonna say this but may end up quoting Symantec BE CPS Thanks Graeme On Thursday, 22 November 2012, Tobie Fysh wrote: In DPM 2008 you'd need two Enterprise licenses for the clients, SQL server license to run on your DPM box and a Windows Server license (DPM server is free as you pay for the backup agents on the server). Since System Center 2012 its all changed again so best to speak to a VAR (I'd recommend Phoenix Software in York who I've found to be very helpful on MSFT software licensing). Regards Tobie Sent from my Windows Phone From: Graeme Carstairs Sent: 22/11/2012 17:01 To: NT System Admin Issues Subject: DPM licensing questions Hi There, We ahve a customer whos DPM server died, and they are now looking to update the whole thing. The guy who looked after that is gone, and im not sure on the licensing requirements, and MS and the distributors in the UK are no help, they just keep confusing me and them selves by saying the same thing over and over in deifferent ways but never answering the question asked. They ave the following Server 1. SBS 2008 so Windows server 2008, SQL Server, Sharepoint and Exchange Server 2 SBS Premium 2008 so Windows Server 2008 and SQL server. We are lolkking to put in a windows 2008 box with DPM, and need to know what DPM licesnes we need I have been given many answers and none of them make sense. Thanks in advance Graeme -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Busihttp://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:_e(%7b%7d,%20'cvml',%20'listmana...@lyris.sunbeltsoftware.com'); with the body: unsubscribe ntsysadmin -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: GPO confused
When you run gpedit.msc on the target PC, what's the text on the first line in the left-hand panel? What do you get if you run rsop.msc instead? Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Saturday, 24 November 2012 7:21 AM To: NT System Admin Issues Subject: GPO confused I have a 2003 Active Directory. I want to apply some Windows 7 admx's I have extended the schema using adprep from a server 2008 r2 disc. I have GPMC installed on my Windows 7 machine. I have created a GP using the Windows 7 machine. I have ran GPupdate on the DC. I have ran GPupdate /force on the PC. I have ran GPResult /R on the PC and seed the policy created above. I run GPedit.msc on the PC and I do not see the policy settings??? WTF and I doing wrong? (The settings are ScreenSaver settings.) User/Administrative/Control Panel/Personalization/ ...settings I am done for today but if anyone has some clues to look for thanks David ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DPM licensing questions
I've always found DPM licensing to be pretty straight forward, and explained on the Microsoft website. Prior to SC 2012, you bought licenses for the servers you wanted to protect (plus whatever was required for DPM itself - e.g. a Windows Server license, and optionally an SQL Server license) SC 2012 is likewise licensed by the servers you want to protect/monitor, and the server components are free Did you look on the Microsoft website? Any particular item which is not clear? Cheers Ken From: Graeme Carstairs [mailto:loonyto...@gmail.com] Sent: Friday, 23 November 2012 6:08 PM To: NT System Admin Issues Subject: Re: DPM licensing questions That's the thing we are a VAR but I've never done System centre And the disties don't seem to have a clue. And neither do MS partner licensing team. I thougt it would be a simple question with a simple answer but everyone starts going in about CAKS for their users to protect them. And I'm like but we just want to back up the servers FFS can't believe I'm gonna say this but may end up quoting Symantec BE CPS Thanks Graeme On Thursday, 22 November 2012, Tobie Fysh wrote: In DPM 2008 you'd need two Enterprise licenses for the clients, SQL server license to run on your DPM box and a Windows Server license (DPM server is free as you pay for the backup agents on the server). Since System Center 2012 its all changed again so best to speak to a VAR (I'd recommend Phoenix Software in York who I've found to be very helpful on MSFT software licensing). Regards Tobie Sent from my Windows Phone From: Graeme Carstairsjavascript:_e(%7b%7d,%20'cvml',%20'loonyto...@gmail.com'); Sent: 22/11/2012 17:01 To: NT System Admin Issuesjavascript:_e(%7b%7d,%20'cvml',%20'ntsysadmin@lyris.sunbelt-software.com'); Subject: DPM licensing questions Hi There, We ahve a customer whos DPM server died, and they are now looking to update the whole thing. The guy who looked after that is gone, and im not sure on the licensing requirements, and MS and the distributors in the UK are no help, they just keep confusing me and them selves by saying the same thing over and over in deifferent ways but never answering the question asked. They ave the following Server 1. SBS 2008 so Windows server 2008, SQL Server, Sharepoint and Exchange Server 2 SBS Premium 2008 so Windows Server 2008 and SQL server. We are lolkking to put in a windows 2008 box with DPM, and need to know what DPM licesnes we need I have been given many answers and none of them make sense. Thanks in advance Graeme -- Good news everyone, you have just received an e-mail from me! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:_e(%7b%7d,%20'cvml',%20'listmana...@lyris.sunbeltsoftware.com'); with the body: unsubscribe ntsysadmin This message has been scanned by MimeCast on behalf of Freebridge Community Housing and found to be free of viruses and not SPAM. If you have any concerns about the message contents please contact the ICT ServiceDesk. [Freebridge Community Housing Logo]http://www.freebridge.org.uk [twitter.com/Freebridge]http://twitter.com/Freebridge [Freebridge on Facebook]http://www.facebook.com/pages/Kings-Lynn-United-Kingdom/Freebridge-Community-Housing/192690183387?v=box_3 [Shortlisted for the TJ Awards 2012]http://www.trainingjournal.com/awards/ This e-mail (including any attachments), is confidential and intended only for the use of the addressee(s). It may contain information covered by legal, professional or other privilege. If you are not an addressee, please inform the sender immediately and destroy this e-mail. Do not copy, use or disclose this e-mail. E-mail transmission cannot be guaranteed to be secure or error free. The sender does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. Freebridge Community Housing Ltd is a Charitable Industrial and Provident Society - Reg No IP29744R Registered with the Registered with the Homes Communities Agency - No L4463. VAT Registration Number 860762121 Freebridge Community Housing, Juniper House, Austin Street, Kings Lynn, Norfolk PE30 1DZ This email message has been scanned for viruses by Mimecast. Mimecast delivers a complete managed email solution from a single web based platform. For more information please visit http://www.mimecast.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To
RE: Window 8 on your PC
Why should people have to figure it out? Shutdown, Restart, Logoff, Sleep, Standby, Hibernate were all in one place before, and it worked for all the hundreds of millions of people using Windows. Why change it? -Original Message- From: James Hill [mailto:falc...@gmail.com] Sent: Wednesday, 21 November 2012 9:50 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Are you saying it will be difficult for the admins to use or difficult for the admins as users won't be able to work it out? The admins should be able to quickly work it out and after that it is easy. Users have always(since remote desktop was invented) either not known how to log off or couldn't be bothered. They just click on the X and disconnect (so us admins have to configure session timeouts etc to eventually log off the session). So no changes in that area for Server 2012 for the users imo. James. -Original Message- From: Randal, Phil [mailto:phil.ran...@hoopleltd.co.uk] Sent: Wednesday, 21 November 2012 7:49 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Correct me if I'm wrong, but the 'log out' 'button' being hidden the way it is in Windows 8 and Server 2012 will be a nightmare for terminal server admins. Ugh. Phil -- Phil Randal Infrastructure Engineer Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT Tel: 01432 260415 | Email: phil.ran...@hoopleltd.co.uk -Original Message- From: James Hill [mailto:falc...@gmail.com] Sent: 21 November 2012 08:44 To: NT System Admin Issues Subject: RE: Window 8 on your PC The location of log off and the shutdown menu are both a nuisance. I have a 6 year old and a 4 year old that were placed in front of Windows 8 and were installing apps from the store, playing games etc without any tuition. I showed them how to do a shutdown and that was about it. James. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, 21 November 2012 8:08 AM To: NT System Admin Issues Subject: Re: Window 8 on your PC We won't be deploying it this school year, that's for sure. It's just too late and we would get a lot of negative feedback. Also we tend to hold off on such deployments until the product has a little shake-down time and we get a break to do upgrades. Personally, I'm not looking forward to 8 on the desktop in a lab environment. One nitpick of my own: It's very difficult to log off, which is something every 7-18 year old in our schools will have to do. While some know that you can quickly find a logout with Ctrl-Alt-Del, most don't. Last, most of the software run by our users aren't in the DCIM* interface. So really, there isn't a feature that is yet pushing us to Win8 yet. I have seen start-button replacements, like Start8, but we like to go with the Officially supported versions of things if we can. Thus, if Microsoft makes it an option to stick people to the Desktop and give them a way to launch programs/logoff, I'll give it another try. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Window 8 on your PC
I could have one button that pops up a menu with large selection buttons - I have that on my Windows Media Center already (under tasks) - surely that could work? I also don’t see how one power button is going to facilitate both shutdown and restart. I have Win8 running on my HP Slate 500, and frankly these little niggly things are just annoying I've had Win Server 2012 running for a long time for my IIS8 book - by the way, it's out soon, just in time for Christmas :) , and it's a PITA to use in a VM Apple manages to make it work with just one button on their iPad - maybe Microsoft could have done something similar with one or two hardware buttons for a designed for Windows 8 PC Cheers Ken -Original Message- From: James Hill [mailto:falc...@gmail.com] Sent: Wednesday, 21 November 2012 10:22 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Because of touch. All of those things in one place means small buttons which are hard to click on with big fingers. That's my guess on it. The log off location makes sense on a touch device as you can easily switch users. The shutdown and restart makes little sense at all but apparently it's because people press the power button on touch devices. James. -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, 21 November 2012 9:03 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Why should people have to figure it out? Shutdown, Restart, Logoff, Sleep, Standby, Hibernate were all in one place before, and it worked for all the hundreds of millions of people using Windows. Why change it? -Original Message- From: James Hill [mailto:falc...@gmail.com] Sent: Wednesday, 21 November 2012 9:50 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Are you saying it will be difficult for the admins to use or difficult for the admins as users won't be able to work it out? The admins should be able to quickly work it out and after that it is easy. Users have always(since remote desktop was invented) either not known how to log off or couldn't be bothered. They just click on the X and disconnect (so us admins have to configure session timeouts etc to eventually log off the session). So no changes in that area for Server 2012 for the users imo. James. -Original Message- From: Randal, Phil [mailto:phil.ran...@hoopleltd.co.uk] Sent: Wednesday, 21 November 2012 7:49 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Correct me if I'm wrong, but the 'log out' 'button' being hidden the way it is in Windows 8 and Server 2012 will be a nightmare for terminal server admins. Ugh. Phil -- Phil Randal Infrastructure Engineer Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT Tel: 01432 260415 | Email: phil.ran...@hoopleltd.co.uk -Original Message- From: James Hill [mailto:falc...@gmail.com] Sent: 21 November 2012 08:44 To: NT System Admin Issues Subject: RE: Window 8 on your PC The location of log off and the shutdown menu are both a nuisance. I have a 6 year old and a 4 year old that were placed in front of Windows 8 and were installing apps from the store, playing games etc without any tuition. I showed them how to do a shutdown and that was about it. James. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, 21 November 2012 8:08 AM To: NT System Admin Issues Subject: Re: Window 8 on your PC We won't be deploying it this school year, that's for sure. It's just too late and we would get a lot of negative feedback. Also we tend to hold off on such deployments until the product has a little shake-down time and we get a break to do upgrades. Personally, I'm not looking forward to 8 on the desktop in a lab environment. One nitpick of my own: It's very difficult to log off, which is something every 7-18 year old in our schools will have to do. While some know that you can quickly find a logout with Ctrl-Alt-Del, most don't. Last, most of the software run by our users aren't in the DCIM* interface. So really, there isn't a feature that is yet pushing us to Win8 yet. I have seen start-button replacements, like Start8, but we like to go with the Officially supported versions of things if we can. Thus, if Microsoft makes it an option to stick people to the Desktop and give them a way to launch programs/logoff, I'll give it another try. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums
RE: Window 8 on your PC
Since there's no hierarchy of folders anymore, what does a user do when there's three icons called Uninstall or Help that would normally be separated because they were under folders for App1, App2 and App3 on the start menu? Cheers Ken From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, 22 November 2012 5:37 AM To: NT System Admin Issues Subject: RE: Window 8 on your PC Hit the windows key and use your mouse to look through all Apps. From: Stefan Jafs [mailto:stefan.j...@gmail.com] Sent: Wednesday, November 21, 2012 1:25 PM To: NT System Admin Issues Subject: Re: Window 8 on your PC But if you don't know the name of the Application and you would like to browse the installed Applications, can't that be done? Stefan On Wed, Nov 21, 2012 at 12:03 PM, Rod Trent rodtr...@myitforum.commailto:rodtr...@myitforum.com wrote: Hit the Start button on the keyboard, and just start typing the name of the app. From: Stefan Jafs [mailto:stefan.j...@gmail.commailto:stefan.j...@gmail.com] Sent: Wednesday, November 21, 2012 11:37 AM To: NT System Admin Issues Subject: Re: Window 8 on your PC OK, this may be a really stupid question, I know search works very well but working on the desktop how do I get to my programs with no Start button? Bing gives me now aswers. Stefan On Wed, Nov 21, 2012 at 9:43 AM, Rod Trent rodtr...@myitforum.commailto:rodtr...@myitforum.com wrote: Also, consider that Windows 8 is built for devices that are never meant to be shut off. Why give easy access to a function that we are moving beyond? From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Wednesday, November 21, 2012 8:56 AM To: NT System Admin Issues Subject: RE: Window 8 on your PC You no longer have to pre-tell Windows that you want to shut down and let it handle everything for you. Windows is now hardware aware enough that you just hit the power and Windows does whatever you told it to do (Power Settings) How enlightening! We've gotten so used to the scenario where we couldn't use the power button to turn a device off that now being able to do so seems weird. What? I can use the device's power button to turn the Windows device off? That's CRAZY!. Amazing what mind shift just one sentence can make... From: Tim Vander Kooi [mailto:tvanderk...@expl.com] Sent: Tuesday, November 20, 2012 5:06 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Running the same 4 here, except we went with the Samsung Slates instead of the Surface, they are excellent machines. Once I demonstrated to users that the Start Page is just where their Start Button went to they were totally onboard. It is a total mind shift (just like Office 2003 to Office 2007, but once you make that shift it is much more useful. As for Shutdown being hard to get to, what I was told by a friend at Microsoft (and which makes perfect sense once you think about it) is just use the power button on your device (whatever it might be). You no longer have to pre-tell Windows that you want to shut down and let it handle everything for you. Windows is now hardware aware enough that you just hit the power and Windows does whatever you told it to do (Power Settings). This won't work in some environments where the power button is not accessible, but for the majority of businesses it works just fine, and it is incredibly fast! Going to Sleep and waking back up take my machines on average 2 seconds. Tim From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Tuesday, November 20, 2012 3:59 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC :) I'm running all three - plus a desktop. From: Guyer, Don [mailto:dgu...@che.org] Sent: Tuesday, November 20, 2012 4:25 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Keep the Win 8 info coming! I've been tasked with kicking it around in our environment. Laptop, Surface and a phone. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595tel:610.550.3595 | Cell: 610.955.6528tel:610.955.6528 | Fax: 610.271.9440tel:610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839tel:610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Tuesday, November 20, 2012 4:16 PM To: NT System Admin Issues Subject: RE: Window 8 on your PC Unless all of your apps are from the Windows 8 store (with the modern UI), you practically run in desktop mode anyway. From: David Lum [mailto:david@nwea.org] Sent: Tuesday, November 20, 2012 4:08 PM To: NT System Admin Issues Subject: Window 8 on your PC Are you guys changing your Windows 8 UI to be more like Win7 or leaving it as-is and learning new tricks? ~ Finally, powerful endpoint security that ISN'T a
RE: Certificate server operation
Do you plan to stand up another CA (or already have another CA in the environment)? If so, removing the existing CA is not going to break anything (as the issued certs will still be valid), provided that nothing is relying on the CRL (or you have the CRL published somewhere else). You can issue new certs from the alternate CA that you have. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Tuesday, 20 November 2012 9:15 AM To: NT System Admin Issues Subject: RE: Certificate server operation You'll love this - nobody knows for sure. No smartcards for sure, but LDAPS..? Any way to audit something to find out? From: Free, Bob [mailto:r...@pge.com] Sent: Monday, November 19, 2012 1:44 PM To: NT System Admin Issues Subject: RE: Certificate server operation It perhaps also means that applications dependent on the DCs may be dependent on those certificates. Use any apps doing LDAPS to your DCs? Smartcards? etc... From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, November 19, 2012 12:30 PM To: NT System Admin Issues Subject: RE: Certificate server operation It means that applications on the DCs may be dependent on those certificates. From: David Lum [mailto:david@nwea.org] Sent: Monday, November 19, 2012 12:44 PM To: NT System Admin Issues Subject: RE: Certificate server operation The only non-expired ones use the Domain Controller template and are handed out to the other DC's in the same domain, what does that tell us? There are none in pending either. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, November 19, 2012 8:06 AM To: NT System Admin Issues Subject: RE: Certificate server operation You look at the Certificate Authority MMC and see what certificates it has issued. From: David Lum [mailto:david@nwea.org] Sent: Monday, November 19, 2012 10:57 AM To: NT System Admin Issues Subject: Certificate server operation Is there any way to see if a Certificate Authority is actually being used and servicing requests? I have a DC that's also a CA and I would like to know if it's actually being used as a CA (if yes, I need to move it) or if I can just remove the CA from this box and then DCPROMO it out of existence. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin PGE is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the
RE: Transferring FSMO roles
I am unsure why the PDCe requires more (or less) thought than the RID master (or schema master). Can you elaborate? From: David Lum [mailto:david@nwea.org] Sent: Wednesday, 14 November 2012 3:59 AM To: NT System Admin Issues Subject: RE: Transferring FSMO roles Sorry, I meant real thought as far as transferring the role is all. Someday I'll learn to complete my thoughts... From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Monday, November 12, 2012 3:45 PM To: NT System Admin Issues Subject: RE: Transferring FSMO roles RID master is required, otherwise you'll not be able to create new objects at some point in the future. Schema Master is required, otherwise you won't be able to update the schema at some point in the future. Infra Master and Domain Naming master are not so important in a single domain environment. PDCe doesn't have to be the authoritative time source - it is by default though. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Tuesday, 13 November 2012 4:21 AM To: NT System Admin Issues Subject: Transferring FSMO roles I rolled out a W2K8DC this weekend to a domain that previously didn't have a 2K8 DC. One of my next tasks is to transfer FSMO roles off the 2003 DC's - as they are on ancient hardware - to the new DC. As near as I can tell, the PDC role (since it's the timekeeper) is the only one needing real thought in a single domain environment. Sound right? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Transferring FSMO roles
RID master is required, otherwise you'll not be able to create new objects at some point in the future. Schema Master is required, otherwise you won't be able to update the schema at some point in the future. Infra Master and Domain Naming master are not so important in a single domain environment. PDCe doesn't have to be the authoritative time source - it is by default though. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Tuesday, 13 November 2012 4:21 AM To: NT System Admin Issues Subject: Transferring FSMO roles I rolled out a W2K8DC this weekend to a domain that previously didn't have a 2K8 DC. One of my next tasks is to transfer FSMO roles off the 2003 DC's - as they are on ancient hardware - to the new DC. As near as I can tell, the PDC role (since it's the timekeeper) is the only one needing real thought in a single domain environment. Sound right? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Symantec %@(*OI:TNGF(P*
Even if you don’t have a separate network, you can create a separate group in WSUS, and put a test machine(s) with your SOE image in that group. That would allow you to test patches prior to mass deployment. Checking for AV issues would be just one thing – I’d recommend that you have some test cases for all your important apps as well. Cheers Ken From: Robert Cato [mailto:cato.rob...@gmail.com] Sent: Thursday, 8 November 2012 9:48 PM To: NT System Admin Issues Subject: Re: Symantec %@(*OI:TNGF(P* Ken, That was my first question, but it is still unanswered. I am still new at this %dayjob%. In this case, the testing would have had to be done in a separate network, which I am fairly sure we don't have. I will take that suggestion to the table when we analyze the breakdowns of this incident. Robert On Wed, Nov 7, 2012 at 9:37 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: No matter who you migrate to, you’ll also run into issues (false positives seem to occur all the time, with all vendors). Did you test the patches before releasing to Production? Might be worth beefing up the testing regime. From: Robert Cato [mailto:cato.rob...@gmail.commailto:cato.rob...@gmail.com] Sent: Thursday, 8 November 2012 5:22 AM To: NT System Admin Issues Subject: Symantec %@(*OI:TNGF(P* FYI We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One user installed the two updates in the afternoon and Symantec Endpoint Protection 12 with several advanced features enabled (threat protection, hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among them. The real problems started when SEP decided to quarantine the files across all ~600 workstations taking us completely offline. The fix was to boot each workstation into safe mode and removing SEP. It was a long night. The good news: None of the advanced features were enabled on the servers. We are migrating away from SEP as of this morning. Robert ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Symantec %@(*OI:TNGF(P*
What setting is this? If it’s quarantined new files that have just been deployed, I’m surprised that it’s quarantining older files on other machines that would have a different signature. Cheers Ken From: Robert Cato [mailto:cato.rob...@gmail.com] Sent: Friday, 9 November 2012 12:57 AM To: NT System Admin Issues Subject: Re: Symantec %@(*OI:TNGF(P* Yep, all on its own. Granted this was based on setting that were made during installation, based on recommendations from the onstie Symantec vendor/engineer. On Thu, Nov 8, 2012 at 8:48 AM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: “SEP quarantined the files and then went to all machines on the network and quarantined them on all machines…” Holy smokes, it decided to do that on it’s own? And quarantined the machines that had NOT been updated yet? So glad I don’t run AV. From: Robert Cato [mailto:cato.rob...@gmail.commailto:cato.rob...@gmail.com] Sent: Thursday, November 08, 2012 8:45 AM To: NT System Admin Issues Subject: Re: Symantec %@(*OI:TNGF(P* Ken These two updates were only installed on a couple of Win7 machines at most. They were approved during the day for install overnight, a couple of users saw the pop-up and installed. SEP quarantined the files and then went to all machines on the network and quarantined them on all machines (Win7, Vista, and XP). It would be nice if we had a separate network, but I'm not sure that will get approved. Robert On Thu, Nov 8, 2012 at 6:41 AM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: Even if you don’t have a separate network, you can create a separate group in WSUS, and put a test machine(s) with your SOE image in that group. That would allow you to test patches prior to mass deployment. Checking for AV issues would be just one thing – I’d recommend that you have some test cases for all your important apps as well. Cheers Ken From: Robert Cato [mailto:cato.rob...@gmail.commailto:cato.rob...@gmail.com] Sent: Thursday, 8 November 2012 9:48 PM To: NT System Admin Issues Subject: Re: Symantec %@(*OI:TNGF(P* Ken, That was my first question, but it is still unanswered. I am still new at this %dayjob%. In this case, the testing would have had to be done in a separate network, which I am fairly sure we don't have. I will take that suggestion to the table when we analyze the breakdowns of this incident. Robert On Wed, Nov 7, 2012 at 9:37 PM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: No matter who you migrate to, you’ll also run into issues (false positives seem to occur all the time, with all vendors). Did you test the patches before releasing to Production? Might be worth beefing up the testing regime. From: Robert Cato [mailto:cato.rob...@gmail.commailto:cato.rob...@gmail.com] Sent: Thursday, 8 November 2012 5:22 AM To: NT System Admin Issues Subject: Symantec %@(*OI:TNGF(P* FYI We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One user installed the two updates in the afternoon and Symantec Endpoint Protection 12 with several advanced features enabled (threat protection, hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among them. The real problems started when SEP decided to quarantine the files across all ~600 workstations taking us completely offline. The fix was to boot each workstation into safe mode and removing SEP. It was a long night. The good news: None of the advanced features were enabled on the servers. We are migrating away from SEP as of this morning. Robert ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: The Ripple Effect of Windows 8 - Datamation
I don't get it - they moved to Windows 8 because it was new' and no other reason per se, and when that didn't work out, they didn't go back to what they had that was already working? They decided to go for something completely different? Who runs a business like this? Cheers Ken -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, 7 November 2012 2:03 PM To: NT System Admin Issues Subject: The Ripple Effect of Windows 8 - Datamation Fascinating article. The Ripple Effect of Windows 8 - Datamation http://www.datamation.com/applications/the-ripple-effect-of-windows-8-1.html When our firm's employees found Windows 8 too unwieldy, we transitioned to Linux Mint instead and soon found that we didn't need any Microsoft products at all. I have known the author online for a couple of years, he's an active Spiceworks user and an experienced Windows admin. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: The Ripple Effect of Windows 8 - Datamation
Hmm - he appears to work for this group: http://www.niagaratechgroup.com/ No idea how big/small they are -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Thursday, 8 November 2012 5:19 AM To: NT System Admin Issues Subject: RE: The Ripple Effect of Windows 8 - Datamation 4 people in a garage someplace. I can't see a business with over just 20 people or so doing this kind of thing. From an end user perspective, the move to Linux was effortless. Only a small shop or larger, very narrow-focus shop could get away with this IMO. New OS with significant UI changes rolled out en-masse without end-user training. Nah, that'll work out... -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, November 07, 2012 2:39 AM To: NT System Admin Issues Subject: RE: The Ripple Effect of Windows 8 - Datamation I don't get it - they moved to Windows 8 because it was new' and no other reason per se, and when that didn't work out, they didn't go back to what they had that was already working? They decided to go for something completely different? Who runs a business like this? Cheers Ken -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Wednesday, 7 November 2012 2:03 PM To: NT System Admin Issues Subject: The Ripple Effect of Windows 8 - Datamation Fascinating article. The Ripple Effect of Windows 8 - Datamation http://www.datamation.com/applications/the-ripple-effect-of-windows-8-1.html When our firm's employees found Windows 8 too unwieldy, we transitioned to Linux Mint instead and soon found that we didn't need any Microsoft products at all. I have known the author online for a couple of years, he's an active Spiceworks user and an experienced Windows admin. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Symantec %@(*OI:TNGF(P*
No matter who you migrate to, you’ll also run into issues (false positives seem to occur all the time, with all vendors). Did you test the patches before releasing to Production? Might be worth beefing up the testing regime. From: Robert Cato [mailto:cato.rob...@gmail.com] Sent: Thursday, 8 November 2012 5:22 AM To: NT System Admin Issues Subject: Symantec %@(*OI:TNGF(P* FYI We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One user installed the two updates in the afternoon and Symantec Endpoint Protection 12 with several advanced features enabled (threat protection, hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among them. The real problems started when SEP decided to quarantine the files across all ~600 workstations taking us completely offline. The fix was to boot each workstation into safe mode and removing SEP. It was a long night. The good news: None of the advanced features were enabled on the servers. We are migrating away from SEP as of this morning. Robert ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
The point I was making is that there are always more threats after you have mitigated any particular set of threats. The question is “how far down this tunnel” do you want to go? DR is no different. Certainly you can mitigate some threats mentioned so far fairly quickly, especially in smaller environments (e.g. by having good policies – but do you invest in auditing tools to verify that policies are being followed?) But that’s like saying that only the top 5 threats are worth mitigating. What about the next 5? Or the 5 after that? Or the next 50 after that? My last project was implementing infrastructure (including security) for an entire national government, and whilst the items listed by others are worth considering, there is a whole raft of other threats that need to be dealt with, and some very expensive solutions that deal with those. And no matter what you’ve implemented (whether that’s hiring more people, implementing more product or producing more policies) there’s always more that can be done. Hence the “bottomless pit” comment. Cheers Ken From: Mike Tavares [mailto:miketava...@comcast.net] Sent: Saturday, 3 November 2012 11:06 PM To: NT System Admin Issues Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) Security doesn’t need to be a bottomless pit (DR is a whole different beast). If you look at the security concerns of most of us that have posted to this thread. Most of them is fixed by having strong enforced POLICIES (like not having generic/weak/reused passwords. Policies on what BYOD devices have to have before being allowed to connect to the network, strong/accurate FW rules, etc). All of that is very little to no cost at all to fix. It is actually having a management team that knows it is going to happen to them vs the management teams that think hacks only happen to companies that are bigger than theirs. From: Ken Schaefermailto:k...@adopenstatic.com Sent: Friday, November 02, 2012 10:46 PM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) The problem with security or DR is that spending is, potentially, a bottomless pit. You can insure against an almost unimaginable array of business losses – but all that insurance costs money. So where to deploy your insurance money, and how much to deploy, is a question that hasn’t really been determined yet. Cheers Ken From: Jon Harris [mailto:jk.har...@live.com] Sent: Saturday, 3 November 2012 10:30 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I guess that like having a datacenter disaster management will bury their heads or make excuses until something bad happens. Then they will be all for taking care of issues that will just fester. My guess is until the government takes someone to court and gets some huge fines imposed for release of personal information or some hospital/insurance company gets sued and loses they will be all for BYOD and no controls imposed on those devices. Jon Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Date: Fri, 2 Nov 2012 09:32:22 -0400 From: ezi...@lifespan.orgmailto:ezi...@lifespan.org To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Yes its scary, but I know in healthcare its gaining a lot of steam. ( Right in the middle of it right now). I know some in the insurance industry and others are also in the same boat. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Mike Tavares [mailto:miketava...@comcast.net] Sent: Thursday, November 01, 2012 6:49 PM To: NT System Admin Issues Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) My guess is it is going to later rather sooner for most companies. I recently attended a CEO level conference and the question was posed to them if they were taking any precautions now for BYOD’s and of the 30 or so CEO’s that were in the room 2 raised their hands. Kinda scary when it stop and think about it. From: Ziots, Edwardmailto:ezi...@lifespan.org Sent: Wednesday, October 31, 2012 3:49 AM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I would say that BYOD is going to creep up to the top of the list sooner than laters for the following reasons. 1) Lack of security specifications and hardening on users devices. ( Android and IOS have many flaws some we are just finding out about) (Just look at jailbreakme.com. 2) Security solutions like ( Mobile-Iron and others) will help mitigate but not totally reduce issues with endpoint devices to an acceptable level. 3) Again these BYOD devices, are more likely and easily stolen or misplaced as compared to corporate devices ( laptop) these days ( abiet, yes laptops are still
RE: 7 shortcuts To Get Your Network Hacked (huh?)
The problem with security or DR is that spending is, potentially, a bottomless pit. You can insure against an almost unimaginable array of business losses - but all that insurance costs money. So where to deploy your insurance money, and how much to deploy, is a question that hasn't really been determined yet. Cheers Ken From: Jon Harris [mailto:jk.har...@live.com] Sent: Saturday, 3 November 2012 10:30 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I guess that like having a datacenter disaster management will bury their heads or make excuses until something bad happens. Then they will be all for taking care of issues that will just fester. My guess is until the government takes someone to court and gets some huge fines imposed for release of personal information or some hospital/insurance company gets sued and loses they will be all for BYOD and no controls imposed on those devices. Jon Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Date: Fri, 2 Nov 2012 09:32:22 -0400 From: ezi...@lifespan.orgmailto:ezi...@lifespan.org To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Yes its scary, but I know in healthcare its gaining a lot of steam. ( Right in the middle of it right now). I know some in the insurance industry and others are also in the same boat. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Mike Tavares [mailto:miketava...@comcast.net] Sent: Thursday, November 01, 2012 6:49 PM To: NT System Admin Issues Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) My guess is it is going to later rather sooner for most companies. I recently attended a CEO level conference and the question was posed to them if they were taking any precautions now for BYOD's and of the 30 or so CEO's that were in the room 2 raised their hands. Kinda scary when it stop and think about it. From: Ziots, Edwardmailto:ezi...@lifespan.org Sent: Wednesday, October 31, 2012 3:49 AM To: NT System Admin Issuesmailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I would say that BYOD is going to creep up to the top of the list sooner than laters for the following reasons. 1) Lack of security specifications and hardening on users devices. ( Android and IOS have many flaws some we are just finding out about) (Just look at jailbreakme.com. 2) Security solutions like ( Mobile-Iron and others) will help mitigate but not totally reduce issues with endpoint devices to an acceptable level. 3) Again these BYOD devices, are more likely and easily stolen or misplaced as compared to corporate devices ( laptop) these days ( abiet, yes laptops are still getting stolen, but usually they are fully encrypted, so going to be hard to get any information of value off them for a while, note: I didn't say impossible) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: SSRS question
Alternatively, if you want to use CONVERT() in your query, then convert to varchar, and set the format to 101 (or similar). As long as you are using DATETIME, then there is a time component, which you need to remove somehow (either in SSRS display, or by changing to a type that doesn't have time). CONVERT() syntax (inc formats) http://msdn.microsoft.com/en-us/library/aa226054(v=sql.80).aspx Cheers Ken From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Friday, 2 November 2012 10:47 AM To: NT System Admin Issues Subject: Re: OT: SSRS question Right click the text box in which you are displaying the date/time field. Select Text Box Properties. Click Number. Chose Date from the Category. Select the format type you want. Alternatively, type a lowercase d in the Format property of the Text Box to get a mm/dd/ display. -Jeff On Thu, Nov 1, 2012 at 3:32 PM, Christopher Bodnar christopher_bod...@glic.commailto:christopher_bod...@glic.com wrote: Any SSRS guys out there that might be able to help me with this? It's 2008 R2. Creating a report that uses a log file as the data source. Using an OLEDB connection string and a SCHEMA.INI file to set a custom delimiter: Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\10.x.x.x\Data\;Extended Properties=text;HDR=Yes;Format=Delimited(#) Everything is working perfectly, except for one nagging detail. I've got a field in the log file DATE that I'm getting back as DateTime in the report: 11/01/2012 12:00:00 AM I want to truncate this to just date. 11/01/2012 I've tried almost every combination I can think of and can't get it to give me just the date. Tried combinations of the following: Format FormatDateTime Convert Cast CDate Here is info on the dataset: query: select * FROM sample.txt Filter Expression: =Fields!Date.Value Expression for value: =DateAdd(DateInterval.Day , -7, Today) Any help is much appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? The media was just an example on my part. Secondly, how do you know that a lot of times the biggest breaches are because the basics are being done from the start? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? My questions are purely academic - I'm interesting in knowing more. My experience is different to many of the items so far offered, and I'd like to know whether it's because my experience isn't representative, people are in different environments, people read different things to me, etc. FWIW, I note that you still don't answer the question Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 7:38 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security solutions to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting kicked down the road for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7
