RE: Server 2008 and Windows Updates

[Tim Evans]

Yes, I've seen that here. I haven't spent the time to figure out what is going 
on, but I've found that you can click on "Check online for updates from Windows 
Updates" and it will work from there.


...Tim


> -Original Message-
> From: Jon D [mailto:rekcahp...@gmail.com]
> Sent: Friday, July 17, 2009 7:21 AM
> To: NT System Admin Issues
> Subject: Server 2008 and Windows Updates
> 
> Has anyone had issues with Windows 2008 Server giving error when you
> try to manually check for windows updates?
> I have a fresh install, and it's doing it. After spending a day
> messing with it, I rebuilt it and same thing. Fresh install, nothing
> custom.
> The error code is 80072EE2. I've google it for several hours, and none
> of the suggestions I've found work.
> Weird thing is it will randomly work, but not consistantly.
> 
> This is running inside a VMWare ESX box. That shouldn't matter I don't
> think.
> It's not part of the domain yet, so no GPOs are applied.
> 
> Any ideas? Anyone seen this before?
> 
> Things I've tried:
> - Rebuild
> - Add 8530 to windows firewall
> - Turn off windows firewall
> - Restart windows update service
> - Install Server 2008 SP2
> - Delete the windows update temp directory
> - Turn off all the IE security settings that I could find
> 
> 
> Thanks in advance,
> Jon
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server 08 Activation

[Tim Evans]

If you're using a KMS key, then you need a Key Management Server running to 
activate it. If you don't have a KMS, then you would want to use a MAK 
(assuming volume license)


...Tim


> -Original Message-
> From: James Kerr [mailto:cluster...@gmail.com]
> Sent: Friday, July 17, 2009 9:06 AM
> To: NT System Admin Issues
> Subject: Server 08 Activation
> 
> I'm setting up our first 08 server here and its telling me it can't
> activate. I have event ID 8196, License Activation Scheduler
> (SLUINotify.dll) was not able to automatically activate. Anyone know
> what is
> causing this server to not be able to activate? Does it need to have a
> certain port open to communicate with MS? The license key I'm using is a
> KMS
> key.
> 
> James
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Server 08 Activation

[Tim Evans]

Yes, but as Bonnie noted, you need to have 5 servers try activate against it 
before it will activate any. There is a grace period (30 days I think) before 
you have to activate


...Tim


> -Original Message-
> From: James Kerr [mailto:cluster...@gmail.com]
> Sent: Friday, July 17, 2009 9:21 AM
> To: NT System Admin Issues
> Subject: Re: Server 08 Activation
> 
> When I login into eopen the only key I have for server 2008 is a KMS
> key.
> Since this is the first 08 server can I set it up and the key management
> server?
> 
> James
> 
> - Original Message -
> From: "Tim Evans" 
> To: "NT System Admin Issues" 
> Sent: Friday, July 17, 2009 12:16 PM
> Subject: RE: Server 08 Activation
> 
> 
> If you're using a KMS key, then you need a Key Management Server running
> to
> activate it. If you don't have a KMS, then you would want to use a MAK
> (assuming volume license)
> 
> 
> ...Tim
> 
> 
> > -Original Message-
> > From: James Kerr [mailto:cluster...@gmail.com]
> > Sent: Friday, July 17, 2009 9:06 AM
> > To: NT System Admin Issues
> > Subject: Server 08 Activation
> >
> > I'm setting up our first 08 server here and its telling me it can't
> > activate. I have event ID 8196, License Activation Scheduler
> > (SLUINotify.dll) was not able to automatically activate. Anyone know
> > what is
> > causing this server to not be able to activate? Does it need to have a
> > certain port open to communicate with MS? The license key I'm using is
> a
> > KMS
> > key.
> >
> > James
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OT: Star Trek Science Fiction?

[Tim Evans]

Yes, pictures of garbage. It's from the song.

http://en.wikipedia.org/wiki/Alice%27s_Restaurant


> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Sunday, August 02, 2009 4:57 PM
> To: NT System Admin Issues
> Subject: RE: OT: Star Trek Science Fiction?
> 
> Pictures "of" garbage or trash?
> 
> That does not answer my question.
> 
> You say "pictures with arrows and circles and a paragraph on
> the back of each and every one."
> 
> On the back of each and every _WHAT_?
> 
> -sc
> 
> 
> > -Original Message-
> > From: Glen Johnson [mailto:gjohn...@vhcc.edu]
> > Sent: Sunday, August 02, 2009 7:55 AM
> > To: NT System Admin Issues
> > Subject: RE: OT: Star Trek Science Fiction?
> >
> > Why, pictures of the garbage or maybe trash.  Can't remember which
> term
> > was used.
> >
> >
> > 
> >
> > From: Steven M. Caesare [mailto:scaes...@caesare.com]
> > Sent: Sat 8/1/2009 5:55 PM
> > To: NT System Admin Issues
> > Subject: RE: OT: Star Trek Science Fiction?
> >
> >
> >
> > I do not accept your rebuff, as you do not define what each and every
> > one" is.
> >
> > -sc
> >
> > > -Original Message-
> > > From: Glen Johnson [mailto:gjohn...@vhcc.edu]
> > > Sent: Saturday, August 01, 2009 8:42 AM
> > > To: NT System Admin Issues
> > > Subject: RE: OT: Star Trek Science Fiction?
> > >
> > > It is both a song and movie.
> > > Arlo sings the song and is in the movie.
> > > Color 8 x 10 glossy pictures with arrows and circles and a
> paragraph
> > on
> > > the back of each and every one.
> > > Now go sit on the group w bench.
> > >
> > > -Original Message-
> > > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > > Sent: Friday, July 31, 2009 8:18 PM
> > > To: NT System Admin Issues
> > > Subject: Re: OT: Star Trek Science Fiction?
> > >
> > > It's the song, well, vocal performance, by Arlo Guthrie.
> > >
> > > On Fri, Jul 31, 2009 at 16:53, Steven M.
> > Caesare
> > > wrote:
> > > > Isn't Alice's Restaurant a movie?
> > > >
> > > > Is it a song as well? I've seen people refer to it as Paul did,
> but
> > > I've never recalled hearing it elsewhere.
> > > >
> > > > -sc
> > > >
> > > >
> > > >> -Original Message-
> > > >> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > > >> Sent: Friday, July 31, 2009 7:50 PM
> > > >> To: NT System Admin Issues
> > > >> Subject: Re: OT: Star Trek Science Fiction?
> > > >>
> > > >> No, but you might have heard it.
> > > >>
> > > >> On Fri, Jul 31, 2009 at 16:09, Steven M.
> > > Caesare
> > > >> wrote:
> > > >> > I have never seen that.
> > > >> >
> > > >> >
> > > >> >
> > > >> > -sc
> > > >> >
> > > >> >
> > > >> >
> > > >> > From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> > > >> > Sent: Friday, July 31, 2009 9:19 AM
> > > >> > To: NT System Admin Issues
> > > >> > Subject: RE: OT: Star Trek Science Fiction?
> > > >> >
> > > >> >
> > > >> >
> > > >> > You can get anything you want at Alice's Restaurant...
> > > >> >
> > > >> >
> > > >> >
> > > >> > 
> > > >> >
> > > >> > From: Steven M. Caesare [mailto:scaes...@caesare.com]
> > > >> > Sent: Thursday, July 30, 2009 8:07 PM
> > > >> > To: NT System Admin Issues
> > > >> > Subject: RE: OT: Star Trek Science Fiction?
> > > >> >
> > > >> > Oof.
> > > >> >
> > > >> >
> > > >> >
> > > >> > -sc
> > > >> >
> > > >> >
> > > >> >
> > > >> > From: Andy Shook [mailto:andy.sh...@peak10.com]
> > > >> > Sent: Thursday, July 30, 2009 1:18 PM
> > > >> > To: NT System Admin Issues
> > > >> > Subject: RE: OT: Star Trek Science Fiction?
> > > >> >
> > > >> >
> > > >> >
> > > >> > You have more issues than a magazine sta.
> > > >> >
> > > >> >
> > > >> >
> > > >> > Shook
> > > >> >
> > > >> >
> > > >> >
> > > >> > From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> > > >> > Sent: Thursday, July 30, 2009 1:15 PM
> > > >> > To: NT System Admin Issues
> > > >> > Subject: RE: OT: Star Trek Science Fiction?
> > > >> >
> > > >> >
> > > >> >
> > > >> > I refer to TNG as "The kinder, gentler Star Tr Where's the
> > > >> violence,
> > > >> > the fist fights, the torn clothi I WANNA SEE BLOOD AND GORE
> AND
> > > >> GUTS AND
> > > >> > VEINS IN MY TEEEAT DEAD BURNT BOD  KILL KILL KILL KILL!
> > > >> >
> > > >> >
> > > >> >
> > > >> > 
> > > >> >
> > > >> > From: Erik Goldoff [mailto:egold...@gmail.com]
> > > >> > Sent: Wednesday, July 29, 2009 8:42 PM
> > > >> > To: NT System Admin Issues
> > > >> > Subject: RE: OT: Star Trek Science Fiction?
> > > >> >
> > > >> > nope, I discount TNG ... look at the captain ... all that
> > > technology,
> > > >> and
> > > >> > they still can't cure baldness 
> > > >> >
> > > >> >
> > > >> >
> > > >> > Erik Goldoff
> > > >> >
> > > >>   Consultant
> > > >> >
> > > >> > Systems, Networks, & Security
> > > >> >
> > > >> >
> > > >> >
> > > >> >
> > > >> >
> > > >> > 
> > > >> >
> > > >> > From: Wolf [mailto:th3.w...@gmail.com]
> > > >> > 

RE: OT: Star Trek Science Fiction?

[Tim Evans]

Picture, didn't you read the link?

> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Sunday, August 02, 2009 5:57 PM
> To: NT System Admin Issues
> Subject: RE: OT: Star Trek Science Fiction?
> 
> On. The. Back. Of. Each. And. Every. W H A T ???
> 
> -sc
> 
> > -Original Message-
> > From: Tim Evans [mailto:tev...@sparling.com]
> > Sent: Sunday, August 02, 2009 8:06 PM
> > To: NT System Admin Issues
> > Subject: RE: OT: Star Trek Science Fiction?
> >
> > Yes, pictures of garbage. It's from the song.
> >
> > http://en.wikipedia.org/wiki/Alice%27s_Restaurant
> >
> >
> > > -Original Message-
> > > From: Steven M. Caesare [mailto:scaes...@caesare.com]
> > > Sent: Sunday, August 02, 2009 4:57 PM
> > > To: NT System Admin Issues
> > > Subject: RE: OT: Star Trek Science Fiction?
> > >
> > > Pictures "of" garbage or trash?
> > >
> > > That does not answer my question.
> > >
> > > You say "pictures with arrows and circles and a paragraph on
> > > the back of each and every one."
> > >
> > > On the back of each and every _WHAT_?
> > >
> > > -sc
> > >
> > >
> > > > -Original Message-
> > > > From: Glen Johnson [mailto:gjohn...@vhcc.edu]
> > > > Sent: Sunday, August 02, 2009 7:55 AM
> > > > To: NT System Admin Issues
> > > > Subject: RE: OT: Star Trek Science Fiction?
> > > >
> > > > Why, pictures of the garbage or maybe trash.  Can't remember
> which
> > > term
> > > > was used.
> > > >
> > > >
> > > > 
> > > >
> > > > From: Steven M. Caesare [mailto:scaes...@caesare.com]
> > > > Sent: Sat 8/1/2009 5:55 PM
> > > > To: NT System Admin Issues
> > > > Subject: RE: OT: Star Trek Science Fiction?
> > > >
> > > >
> > > >
> > > > I do not accept your rebuff, as you do not define what each and
> > every
> > > > one" is.
> > > >
> > > > -sc
> > > >
> > > > > -Original Message-
> > > > > From: Glen Johnson [mailto:gjohn...@vhcc.edu]
> > > > > Sent: Saturday, August 01, 2009 8:42 AM
> > > > > To: NT System Admin Issues
> > > > > Subject: RE: OT: Star Trek Science Fiction?
> > > > >
> > > > > It is both a song and movie.
> > > > > Arlo sings the song and is in the movie.
> > > > > Color 8 x 10 glossy pictures with arrows and circles and a
> > > paragraph
> > > > on
> > > > > the back of each and every one.
> > > > > Now go sit on the group w bench.
> > > > >
> > > > > -Original Message-
> > > > > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > > > > Sent: Friday, July 31, 2009 8:18 PM
> > > > > To: NT System Admin Issues
> > > > > Subject: Re: OT: Star Trek Science Fiction?
> > > > >
> > > > > It's the song, well, vocal performance, by Arlo Guthrie.
> > > > >
> > > > > On Fri, Jul 31, 2009 at 16:53, Steven M.
> > > > Caesare
> > > > > wrote:
> > > > > > Isn't Alice's Restaurant a movie?
> > > > > >
> > > > > > Is it a song as well? I've seen people refer to it as Paul
> did,
> > > but
> > > > > I've never recalled hearing it elsewhere.
> > > > > >
> > > > > > -sc
> > > > > >
> > > > > >
> > > > > >> -Original Message-
> > > > > >> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > > > > >> Sent: Friday, July 31, 2009 7:50 PM
> > > > > >> To: NT System Admin Issues
> > > > > >> Subject: Re: OT: Star Trek Science Fiction?
> > > > > >>
> > > > > >> No, but you might have heard it.
> > > > > >>
> > > > > >> On Fri, Jul 31, 2009 at 16:09, Steven M.
> > > > > Caesare
> > > > > >> wrote:
> > > > > >> > I have never seen that.
> > > > > >> >
> > > > > >> >
> > > > > >> &

RE: OT: Star Trek Science Fiction?

[Tim Evans]

I thought the only friggin' that goes on around here was lyris.

> -Original Message-
> From: Steven M. Caesare [mailto:scaes...@caesare.com]
> Sent: Sunday, August 02, 2009 6:27 PM
> To: NT System Admin Issues
> Subject: RE: OT: Star Trek Science Fiction?
> 
> Friggin' ambiguity.
> 
> -sc
> 
> > -Original Message-
> > From: Tim Evans [mailto:tev...@sparling.com]
> > Sent: Sunday, August 02, 2009 9:16 PM
> > To: NT System Admin Issues
> > Subject: RE: OT: Star Trek Science Fiction?
> >
> > Picture, didn't you read the link?
> >
> > > -Original Message-
> > > From: Steven M. Caesare [mailto:scaes...@caesare.com]
> > > Sent: Sunday, August 02, 2009 5:57 PM
> > > To: NT System Admin Issues
> > > Subject: RE: OT: Star Trek Science Fiction?
> > >
> > > On. The. Back. Of. Each. And. Every. W H A T ???
> > >
> > > -sc
> > >
> > > > -Original Message-
> > > > From: Tim Evans [mailto:tev...@sparling.com]
> > > > Sent: Sunday, August 02, 2009 8:06 PM
> > > > To: NT System Admin Issues
> > > > Subject: RE: OT: Star Trek Science Fiction?
> > > >
> > > > Yes, pictures of garbage. It's from the song.
> > > >
> > > > http://en.wikipedia.org/wiki/Alice%27s_Restaurant
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: Steven M. Caesare [mailto:scaes...@caesare.com]
> > > > > Sent: Sunday, August 02, 2009 4:57 PM
> > > > > To: NT System Admin Issues
> > > > > Subject: RE: OT: Star Trek Science Fiction?
> > > > >
> > > > > Pictures "of" garbage or trash?
> > > > >
> > > > > That does not answer my question.
> > > > >
> > > > > You say "pictures with arrows and circles and a paragraph on
> > > > > the back of each and every one."
> > > > >
> > > > > On the back of each and every _WHAT_?
> > > > >
> > > > > -sc
> > > > >
> > > > >
> > > > > > -Original Message-
> > > > > > From: Glen Johnson [mailto:gjohn...@vhcc.edu]
> > > > > > Sent: Sunday, August 02, 2009 7:55 AM
> > > > > > To: NT System Admin Issues
> > > > > > Subject: RE: OT: Star Trek Science Fiction?
> > > > > >
> > > > > > Why, pictures of the garbage or maybe trash.  Can't remember
> > > which
> > > > > term
> > > > > > was used.
> > > > > >
> > > > > >
> > > > > > 
> > > > > >
> > > > > > From: Steven M. Caesare [mailto:scaes...@caesare.com]
> > > > > > Sent: Sat 8/1/2009 5:55 PM
> > > > > > To: NT System Admin Issues
> > > > > > Subject: RE: OT: Star Trek Science Fiction?
> > > > > >
> > > > > >
> > > > > >
> > > > > > I do not accept your rebuff, as you do not define what each
> and
> > > > every
> > > > > > one" is.
> > > > > >
> > > > > > -sc
> > > > > >
> > > > > > > -Original Message-
> > > > > > > From: Glen Johnson [mailto:gjohn...@vhcc.edu]
> > > > > > > Sent: Saturday, August 01, 2009 8:42 AM
> > > > > > > To: NT System Admin Issues
> > > > > > > Subject: RE: OT: Star Trek Science Fiction?
> > > > > > >
> > > > > > > It is both a song and movie.
> > > > > > > Arlo sings the song and is in the movie.
> > > > > > > Color 8 x 10 glossy pictures with arrows and circles and a
> > > > > paragraph
> > > > > > on
> > > > > > > the back of each and every one.
> > > > > > > Now go sit on the group w bench.
> > > > > > >
> > > > > > > -Original Message-
> > > > > > > From: Kurt Buff [mailto:kurt.b...@gmail.com]
> > > > > > > Sent: Friday, July 31, 2009 8:18 PM
> > > > > > > To: NT System Admin Issues
> > > > > > > Subject: Re: OT: Star Trek Science Fiction?

RE: Win 7 issue

[Tim Evans]

You're doing better than me. I'm only getting 45kb/sec. It doesn't look like 
I'm going to get to p ay with it today.


...Tim

From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Thursday, August 06, 2009 10:44 AM
To: NT System Admin Issues
Subject: Re: Win 7 issue

only getting 170kb/second...might take a while.
On Thu, Aug 6, 2009 at 12:39 PM, Michael Hoffman 
mailto:m...@drumbrae.net>> wrote:

Ok, Just you me, and shall we tell anyone else?



Erm this is a private conversation right



Mike :)



From: Ben Schorr [mailto:b...@rolandschorr.com]
Sent: 06 August 2009 18:36

To: NT System Admin Issues
Subject: RE: Win 7 issue



Sh.  Can you wait a couple of hours until my download finishes to tell 
everybody that!  ;-)



Ben M. Schorr
Chief Executive Officer
__
Roland Schorr & Tower
www.rolandschorr.com
b...@rolandschorr.com

Twitter: http://www.twitter.com/bschorr



From: Michael Hoffman [mailto:m...@drumbrae.net]
Sent: Thursday, August 06, 2009 7:35 AM

To: NT System Admin Issues
Subject: RE: Win 7 issue



Try it now - Full version is on TechNet.



Mike



From: Don Guyer 
[mailto:don.gu...@prufoxroach.com]
Sent: 06 August 2009 16:57
To: NT System Admin Issues
Subject: RE: Win 7 issue



Our SA Volume License key is there, but the download won't be available until 
tomorrow.



Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com



From: Bill Lambert [mailto:blamb...@concuity.com]
Sent: Thursday, August 06, 2009 11:11 AM
To: NT System Admin Issues
Subject: RE: Win 7 issue



Just checked TechNet...W7 is still there as RC.



Bill Lambert

Concuity

847-941-9206



From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Thursday, August 06, 2009 10:07 AM
To: NT System Admin Issues
Subject: Re: Win 7 issue



Sorry to hijack Joe, but speaking of Windows 7, isn't today the day it is 
released to technet?

On Thu, Aug 6, 2009 at 10:03 AM, Joe Heaton 
mailto:jhea...@etp.ca.gov>> wrote:

Anyone else having any problems with performance with the Win 7 RC?



If I leave it sitting idle for a while, the mouse is extremely non-responsive 
when I come back.  Haven't done any real poking around to try to figure it out, 
just asking you guys...



Gateway E-4500D

Intel D processor 3.0GHz

1GB RAM

Built-in graphics

Microsoft Intellimouse Optical USB



Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov






































~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: The "Duh" Question of the Day 8/4/09

[Tim Evans]

But they all look like the mailman


...Tim

From: Andy Shook [mailto:andy.sh...@peak10.com]
Sent: Thursday, August 06, 2009 1:38 PM
To: NT System Admin Issues
Subject: RE: The "Duh" Question of the Day 8/4/09

This is not a problem after three kids...

Shook

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, August 06, 2009 3:55 PM
To: NT System Admin Issues
Subject: RE: The "Duh" Question of the Day 8/4/09

Why would you fix something already shooting blanks?

-sc

From: Webster [mailto:carlwebs...@gmail.com]
Sent: Thursday, August 06, 2009 3:20 PM
To: NT System Admin Issues
Subject: RE: The "Duh" Question of the Day 8/4/09

From: Rob Bonfiglio [mailto:robbonfig...@gmail.com]
Subject: Re: The "Duh" Question of the Day 8/4/09

Nahh...Duck tape!  It fixes everything.
Didn't "fix" Shooky Baby.
Webster
Disclaimer: Please wash your hands after reading this e-mail.  There is no 
telling where this has been on the Internet.













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Exiting from a Start command

[Tim Evans]

Try:
Start "Program Files\WiredRed\Epop\EPOPCLIENT.EXE"

�Tim


> -Original Message-
> From: David Lum [mailto:david@nwea.org]
> Sent: Friday, August 07, 2009 7:54 AM
> To: NT System Admin Issues
> Subject: RE: Exiting from a Start command
> 
> Isn't there another command instead of CALL? CALL returns to the script
> doesn't it? I think RUN is what you want because it means "exit this
> command shell and run this app", I think CALL keeps the command shell
> running.
> 
> Or maybe I'm confused with SHELL, been a long time...
> 
> Dave
> 
> 
> -Original Message-
> From: Juned Shaikh [mailto:jsha...@gmail.com]
> Sent: Friday, August 07, 2009 7:45 AM
> To: NT System Admin Issues
> Subject: Exiting from a Start command
> 
> Need an URGENT help:
> 
> I am trying to launch the ePOP Alert client from WiredRed from my login
> script by using the following command :
> 
> Call "Program Files\WiredRed\Epop\EPOPCLIENT.EXE"
> 
> the launch is fine but the DOS window after launch gets hung. What are
> the methods where I can launch the .EXE and quick leave the process and
> continue with the script.
> 
> Thanks in advance,
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Exiting from a Start command

[Tim Evans]

Maybe you should back up and tell us what you are trying to do. Your first 
email said you wanted to run a program without the main batch file pausing for 
it to complete. Start by itself will do that.


Tim


> -Original Message-
> From: Juned Shaikh [mailto:jsha...@gmail.com]
> Sent: Friday, August 07, 2009 8:15 AM
> To: NT System Admin Issues
> Subject: RE: Exiting from a Start command
> 
> I tried the following without any success :
> 
> Start /MIN
> 
> START /B /MIN
> 
> Thanks,
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Policy to block roaming on sprint mobile broadband.

[Tim Evans]

FWIW,  we are evaluating a Sprint 3G card right now. Based on this, I asked the 
rep if there was any way to block this kind of thing. His response:

Sprint's North America Plus Data Plan includes 5GB/month of usage in the U.S. 
and 300MB/month of usage in Canada and Mexico.  Users exceeding 5GB/month in 
the U.S. are charged $0.05/MB.  Users exceeding 300MB/month in Canada and 
Mexico are charged $2.00/MB.

A user in Canada can connect without a North America Plus Data Plan and 
unknowingly incur roaming charges at $2.00/MB.

A user in Mexico cannot connect without prior authorization and cannot 
unknowingly incur roaming charges at $2.00/MB.  (I don't know why Sprint has 
different policies for Canada and Mexico.)

This sounds even screwier to me, but according to this it shouldn't have 
happened in Mexico. He also pointed out that, if the user is downloading 
movies, it won't take more than a few to hit the 5GB limit.

...Tim

From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Wednesday, August 19, 2009 9:56 AM
To: NT System Admin Issues
Subject: RE: Policy to block roaming on sprint mobile broadband.

Did what?

They don't consider Canada and Mexico international?  Last I check, those 
places were not in the USA.


From: Brumbaugh, Luke [mailto:luke.brumba...@butlerahs.com]
Sent: Wednesday, August 19, 2009 11:46 AM
To: NT System Admin Issues
Subject: RE: Policy to block roaming on sprint mobile broadband.
I did.  These charges were from Canada and Mexico.


From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Wednesday, August 19, 2009 12:44 PM
To: NT System Admin Issues
Subject: RE: Policy to block roaming on sprint mobile broadband.

Ask Sprint to block international use.

If I were you, I would leave domestic roaming enabled.  I have a ton of these 
Sprint cards deployed.  Half the time my employees need them, it's in an area 
that requires roaming.  I have one too, and 98% of the time I use it I'm 
roaming.

Sprint doesn't charge for domestic roaming on broadband cards.  At least with 
the business lines they don't...

Sam


From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Wednesday, August 19, 2009 11:20 AM
To: NT System Admin Issues
Subject: RE: Policy to block roaming on sprint mobile broadband.
It's killing me.  I gotta ask.

How much was the bill?

From: Brumbaugh, Luke [mailto:luke.brumba...@butlerahs.com]
Sent: Wednesday, August 19, 2009 10:55 AM
To: NT System Admin Issues
Subject: OT: Policy to block roaming on sprint mobile broadband.

I have over 250 salesman with mobile broadband cards.  One genius went to a 
beach in Mexico and fired up his laptop and watched movies on hulu.
Needless to say, his stupidity creates a massive project in IT.   I have 1 
registry setting and I am searching for the other.   Has anyone created a 
policy to block roaming?

Yes I know he should pay for it, etc.   But I am not the CEO.

Any help will be appreciated, Sprint will not block and Novatel hasn't given me 
an answer yet.


**

CONFIDENTIALITY NOTICE: The information transmitted in this message is intended 
only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any review, retransmission, 
dissemination or other use of this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, 
please contact the sender and destroy all copies of this document. Thank you.

Butler Animal Health Supply

**























~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Still struggling with iPhone, ISA and SSL certs...

[Tim Evans]

One of my users came in with an iPhone and it just worked with the standard 
configuration we had for all our WM devices. At the time, we were also using an 
internal certificate and it just worked.

Do you have it working with any WM devices?
ActiveSync is not OMA or OWA. In Exchange 2007, it is called ActiveSync. In 
Exchange 2003, I think it was called "Always Up to Date" or Push or something 
like that.
Just to confirm, you are on 2003 SP2? You do need SP to get ActiveSync.


...Tim


> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Monday, August 24, 2009 10:56 AM
> To: NT System Admin Issues
> Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> 
> We've broken this down into several steps trying to get this to work.
> We backed away from using the iPhone and used a Windows Mobile device to
> connect to the Exchange server using our internal wireless network
> without SSL and was able to get that to work through OWA, but the
> ActiveSync is still not working.  We're getting "Your account in
> Microsoft Exchange Server does not have permission to sync with your
> current settings".  We've checked Outlook Mobile Access and Outlook Web
> Access settings and they're both enabled.  We've Google this and tried
> just about everything we've found and still not working.
> 
> For those who just tuned in, we eventually want to get this working
> running an iPhone through an ISA 2006 server to Exchange 2003.
> 
> -Paul
> 
> -Original Message-
> From: Ken Schaefer [mailto:k...@adopenstatic.com]
> Sent: Saturday, August 22, 2009 12:35 AM
> To: NT System Admin Issues
> Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> 
> Huh? PKI is relatively simple technology. Usually both parties need to
> trust a mutual third party (a CA). A similar concept to Kerberos or even
> AD in general (both clients and servers trust DCs)
> 
> The tricky part about PKI is all the processes you have around managing
> your CA, key escrow etc. What is the actual issue you are facing?
> 
> Cheers
> Ken
> 
> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Friday, 21 August 2009 10:12 PM
> To: NT System Admin Issues
> Subject: Still struggling with iPhone, ISA and SSL certs...
> 
> As the Security Admin and I are still trying to get the
> hell-spawned-demonic-iPhone-from-the-putrid-cesspool-of-caustic-industri
> al-waste-products to work through our ISA, we referred back to the ISA
> 2006 Migration Guide by Syngress.  The SA came in the morning and showed
> me the following section in the book:
> 
> "The topic of Certificate Authorities (CAs)and PKI (Public Key
> Infrastructure) is usually enough to drive many administrators away from
> even considering SSL.  There are a number of reasons for this:
>  - The available documentation on certificate authorities and PKI, in
> general, is difficult to understand.
>  - The subject has the potential to be extremely complex.
>  - You need to learn an entirely new vocabulary to understand the CAs
> and PKI.  Often the documentation on these subjects doesn't define the
> new words, or they use equally arcane terms to define the arcane term
> for which you're trying to get the definition.
>  - There doesn't seem to be any support for the network and firewall
> administrator who just wants to get a CA setup and running so that he
> can use certificates for SSL and L2TP/IPSec authentication and
> encryption."
> 
> 
> Boy, that just seems to sew it up in a nutshell, doesn't it?  You'd
> think that if this opinion is as common as I believe it to be, somebody
> out there could simplify the process somewhat...
> 
> *thunk* *thunk* *thunk*  (head banging against desk...)
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Still struggling with iPhone, ISA and SSL certs...

[Tim Evans]

Yes, that would imply that ActiveSync is on the server. But you said that the 
error message said that the user's account was not enabled for activesync. You 
need to make sure that the account is enabled first.


...Tim


> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Monday, August 24, 2009 11:42 AM
> To: NT System Admin Issues
> Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> 
> > One of my users came in with an iPhone and it just worked with the
> standard configuration we had for all our WM devices. > At the time, we
> were also using an internal certificate and it just worked.
> 
> That's right... just twist the knife... :-)
> 
> > Do you have it working with any WM devices?
> 
> Just with OWA now.  And as I said, just internally between the WM device
> and the Exchange server.  We want to get that done before we throw the
> ISA into the mix.
> 
> In the IIS Manager, there is a virtual directory called
> Micrsoft-Server-ActiveSync.  So doesn't that indicate that it's there?
> 
> Yep, running Exchange 2003 SP2.
> 
> -Original Message-
> From: Tim Evans [mailto:tev...@sparling.com]
> Sent: Monday, August 24, 2009 1:19 PM
> To: NT System Admin Issues
> Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> 
> One of my users came in with an iPhone and it just worked with the
> standard configuration we had for all our WM devices. At the time, we
> were also using an internal certificate and it just worked.
> 
> Do you have it working with any WM devices?
> ActiveSync is not OMA or OWA. In Exchange 2007, it is called ActiveSync.
> In Exchange 2003, I think it was called "Always Up to Date" or Push or
> something like that.
> Just to confirm, you are on 2003 SP2? You do need SP to get ActiveSync.
> 
> 
> ...Tim
> 
> 
> > -Original Message-
> > From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> > Sent: Monday, August 24, 2009 10:56 AM
> > To: NT System Admin Issues
> > Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> >
> > We've broken this down into several steps trying to get this to work.
> > We backed away from using the iPhone and used a Windows Mobile device
> to
> > connect to the Exchange server using our internal wireless network
> > without SSL and was able to get that to work through OWA, but the
> > ActiveSync is still not working.  We're getting "Your account in
> > Microsoft Exchange Server does not have permission to sync with your
> > current settings".  We've checked Outlook Mobile Access and Outlook
> Web
> > Access settings and they're both enabled.  We've Google this and tried
> > just about everything we've found and still not working.
> >
> > For those who just tuned in, we eventually want to get this working
> > running an iPhone through an ISA 2006 server to Exchange 2003.
> >
> > -Paul
> >
> > -Original Message-
> > From: Ken Schaefer [mailto:k...@adopenstatic.com]
> > Sent: Saturday, August 22, 2009 12:35 AM
> > To: NT System Admin Issues
> > Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> >
> > Huh? PKI is relatively simple technology. Usually both parties need to
> > trust a mutual third party (a CA). A similar concept to Kerberos or
> even
> > AD in general (both clients and servers trust DCs)
> >
> > The tricky part about PKI is all the processes you have around
> managing
> > your CA, key escrow etc. What is the actual issue you are facing?
> >
> > Cheers
> > Ken
> >
> > -Original Message-
> > From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> > Sent: Friday, 21 August 2009 10:12 PM
> > To: NT System Admin Issues
> > Subject: Still struggling with iPhone, ISA and SSL certs...
> >
> > As the Security Admin and I are still trying to get the
> >
> hell-spawned-demonic-iPhone-from-the-putrid-cesspool-of-caustic-industri
> > al-waste-products to work through our ISA, we referred back to the ISA
> > 2006 Migration Guide by Syngress.  The SA came in the morning and
> showed
> > me the following section in the book:
> >
> > "The topic of Certificate Authorities (CAs)and PKI (Public Key
> > Infrastructure) is usually enough to drive many administrators away
> from
> > even considering SSL.  There are a number of reasons for this:
> >  - The available documentation on certificate authorities and PKI, in
> > general, is difficult to understand.
> >  - The subject has the potential to be extre

RE: Still struggling with iPhone, ISA and SSL certs...

[Tim Evans]

I believe it is under Mobile Services, but it is *NOT* Mobile Access. That is a 
different feature, essentially a real stripped down version of OWA

...Tim


> -Original Message-
> From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> Sent: Monday, August 24, 2009 11:57 AM
> To: NT System Admin Issues
> Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> 
> Would that show up as ActiveSync in ADUC, Exchange Features, or is it
> referred to as Outlook Mobile Access under Mobile Services?
> 
> -Original Message-
> From: Tim Evans [mailto:tev...@sparling.com]
> Sent: Monday, August 24, 2009 1:49 PM
> To: NT System Admin Issues
> Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> 
> Yes, that would imply that ActiveSync is on the server. But you said
> that the error message said that the user's account was not enabled for
> activesync. You need to make sure that the account is enabled first.
> 
> 
> ...Tim
> 
> 
> > -Original Message-
> > From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> > Sent: Monday, August 24, 2009 11:42 AM
> > To: NT System Admin Issues
> > Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> >
> > > One of my users came in with an iPhone and it just worked with the
> > standard configuration we had for all our WM devices. > At the time,
> we
> > were also using an internal certificate and it just worked.
> >
> > That's right... just twist the knife... :-)
> >
> > > Do you have it working with any WM devices?
> >
> > Just with OWA now.  And as I said, just internally between the WM
> device
> > and the Exchange server.  We want to get that done before we throw the
> > ISA into the mix.
> >
> > In the IIS Manager, there is a virtual directory called
> > Micrsoft-Server-ActiveSync.  So doesn't that indicate that it's there?
> >
> > Yep, running Exchange 2003 SP2.
> >
> > -Original Message-
> > From: Tim Evans [mailto:tev...@sparling.com]
> > Sent: Monday, August 24, 2009 1:19 PM
> > To: NT System Admin Issues
> > Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> >
> > One of my users came in with an iPhone and it just worked with the
> > standard configuration we had for all our WM devices. At the time, we
> > were also using an internal certificate and it just worked.
> >
> > Do you have it working with any WM devices?
> > ActiveSync is not OMA or OWA. In Exchange 2007, it is called
> ActiveSync.
> > In Exchange 2003, I think it was called "Always Up to Date" or Push or
> > something like that.
> > Just to confirm, you are on 2003 SP2? You do need SP to get
> ActiveSync.
> >
> >
> > ...Tim
> >
> >
> > > -Original Message-
> > > From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
> > > Sent: Monday, August 24, 2009 10:56 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> > >
> > > We've broken this down into several steps trying to get this to
> work.
> > > We backed away from using the iPhone and used a Windows Mobile
> device
> > to
> > > connect to the Exchange server using our internal wireless network
> > > without SSL and was able to get that to work through OWA, but the
> > > ActiveSync is still not working.  We're getting "Your account in
> > > Microsoft Exchange Server does not have permission to sync with your
> > > current settings".  We've checked Outlook Mobile Access and Outlook
> > Web
> > > Access settings and they're both enabled.  We've Google this and
> tried
> > > just about everything we've found and still not working.
> > >
> > > For those who just tuned in, we eventually want to get this working
> > > running an iPhone through an ISA 2006 server to Exchange 2003.
> > >
> > > -Paul
> > >
> > > -Original Message-
> > > From: Ken Schaefer [mailto:k...@adopenstatic.com]
> > > Sent: Saturday, August 22, 2009 12:35 AM
> > > To: NT System Admin Issues
> > > Subject: RE: Still struggling with iPhone, ISA and SSL certs...
> > >
> > > Huh? PKI is relatively simple technology. Usually both parties need
> to
> > > trust a mutual third party (a CA). A similar concept to Kerberos or
> > even
> > > AD in general (both clients and servers trust DCs)
> > >
> > > The tricky part about PKI is all the 

RE: Need Website Tested

[Tim Evans]

Win7 x 64, 32bit IE - no problems here

...Tim

From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Friday, February 12, 2010 5:52 AM
To: NT System Admin Issues
Subject: Need Website Tested

Our Windows 7 machines crash when accessing the following site with IE8:

http://www.suwannee.k12.fl.us/

The module causing the fault is mshtml.dll. We've tested from multiple Win7 
machines (different brands/models/images) on our end with the same result, but 
Vista and XP seem to work fine.

Could any of you with Win7 try the site through IE8 and let me know if you see 
the same thing?



John Hornbuckle
MIS Department
Taylor County School District
www.taylor.k12.fl.us











NOTICE: Florida has a broad public records law. Most written communications to 
or from this entity are public records that will be disclosed to the public and 
the media upon request. E-mail communications may be subject to public 
disclosure.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Policy for external devices

[Tim Evans]

To avoid all the me-too's, I'll just post ours here. This is our "Portable 
Computing and Data Storage Device Policy". IANAL and I didn't write this, but 
here it is:

Sparling may provide a portable computing device (e.g. a laptop computer, 
smartphone, or personal digital assistant) and/or mass data storage devices 
(e.g. USB thumb drives, Smart Digital cards, CD/DVDs, external hard drives) to 
staff members whose regular duties include use of such devices. In some cases, 
a portable computing device and portable data storage device may be the same 
device. Sparling may also permit staff members to access its network using a 
portable computing device to perform their job duties.

Personal Use of Company-Issued Portable Computing and Data Storage Devices
Sparling's portable computing and data storage devices and the networks they 
access are intended for business use. Staff members may use such computing 
devices for occasional personal purposes, but any use must be on personal time. 
Personal use of portable computing and data storage devices must not
interfere in any way with job duties or performance.

Use of Portable Computing and Data Storage Devices Is Not Private
Sparling has the ability to access and review all information stored on its 
portable computing and data storage devices and network. The Company reserves 
the right to perform such an inspection at any time. Staff members should not 
expect that any files, records, or other data stored on the Company's equipment 
and network are private, even with privacy protections in place (e.g. using a 
password or
designating it as "personal").

Content Rules for Portable Computing and Data Storage Devices
All of Sparling's policies and rules of conduct apply to staff member use of 
Company-issued portable computing and data storage devices. All communications 
(e.g. email, instant messaging, and Internet access) on Company-issued portable 
computing devices are subject to the Company's policies on appropriate use. 
This means, for example, that staff members may not send or store harassing 
messages, access pornographic or gambling websites, or violate any of the 
Company's other rules on appropriate communications content.

Security of Portable Computing and Data Storage Devices
Although portable computing equipment and convenient portable data storage 
devices can greatly improve the Company's communications and efficiency, they 
can also pose a risk to the security of the Company's proprietary information. 
If these devices are lost, stolen, or hacked into, an outsider could have 
access to Company data or the Company's network.

To prevent theft and loss of data, staff members who receive Company-issued 
portable computing equipment and data storage devices must follow these 
guidelines:

* Staff members should not download confidential Company information to a 
portable computing or data storage device unless it is absolutely necessary. If 
confidential Company information is stored on a portable computing or data 
storage device, it must be encrypted using Company-approved encryption software 
and it must be securely deleted as soon as that information is no longer needed.

 * Staff members should log off or sign off before leaving a portable 
computing device unattended. Likewise, portable computing devices must also 
require a password or PIN to use the device at power-on or boot-up.

* If Company-issued portable computing devices are equipped with antivirus 
software, automatic updates to this software may not be blocked.

* Staff members may not download, install, or use any software programs on 
a Company-issued portable computing device unless that program has been 
approved and installed by the IT department.

* The same anti-virus and malware precautions are required for portable 
computing device as are required for Company computers. Email or IM attachments 
from unknown senders should not be opened. Internet files may not be opened, 
read, or downloaded without first allowing for a virus scan.

* Staff members are responsible for the security of portable computing and 
data storage devices issued to them. These devices should be kept in one's 
possession whenever possible.  If a portable computing or data storage device 
must be left unattended, it should be stored out of sight in a secure location, 
such as in a hotel safe or in a locked filing cabinet at home. Portable 
computing or data storage devices should not be left unattended in vehicles.

* Staff members must immediately notify their manager and the Company's IT 
department if their portable computing or data storage device is lost or stolen 
so the Company may attempt to remotely delete or secure all data stored on the 
device.

Don't Use Personal Portable Computing or Data Storage Devices for Work
Storing Company information on a personal portable computing or data storage 
device, or using such a device to access or attach to the Company's n

RE: Sat Radio for your PBX on hold?

[Tim Evans]

This is legal: http://www.royaltyfreemusic.com/


...Tim


-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Thursday, March 04, 2010 8:44 AM
To: NT System Admin Issues
Subject: RE: Sat Radio for your PBX on hold?

Well, I don't think that is *technically* legal, but you can probably get
away with it. You could just rip some CDs to MP3 files and put something
like WinAmp on there to play the MP3 files in a random or specified order.
That's not legal either, but unlikely to get caught either. :-)




-Original Message-
From: N Parr [mailto:npar...@mortonind.com] 
Sent: Thursday, March 04, 2010 11:28 AM
To: NT System Admin Issues
Subject: Sat Radio for your PBX on hold?

Stupid question, been wanting to do this for years and Management
finally told me to do it.  Anyway, say I sign up for the Sirius internet
streaming and just plunk an old laptop on the top of the PBX rack.  Does
the internet stream ever time out or will it stay on indefinitely?
Would be kind of hard to put a physical unit in, would have to get an
antenna outside.  Noticed they also have a tabletop radio that uses
internet connection for it's feed.  Suppose that would work also if the
feed never times out.
Thanks


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: DNS Server service shuts down shortly after the DC boots

[Tim Evans]

FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my 
AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.

...Tim

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 11:53 AM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It appears that background zone loading is a feature of 2008 and later... maybe 
I just need to hurry up the upgrade to 2008.

Carl

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 09, 2010 2:44 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Oh! Yes, now that you say that

I bet what's happening is that it's timing out.

There is a flag (and I'm sorry that I don't remember the details) that says "do 
the initial zone load in the background". You probably need to set that. That 
should be enough to biggle with...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 2:40 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

"Debug logging" will log DNS packets to a text file.  I guess the last DNS 
packet received before the shutdown could tell me something if it was shutting 
down randomly at any time.   But the fact that the service stays running 
forever after restarting suggests that bad DNS packets on the wire aren't 
likely causing this.  So if bad DNS traffic is the problem, the only 
explanation would be a DNS query from the DC to itself.   DC DOS's its own DNS 
server service?

One thing I may have that is less common is a lot of DNS authoritative zones 
for well known bad (malware hosting) domain names.  There's over 1000 of 'em.

I have to say I'm not up for an extended debugging journey on this one, just 
wondering if this behavior triggered any memories for anyone.

Carl

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Tuesday, March 09, 2010 1:53 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It should be able to kick out more info to a text file.

The scenario you mention of branch DCs not having connectivity is completely 
normal.

Thanks,
Brian Desmond
br...@briandesmond.com

c - 312.731.3132

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 12:46 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Good idea, but the DNS Server's event logging option has been on "all events" 
all this time.  That must be the default, I don't recall ever changing it.

Carl

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 09, 2010 1:39 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

This would seem to indicate to me that while the DNS Server service was 
initiated, it never actually finished initializing.

Aren't there some logging options on the DNS server property tab? I'd probably 
ratchet those up to max for a while and see if they helped gather more info...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 1:22 PM
To: NT System Admin Issues
Subject: DNS Server service shuts down shortly after the DC boots

Curious thing, started a few months ago after I moved the FSMO roles from this 
DC to another one.  This DC frequently boots "in a vacuum" - no other DC's can 
be contacted, so it takes a long time sniffing around before it finally starts 
Active Directory and its own DNS Server service.   A few minutes after that, 
the DNS Server service shuts down.  There's nothing in the System or 
Application event log to explain it, and the DNS Server event log records 
simply that " The DNS server has shutdown." (event ID 3).

The recovery options are set to restart the service, but that doesn't happen 
because the service appears to have been shut down on purpose.  But no human 
(for sure) and 99.9% sure no software is issuing the command.

Another interesting thing from the event logs, under System, when I start the 
service there's an event 7036 logged "The DNS Server has entered the running 
state".  But I see NO event 7036 for DNS at the time of booting.  Obviously, it 
must be started, else the DNS event log wouldn't record that it had shut down!  
 And I see no 7036 events for it stopping either.

When this happens, I can manually start the DNS Server service and all is well 
until the next boot, which may or may not have the problem.  I think it's 
happening about 50% of the time.

I've scripted a solution to recover from

RE: DNS Server service shuts down shortly after the DC boots

[Tim Evans]

I run this batch file:
** begin batch file *
@echo off
set server=mydnsserver
set /p delold=Delete old domains?
if /I "%delold%" NEQ "Y" goto getit
echo Deleting old domains...
pause
for /F %%f in (mal_list.txt) do dnscmd %server% /zonedelete %%f /dsdel /f
:getit
if exist domains.txt del domains.txt
wget http://www.malwaredomains.com/files/domains.txt || goto end
if exist mal_list.txt del mal_list.txt
rem ignore lines beginning with # & echo 1st word only
for /F "eol=# tokens=1 " %%i in (domains.txt) do @echo %%i >>mal_list.txt
for /F %%f in (mal_list.txt) do (dnscmd %server% /zoneadd %%f /DsPrimary /DP 
/forest && dnscmd %server% /recordadd %%f * A 192.168.0.6)
:end
** end batch file *

This adds a wildcard zone for each domain which points to an internal web 
server at 192.168.0.6. It displays a "web site blocked due to malware" page 
whenever anyone hits it. I go thru the logs regularly and investigate any host 
on that server. It's a bit crude in that it just attempts to add all the 
domains each time it is run, but it works from me. Occasionally, they delete a 
bunch of domains and I couldn't figure out a better way to handle it, so if I 
answer Y to tor prompt, it deletes all domains and readds them from the 
downloaded list.

...Tim

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Tuesday, March 09, 2010 1:13 PM
To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

Very intriguing.

How do you accomplish the loading of the domain list?  Using a boot file per 
the directions here: http://www.malwaredomains.com/wordpress/?page_id=6#MS?  Do 
you refresh the list manually every once and a while?

Thanks,
RS
On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my 
AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.

...Tim

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 11:53 AM

To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It appears that background zone loading is a feature of 2008 and later... maybe 
I just need to hurry up the upgrade to 2008.

Carl

From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Tuesday, March 09, 2010 2:44 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Oh! Yes, now that you say that

I bet what's happening is that it's timing out.

There is a flag (and I'm sorry that I don't remember the details) that says "do 
the initial zone load in the background". You probably need to set that. That 
should be enough to biggle with...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 2:40 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

"Debug logging" will log DNS packets to a text file.  I guess the last DNS 
packet received before the shutdown could tell me something if it was shutting 
down randomly at any time.   But the fact that the service stays running 
forever after restarting suggests that bad DNS packets on the wire aren't 
likely causing this.  So if bad DNS traffic is the problem, the only 
explanation would be a DNS query from the DC to itself.   DC DOS's its own DNS 
server service?

One thing I may have that is less common is a lot of DNS authoritative zones 
for well known bad (malware hosting) domain names.  There's over 1000 of 'em.

I have to say I'm not up for an extended debugging journey on this one, just 
wondering if this behavior triggered any memories for anyone.

Carl

From: Brian Desmond 
[mailto:br...@briandesmond.com<mailto:br...@briandesmond.com>]
Sent: Tuesday, March 09, 2010 1:53 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It should be able to kick out more info to a text file.

The scenario you mention of branch DCs not having connectivity is completely 
normal.

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

c - 312.731.3132

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 12:46 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Good idea, but the DNS Server's event logging option has been on "all events" 
all this time.  That must b

RE: DNS Server service shuts down shortly after the DC boots

[Tim Evans]

Not that I can see. OpenDNS doesn't give me a log of the malware domains my 
users have attempted to visit. I think the malwaredomains list is more complete 
than OpenDNS, but I don't know that for a fact.

...Tim

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, March 09, 2010 1:20 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Doesn't going through OpenDNS achieve pretty much the same thing?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

From: Tim Evans [mailto:tev...@sparling.com]
Sent: Tuesday, March 09, 2010 12:59 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my 
AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.

...Tim

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 11:53 AM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It appears that background zone loading is a feature of 2008 and later... maybe 
I just need to hurry up the upgrade to 2008.

Carl

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 09, 2010 2:44 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Oh! Yes, now that you say that

I bet what's happening is that it's timing out.

There is a flag (and I'm sorry that I don't remember the details) that says "do 
the initial zone load in the background". You probably need to set that. That 
should be enough to biggle with...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 2:40 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

"Debug logging" will log DNS packets to a text file.  I guess the last DNS 
packet received before the shutdown could tell me something if it was shutting 
down randomly at any time.   But the fact that the service stays running 
forever after restarting suggests that bad DNS packets on the wire aren't 
likely causing this.  So if bad DNS traffic is the problem, the only 
explanation would be a DNS query from the DC to itself.   DC DOS's its own DNS 
server service?

One thing I may have that is less common is a lot of DNS authoritative zones 
for well known bad (malware hosting) domain names.  There's over 1000 of 'em.

I have to say I'm not up for an extended debugging journey on this one, just 
wondering if this behavior triggered any memories for anyone.

Carl

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Tuesday, March 09, 2010 1:53 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It should be able to kick out more info to a text file.

The scenario you mention of branch DCs not having connectivity is completely 
normal.

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

c - 312.731.3132

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 12:46 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Good idea, but the DNS Server's event logging option has been on "all events" 
all this time.  That must be the default, I don't recall ever changing it.

Carl

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, March 09, 2010 1:39 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

This would seem to indicate to me that while the DNS Server service was 
initiated, it never actually finished initializing.

Aren't there some logging options on the DNS server property tab? I'd probably 
ratchet those up to max for a while and see if they helped gather more info...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, March 09, 2010 1:22 PM
To: NT System Admin Issues
Subject: DNS Server service shuts down shortly after the DC boots

Curious thing, started a few months ago after I moved the FSMO roles from this 
DC to another one.  This DC frequently boots "in a vacuum" - no other DC's can 
be contacted, so it takes a long time sniffing around before it finally starts 
Active Directory and its own DNS Server service.   A few minutes after that, 
the DNS Server service shuts down.  There's nothing in the System or 
Application event log to explain it, and the 

RE: DNS Server service shuts down shortly after the DC boots

[Tim Evans]

I'd be interested to see what kind of improvements you come up for it. This was 
something quick & dirty I whipped up and haven't ever gotten the time to go 
back and clean up.

...Tim

From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
Sent: Tuesday, March 09, 2010 2:01 PM
To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

Indeed!  This is a project that I have wanted to attempt myself - and this just 
saved me a whole lot of start-up time.

Thanks, Tim!

--
ME2

On Tue, Mar 9, 2010 at 1:45 PM, Richard Stovall 
mailto:rich...@gmail.com>> wrote:
Most excellent.  Thank you very much.  I'll give this a whirl at home and see 
how it goes.

Much obliged,
RS
On Tue, Mar 9, 2010 at 4:41 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
I run this batch file:
** begin batch file *
@echo off
set server=mydnsserver
set /p delold=Delete old domains?
if /I "%delold%" NEQ "Y" goto getit
echo Deleting old domains...
pause
for /F %%f in (mal_list.txt) do dnscmd %server% /zonedelete %%f /dsdel /f
:getit
if exist domains.txt del domains.txt
wget http://www.malwaredomains.com/files/domains.txt || goto end
if exist mal_list.txt del mal_list.txt
rem ignore lines beginning with # & echo 1st word only
for /F "eol=# tokens=1 " %%i in (domains.txt) do @echo %%i >>mal_list.txt
for /F %%f in (mal_list.txt) do (dnscmd %server% /zoneadd %%f /DsPrimary /DP 
/forest && dnscmd %server% /recordadd %%f * A 192.168.0.6)
:end
** end batch file *

This adds a wildcard zone for each domain which points to an internal web 
server at 192.168.0.6. It displays a "web site blocked due to malware" page 
whenever anyone hits it. I go thru the logs regularly and investigate any host 
on that server. It's a bit crude in that it just attempts to add all the 
domains each time it is run, but it works from me. Occasionally, they delete a 
bunch of domains and I couldn't figure out a better way to handle it, so if I 
answer Y to tor prompt, it deletes all domains and readds them from the 
downloaded list.

...Tim

From: Richard Stovall [mailto:rich...@gmail.com<mailto:rich...@gmail.com>]
Sent: Tuesday, March 09, 2010 1:13 PM

To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

Very intriguing.

How do you accomplish the loading of the domain list?  Using a boot file per 
the directions here: http://www.malwaredomains.com/wordpress/?page_id=6#MS?  Do 
you refresh the list manually every once and a while?

Thanks,
RS
On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my 
AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.

...Tim

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 11:53 AM

To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It appears that background zone loading is a feature of 2008 and later... maybe 
I just need to hurry up the upgrade to 2008.

Carl

From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Tuesday, March 09, 2010 2:44 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Oh! Yes, now that you say that

I bet what's happening is that it's timing out.

There is a flag (and I'm sorry that I don't remember the details) that says "do 
the initial zone load in the background". You probably need to set that. That 
should be enough to biggle with...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 2:40 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

"Debug logging" will log DNS packets to a text file.  I guess the last DNS 
packet received before the shutdown could tell me something if it was shutting 
down randomly at any time.   But the fact that the service stays running 
forever after restarting suggests that bad DNS packets on the wire aren't 
likely causing this.  So if bad DNS traffic is the problem, the only 
explanation would be a DNS query from the DC to itself.   DC DOS's its own DNS 
server service?

One thing I may have that is less common is a lot of DNS authoritative zones 
for well known bad (malware hosting) domain names.  There's over 1000 of 'em.

I have to say I'm not up for an extended debugging journey on this one, just 
wondering if this beh

RE: Malware DNS

[Tim Evans]

I posted a batch file here yesterday that does just that. See the "DNS Server 
service shuts down..." thread

...Tim

From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Wednesday, March 10, 2010 5:52 AM
To: NT System Admin Issues
Subject: Malware DNS

I was looking at adding the Malware DNS entries, but I'm not sure how to do 
that. I was thinking it would be really nice if there were a hosts file to just 
add to the DNS servers, but I'm not sure that would propagate out on DNS 
queries by the client machines.

How does one add a DNS file like the MalwareDomains.com entries?

[cid:image001.jpg@01CAC020.2CD937C0][cid:image002@01cac020.2cd937c0]






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: DNS Server service shuts down shortly after the DC boots

[Tim Evans]

Yes, very good point. Thanks for pointing that out Brian. Fortunately, I don't 
run the delete all very often. It looks like I'll have to revisit this again in 
the near future.

...Tim

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Wednesday, March 10, 2010 1:14 PM
To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

That is an extremely good point.  One I had not thought of.

I have pretty much decided from the playpen experience that I won't do this on 
my AD DNS servers.  I might, however, set up a forwarding server that does all 
the lookups for external zones and place these zones there.  Maybe.  Lots of 
playing left to do to see whether or how to implement it.

RS
On Wed, Mar 10, 2010 at 4:08 PM, Brian Desmond 
mailto:br...@briandesmond.com>> wrote:
Keep in mind that with this script (particularly recycle bin enabled), I'd 
expect to see quite a bit of DIT growth. Every single time you delete all these 
zones and start again, they're going to sit hidden in the DIT for 180 days, and 
then an additional 180 days as stripped down tombstones.

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

c - 312.731.3132

From: Richard Stovall [mailto:rich...@gmail.com<mailto:rich...@gmail.com>]
Sent: Wednesday, March 10, 2010 3:05 PM

To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

I just set this up on a sandboxed test VM and it was effective.  I had to 
chuckle, though, because it took over an hour to create the zones.  This VM is 
also a DC for a 5 machine domain and the ntds.dit file went from around 38MB to 
106MB.
On Tue, Mar 9, 2010 at 4:41 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
I run this batch file:
** begin batch file *
@echo off
set server=mydnsserver
set /p delold=Delete old domains?
if /I "%delold%" NEQ "Y" goto getit
echo Deleting old domains...
pause
for /F %%f in (mal_list.txt) do dnscmd %server% /zonedelete %%f /dsdel /f
:getit
if exist domains.txt del domains.txt
wget http://www.malwaredomains.com/files/domains.txt || goto end
if exist mal_list.txt del mal_list.txt
rem ignore lines beginning with # & echo 1st word only
for /F "eol=# tokens=1 " %%i in (domains.txt) do @echo %%i >>mal_list.txt
for /F %%f in (mal_list.txt) do (dnscmd %server% /zoneadd %%f /DsPrimary /DP 
/forest && dnscmd %server% /recordadd %%f * A 192.168.0.6)
:end
** end batch file *

This adds a wildcard zone for each domain which points to an internal web 
server at 192.168.0.6. It displays a "web site blocked due to malware" page 
whenever anyone hits it. I go thru the logs regularly and investigate any host 
on that server. It's a bit crude in that it just attempts to add all the 
domains each time it is run, but it works from me. Occasionally, they delete a 
bunch of domains and I couldn't figure out a better way to handle it, so if I 
answer Y to tor prompt, it deletes all domains and readds them from the 
downloaded list.

...Tim

From: Richard Stovall [mailto:rich...@gmail.com<mailto:rich...@gmail.com>]
Sent: Tuesday, March 09, 2010 1:13 PM

To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

Very intriguing.

How do you accomplish the loading of the domain list?  Using a boot file per 
the directions here: http://www.malwaredomains.com/wordpress/?page_id=6#MS?  Do 
you refresh the list manually every once and a while?

Thanks,
RS
On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my 
AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.

...Tim

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 11:53 AM

To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It appears that background zone loading is a feature of 2008 and later... maybe 
I just need to hurry up the upgrade to 2008.

Carl

From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Tuesday, March 09, 2010 2:44 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Oh! Yes, now that you say that

I bet what's happening is that it's timing out.

There is a flag (and I'm sorry that I don't remember the details) that says "do 
the initial zone load in the background". You probably need to set that. That 
should be enough to biggle with...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Hous

RE: DNS Server service shuts down shortly after the DC boots

[Tim Evans]

http://en.wikipedia.org/wiki/Wget

Curl would work too: http://en.wikipedia.org/wiki/CURL

...Tim

From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Thursday, March 11, 2010 6:54 AM
To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

what is the wget

From: Richard Stovall<mailto:rich...@gmail.com>
Sent: Wednesday, March 10, 2010 4:05 PM
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Subject: Re: DNS Server service shuts down shortly after the DC boots

I just set this up on a sandboxed test VM and it was effective.  I had to 
chuckle, though, because it took over an hour to create the zones.  This VM is 
also a DC for a 5 machine domain and the ntds.dit file went from around 38MB to 
106MB.
On Tue, Mar 9, 2010 at 4:41 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
I run this batch file:
** begin batch file *
@echo off
set server=mydnsserver
set /p delold=Delete old domains?
if /I "%delold%" NEQ "Y" goto getit
echo Deleting old domains...
pause
for /F %%f in (mal_list.txt) do dnscmd %server% /zonedelete %%f /dsdel /f
:getit
if exist domains.txt del domains.txt
wget http://www.malwaredomains.com/files/domains.txt || goto end
if exist mal_list.txt del mal_list.txt
rem ignore lines beginning with # & echo 1st word only
for /F "eol=# tokens=1 " %%i in (domains.txt) do @echo %%i >>mal_list.txt
for /F %%f in (mal_list.txt) do (dnscmd %server% /zoneadd %%f /DsPrimary /DP 
/forest && dnscmd %server% /recordadd %%f * A 192.168.0.6)
:end
** end batch file *

This adds a wildcard zone for each domain which points to an internal web 
server at 192.168.0.6. It displays a "web site blocked due to malware" page 
whenever anyone hits it. I go thru the logs regularly and investigate any host 
on that server. It's a bit crude in that it just attempts to add all the 
domains each time it is run, but it works from me. Occasionally, they delete a 
bunch of domains and I couldn't figure out a better way to handle it, so if I 
answer Y to tor prompt, it deletes all domains and readds them from the 
downloaded list.

...Tim

From: Richard Stovall [mailto:rich...@gmail.com<mailto:rich...@gmail.com>]
Sent: Tuesday, March 09, 2010 1:13 PM

To: NT System Admin Issues
Subject: Re: DNS Server service shuts down shortly after the DC boots

Very intriguing.

How do you accomplish the loading of the domain list?  Using a boot file per 
the directions here: http://www.malwaredomains.com/wordpress/?page_id=6#MS?  Do 
you refresh the list manually every once and a while?

Thanks,
RS
On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my 
AD integrated DNS without any problems. over 18000 domains are currently 
included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, 
& WS03 SP2. I have not seen anything like this here.

...Tim

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 11:53 AM

To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

It appears that background zone loading is a feature of 2008 and later... maybe 
I just need to hurry up the upgrade to 2008.

Carl

From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Tuesday, March 09, 2010 2:44 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

Oh! Yes, now that you say that

I bet what's happening is that it's timing out.

There is a flag (and I'm sorry that I don't remember the details) that says "do 
the initial zone load in the background". You probably need to set that. That 
should be enough to biggle with...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>]
Sent: Tuesday, March 09, 2010 2:40 PM
To: NT System Admin Issues
Subject: RE: DNS Server service shuts down shortly after the DC boots

"Debug logging" will log DNS packets to a text file.  I guess the last DNS 
packet received before the shutdown could tell me something if it was shutting 
down randomly at any time.   But the fact that the service stays running 
forever after restarting suggests that bad DNS packets on the wire aren't 
likely causing this.  So if bad DNS traffic is the problem, the only 
explanation would be a DNS query from the DC to itself.   DC DOS's its own DNS 
server service?

One thing I may have that is less common is a lot of DNS authoritative zones 
for well known bad (malware hosting) domain names.  There's over 1000 of 'em.

I have to say I'm not up for an extended debuggin

RE: propogating permissions to subfolders

[Tim Evans]

cd \home
for /d %f in (user*) do icacls %f /reset 

...Tim


-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Tuesday, March 16, 2010 12:30 PM
To: NT System Admin Issues
Subject: RE: propogating permissions to subfolders

Looks like you are right, icacls.exe will do the trick.

icacls User1\* /reset /t /c

... will reset the entire subdirectory tree underneath the User1 folder.

However, since i have thousands of these folders to do, is there a way to
automatically script having it run 
icacls User1\* /reset /t /c
icacls User2\* /reset /t /c
icacls User3\* /reset /t /c
icacls User4\* /reset /t /c , etc...

One after the other?  Can this be achieved using the FOR command in from a
batch?  My days of remembering context for the FOR command is long gone.

J

Original Message:
-
From: Michael B. Smith mich...@smithcons.com
Date: Tue, 16 Mar 2010 18:23:47 +
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: propogating permissions to subfolders


Xcacls will do it (although depending on what OS you are running you might
want to download the update from Microsoft downloads).

However, icacls has an easier syntax (which is less powerful but should
meet your needs in this case). Take a look at it.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com


-Original Message-
From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] 
Sent: Tuesday, March 16, 2010 1:49 PM
To: NT System Admin Issues
Subject: propogating permissions to subfolders

I think xcalcs.exe might do what I want, but I can't figure out the proper
format.

My directory structure is as follows:

-Volume
--Home
---User1
---User2
---User3
---User4
etc.

At the User1, User2, folder permissions are set the way we want.  Domain
admins have full control, user has modify, and the helpdesk group has read
permissions.

However, the subfolders underneath each user folder are NOT all set to
"inherit" from the parent (for one reason or another).

I want to FORCE the permissions from the User1 folder to ALL the subfolders
under User1, and FORCE the permissions on the User2 folder to ALL the
subfolders under User2, etc.

I can do this from the GUI by selecting User1 folder and enabling the
"Replace permission entries...".  However, I want to automate this.

How can I FORCE the "Allow inheritable permissions" checkbox to be
enabled on all user subfolders and FORCE the "Replace permission
entries..." checkbox to be enabled on ALL the subfolders underneath my
User1, User2, User3, etc. folders?

I think xcalcs should do it, but, I'm confused how exactly...

Thanks.




mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



mail2web.com - Enhanced email for the mobile individual based on Microsoft(r)
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: I wonder how VIPRE would have done...

[Tim Evans]

Even a blind squirrel find the nut sometimes

...Tim


-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Tuesday, March 16, 2010 4:53 PM
To: NT System Admin Issues
Subject: Re: I wonder how VIPRE would have done...

Ouch!  Why'd it have to be McAfee that stopped it?  Have they actually gotten 
better over the years?

>>> Kurt Buff  3/16/2010 12:17 PM >>>
>From SANS Newsbites:

TOP OF THE NEWS
 --Six of Seven AV Programs Tested Did Not Detect Aurora Attack Variants
(March 11, 2010)
A test of seven of commonly used anti-virus programs found that just one
detected variants of the malware that exploited the IE vulnerability
used in the Aurora attacks, which affected Google, Adobe and other US
companies.  Rick Moy, president of NSS Labs, the company that performed
the tests, said that "vendors need to put more focus on the
vulnerability than on exploit protection."  Threat detection and
mitigation need to evolve to meet the challenge of the emerging attacks.
OS and client software vendors need to shoulder their share of the
security burden.
http://www.computerworld.com/s/article/9169658/Update_Security_industry_faces_attacks_it_cannot_stop?taxonomyId=13&pageNumber=1
 
http://darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=223600014&subSection=Antivirus
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Comcast Business Docsis 3.0

[Tim Evans]

Really? Yes, I'd like to hear more details. They are trying to get into one of 
our buildings and $190/mo for 50mb down/10mb up sounds like a pretty good deal. 
We'd be using it as a backup link and for local internet service.

...Tim


-Original Message-
From: Sam Cayze [mailto:sam.ca...@rollouts.com] 
Sent: Tuesday, March 23, 2010 9:10 AM
To: NT System Admin Issues
Subject: RE: Comcast Business Docsis 3.0

RUN FOR YOUR LIFE!
It's horrid.  Made my home internet look business grade.
We ran back to fibre very quickly.

I'll give more details if needed, but I'm trying to block that
experience out.
Sam 


-Original Message-
From: Richard Stovall [mailto:rich...@gmail.com] 
Sent: Tuesday, March 23, 2010 10:37 AM
To: NT System Admin Issues
Subject: OT: Comcast Business Docsis 3.0

Anyone have the 50/10 service from Comcast?  Any thoughts or
experiences?  I normally wouldn't think about Cable for work, but if
it's any good we could save ~$14,000 / year.

Thanks,
RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OT: Comcast Business Docsis 3.0

[Tim Evans]

Thanks. There are some good questions here to ask before we sign up.

...Tim

From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Wednesday, March 24, 2010 1:11 PM
To: NT System Admin Issues
Subject: RE: OT: Comcast Business Docsis 3.0

Ok, I have a little more time now to rant on this...

iirc, the Docsis or whatever it's called doesn't have any SLA.  They did have 
something when we used it... but it was like: for a day long outage they would 
refund a small part of your bill.  Great... not.

We actually had a 20 HOUR outage with them once.  They had no idea how to fix 
it.  Many people on their support staff didn't even know what docsis 3 was, 
they only knew how to support docsis 2.0.   There was also like 3 pieces of 
equipment that they had to install - and they all were consumer grade.  And 
they always froze up.  I finally installed a telephone operated power supply to 
all 3 units because I had to reboot them all the time.

Also, no local support after hours.  Everything is routed to (Denver?) - and 
they are complete idiots there.  Local support always bitches about the people 
in Denver, and vice versa.  Each (Local vs. Denver) had a COMPLETLY different 
was of doing thinks.

Seriously, even one of their actually brilliant techs drew out the backbone of 
their network to my on my whiteboard.  It's terrible.
If you have comcast business, do a tracert.  Then do the same tracert on 
another isp - you will notice MANY more hops on Comcast.

They never let us out of the contract even though everyone at Comcast agreed we 
had a terrible experience.  I didn't bother fighting it, I just dumbed it down 
to the $59 a month plan.  I got back on fiber VERY quickly.  Luckily .

Also, they TREAT SMTP TRAFFIC LIKE THE DEVIL.  Do NOT ever put a SMTP server 
behind this.  (Their techs told me this).  They will just sporadically drop 
SMTP traffic out of the blue.  It's something that carried over from the 
consumer side.  Everybody at Comcast hates this and wants this practice to go 
away - they seriously just don't know how to un-implement it, technically and 
on paper.  Red tape is everywhere in the company.
Luckily they told me this upfront, so I didn't put our SMTP traffic on their 
IPs.

-Sam
I wrote this in flash, sorry for any typos.


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, March 23, 2010 5:44 PM
To: NT System Admin Issues
Subject: Re: OT: Comcast Business Docsis 3.0

On Tue, Mar 23, 2010 at 11:36 AM, Richard Stovall  wrote:
> Anyone have the 50/10 service from Comcast?  Any thoughts or
> experiences?

  I can't speak to the 50/10 service level, but we've had Comcast for a few 
years here.  It's fine for what I call "disposable bandwidth" -- web browsing, 
downloads, etc.  Blazing fast and dirt cheap.  But I would never put anything 
"mission critical" on it.  We have another feed (fixed wireless, through a 
local ISP) for that.

  Comcast still basically sees everything as TV.  If TV is out, it's an 
inconvenience, you have some upset customers, you maybe loose some PPV dollars, 
but ultimately, it's just not that big a deal.  Their phones and Internet are 
the same way.  They actually work okay most of the time, but hey, if they go 
down, no big deal, right?

  Don't put a mail server on it.  Simply being on Comcast weighs against you in 
many spam filters.

  Maybe 2 or 3 times per year, it flakes out.  We have to power off the CPE, 
wait a minute, power on to get it to resume.

  Comcast is an HFC (hybrid fiber-coax) system.  HFC runs fiber to "optical 
nodes", which are large boxes hung off utility poles.  Coax runs from the nodes 
to your premises.  The nodes need elecricity and are supplied by city power.  
They might have batteries, but they don't last very long.  No generators.  So 
if power is out in your area  for more than an hour or two, you *will* go down, 
and you'll be out for the duration.

  We've had two big storms in the past two years where Comcast was out for 
days.  No power at the node, though we had power at our plant.
Our copper telephone lines never even flickered.  The telcos know how to build 
a robust system, I'll give them that.  (Or they used to know
-- consumer FTTP is another story entirely.)

  Comcast's SLAs are a joke.  Their standard SLA says, "If you don't like the 
service, you're free to cancel".  Their "Symmetric" SLA says if it does down 
for long enough, you can get some money back, but it's prorated down to the 
hour and *they* decide what "down" means.  So packet loss is 30% and next-hop 
RTT is 300 ms might qualify as "up".

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows Police Pro

[Tim Evans]

Sans has a decent write up of what it does: 
http://isc.sans.org/diary.html?storyid=7066


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Friday, September 04, 2009 8:33 AM
To: NT System Admin Issues
Subject: Re: Windows Police Pro

On Fri, Sep 4, 2009 at 11:21 AM, Micheal Espinola
Jr wrote:
> If you havent heard of it already, start Googling it.

  Got a link to decent tech info with, e.g., infection vectors and
attack mechanisms?  All I find is removal instructions and the usual
mass confusion in online forums (the same kind that are full of people
asking if NTOSKRNL.EXE is a virus).

  I'm particularly interested in whether it's exploiting any special
security exposures, or if it's just your typical malware that depends
on luser stupidity and admin rights to get into the computer.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win 7 key

[Tim Evans]

No, the KMS server won't even start activating licenses until there are 25 
systems. What kind of licenses are they? With our EA, I had to go to the MS 
licensing site and specifically request a MAK key.

...Tim

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, September 08, 2009 10:19 AM
To: NT System Admin Issues
Subject: Win 7 key

I have licenses for 5 Windows 7 systems but the only key code I received is for 
KMS, not MAK ones, is this normal?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Vista, 7, etc method of determining if a network connection has "Internet Access"

[Tim Evans]

That sounds like a funky proxy or proxy entry in the browser to me. Back to 
SmartFilter ...


...Tim

From: Richard Stovall [mailto:richard.stov...@researchdata.com]
Sent: Tuesday, September 29, 2009 6:29 AM
To: NT System Admin Issues
Subject: RE: Vista, 7, etc method of determining if a network connection has 
"Internet Access"

I have updated the drivers for the NICs on both machines (one Vista, One Win 7 
RC) with genuine drivers from Intel (the Vista machine) and Realtek (The Win 7 
machine) to no avail.  Didn't help a bit.  I've changed the power settings so 
that they never sleep, etc.  The only thing that prevents it is to give them 
static ips and whitelist them from filtering.  BTW, what I'm seeing is only 
applicable to http and https.  When the browsers can't access anything on the 
internet I can open a command prompt and do nslookups, telnet, etc. to outside 
hosts.

From: Clark, Tommy R [mailto:tommy.r.cl...@saic.com]
Sent: Tuesday, September 29, 2009 8:42 AM
To: NT System Admin Issues
Subject: RE: Vista, 7, etc method of determining if a network connection has 
"Internet Access"

Yes, I know that bad things can happen when you let Windows Update change your 
drivers. I have not been bothered enough to go get the latest manufacture's 
drivers. I have installed Windows 7 in another partition and I am slowly 
migrating over anyway.


From: bounce-8670971-8239...@lyris.sunbelt-software.com 
[mailto:bounce-8670971-8239...@lyris.sunbelt-software.com] On Behalf Of 
richardmccl...@aspca.org
Sent: Tuesday, September 29, 2009 8:33 AM
To: NT System Admin Issues
Subject: RE: Vista, 7, etc method of determining if a network connection has 
"Internet Access"


Have you tried going to the NIC manufacturer's site and getting the driver they 
provide?  Bad things have been known to happen when one lets MS Update apply a 
hardware driver.
--
Richard D. McClary
Systems Administrator, Information Technology Group

ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL  61802

richardmccl...@aspca.org

P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org


The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


"Clark, Tommy R"  wrote on 09/29/2009 07:30:22 AM:

> I have been seeing this behavior on my Vista system at home. I do not
> have SmartFilter and have always assumed the problem was an incompatible
> network driver. I do not remember having the problem when I first
> obtained the laptop. I seem to remember the problem appearing sometime
> after I let Windows Update replace my network drivers. I have never
> really tried to trace it down. So, if you find the magic bullet, I'd be
> interested in hearing.
>
> -Original Message-
> From: bounce-8670273-8239...@lyris.sunbelt-software.com
> [mailto:bounce-8670273-8239...@lyris.sunbelt-software.com] On Behalf Of
> Richard Stovall
> Sent: Monday, September 28, 2009 4:18 PM
> To: NT System Admin Issues
> Subject: Vista, 7, etc method of determining if a network connection has
> "Internet Access"
>
> Does anyone have a good reference that explains exactly how Vista and
> newer Microsoft Operating Systems determine whether a particular NIC has
> "Internet Access?"  I'm talking about the really annoying 'feature'
> where the network stack automagically tries to determine whether a
> particular NIC has a route to the internet.
>
> I'm curious b/c our Pix SmartFilter plugin (now owned by McAfee) is
> messing with a couple of machines and breaking their ability to actually
> get to the internet.  If I disable filtering for the machines' ip
> addresses there's no problem at all.  With filtering enabled they
> completely lose their ability to get on the internet when their DHCP
> leases renew and you have to disable then re-enable the NICs.
> (SmartFilter of course says that there's no way it's related to their
> product...)
>
> TIA,
> RS
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: USB Boot drive Frustration

[Tim Evans]

I just ran across this:

http://www.computerforensicexaminer.com/computer-forensics-expert-florida-miami-palm-beach-lauderdale-dave-kleiman-forensic-training-files/Bootable_USB_How_to_and_tools.zip
(warning: link probably wrapped)

While I haven't used it, it seems to be a complete zip file (58 MB) with apps 
and instructions on how to set one up.

...Tim

> -Original Message-
> From: Steve Kelsay [mailto:kels...@sctax.org]
> Sent: Tuesday, October 06, 2009 6:49 AM
> To: NT System Admin Issues
> Subject: RE: USB Boot drive Frustration
> 
> Yes, I found the Dell install disk problem last night. It adds 4 files
> to the temp files Bart uses, but does not allow them to be deleted under
> the BART build, so the whole build fails. I am running it with a
> standard MS disk, and it is running well past that point now. Looks
> good!
> 
> I am going to look at some of the other solutions as well, as this is
> going to be a continuing issues here.
> 
> Thanks to everyone who has and is helping!
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Sysinternals does it again

[Tim Evans]

http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx

This is very cool, especially with Windows 7's new support for VHD boot. I 
suspect this will be one of my favorite utilities



...Tim


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Sysinternals does it again

[Tim Evans]

In Windows 7/Server2008R2, you can just attach the VHD and  
browse/edit/whatever you want.


...Tim

From: Alverson, Tom (Xetron) [mailto:tom.alver...@ngc.com]
Sent: Thursday, October 08, 2009 7:07 AM
To: NT System Admin Issues
Subject: RE: Sysinternals does it again

That is nice.  If you wanted to use the VHD's just for backup, is there a VHD 
"browser" (like Ghost Explorer)?

Tom

From: Tim Evans [mailto:tev...@sparling.com]
Sent: Thursday, October 08, 2009 10:02 AM
To: NT System Admin Issues
Subject: Sysinternals does it again

http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx

This is very cool, especially with Windows 7's new support for VHD boot. I 
suspect this will be one of my favorite utilities



...Tim










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Off-the-wall request

[Tim Evans]

What else does he need? If Process Explorer doesn't have it, I'd bet that 
Process Monitor does.

...Tim


-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Thursday, October 08, 2009 11:34 AM
To: NT System Admin Issues
Subject: RE: Off-the-wall request

Not sure...I recommended Process Explorer too, but he is saying that doesn't go 
deep enough...

>>> "Steven M. Caesare"  10/8/2009 11:31 AM >>>
I'm sorry... I read too fast

What other info do you need?

-sc

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Thursday, October 08, 2009 2:02 PM
To: NT System Admin Issues
Subject: Off-the-wall request

I need a tool to identify a PID, and what's associated with it.  Proc
Explorer doesn't do deep enough for what we're trying to do.  We know
the PIDs, but not what is below that, that could be using it...


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Backup/Restore best practices for Sharepoint 2007

[Tim Evans]

Interesting. We are looking at evaluating DPM. Can you elaborate on why you 
recommend against it?

Thanks


...Tim

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, October 09, 2009 6:19 AM
To: NT System Admin Issues
Subject: RE: Backup/Restore best practices for Sharepoint 2007

AvePoint also have a popular product (DocAve) in addition to the two listed 
below. I would strongly recommend against DPM 2007.

Cheers
Ken

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Friday, 9 October 2009 8:49 PM
To: NT System Admin Issues
Subject: RE: Backup/Restore best practices for Sharepoint 2007

Indeed.

I can confirm both Veritas NetBackup and CommVault Simpana both have Sharepoint 
agent document-level capability.

We are moving from the former to the latter.

-sc

From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Friday, October 09, 2009 8:40 AM
To: NT System Admin Issues
Subject: Re: Backup/Restore best practices for Sharepoint 2007

You'll need to have a backup solution that is Sharepoint aware not just SQL 
aware.  Backup Exec has an agent specifically for Sharepoint that will do the 
document level backup/restore you are asking for.  Otherwise, if you just rely 
on SQL backups, you'll have to restore the entire SQL db to recover, which 
means everything since the backup is lost.  I think most of the major backup 
software packages have something like BE has now for Sharepoint.  A few years 
ago, that wasn't the case and you had to go with 3rd party backup to get the 
document level restore capability.  We used a product called AvePoint for that 
for a couple of years until BE came out with their SP agent.
On Fri, Oct 9, 2009 at 7:30 AM, Erik Goldoff 
mailto:egold...@gmail.com>> wrote:
Wonder if anyone has any good links for best practices in backup and restore 
for Sharepoint 2007 data ( ie, how to recover a document after user 
accidentally deletes it from the sharepoint database, recovery after drive 
corruption, etc ).  I have an 'associate' that has just installed Sharepoint 
2007 at one of his law office clients at their request, but needs to learn more 
about it.

I've done *some* work with Sharepoint but don't consider myself at the 
expert/specialist level and could use some feedback from those that have the 
proper experience ...

Thanks in advance

Erik Goldoff

IT  Consultant

Systems, Networks, & Security








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Backup/Restore best practices for Sharepoint 2007

[Tim Evans]

Wow, Thanks Ken.
I think you just saved us a bunch of time

...Tim

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, October 09, 2009 6:47 AM
To: NT System Admin Issues
Subject: RE: Backup/Restore best practices for Sharepoint 2007

If you have a small SharePoint infrastructure it'll probably work OK.

If you're looking at a more enterprise level setup, then here's a few things I 
ran into...


a)  DPM requires LocalSystem to be sysadmin in the SQL Server instance that 
SharePoint is installed into. That's for the SQL Server VSS writer to be able 
to enumerate databases. It also requires DataReader permissions in every other 
SQL Server instance on the machine (or cluster node). That's a violation of 
Microsoft's best practise guides for securing SQL Server. If you have the same 
people administering SQL Server as you have for Windows, then probably not so 
much of an issue. If you have separate teams, then the DBAs will probably not 
be happy

b)  DPM agent can only be installed on a single SharePoint WFE at a time. 
So you build a highly available MOSS installation with multiple WFEs, clustered 
SQL Server etc, but your backup solution falls over because one crucial WFE is 
offline

c)   DPM restoration requires a separate, standalone, MOSS installation. To 
restore anything less granular than a single database (e.g. a site or document 
or list), DPM copies the entire content database to this standalone MOSS 
installation, then uses SharePoint APIs to extract the necessary documents into 
a backup file, then copies that to your Production MOSS installation, and then 
imports it. So, you are paying for extra MOSS license.

d)  The Site Collection template of the site you are restoring must match 
the site collection that you are restoring into. But you can't see what those 
site collection templates are from within DPM.

e)  If DPM is performing a backup, you can't do a restore without 
cancelling the in progress backup. However in my experience the actual backup 
can take a long time (in the order of many hours) if the WFE that you have your 
DPM agent on is busy (e.g. participating in crawling content). DPM backups will 
also fail if the SQL Server is heavily loaded (e.g. backups of SQL Server or 
other maintenance operations are in progress)

f)   If you remove a content database, you need to take an entire baseline 
replica again and start taking new snapshots. This can start to blow out your 
DPM storage requirements if you frequently add/remove content databases

g)  DPM backs up in a couple of ways - it backs up the databases directly 
from the SQL Server via VSS, and then gets a catalogue of restorable items from 
the WFE. If the latter fails, half the time you don't seem to get a decent 
warning about it. Instead, when you try to restore you find out that you can 
only restore an entire database. When you attempt to drill down to content, you 
can't

h)  Installing DPM relies on a bunch of hotfixes and other stuff to be 
installed to get it working properly. There's even a DPM hotfix you need to 
install if you install MOSS Feb 2009 CU, because somehow that MOSS CU stops DPM 
discovering your MOSS installation as a protectable item. VSS is another thing 
that seems to require continual patching.


Cheers
Ken


From: Tim Evans [mailto:tev...@sparling.com]
Sent: Friday, 9 October 2009 9:39 PM
To: NT System Admin Issues
Subject: RE: Backup/Restore best practices for Sharepoint 2007

Interesting. We are looking at evaluating DPM. Can you elaborate on why you 
recommend against it?

Thanks


...Tim

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, October 09, 2009 6:19 AM
To: NT System Admin Issues
Subject: RE: Backup/Restore best practices for Sharepoint 2007

AvePoint also have a popular product (DocAve) in addition to the two listed 
below. I would strongly recommend against DPM 2007.

Cheers
Ken

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Friday, 9 October 2009 8:49 PM
To: NT System Admin Issues
Subject: RE: Backup/Restore best practices for Sharepoint 2007

Indeed.

I can confirm both Veritas NetBackup and CommVault Simpana both have Sharepoint 
agent document-level capability.

We are moving from the former to the latter.

-sc

From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Friday, October 09, 2009 8:40 AM
To: NT System Admin Issues
Subject: Re: Backup/Restore best practices for Sharepoint 2007

You'll need to have a backup solution that is Sharepoint aware not just SQL 
aware.  Backup Exec has an agent specifically for Sharepoint that will do the 
document level backup/restore you are asking for.  Otherwise, if you just rely 
on SQL backups, you'll have to restore the entire SQL db to recover, which 
means everything since the backup is lost.  I think most of the major backup 
software packages have something like BE has now for Sharepoin

RE: Windows 7 KMS

[Tim Evans]

I did it and only added my R2 KMS key and it all works, including Windows 7. My 
only problem was getting enough activation for the Windows 7 stuff to activate.

...Tim

From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Friday, October 30, 2009 11:46 AM
To: NT System Admin Issues
Subject: Windows 7 KMS

Has anyone successfully added a Windows7 KMS key to a 2008 KMS server?

I have installed KB968912 and have rebooted.  I also installed my R2 key, which 
was successful.  However, KMS won't accept the W7 KMS key.  Google searches 
seem to indicate this may be a common problem.

Thanks,

BF







~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Windows 7 KMS

[Tim Evans]

I don't think it did it before, but slmgr.vbs /dlv tells you how many 
activations you have now.

...Tim

From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Friday, October 30, 2009 11:53 AM
To: NT System Admin Issues
Subject: RE: Windows 7 KMS

Ahh... Crap.  Forgot about the minimum.

From: Tim Evans [mailto:tev...@sparling.com]
Sent: Friday, October 30, 2009 2:49 PM
To: NT System Admin Issues
Subject: RE: Windows 7 KMS

I did it and only added my R2 KMS key and it all works, including Windows 7. My 
only problem was getting enough activation for the Windows 7 stuff to activate.

...Tim

From: Bob Fronk [mailto:b...@btrfronk.com]
Sent: Friday, October 30, 2009 11:46 AM
To: NT System Admin Issues
Subject: Windows 7 KMS

Has anyone successfully added a Windows7 KMS key to a 2008 KMS server?

I have installed KB968912 and have rebooted.  I also installed my R2 key, which 
was successful.  However, KMS won't accept the W7 KMS key.  Google searches 
seem to indicate this may be a common problem.

Thanks,

BF















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Can you say "lawsuit"? I knew you could...

[Tim Evans]

I wonder how much the testing companies paid to have that article posted?


...Tim

> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 27, 2008 9:58 AM
> To: NT System Admin Issues
> Subject: Can you say "lawsuit"? I knew you could...
>
> I wonder just exactly how valid these supposed forensics are. I'm
> willing to bet that their methods are, uh, a bit unsound.
>
> Mind you, I haven't taken a certification exam for nearly 15 years,
> and don't really think I will any time soon, but the approach taken
> here seems likely to cause real problems.
>
>
> http://www.networkworld.com/columnists/2008/082608musthaler.html
>
> "...the companies that create and own the tests have a virtually
> foolproof way to know whether you've used illegal materials when you
> take an exam..."
>
> and
>
> "Every time an individual takes a certification exam online, there are
> digital "fingerprints" that identify how long that person took to
> answer each question, whether he went back and changed any answers,
> and so on. Using data-forensics techniques, this digital evidence is
> analyzed for every exam taken. With incredible accuracy, the forensics
> reveal patterns that identify cheaters. Even inadvertent cheaters --
> those who didn't know they used illegal preparatory materials -- can
> be caught, but they are not distinguished from people who cheat
> intentionally."
>
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Can you say "lawsuit"? I knew you could...

[Tim Evans]

The way I see it, their goal is to ensure that you (quoting from the article) 
"Use the study materials recommended by the owner of the exam. Never buy or use 
sample questions and answers from unauthorized sources..."

Sounds like FUD to make sure that they get their cut from any preparation 
materials used.

...Tim


> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 27, 2008 10:53 AM
> To: NT System Admin Issues
> Subject: RE: Can you say "lawsuit"? I knew you could...
>
> The certifying entities have nothing to gain and much to lose by
> incorrectly labeling a test-taker as a cheater. Maybe I'm being naïve,
> but I would assume that they would feel pretty confident in a
> technology like this before making use of it.
>
> Of course, as Tim perhaps was implying, maybe their goal is just to
> shake people up. I just read the article twice, and unless I missed it,
> no one actually said they were going to be doing this--they only said
> they *could* do it.
>
>
>
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> 318 North Clark Street
> Perry, FL 32347
>
> www.taylor.k12.fl.us
>
>
>
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 27, 2008 12:58 PM
> To: NT System Admin Issues
> Subject: Can you say "lawsuit"? I knew you could...
>
> I wonder just exactly how valid these supposed forensics are. I'm
> willing to bet that their methods are, uh, a bit unsound.
>
> Mind you, I haven't taken a certification exam for nearly 15 years,
> and don't really think I will any time soon, but the approach taken
> here seems likely to cause real problems.
>
>
> http://www.networkworld.com/columnists/2008/082608musthaler.html
>
> "...the companies that create and own the tests have a virtually
> foolproof way to know whether you've used illegal materials when you
> take an exam..."
>
> and
>
> "Every time an individual takes a certification exam online, there are
> digital "fingerprints" that identify how long that person took to
> answer each question, whether he went back and changed any answers,
> and so on. Using data-forensics techniques, this digital evidence is
> analyzed for every exam taken. With incredible accuracy, the forensics
> reveal patterns that identify cheaters. Even inadvertent cheaters --
> those who didn't know they used illegal preparatory materials -- can
> be caught, but they are not distinguished from people who cheat
> intentionally."
>
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Can you say "lawsuit"? I knew you could...

[Tim Evans]

Well, it is diverging into another topic, but isn't that what most of the MCSE 
tests are anyway, memorizing the answers to questions rather than demonstrating 
an understanding of the subject? Or, have they changed recently?

...Tim


> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 27, 2008 11:17 AM
> To: NT System Admin Issues
> Subject: RE: Can you say "lawsuit"? I knew you could...
>
> You're so cynical!  :-)  Maybe they just want to make sure people are
> actually learning the content rather than memorizing brain dumps. I
> know that GMAC--the organization behind the GMAT assessment that's
> required for entry into business school--has made similar moves,
> cracking down on people it found participating in forums on brain dump
> sites. Thankfully, the only forum I participated in when studying made
> it very clear that verbatim posting of questions would not be
> tolerated.
>
>
>
>
> -Original Message-
> From: Tim Evans [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 27, 2008 2:03 PM
> To: NT System Admin Issues
> Subject: RE: Can you say "lawsuit"? I knew you could...
>
> The way I see it, their goal is to ensure that you (quoting from the
> article) "Use the study materials recommended by the owner of the exam.
> Never buy or use sample questions and answers from unauthorized
> sources..."
>
> Sounds like FUD to make sure that they get their cut from any
> preparation materials used.
>
> ...Tim
>
>
> > -Original Message-
> > From: John Hornbuckle [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, August 27, 2008 10:53 AM
> > To: NT System Admin Issues
> > Subject: RE: Can you say "lawsuit"? I knew you could...
> >
> > The certifying entities have nothing to gain and much to lose by
> > incorrectly labeling a test-taker as a cheater. Maybe I'm being
> naïve,
> > but I would assume that they would feel pretty confident in a
> > technology like this before making use of it.
> >
> > Of course, as Tim perhaps was implying, maybe their goal is just to
> > shake people up. I just read the article twice, and unless I missed
> it,
> > no one actually said they were going to be doing this--they only said
> > they *could* do it.
> >
> >
> >
> >
> >
> > John Hornbuckle
> > MIS Department
> > Taylor County School District
> > 318 North Clark Street
> > Perry, FL 32347
> >
> > www.taylor.k12.fl.us
> >
> >
> >
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, August 27, 2008 12:58 PM
> > To: NT System Admin Issues
> > Subject: Can you say "lawsuit"? I knew you could...
> >
> > I wonder just exactly how valid these supposed forensics are. I'm
> > willing to bet that their methods are, uh, a bit unsound.
> >
> > Mind you, I haven't taken a certification exam for nearly 15 years,
> > and don't really think I will any time soon, but the approach taken
> > here seems likely to cause real problems.
> >
> >
> > http://www.networkworld.com/columnists/2008/082608musthaler.html
> >
> > "...the companies that create and own the tests have a virtually
> > foolproof way to know whether you've used illegal materials when you
> > take an exam..."
> >
> > and
> >
> > "Every time an individual takes a certification exam online, there
> are
> > digital "fingerprints" that identify how long that person took to
> > answer each question, whether he went back and changed any answers,
> > and so on. Using data-forensics techniques, this digital evidence is
> > analyzed for every exam taken. With incredible accuracy, the
> forensics
> > reveal patterns that identify cheaters. Even inadvertent cheaters --
> > those who didn't know they used illegal preparatory materials -- can
> > be caught, but they are not distinguished from people who cheat
> > intentionally."
> >
> >
> > Kurt
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Friday Fun - 80's Music Quiz

[Tim Evans]

Sorry, I don't keep up with the new stuff.

...Tim

From: Sherry Abercrombie [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2008 5:48 AM
To: NT System Admin Issues
Subject: OT: Friday Fun - 80's Music Quiz

Ok, so lets have a little fun here on the last Friday in August.  There are at 
least 45 songs mentioned in this story, most from the 80's.  The rules:

1.  Name the song title
2.  Name the artist
3.  No cheating.  Do this from memory.  Don't Google or use any other internet 
resource for your answers.
4.  Have fun!!

I'll post the answers when it looks like all guessing is done.

Disclaimer:  I didn't write this, it is from a gaming forum that I'm a member 
of, but I was the winner because I managed to find all the songs.

The window lickers went on strike yesterday.  I was too sexy for their 
shirts...too sexy for my shirt...but not too sexy for my Kia.  And they didn't 
like that I wore my sunglasses at night while driving my Little Red Corvette.  
So they jammed to Panama and told me they were coming back to get me.  One 
window licker pulled his tongue off of the windshield and screamed, "If I had a 
photograph of you...there would be something to remind me..."  So, with a Rebel 
Yell I hollered back, "I want more, more, more! And I will shake you all night 
long!"  So I jammed in my fast machine that I keep the motor clean, and it 
looks like I will be dancing with myself for awhile.  This situation is 
spinning right 'round...like a record baby...'round, 'round.  You don't mess 
with a missionary man!  I know, I know.  I hear you dudes - I need to relax and 
don't do it, but what if I want to go through it?

The shortbusians need to know that I am the king of rock, there is none higher, 
and all their MC's will call me sire...and that to rock my kingdom they must 
use fire, cause I won't stop rock'in 'til I retire!  Until then, they can 
listen to me on the Mexican Radio as they drive to Panama, and listen in 
stereo.  Besides, they all wear pink and live in pink houses.  I know they look 
pretty in pink, and I tell them all of the time "dudes, what I like about you, 
is that you are the sultans of swing.  But I wear my sunglasses at night 
because you freaks are blinding me with science."

Chief window licker stopped the car and pulled out a sledgehammer, she is a 
goody two shoes, but had a look in her eyes that creeped me out.  I think she 
was thinking about burning down the house.  She came at me with pure energy, 
while turning Japanese. One dude turned up the radio, and chief let out a war 
cry.  She howled, "We're not gonna take!  No! We ain't gonna take it anymore!" 
She was coming so fast at me I thought, "If she hits me, it will cut like a 
knife, and I wouldn't have the reflex to take these broken wings (I fell 
earlier in the day on my arms), and bang a gong and get it on."  But I did 
notice that she was a pretty woman, and I thought, "She's got legs..."  And as 
fast as she was running at me with her sledgehammer, I also thought, "And she 
knows how to use them..."

In conclusion, I grabbed the little mite, unleashed some TNT on her, and said, 
"I will rock you like a hurricane dude! I would walk 500 miles on your forehead 
and toss you under the last train to Clarksville!  You are now loosing your 
religion and there ain't no sunshine when she's gone, there ain't no mountain 
high enough for you to be safe!  Ya dig, der kommisar?"

So they turned and went their way, and I my way.  we crossed a bridge over 
troubled waters and will get back to normal soon.  Man, everybody wants to rule 
the world, they want to be their own personal Jesus.  We took one last look at 
each other I, as I smiled at her, I said, "Hey chief, good girls don't...got 
it."  I think her name is Roxanne.


--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Cleanup script / safe to delete stuff

[Tim Evans]

All of mine have a %windir%\$hf_mig$ directory with a bunch of KB## 
directories in it. Also a bunch of %windir%\KB##.log files.

...Tim


> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 28, 2008 1:30 PM
> To: NT System Admin Issues
> Subject: Re: Cleanup script / safe to delete stuff
>
> I'm getting near making the script public, and I want to know if
> anyone knows of any additional hidden/compressed Windows
> Update-related un-install directories than what I have here:
>
>
> %windir%\$NtServicePackUninstall*$
>   "old Windows Service Pack uninstall dirs"
> "%windir%\$NTUpdate*$\
>   "old Windows Update Rollup uninstall dirs"
> "%windir%\$NTUninstall*$
>   "old Windows Hotfix uninstall dirs"
> "%windir%\$SQLUninstall*$
>   "old SQL Hotfix uninstall dirs"
> "%windir%\$ExchUninstall*$
>   "old Exchange Hotfix uninstall dirs"
> "%windir%\$MSI*$
>   "old MSI installer upgrade uninstall dirs"
>
> TIA
>
>
>
> On Mon, Aug 11, 2008 at 8:13 AM, Micheal Espinola Jr
> <[EMAIL PROTECTED]> wrote:
> > Thanks.  I do know about CCleaner - but I am more interested in
> > something that is wholy a script that "plugs" into other scripts I
> > have written, and that can be continuously customized.  My script
> also
> > "cleans" a couple locations that ccleaner doesnt - which are things
> > more specific to a controlled corp. environment.
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Cleanup script / safe to delete stuff

[Tim Evans]

I've deleted the KB* directories in it without any apparent problems.

...Tim

> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 29, 2008 9:39 AM
> To: NT System Admin Issues
> Subject: Re: Cleanup script / safe to delete stuff
>
> $hf_mig$ is *not* safe to delete, but it looks like I have everything
> else covered.
>
>
> On Fri, Aug 29, 2008 at 11:19 AM, Tim Evans <[EMAIL PROTECTED]>
> wrote:
> > All of mine have a %windir%\$hf_mig$ directory with a bunch of
> KB## directories in it. Also a bunch of %windir%\KB##.log
> files.
> >
> > ...Tim
> >
> >
> >> -Original Message-
> >> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> >> Sent: Thursday, August 28, 2008 1:30 PM
> >> To: NT System Admin Issues
> >> Subject: Re: Cleanup script / safe to delete stuff
> >>
> >> I'm getting near making the script public, and I want to know if
> >> anyone knows of any additional hidden/compressed Windows
> >> Update-related un-install directories than what I have here:
> >>
> >>
> >> %windir%\$NtServicePackUninstall*$
> >>   "old Windows Service Pack uninstall dirs"
> >> "%windir%\$NTUpdate*$\
> >>   "old Windows Update Rollup uninstall dirs"
> >> "%windir%\$NTUninstall*$
> >>   "old Windows Hotfix uninstall dirs"
> >> "%windir%\$SQLUninstall*$
> >>   "old SQL Hotfix uninstall dirs"
> >> "%windir%\$ExchUninstall*$
> >>   "old Exchange Hotfix uninstall dirs"
> >> "%windir%\$MSI*$
> >>   "old MSI installer upgrade uninstall dirs"
> >>
> >> TIA
> >>
> >>
> >>
> >> On Mon, Aug 11, 2008 at 8:13 AM, Micheal Espinola Jr
> >> <[EMAIL PROTECTED]> wrote:
> >> > Thanks.  I do know about CCleaner - but I am more interested in
> >> > something that is wholy a script that "plugs" into other scripts I
> >> > have written, and that can be continuously customized.  My script
> >> also
> >> > "cleans" a couple locations that ccleaner doesnt - which are
> things
> >> > more specific to a controlled corp. environment.
> >> --
> >> ME2
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
>
>
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Cleanup script / safe to delete stuff

[Tim Evans]

Well, YMMV, but I've never had any problems. Of course, you can't uninstall the 
patch after you remove it (that's what it looks like is stored there - the 
original files)


...Tim


> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 29, 2008 10:10 AM
> To: NT System Admin Issues
> Subject: Re: Cleanup script / safe to delete stuff
>
> Really?  I've read repeatedly by MS staffers that you shouldn't touch
> that dir.
>
> On Fri, Aug 29, 2008 at 12:50 PM, Tim Evans <[EMAIL PROTECTED]>
> wrote:
> > I've deleted the KB* directories in it without any apparent problems.
> >
> > ...Tim
> >
> >> -Original Message-
> >> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> >> Sent: Friday, August 29, 2008 9:39 AM
> >> To: NT System Admin Issues
> >> Subject: Re: Cleanup script / safe to delete stuff
> >>
> >> $hf_mig$ is *not* safe to delete, but it looks like I have
> everything
> >> else covered.
> >>
> >>
> >> On Fri, Aug 29, 2008 at 11:19 AM, Tim Evans <[EMAIL PROTECTED]>
> >> wrote:
> >> > All of mine have a %windir%\$hf_mig$ directory with a bunch of
> >> KB## directories in it. Also a bunch of %windir%\KB##.log
> >> files.
> >> >
> >> > ...Tim
> >> >
> >> >
> >> >> -Original Message-
> >> >> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> >> >> Sent: Thursday, August 28, 2008 1:30 PM
> >> >> To: NT System Admin Issues
> >> >> Subject: Re: Cleanup script / safe to delete stuff
> >> >>
> >> >> I'm getting near making the script public, and I want to know if
> >> >> anyone knows of any additional hidden/compressed Windows
> >> >> Update-related un-install directories than what I have here:
> >> >>
> >> >>
> >> >> %windir%\$NtServicePackUninstall*$
> >> >>   "old Windows Service Pack uninstall dirs"
> >> >> "%windir%\$NTUpdate*$\
> >> >>   "old Windows Update Rollup uninstall dirs"
> >> >> "%windir%\$NTUninstall*$
> >> >>   "old Windows Hotfix uninstall dirs"
> >> >> "%windir%\$SQLUninstall*$
> >> >>   "old SQL Hotfix uninstall dirs"
> >> >> "%windir%\$ExchUninstall*$
> >> >>   "old Exchange Hotfix uninstall dirs"
> >> >> "%windir%\$MSI*$
> >> >>   "old MSI installer upgrade uninstall dirs"
> >> >>
> >> >> TIA
> >> >>
> >> >>
> >> >>
> >> >> On Mon, Aug 11, 2008 at 8:13 AM, Micheal Espinola Jr
> >> >> <[EMAIL PROTECTED]> wrote:
> >> >> > Thanks.  I do know about CCleaner - but I am more interested in
> >> >> > something that is wholy a script that "plugs" into other
> scripts I
> >> >> > have written, and that can be continuously customized.  My
> script
> >> >> also
> >> >> > "cleans" a couple locations that ccleaner doesnt - which are
> >> things
> >> >> > more specific to a controlled corp. environment.
> >> >> --
> >> >> ME2
> >> >>
> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog!
> ~
> >> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >> >
> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >> >
> >>
> >>
> >>
> >> --
> >> ME2
> >>
> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
>
>
>
> --
> ME2
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OT:Windows 2008 training

[Tim Evans]

Mark Minasi has a 2 day Server 2008 Training class that he has put on CD's.
http://www.minasi.com/2008class/audio/

I haven't seen the Server 2008 class, but I thought the one he put together on 
Vista was pretty good.


...Tim

From: Brumbaugh, Luke [mailto:[EMAIL PROTECTED]
Sent: Monday, September 08, 2008 7:45 AM
To: NT System Admin Issues
Cc: Miracle, Matt
Subject: OT:Windows 2008 training


Can anyone recommend a good windows 2008 training?  Or is it too early yet?

I can't really find much on google as far as CBTs.

Luke L. Brumbaugh

Network Engineer

Butler Animal Health Supply

Ph:(614) 659-1736

**

CONFIDENTIALITY NOTICE: The information transmitted in this message is intended 
only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any review, retransmission, 
dissemination or other use of this information by persons or entities other 
than the intended recipient is prohibited. If you received this in error, 
please contact the sender and destroy all copies of this document. Thank you.

Butler Animal Health Supply

**








~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Printer Login Script Help

[Tim Evans]

But how does the expression:  Const ENGINEERING_GROUP = "cn=engineering"

involve an operator? An example from the link below shows: Const MyVar = 459
He is setting a constant to the string value: "cn=engineering"

...Tim

From: Joe Tinney [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 10:34 AM
To: NT System Admin Issues
Subject: RE: Printer Login Script Help

VBScript Constants can't contain operators.

http://msdn.microsoft.com/en-us/library/16twy8ed(VS.85).aspx

"You also can't create a constant from any expression that involves an 
operator, that is, only simple constants are allowed."

From: Joseph L. Casale [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 11:53 AM
To: NT System Admin Issues
Subject: RE: Printer Login Script Help

Guys,
So why when my line:
Const ENGINEERING_GROUP = "cn=engineering"
looks like that, it doesnt work, but when iut looks liek this:
ENGINEERING_GROUP = "cn=engineering"
it works?



Thanks!
jlc


From: Pete Howard [EMAIL PROTECTED]
Sent: Thursday, September 11, 2008 8:19 PM
To: NT System Admin Issues
Subject: Re: Printer Login Script Help
I hear ya.. been there

- Original Message 
From: Joseph L. Casale <[EMAIL PROTECTED]>
To: NT System Admin Issues 
Sent: Thursday, September 11, 2008 9:43:52 PM
Subject: RE: Printer Login Script Help
Looks a lot like my script!

Didn't mean to be lazy, I just need a gift right now, lol...


Thanks!
jlc

From: Pete Howard [EMAIL PROTECTED]
Sent: Thursday, September 11, 2008 7:09 PM
To: NT System Admin Issues
Subject: Re: Printer Login Script Help
Im not at work but we use something like this from microsoft:

http://technet.microsoft.com/en-us/library/cc758918.aspx

Const ENGINEERING_GROUP = "cn=engineering"

Const FINANCE_GROUP = "cn=finance"

Const HUMAN_RESOURCES_GROUP = "cn=human resources"



Set wshNetwork = CreateObject("WScript.Network")

wshNetwork.MapNetworkDrive "h:",

"\\FileServer\Users\" & wshNetwork.UserName



Set ADSysInfo = CreateObject("ADSystemInfo")

Set CurrentUser = GetObject("LDAP://" &

ADSysInfo.UserName)

strGroups = LCase(Join(CurrentUser.MemberOf))



If InStr(strGroups, ENGINEERING_GROUP) Then



wshNetwork.MapNetworkDrive "g:",

"\\FileServer\Engineering\"

wshNetwork.AddWindowsPrinterConnection

"\\PrintServer\EngLaser"

wshNetwork.AddWindowsPrinterConnection

"\\PrintServer\Plotter"

wshNetWork.SetDefaultPrinter

"\\PrintServer\EngLaser"



ElseIf InStr(strGroups, FINANCE_GROUP) Then



wshNetwork.MapNetworkDrive "g:",

"\\FileServer\Finance\"

wshNetwork.AddWindowsPrinterConnection

"\\PrintServer\FinLaser"

wshNetWork.SetDefaultPrinter

"\\PrintServer\FinLaser"



ElseIf InStr(strGroups, HUMAN_RESOURCES_GROUP) Then



wshNetwork.MapNetworkDrive "g:",

"\\FileServer\Human Resources\"

wshNetwork.AddWindowsPrinterConnection

"\\PrintServer\HrLaser"

wshNetWork.SetDefaultPrinter

"\\PrintServer\HrLaser"



End If


- Original Message 
From: Joseph L. Casale <[EMAIL PROTECTED]>
To: NT System Admin Issues 
Sent: Thursday, September 11, 2008 8:43:50 PM
Subject: RE: Printer Login Script Help
Not using R2 on the dc or print server.
VBS is what my login script uses. I can do this via GPO natively (running 
Win2003 AD)?

Thanks guys!
jlc

From: Pete Howard [EMAIL PROTECTED]
Sent: Thursday, September 11, 2008 6:41 PM
To: NT System Admin Issues
Subject: Re: Printer Login Script Help
You want cmd, vbs gpo or other ?

- Original Message 
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: NT System Admin Issues 
Sent: Thursday, September 11, 2008 8:32:04 PM
Subject: RE: Printer Login Script Help

Are you running R2?  It has the ability to push out printers via GPOs.


Original Message:
-
From: Joseph L. Casale [EMAIL PROTECTED]
Date: Thu, 11 Sep 2008 18:05:11 -0600
To: 
ntsysadmin@lyris.sunbelt-software.com
Subject: Printer Login Script Help


I need some help guys,
While I am deploying everything, I am thinking that the *last* thing I had
planned to fix was the way the previous guy setup printers.

I have one print server with a handful of queues I need to add to every
profile. I need to do this via group membership.

Anyone have anything canned they can spare me? Its gonna be a late one :P

Thanks!
jlc

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


mail2web.com - Microsoft(r) Exchange solutions from a 
leading provider -
http://link.mail2web.com/Business/Exchange



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win2008 activation

[Tim Evans]

Windows IT Pro has a good article on it, but it is only available for 
subscribers. Its' InstantDoc #98153 at http://windowsitpro.com

...Tim


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 15, 2008 10:31 AM
> To: NT System Admin Issues
> Subject: Win2008 activation
>
> Wow, I've never been so overwhelmed with trying to understand how to
> activate a product.
>
> I want to start using a single Windows 2008 Standard Server so I can
> begin
> learning it.  However, it seems like I cannot activate the product via
> KMS
> (which I don't even have setup anywhere) because you need (5) Windows
> 2008
> Server licenses in use to even begin using KMS.  So, without using KMS,
> how
> should I activate this product?
>
> The product key I have is from one of my license agreements and is
> listed
> as "Windows 2008 Std/Ent - KMS".
>
> I've read numerous things from
> http://www.microsoft.com/windowsserver2008/en/us/licensing.aspx but
> still
> don't quite understand exactly what I need to do.  This seems a bit
> more
> bloated than it should be...   Should I phone in the activation or use
> some
> other method?
>
> Thanks
> JR
>
>
>
>
> 
> mail2web - Check your email from the web at
> http://link.mail2web.com/mail2web
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Interesting read on Symantec's latest effort

[Tim Evans]

http://www.stuff.co.nz/4668507a28.html

Quote:
"But is it still protecting us properly? Symantec assures me it is, and even 
better than ever."

OK, I'm a believer :-) At least it sounds like they have finally understood 
their fatal flaw and are making attempts to fix it.


...Tim


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: SysInternals Updates

[Tim Evans]

I saw an interview with him recently. He said that programming Sysinternals was 
his hobby and way of relaxing, so it sounds like they will continue to be 
improved. In the same interview, he said that many of the old Winternal tools 
were being migrated into other products, like MDOP, etc.


...Tim

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 01, 2008 2:36 PM
> To: NT System Admin Issues
> Subject: RE: SysInternals Updates
>
> I hope they allow Mark to continue to publish (and that he wants to).
>
> The only real downsides are that they no longer publish the source code
> for
> the sysinternals tools (which was really interesting to look at), and
> all
> the winternals products are gone.
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 01, 2008 5:27 PM
> To: NT System Admin Issues
> Subject: RE: SysInternals Updates
>
> And to think I was scared all those sweet free tools would disappear
> when MS
> bought them.
>
> It appears to be the exact opposite... that looks sweet, Thanks for the
> heads up.
>
> -troy
>
> -Original Message-
> From: Andy Ognenoff [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, October 01, 2008 2:22 PM
> To: NT System Admin Issues
> Subject: SysInternals Updates
>
> Awesome!
>
> http://technet.microsoft.com/en-us/sysinternals/default.aspx
>
> Process Monitor 2.0
> "This major update to Process Monitor adds real-time TCP and UDP
> monitoring
> to its existing process, thread, DLL, file system and registry
> monitoring.
> You can now see the TCP and UDP activity processes performed, including
> the
> operation (e.g. connect, send, receive), local and remote IP addresses
> and
> DNS names, and operation transfer lengths. On Windows Vista, Process
> Monitor
> also collects thread stacks for network operations."
>
>  - Andy O.
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OCS questions

[Tim Evans]

I agree that it seems like a design flaw. I usually am away from my computer 
when I'm in a meeting.

...Tim

From: Kevin Lundy [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2008 10:11 AM
To: NT System Admin Issues
Subject: Re: OCS questions

If that is the way the presence is supposed to work, I believe that is a design 
flaw (opinion).  If I have a meeting scheduled, it should say "in a meeting" 
whether I'm at my computer or not.

So based on the statistically invalid response of one, looks like we do have 
something to research on the random authentication.

No, we aren't rolling out the voice part.  We are fully Cisco VoIP.  I've got 
Unity and CM upgrades to do and a IPIP gateway to purchase and install before I 
can integrate the two.  And that is a low priority for us.
On Fri, Oct 10, 2008 at 12:59 PM, Tim Evans <[EMAIL PROTECTED]<mailto:[EMAIL 
PROTECTED]>> wrote:

Oh, cool! Someone else is going thru the same thing I am



1. I believe that's the way presence is supposed to work, at least that's 
the way it does here. Actually, if I have something on my calendar and I lock 
my PC, my jelly bean turns half red/half yellow.

2. I don't get prompted to authenticate to read the address book (from a PC 
that is a domain member), but we've been having some issues some users getting 
random prompts for authentication to the MB server or the CAS server (Ex 07 
here). I figure that's a problem with Exchange configuration that I'm still 
chasing



Did you set up the enterprise voice and everything? That's pretty sweet.





...Tim



From: Kevin Lundy [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Friday, October 10, 2008 8:35 AM
To: NT System Admin Issues
Subject: OCS questions



We just installed OCS Enterprise.  Currently pre-production.  Exchange 2003. 
Native 2003 AD.



Couple of questions:



1) It appears to be reading info properly from Exchange for calendar.  The 
presence is not showing as I would have expected.  If I have a meeting 
scheduled, the presence shows as "in a meeting" to team members as long as I'm 
at my desk during that time.  However, if I lock my computer (such as for a 
meeting in a conference room), the presence changes to "away".  So is this 
working as designed or do we have some trouble shooting to do?



2) Twice in the past 2 days, OCS has prompted me for my credentials to read the 
address book.  This has happened long after I'm logged into XP and into 
Communicator, and while I'm actively working, but not using Communicator.  So 
again, is this working as designed, or another problem for us to investigate?



Thanks

Kevin















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: OCS questions

[Tim Evans]

Oh, cool! Someone else is going thru the same thing I am


1. I believe that's the way presence is supposed to work, at least that's 
the way it does here. Actually, if I have something on my calendar and I lock 
my PC, my jelly bean turns half red/half yellow.

2. I don't get prompted to authenticate to read the address book (from a PC 
that is a domain member), but we've been having some issues some users getting 
random prompts for authentication to the MB server or the CAS server (Ex 07 
here). I figure that's a problem with Exchange configuration that I'm still 
chasing

Did you set up the enterprise voice and everything? That's pretty sweet.


...Tim

From: Kevin Lundy [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2008 8:35 AM
To: NT System Admin Issues
Subject: OCS questions

We just installed OCS Enterprise.  Currently pre-production.  Exchange 2003. 
Native 2003 AD.

Couple of questions:

1) It appears to be reading info properly from Exchange for calendar.  The 
presence is not showing as I would have expected.  If I have a meeting 
scheduled, the presence shows as "in a meeting" to team members as long as I'm 
at my desk during that time.  However, if I lock my computer (such as for a 
meeting in a conference room), the presence changes to "away".  So is this 
working as designed or do we have some trouble shooting to do?

2) Twice in the past 2 days, OCS has prompted me for my credentials to read the 
address book.  This has happened long after I'm logged into XP and into 
Communicator, and while I'm actively working, but not using Communicator.  So 
again, is this working as designed, or another problem for us to investigate?

Thanks
Kevin





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: OCS 2007 infrastructure for remote offices

[Tim Evans]

No, you don't need an OCS server at each site, although MS would probably like 
to see that.

You can set up an edge server so that the OCS server can be accessed from 
anywhere (outbound firewall rules permitting) or you can just connect to it 
over a WAN. We have one front end server serving 4 different sites. While it 
isn't fully deployed yet, we haven't noticed any problems, even when connecting 
over the internet.

The only catch you'll find is that wherever you put your gateway is the only 
place that inbound or outbound PSTN calls can be routed. If your various PBX's 
are interconnected, calls can be routed there too, but it doesn't sound like 
that is the case.


...Tim


> -Original Message-
> From: Steve Burkett [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 14, 2008 9:52 AM
> To: NT System Admin Issues
> Subject: OCS 2007 infrastructure for remote offices
> 
> Okay, David's got me thinking of a real dumb question that I can't find
> a simple answer.
> 
> I'm gonna take a look at OCS 2007 soon, but 'management' initially
> poo-poo'ed the idea as they said it required an OCS server at each
> location you wanted phones. I can't believe that fact to be true -
> we've
> got about 50 offices worldwide, 10-20 of those with 3-4 users in and
> there's no way we're putting in 50 OCS servers.
> 
> What's the options with getting remote offices on the system, but
> without the need for having OCS servers at their locations? Some of
> these offices have existing IP PBX's, some have analog PBX's, some have
> no PBX.
> 
> 
> Any help appreciated!
> 
> Steve.
> 
> ===
> STEMCOR CONFIDENTIALITY AND DISCLAIMER NOTICE
> This e-mail is intended only for the addressees named in it. The
> contents should not be disclosed to any other person nor copies taken.
> Any views or opinions presented are solely those of the sender and do
> not necessarily represent those of Stemcor unless otherwise
> specifically stated. Stemcor does not accept legal responsibility for
> the contents of this message nor responsibility for any change made to
> it after it was sent by the original sender. You are advised to carry
> out a virus check before opening any attachment as Stemcor does not
> accept liability for any damage sustained as a result of any software
> viruses. You should be aware that Stemcor reserves the right to read
> incoming and outgoing emails.
> ===
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: CA 2003 Enteprise

[Tim Evans]

You can request any kind of certificate from the CA that you have the correct 
permissions to request. The ones you are allowed to request are shown in the 
template drop down in the web interface. If the one you need isn't shown there, 
you'll have to adjust the permissions on that template on CA server.

Some certificates can be user or computer based, like the default web server 
cert. If the template can be used as a computer cert, you'll see further down 
on the page you'll see a check box for "Store certificate in the local computer 
certificate store". I don't know what this will do on a Mac - you may need to 
download the cert, save it to the local drive, and then run whatever import 
wizard they have on the Mac.

...Tim


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 03, 2008 7:35 AM
> To: NT System Admin Issues
> Subject: CA 2003 Enteprise
> 
> This has me baffled.
> 
> I have a Windows 2003 Enterprise server running as a CA.  I need to
> find a
> way to setup computer based certificates on non-XP machine (Mac OS
> 10.5).
> 
> I cannot seem to figure out how to create machine certificates properly
> or
> even request them.
> 
> I've been able to get XP machines (that are part of the domain) a
> computer
> certificate through group policy and auto enrollment.  However, I'm not
> sure how to manually request a computer based certificate.  Going
> through
> the web interface (http://ip-addr/certsrv) does not allow you to
> request a
> computer based cert.
> 
> Does anyone know how to (or has anyone successfully done this) setup a
> computer based certificate on a computer on a non-XP box to a Win 2k3
> Enterprise CA?
> 
> Reading the MS whitepages on CA makes my head spin.
> 
> JR
> 
> 
> mail2web.com - Microsoft(r) Exchange solutions from a leading provider -
> http://link.mail2web.com/Business/Exchange
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Upgrade DCs from 2003 to 200 R2

[Tim Evans]

There is a schema update that needs to be applied, but there is no new 
functional level.


...Tim

From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2008 7:24 AM
To: NT System Admin Issues
Subject: RE: Upgrade DCs from 2003 to 200 R2

Yep, my three key sticks sometimes.  :)  I gather there's a different 
functional level with R2, since I've just brought up a new R2 server on a new 
network segment, and when I tried to DCPROMO it, it reported our forest/domain 
were not at the proper level.  Yet when I go to any of the Win2k3 DCs, they 
report they're already at the highest level.   Bummer.  There goes another 
weekend.

- Philip

This communication, including attachments, is for the exclusive use of 
addressee and may contain proprietary, confidential and/or privileged 
information. If you are not the intended recipient, any use, copying, 
disclosure, dissemination or distribution is strictly prohibited. If you are 
not the intended recipient, please notify the sender immediately by return 
e-mail, delete this communication and destroy all copies.


From: Kennedy, Jim [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2008 7:17 AM
To: NT System Admin Issues
Subject: RE: Upgrade DCs from 2003 to 200 R2

Assuming you mean 2003 R2 :), no there are no higher levels and there are no 
pitfalls. It is a non-event. The upgrade reminds me of a 'Feature Pack' like 
they had for windows 98. Some good stuff if you need it, and we certainly did 
for our file servers...but no big deal to do the upgrade.


From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2008 10:13 AM
To: NT System Admin Issues
Subject: Upgrade DCs from 2003 to 200 R2

Any pitfalls here anyone would like to warn me about?  :)  Domain and Forrest 
functional levels are already Windows 2003.  I gather there's a "higher" level 
with the R2 release?

Thanks.



Philip Hershey
















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Wierd Acrobat issue

[Tim Evans]

+1 and/or use a postscript driver if available

From: Steve Ens [mailto:stevey...@gmail.com]
Sent: Wednesday, November 18, 2009 7:49 AM
To: NT System Admin Issues
Subject: Re: Wierd Acrobat issue

Yes, almost always print as image.  Will cause you less grief.  Adobe products 
don't play well with most print drivers.
On Wed, Nov 18, 2009 at 9:46 AM, Maglinger, Paul 
mailto:pmaglin...@scvl.com>> wrote:
Do you have the option to "print text as graphics"?

From: Scott Schneider 
[mailto:sschnei...@inscapesolutions.com]
Sent: Wednesday, November 18, 2009 9:37 AM

To: NT System Admin Issues
Subject: RE: Wierd Acrobat issue

We have had similar issues with a older model Kyocera. We had to update the 
printer drivers to resolve it.


From: John Aldrich 
[mailto:jaldr...@blueridgecarpet.com]
Sent: November-18-09 10:25 AM
To: NT System Admin Issues
Subject: Wierd Acrobat issue
I have a user who was trying to print to a Lexmark laser printer from Adobe 
Acrobat (not acrobat reader, Acrobat Standard.) It "gummed" up his printer and 
caused it to refuse to print until it was power-cycled. Printing from Adobe 
Reader is just fine. Anyone know what the deal may be and how to fix it? 
Acrobat is 8.1 Standard. Adobe Reader 8.1 works fine as previously mentioned.

Thanks!

[cid:image001.jpg@01CA6829.E5C3E950][cid:image002@01ca6829.e5c3e950]



















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: mobile domanin names

[Tim Evans]

That has not been everyone's experience:  http://nodaddy.com/


From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com]
Sent: Wednesday, November 18, 2009 9:09 AM
To: NT System Admin Issues
Subject: RE: mobile domanin names

GoDaddy
No problems whatsoever.




From: Dave Eldridge [mailto:dave.eldri...@gmail.com]
Sent: Wednesday, November 18, 2009 12:05 PM
To: NT System Admin Issues
Subject: Re: mobile domanin names
I know this has been asked before but what are some domain resellers that 
everyone uses. are there any to stay away from? godaddy? etc..
thanks
On Wed, Nov 18, 2009 at 8:15 AM, Andrew Levicki 
mailto:and...@levicki.me.uk>> wrote:
I can register it with my domain reseller.
2009/11/18 Dave Eldridge 
mailto:dave.eldri...@gmail.com>>

.mobi
anyone know if these should be available thru any registrar?

i was checking for another company and they don't have it. Is this restricted 
to top level only?



















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: ANNOUNCEMENT: Job Hunting Assistance

[Tim Evans]

Hi Andrew,
I'd be interested in hearing what Kevin has to say.Please send the
conference bridge info when it is available.

Thanks

...Tim


On Fri, Nov 20, 2009 at 4:29 AM, Andrew S. Baker  wrote:
> Here's a follow-up (and a needed distraction from the silly political
> diversion)
>
> A colleague of mine is working with Kevin Donlin
> (http://www.linkedin.com/in/donlin) to put together a conference call
> (probably 30 min long) where Kevin would present a number of techniques that
> have been used by his clients to get new opportunities in recent months.
>
> If you would like to be in on this, please send me an email offline, and let
> me know and I will be able to ensure that we have the minimum 30 people
> needed for this event.
>
> Thanks!!!
>
> Also, thanks to those who have joined my LinkedIn network...
>
> ASB (My XeeSM Profile)
>
> Providing Competitive Advantage through Effective IT Leadership
>
>
>
> On Thu, Nov 19, 2009 at 10:44 AM, Andrew S. Baker  wrote:
>>
>> I can't speak for all parts of the country, but in the NY/NJ metro area,
>> things have started to pickup again on the recruitment front for IT
>> opportunities.  And I get the impression that a few other metro areas are
>> also recovering a little.
>>
>> There has been quite a bit of activity in the 4th quarter, and I expect to
>> see even more after the holidays.  (Q1 should be a lot more like 2006 than
>> we've seen in the past 18 or so months.)
>>
>> If you are looking, or preparing yourself for opportunities in any way, be
>> sure to let me know.  Also, feel free to connect to me via LinkedIn.  I am
>> receiving inquiries from recruiters almost daily at this point, for a
>> variety of sysadmin and development roles in the North East US, and a few
>> other parts of the country.
>>
>> I am more than happy to forward profiles of people I know who are looking,
>> or do other things to facilitate connections to companies and opportunities.
>>
>> As long as I know, I can help.  Let's take advantage of technology to help
>> each other out and get through these tough times.
>>
>> My LinkedIn profile can be accessed below...
>>
>> Thanks
>>
>>
>>
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Latitude access problem

[Tim Evans]

Have him boot off of http://www.piotrbania.com/all/kon-boot/ and reset the 
password. No reinstall needed

From: Len Hammond [mailto:lenhammo...@gmail.com]
Sent: Thursday, December 03, 2009 1:45 PM
To: NT System Admin Issues
Subject: Latitude access problem

Dell Latitude Genuises:

Just had a call from a customer. He decided to set an account password on his 
Latitude laptop three days ago. He did this after drinking a bottle of wine, 
and now he can't remember his password. He either typed it wrong twice when 
setting it or doesn't remember it. Either way he can't get into his machine. He 
also doesn't remember or can't figure out what the Admin password is either. He 
does own the box and apparently he recently talked with Dell about this 
specific Service Tag to get drivers for a refresh. This is the box he has been 
using for some class he is taking so he needs to get the data off of it. It 
runs fine, he just can't get into it.

He can pull the HDD and put it in an external case and attach it to another 
machine to grab the data before he wipes and reinstalls the OS. I have never 
tried to "repair" an operating system installation to reset passwords and I 
really think that will not work.  Anyway, he is going to try a repair before he 
pulls the drive and recovers his data and then rebuilds. I believe that there 
are no viruses involved, but it did sound like alcohol was involved .

Anyone have any thoughts, I can try or pass on to him?

Len Hammond
CSI:Hartland
lenhamm...@gmail.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Latitude access problem

[Tim Evans]

reset the administrator password?

From: Len Hammond [mailto:lenhammo...@gmail.com]
Sent: Thursday, December 03, 2009 2:44 PM
To: NT System Admin Issues
Subject: Re: Latitude access problem

That gets me in to the box but I don't seem to be able to change the password 
to his account. It says that it can't do it. At least we can easily get to his 
data.

Thanks for the help.

Len Hammond
CSI:Hartland
lenhamm...@gmail.com<mailto:lenhamm...@gmail.com>

On Thu, Dec 3, 2009 at 4:52 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
Have him boot off of http://www.piotrbania.com/all/kon-boot/ and reset the 
password. No reinstall needed

From: Len Hammond [mailto:lenhammo...@gmail.com<mailto:lenhammo...@gmail.com>]
Sent: Thursday, December 03, 2009 1:45 PM
To: NT System Admin Issues
Subject: Latitude access problem

Dell Latitude Genuises:

Just had a call from a customer. He decided to set an account password on his 
Latitude laptop three days ago. He did this after drinking a bottle of wine, 
and now he can't remember his password. He either typed it wrong twice when 
setting it or doesn't remember it. Either way he can't get into his machine. He 
also doesn't remember or can't figure out what the Admin password is either. He 
does own the box and apparently he recently talked with Dell about this 
specific Service Tag to get drivers for a refresh. This is the box he has been 
using for some class he is taking so he needs to get the data off of it. It 
runs fine, he just can't get into it.

He can pull the HDD and put it in an external case and attach it to another 
machine to grab the data before he wipes and reinstalls the OS. I have never 
tried to "repair" an operating system installation to reset passwords and I 
really think that will not work.  Anyway, he is going to try a repair before he 
pulls the drive and recovers his data and then rebuilds. I believe that there 
are no viruses involved, but it did sound like alcohol was involved .

Anyone have any thoughts, I can try or pass on to him?

Len Hammond
CSI:Hartland
lenhamm...@gmail.com<mailto:lenhamm...@gmail.com>














~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Latitude access problem

[Tim Evans]

Thanks for the feedback. I've never tried to use it that way, so I'll be sure 
to remember safe boot.

From: Len Hammond [mailto:lenhammo...@gmail.com]
Sent: Thursday, December 03, 2009 5:24 PM
To: NT System Admin Issues
Subject: Re: Latitude access problem

It failed to reset the user password - for the user account that had admin 
privs. Ended up using KonBoot to get to safe mode and went in to the 
Administrator account and reset the user password from there. He's in. 
Hopefully this time he'll remember what he chose for a password.

I guess I didn't remember there were so many choices to get where we needed to 
go. Thanks again for everyone that replied.

Len Hammond
CSI:Hartland
lenhamm...@gmail.com<mailto:lenhamm...@gmail.com>

On Thu, Dec 3, 2009 at 5:45 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
reset the administrator password?

From: Len Hammond [mailto:lenhammo...@gmail.com<mailto:lenhammo...@gmail.com>]
Sent: Thursday, December 03, 2009 2:44 PM

To: NT System Admin Issues
Subject: Re: Latitude access problem

That gets me in to the box but I don't seem to be able to change the password 
to his account. It says that it can't do it. At least we can easily get to his 
data.

Thanks for the help.

Len Hammond
CSI:Hartland
lenhamm...@gmail.com<mailto:lenhamm...@gmail.com>
On Thu, Dec 3, 2009 at 4:52 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
Have him boot off of http://www.piotrbania.com/all/kon-boot/ and reset the 
password. No reinstall needed

From: Len Hammond [mailto:lenhammo...@gmail.com<mailto:lenhammo...@gmail.com>]
Sent: Thursday, December 03, 2009 1:45 PM
To: NT System Admin Issues
Subject: Latitude access problem

Dell Latitude Genuises:

Just had a call from a customer. He decided to set an account password on his 
Latitude laptop three days ago. He did this after drinking a bottle of wine, 
and now he can't remember his password. He either typed it wrong twice when 
setting it or doesn't remember it. Either way he can't get into his machine. He 
also doesn't remember or can't figure out what the Admin password is either. He 
does own the box and apparently he recently talked with Dell about this 
specific Service Tag to get drivers for a refresh. This is the box he has been 
using for some class he is taking so he needs to get the data off of it. It 
runs fine, he just can't get into it.

He can pull the HDD and put it in an external case and attach it to another 
machine to grab the data before he wipes and reinstalls the OS. I have never 
tried to "repair" an operating system installation to reset passwords and I 
really think that will not work.  Anyway, he is going to try a repair before he 
pulls the drive and recovers his data and then rebuilds. I believe that there 
are no viruses involved, but it did sound like alcohol was involved .

Anyone have any thoughts, I can try or pass on to him?

Len Hammond
CSI:Hartland
lenhamm...@gmail.com<mailto:lenhamm...@gmail.com>























~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Consultant PC on your network

[Tim Evans]

Do you issue them ID's individually? How does that work?

From: Sherry Abercrombie [mailto:saber...@gmail.com]
Sent: Tuesday, December 08, 2009 5:50 AM
To: NT System Admin Issues
Subject: Re: Consultant PC on your network

We have a "guest" wireless access point in our DMZ for this, all they get is 
internet access from the DMZ and nothing on our network.  Guest ID's expire at 
the end of the work day.
On Mon, Dec 7, 2009 at 10:44 AM, David Lum 
mailto:david@nwea.org>> wrote:
What process do you guys use for allowing a consultant to put their PC on your 
"wire"? Surely there are some questions needing to be asked, like does it have 
AV and is patched, probably need to make sure it's not running some DHCP or 
other service that might disrupt your network, right?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764








--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Missing "find now" button

[Tim Evans]

Yes, I get the same thing here on both WS08R2 and WS08 SP2


From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Tuesday, December 08, 2009 2:02 PM
To: NT System Admin Issues
Subject: RE: Missing "find now" button

So, is anyone able to either replicate this or refute that it happens on their 
WS08 R2 boxen?  I even have a brand new R2 DC that was just built from DVD 
where this is happening.  If it looks like a bug, I'll probably ask our desktop 
admin to call PSS.

-B

From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Tuesday, December 08, 2009 6:58 AM
To: NT System Admin Issues
Subject: RE: Missing "find now" button

Yep-running GPMC as admin on both.

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, December 08, 2009 6:39 AM
To: NT System Admin Issues
Subject: RE: Missing "find now" button

You running that snap-in as an administrator?
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Tuesday, December 08, 2009 6:20 AM
To: NT System Admin Issues
Subject: Missing "find now" button

Not finding much on this on google...

On WS08 R2, run GPMC, edit a policy, expand User config\Preferences\Control 
Panel Settings\Printers

Add a printer and use the ... button to browse

On WS08 x64 SP2, I get this in the top half of the window:
[cid:image001.png@01CA7810.6E6D09D0]

On WS08 R2, I get this, with several (needed) buttons missing:
[cid:image002.png@01CA7810.6E6D09D0]

Can anyone else replicate this?  I am getting the same behavior on several WS08 
R2 dcs and a member server, pretty much anywhere in the scriptmaker preferences 
engine where you need to browse AD.  Browsing OUs for printers or browsing 
folders for drive maps are a few more examples.

Thanks,
-Bonnie

















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~<><>

RE: Missing "find now" button

[Tim Evans]

Neither do I. I meant to say that I get the same results as Bonnie on both

-Original Message-
From: Phil Brutsche [mailto:p...@optimumdata.com] 
Sent: Tuesday, December 08, 2009 2:32 PM
To: NT System Admin Issues
Subject: Re: Missing "find now" button

I don't see it on 2008 SP2.

Tim Evans wrote:
> Yes, I get the same thing here on both WS08R2 and WS08 SP2

-- 

Phil Brutsche
p...@optimumdata.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Windows KMS licensing

[Tim Evans]

The KMS for Vista/WS08 didn't count VM's towards the total count. The one with 
Win7/WS08R2 does count them.

From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Monday, December 14, 2009 5:12 AM
To: NT System Admin Issues
Subject: RE: Windows KMS licensing

Huh?  Hadn't heard that, but I also didn't watch the vid.  We also have VMs 
that are using KMS licensing and seem to need to activate just like any other 
install.

Maybe they are referring to the fact that depending on your installed server 
OS, VMs don't necessarily take a license?  For example, WS08 Ent. Gets 4 server 
VMs to run on it and you only pay for the one server license.

From: David Lum [mailto:david@nwea.org]
Sent: Friday, December 11, 2009 2:12 PM
To: NT System Admin Issues
Subject: RE: Windows KMS licensing

Thanks Bonnie, that (and the video link sent by Andrew) are the missing links I 
needed. I do show 2008 R2 KMS B as an available license. I don't plan on 
standing up 5 physical 2008 servers very quickly, so it's MAK'ing I go...

It's a bummer that VM's won't count toward the activation limit, which makes me 
wonder if you are a mostly VM shop you're stuck with MAK's.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764



From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu]
Sent: Friday, December 11, 2009 1:52 PM
To: NT System Admin Issues
Subject: RE: Windows KMS licensing

Yeah, but it also depends on your Key level.  With our KMS B key for WS08 R2 
(WS08 is the same), it only require 5 machines to check in before they start 
licensing.  But, the same server won't activate Vista/W7 until that count hits 
25.

Basically unless you stand up 5+ servers quickly, you have to license them with 
your MAK key first and then change it back later using the "default" key.  My 
boss, who does our licensing, had to call to get a MAK for WS08 R2 as it wasn't 
available on the Volume Licensing DL site-don't know if they've changed that or 
if it's still that way.

-Bonnie

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Friday, December 11, 2009 1:40 PM
To: NT System Admin Issues
Subject: RE: Windows KMS licensing

That sums it up.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: David Lum [mailto:david@nwea.org]
Sent: Friday, December 11, 2009 4:37 PM
To: NT System Admin Issues
Subject: Windows KMS licensing

Has anyone here implemented Windows KMS activation at their site? I only sort 
of understand it - you stand up ONE 2008 server and give it a KMS key and it 
becomes the activation server once what...25 other systems check in...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764






















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MVLS site up?

[Tim Evans]

Yesterday, they were saying that their targeting it back on line today, but I'm 
not getting anything at all this morning. I was told yesterday that it was a 
problem with the back end database and that not even Microsoft staff has access 
to the information. It seems to me that someone screwed up big time. I know 
that if I tried an upgrade without a roll back plan, I'd get strung up.

From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Wednesday, December 16, 2009 8:27 AM
To: NT System Admin Issues
Subject: MVLS site up?

Anyone have an ETA on when this will be back up?





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Retrieving deleted IE and Firefox history Urgent

[Tim Evans]

Sans has a good blog at https://blogs.sans.org/computer-forensics/



…Tim

From: bambi.j.saas...@seagate.com [mailto:bambi.j.saas...@seagate.com]
Sent: Friday, December 18, 2009 9:00 AM
To: NT System Admin Issues
Subject: Fw: Retrieving deleted IE and Firefox history Urgent


Does any one know any good forensic sites or forums?
TIA

.
.
SAVE THE EARTH..
IT'S THE ONLY PLANET WITH CHOCOLATE
- Forwarded by Bambi J Saastad/Seagate on 12/18/2009 10:59 AM -
John Meyers 
No Phone Info Available

12/18/2009 09:01 AM
Please respond to
"NT System Admin Issues" 



To


"NT System Admin Issues" 


cc




Subject


RE: Retrieving deleted IE and Firefox history Urgent









Sorry but how exactly do I do that?
TIA


From: jaldr...@blueridgecarpet.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Retrieving deleted IE and Firefox history Urgent
Date: Fri, 18 Dec 2009 08:48:14 -0500

You might be able to look at the date/time stamp on the cached objects to get 
that information.


From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Friday, December 18, 2009 8:25 AM
To: NT System Admin Issues
Subject: RE: Retrieving deleted IE and Firefox history Urgent

IEHistoryView from www.nirsoft.net might give you some 
info from IE. I don’t think it works with FF though.

From: John Meyers [mailto:jrmeyer...@hotmail.com]
Sent: Friday, December 18, 2009 7:01 AM
To: NT System Admin Issues
Subject: Retrieving deleted IE and Firefox history Urgent

Good morning
I have a laptop I need to somehow salvage ALL the deleted internet history from.
IE was set to only keep for 20 days, not sure what Firefox was at.
But I need to retrieve EVERYTHING I possibly can.
I think the user at some point did a defrag, which is making it more difficult.
I tried several analyzer programs that I loaded directly onto the pc to search 
with for recent activity, which I provided, then they brought it back and told 
me I needed to go deeper. At that point I removed the HD from it and only 
accessed it as an external drive to do the below listed attempts to retrieve 
the data.

This is not normally my job, but I was asked to do it, and I'm not having much 
luck.
I MUST have dates and times for the history, not just the sites.

I imaged it with ghost and tried to use FireFox History recovery, but it found 
nothing.
I tried Armor Forensic's NAT Stealth, but it only gives sites accessed.

I tried File Scavenger from quetek, and it finds lots of things like index.dat 
files, but when I try to read them with index.dat analyzer they mostly say that 
they are not index.dat files. It doesn't seem to find any history.dat's.

Can someone suggest what else I might try or some good forums for forensics?
Thanks
JR


Hotmail: Trusted email with powerful SPAM protection. Sign up 
now.








Hotmail: Powerful Free email with security by Microsoft. Get it 
now.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~
<><>

MVLS site is back up

[Tim Evans]

For now anyways. It seems much snappier than before. That would be nice if it 
stays that way.

...Tim


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: MVLS site is back up

[Tim Evans]

while I didn't time it, my download seemed pretty quick.

From: David W. McSpadden [mailto:dav...@imcu.com]
Sent: Friday, December 18, 2009 10:29 AM
To: NT System Admin Issues
Subject: Re: MVLS site is back up

snappier yes.  Slow for downloads though.
I think all of us hungry users are going to break it.

From: Tim Evans<mailto:tev...@sparling.com>
Sent: Friday, December 18, 2009 1:14 PM
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Subject: MVLS site is back up

For now anyways. It seems much snappier than before. That would be nice if it 
stays that way.

...Tim










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

WS08R2 eBook

[Tim Evans]

http://download.microsoft.com/download/5/C/0/5C0BD0AB-040D-4C56-A60B-661001012DDA/Windows_Server_2008_R2_e-book.pdf

pretty basic, but it seems to cover all the new features. It may be helpful for 
those working on WS03 -> WS08 sales pitch

...Tim


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Wipe server Hard drives

[Tim Evans]

It depends on the controller. I'm currently wiping several drives on a perc2 
controller. I had to boot with the noverify option to get it to come up. There 
are other boot options you can play with too that might help.


...Tim

From: Stefan Jafs [mailto:stefan.j...@gmail.com]
Sent: Tuesday, January 05, 2010 10:13 AM
To: NT System Admin Issues
Subject: Wipe server Hard drives

I have an old Dell 4400 that I would like to donate to charity, I need to wipe 
all the drives, I tried DBAN, it gave me non-fatal error and did not do 
anything, I assume it cant deal with the SCSI drives.

Anyone have any suggestions?

--
Stefan Jafs





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: How do you feel about bloatware?

[Tim Evans]

don't forget Symantec

...Tim

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, January 06, 2010 6:20 AM
To: NT System Admin Issues
Subject: RE: How do you feel about bloatware?

And Java...

From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, January 06, 2010 6:17 AM
To: NT System Admin Issues
Subject: Re: How do you feel about bloatware?

There are only three words that can explain how I hate bloatware and how to 
deal with it...Make Adobe Bankrupt
2010/1/6 Stu Sjouwerman 
mailto:s...@sunbelt-software.com>>
Hi Guys!

(This is one of Stu's '30-second' surveys...)

How do you feel about bloatware? We're looking for a slogan of just a few 
words, remember the one we had for CounterSpy?: "Hit Spyware Hard". Which 
phrase expresses best how you feel about bloatware? Feel free to use the 
textbox at the end if you think you have a better one. If that gets chosen, 
you'll get an exclusive VIPRE t-shirt with that slogan. Here is the link. 
Thanks so much in advance!!!

http://www.surveymonkey.com/s/V8F2RN9

Warm regards,


Stu Sjouwerman
Co-Founder, Publisher, Sunbelt Media
P: +1-727-562-0101 ext 218
F: +1-727-562-5199
s...@sunbelt-software.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~



--
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the 
machine wrong figures, will the right answers come out?' I am not able rightly 
to apprehend the kind of confusion of ideas that could provoke such a question."









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Win7 God mode?

[Tim Evans]

Do you use the search box in control panel? I've never had any problems finding 
things in the new control panel layout with it, as opposed to trying to guess 
where Microsoft hid it.

...Tim

From: Sam Cayze [mailto:sam.ca...@rollouts.com]
Sent: Wednesday, January 06, 2010 7:33 AM
To: NT System Admin Issues
Subject: RE: Win7 God mode?

IMO God Mode = The missing Control Panel.
I remember when settings were so much easier to find...


From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, January 05, 2010 9:43 AM
To: NT System Admin Issues
Subject: Win7 God mode?
Anyone?
http://news.cnet.com/8301-13860_3-10423985-56.html
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764










~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Using Windows Easy Transfer

[Tim Evans]

I haven't used Easy Transfer, but I did use USMT4 which I understand is the  
same thing

...Tim

From: Todd Lemmiksoo [mailto:tlemmik...@all-mode.com]
Sent: Friday, January 08, 2010 12:51 PM
To: NT System Admin Issues
Subject: Using Windows Easy Transfer


Has anyone got Windows Easy Transfer to work going from XP to Win7? I am trying 
to transfer from a XP laptop to a Win7 laptop.

Todd Lemmiksoo
Network Administrator

All-Mode Communications, Inc.
1725 Dryden Road
Freeville, New York  13068
(607) 347-4164 x440
1-877-ALLMODE  (toll free)
http://www.all-mode.com





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RMDIR and Wildcards

[Tim Evans]

for %f in (\directory*) do rd /s "%f"

Add /Q if you're brave and don't want to be prompted for each one

...Tim

From: Gavin Wilby [mailto:gavin.wi...@gmail.com]
Sent: Thursday, January 14, 2010 8:05 AM
To: NT System Admin Issues
Subject: RMDIR and Wildcards

Hi,

For one reason or another I have a need to automatically remove certain 
directories (full or otherwise) from a few windows server systems.

As rmdir \directory* /S doesnt appear to work, is there any other way 
that this can be batched and scheduled?

The directories are all called randomnumber.tmp and so I want to wildcard the 
rmdir. Yes, these are directories NOT tmp files.

--
Gavin Wilby,
Twitter: http://twitter.com/gavin_wilby
GSXR Blog: http://www.stoof.co.uk





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: RMDIR and Wildcards

[Tim Evans]

correct, sorry about that.

...Tim

From: Crawford, Scott [mailto:crawfo...@evangel.edu]
Sent: Thursday, January 14, 2010 8:39 AM
To: NT System Admin Issues
Subject: RE: RMDIR and Wildcards

You need to throw in a /d if you want to match against directories

For /d %f in (\directory*) do rd /s "%f"

From: Gavin Wilby [mailto:gavin.wi...@gmail.com]
Sent: Thursday, January 14, 2010 10:38 AM
To: NT System Admin Issues
Subject: Re: RMDIR and Wildcards

Hi Tim,

Are you sure that syntax is correct, as it doesnt appear to work here :(

Gavin.
On Thu, Jan 14, 2010 at 4:25 PM, Tim Evans 
mailto:tev...@sparling.com>> wrote:
for %f in (\directory*) do rd /s "%f"

Add /Q if you're brave and don't want to be prompted for each one

...Tim

From: Gavin Wilby [mailto:gavin.wi...@gmail.com<mailto:gavin.wi...@gmail.com>]
Sent: Thursday, January 14, 2010 8:05 AM
To: NT System Admin Issues
Subject: RMDIR and Wildcards

Hi,

For one reason or another I have a need to automatically remove certain 
directories (full or otherwise) from a few windows server systems.

As rmdir \directory* /S doesnt appear to work, is there any other way 
that this can be batched and scheduled?

The directories are all called randomnumber.tmp and so I want to wildcard the 
rmdir. Yes, these are directories NOT tmp files.

--
Gavin Wilby,
Twitter: http://twitter.com/gavin_wilby
GSXR Blog: http://www.stoof.co.uk<http://www.stoof.co.uk/>











--
Gavin Wilby,
Twitter: http://twitter.com/gavin_wilby
GSXR Blog: http://www.stoof.co.uk
Sent from Whitehaven, Eng, United Kingdom









~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: KMS count question

[Tim Evans]

I'm pretty sure it is a combined value. Once you have the 5 server licenses, 
you only need 20 more to start activating the clients. I've never seen it 
documented anywhere, but that's the way it seemed to work here


From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Friday, January 15, 2010 11:34 AM
To: NT System Admin Issues
Subject: KMS count question

I've got (2) KMS hosts on the network for activating Windows Server 2008 
systems. Up until now, we haven't had any Vista or Windows 7 systems to worry 
about. The desktop group is starting to test windows 7 and I will begin testing 
Windows 2008 R2 soon. I have updated the KMS keys on the hosts with the new 
keys that support Windows 2008 R2 and Windows 7. My question is regarding the 
count. It retained the count (10 in my case) so the Windows 2008 R2 systems I 
bring up should be activated right away (since the count is over 5). What I 
don't understand is where the 25 count for Windows 7 systems come into play. 
When I do a SLMGR.VBS /dli it shows me a count value. But it doesn't break it 
down between 2008 and Windows 7. So how will that increment? And is it a 
cumulative count of both OSs? So right now my count is 10, does that mean I 
need 15 Windows 7 systems in order to reach the 25? Or do I need 25 Windows 7 
systems, since none of the computers that have added to the count so far have 
been Windows 7?


Can someone clarify this for me? I have read all the Volume Activation 2.0 
guides and this topic is not very clear in the documentation.

Thank you,



Chris Bodnar, MCSE
Sr. Systems Engineer
Infrastructure Service Delivery
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003








This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient, you are notified that 
any use, dissemination, distribution, copying, or communication of this message 
is strictly prohibited. If you have received this message in error, please 
notify the sender immediately by return e-mail and delete the message and any 
attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: KMS count question

[Tim Evans]

Good to know for sure, thanks

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Friday, January 15, 2010 12:05 PM
To: NT System Admin Issues
Subject: RE: KMS count question

Thanks I think I found the answer on Technet:

http://technet.microsoft.com/en-us/library/dd979804.aspx


KMS can activate both physical computers and virtual machines. To qualify for 
KMS activation, a network must meet the activation threshold: KMS hosts 
activate client computers only after meeting this threshold. To ensure that the 
activation threshold is met, a KMS host counts the number of computers that are 
requesting activation on the network. For computers running Windows Server 2008 
or Windows Server 2008 R2, the activation threshold is five. For computers 
running Windows Vista or Windows 7, the activation threshold is 25. The 
thresholds include client computers and servers that are running on physical 
computers or virtual machines.

A KMS host responds to each valid activation request from a KMS client with the 
count of how many computers have contacted the KMS host for activation. Clients 
that receive a count below their activation threshold are not activated. For 
example, if the first two computers that contact the KMS host are running 
Windows 7, the first receives an activation count of 1, and the second receives 
an activation count of 2. If the next computer is a Windows 7 virtual machine, 
it receives an activation count of 3, and so on. None of these computers is 
activated, because computers running Windows 7 must receive an activation count 
≥25 to be activated. KMS clients in the grace state that are not activated 
because the activation count is too low connect to the KMS host every two hours 
to get the current activation count and will be activated when the threshold is 
met.

If the next computer that contacts the KMS host is running Windows Server 2008 
R2, it receives an activation count of 4, because activation counts are a 
combination of computers running Windows Server 2008 R2 and Windows 7. If a 
computer running Windows Server 2008 or Windows Server 2008 R2 receives an 
activation count that is ≥5, it is activated. If a computer running Windows 7 
receives an activation count ≥25, it is activated.



Chris Bodnar, MCSE
Sr. Systems Engineer
Infrastructure Service Delivery
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003


From: tev...@sparling.com [mailto:tev...@sparling.com]
Sent: Friday, January 15, 2010 2:59 PM
To: NT System Admin Issues
Subject: RE: KMS count question

I'm pretty sure it is a combined value. Once you have the 5 server licenses, 
you only need 20 more to start activating the clients. I've never seen it 
documented anywhere, but that's the way it seemed to work here


From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Friday, January 15, 2010 11:34 AM
To: NT System Admin Issues
Subject: KMS count question

I've got (2) KMS hosts on the network for activating Windows Server 2008 
systems. Up until now, we haven't had any Vista or Windows 7 systems to worry 
about. The desktop group is starting to test windows 7 and I will begin testing 
Windows 2008 R2 soon. I have updated the KMS keys on the hosts with the new 
keys that support Windows 2008 R2 and Windows 7. My question is regarding the 
count. It retained the count (10 in my case) so the Windows 2008 R2 systems I 
bring up should be activated right away (since the count is over 5). What I 
don't understand is where the 25 count for Windows 7 systems come into play. 
When I do a SLMGR.VBS /dli it shows me a count value. But it doesn't break it 
down between 2008 and Windows 7. So how will that increment? And is it a 
cumulative count of both OSs? So right now my count is 10, does that mean I 
need 15 Windows 7 systems in order to reach the 25? Or do I need 25 Windows 7 
systems, since none of the computers that have added to the count so far have 
been Windows 7?


Can someone clarify this for me? I have read all the Volume Activation 2.0 
guides and this topic is not very clear in the documentation.

Thank you,



Chris Bodnar, MCSE
Sr. Systems Engineer
Infrastructure Service Delivery
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003








This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient, you are notified that 
any use, dissemination, distribution, copying, or communication of this message 
is strictly prohibited. If you have received this message in error, p

RE: vSphere 4.0 Update 1 and MS Forefront

[Tim Evans]

> Contacted MS and was informed they don't support Server 2008 R2 in virtual 
> environments.  Go figure...
WTF? Really - just a blanket statement like that? That seems particularly out 
of touch with things today.


...Tim

From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Wednesday, January 27, 2010 8:15 AM
To: NT System Admin Issues
Subject: Re: vSphere 4.0 Update 1 and MS Forefront

Yes, got them done, too.  The machines took about 20 minutes to reboot and 
would stop serving until FF was removed.

Contacted MS and was informed they don't support Server 2008 R2 in virtual 
environments.  Go figure...


Roger Wright
___

Sent from Tampa, Florida, United States

On Wed, Jan 27, 2010 at 11:11 AM, Straub, Patrick 
mailto:patrick.str...@lanexpert.ch>> wrote:
Did you also update the VMware tools on your VMs?


From: Roger Wright [rhw...@gmail.com]
Sent: Wednesday, January 27, 2010 17:04
To: NT System Admin Issues
Subject: vSphere 4.0 Update 1 and MS Forefront
We recently updated our VMware servers to update 1 and immediately had issues 
on at least 2 of them with MS Forefront.  The VMs slowed to a crawl and we 
ended up removing FF from those VMs.

We're migrating to VIPRE and want to know if anyone has experienced similar 
issues with vSphere 4.0 Update 1 in conjunction with VIPRE.


Roger Wright
___
Of course I can keep secrets - it's the people I tell them to who can't keep 
them.














~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: NOD32 v2 definition issue?

[Tim Evans]

3218 fixed our issues here

 

 

...Tim

 

From: Durf [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 25, 2008 12:48 PM
To: NT System Admin Issues
Subject: Re: NOD32 v2 definition issue?

 

Latest defs still popping false positives.  Anyone got anything on this?


-- Durf

On Wed, Jun 25, 2008 at 12:57 PM, Jon Harris <[EMAIL PROTECTED]>
wrote:

Rescanned my local system and the file that popped up for me the first
time did not pop up this time.  Definitions were updated to the 3218.
Now to go back and check the server.

 

Jon

On Wed, Jun 25, 2008 at 12:32 PM, Jon Harris <[EMAIL PROTECTED]>
wrote:

The server seeing all the errors is on 3217 though.

 

Jon

On Wed, Jun 25, 2008 at 12:32 PM, Jon Harris <[EMAIL PROTECTED]>
wrote:

I am on 3218 definitions at the moment I am hoping that it
passed through to that one as well.

 

Jon

On Wed, Jun 25, 2008 at 12:23 PM, Andy Ognenoff
<[EMAIL PROTECTED]> wrote:

There is a problem with the 3217 definitions.  I saw a post
about it on the
Wilder Security Forums.  Causing me a headache too...

 - Andy O.


From: Jon Harris [mailto:[EMAIL PROTECTED]

Sent: Wednesday, June 25, 2008 11:09 AM

To: NT System Admin Issues
Subject: NOD32 v2 definition issue?





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

 

 

 




-- 
--
Give a man a fish, and he'll eat for a day. 
Give a fish a man, and he'll eat for weeks! 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Rant: Incorrect quotes from vendors

[Tim Evans]

That's one reason why we no longer buy Dell. Even the account exec's
manager couldn't get the problem fixed. We haven't had that problem with
HP.

 

...Tim

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Friday, July 11, 2008 1:40 PM
To: NT System Admin Issues
Subject: OT: Rant: Incorrect quotes from vendors

 



Sorry just wanted to vent. 

For some reason it seems that none of the vendors we deal with can get a
quote correct. Not once, never. We primarily deal with Dell, both US and
Canada. We also use HP and have multiple lease vendors. None of them
ever get a  quote right the first time. For example if I send them
something like this:

Please give me a quote for (2)  PowerEdge 1950 servers with the
following: 

 

(2) Dual Core 3.0GHz Xeon Processors
8GB RAM
(2) 146GB Hard drives (RAID 1)
DRAC 5/I card
(2) Emulex LPe11002-E HBA adapters (A1663181)
Gold Support
NetIQ AppManager
NetIQ AppManager Maintenance
PowerPath licenses
Windows 2003 Server Enterprise 

I will get back a quote that might have 4G RAM instead of 8. Or no DRAC
card, or have the wrong quantity of HBA cards. Every time it happens we
bring it to the attention of our account executive and they swear they
will resolve the issue. They don't. Then 2 months later the account
executive is replaced or has moved on and a new one comes on board, or
the person that generates the quotes leaves the company. I would just
love to have a simple quote done correctly the first time. 



Chris Bodnar

Sr. Windows Systems Engineer

Swiftwater, PA

X3522

This communication, including any attachments, is intended solely for
the use of the addressee and may contain information which is
privileged, confidential, exempt from disclosure under applicable law or
subject to copyright. If you are not an intended recipient, any use,
disclosure, distribution, reproduction, review or copying is
unauthorized and may be unlawful. If you have received this transmission
in error, please notify the sender immediately. Thank you.

Cette communication,y compris les pieces jointes, est reservee a l'usage
exclusif du destinataire et peut contenir des informations privilegiees,
confidentielles, exemptees de divulgation selon la loi ou protegees par
les droits de publication. Si vous n'etes pas un destinataire, toute
utilisation, divulgation, distribution, reproduction, examen ou copie
est non-autorisee et peut etre illegale. Si vous avez recu cette
communication par erreur, veuillez aviser l'expediteur immediatement.
Merci. 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Cannot use RDP to coonnect to a Windows 2008 Server

[Tim Evans]

I guess it's a good thing I didn't read that part of the manual before I
set mine up. I've got RDP access to my new 2008 DC now, but network
discovery is off.

 

...Tim

 

From: Graeme Carstairs [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 9:21 AM
To: NT System Admin Issues
Subject: Re: Cannot use RDP to coonnect to a Windows 2008 Server

 

Yeh its wonderful,

Join to the domain loose RDP, until you switch it back on.

DCPromo loose rdp until you switch discovery back on.

Whod have thorugh it.

On Mon, Jul 14, 2008 at 4:55 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:

Network discovery? That affects RDP?

 

Huh.

 

Regards,

 

Michael B. Smith

MCITP:SA,EMA/MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: Graeme Carstairs [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 10:16 AM
To: NT System Admin Issues
Subject: Re: Cannot use RDP to coonnect to a Windows 2008 Server

 

I have resolved the issue.

Using Dameware mini remote console.

Remoted onto server and directly enabled network discovery and it worked
straight away.

Thanks

GRaeme

On Mon, Jul 14, 2008 at 3:03 PM, Miller Bonnie L.
<[EMAIL PROTECTED]> wrote:

Can you tell if there are any user accounts in the local "Remote Desktop
Users" group?  Your local admin account might need to be added if only
domain accounts were in there previously.

 

-Bonnie

 

From: Graeme Carstairs [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 1:26 AM
To: NT System Admin Issues
Subject: Cannot use RDP to coonnect to a Windows 2008 Server

 

hi list,

I am setting up a Windows 2008 server on a remote site, and was forced
to remove it from the domain and then hopefully rejoin it.

Since I have removed it from teh domain, I can no longer RDP onto it, I
have tried using PSEXEC and net sh to reenable network discovery. 

?But still cannot access it via rdp, I can get access to its C$ shares
and run all the remote admin tools, but cannt get RDP to work, the FDney
TS connections key in the reg is set correctly, but I cannot work out
how to reenable rdp

Thanks

Graeme


-- 
Carbon credits are a bit like beating someone up on this side of the
world and sponsoring one of those poor starving kids on the other side
of the world to make up for the fact that you're a complete shit at
home. 

 




-- 
Carbon credits are a bit like beating someone up on this side of the
world and sponsoring one of those poor starving kids on the other side
of the world to make up for the fact that you're a complete shit at
home. 

 




-- 
Carbon credits are a bit like beating someone up on this side of the
world and sponsoring one of those poor starving kids on the other side
of the world to make up for the fact that you're a complete shit at
home. 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Cannot use RDP to coonnect to a Windows 2008 Server

[Tim Evans]

OK, that makes sense. I've got RDP set up as an explicit exception on my
firewall.

 

...Tim

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 10:29 AM
To: NT System Admin Issues
Subject: RE: Cannot use RDP to coonnect to a Windows 2008 Server

 

I'm pretty sure (and I marked Graeme's message for testing later on to
verify for myself), that this is only relevant if you have the Windows
firewall turned on, without having RDP set up as an explicit exception
to the firewall.

 

Regards,

 

Michael B. Smith

MCITP:SA,EMA/MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 1:23 PM
To: NT System Admin Issues
Subject: RE: Cannot use RDP to coonnect to a Windows 2008 Server

 

I guess it's a good thing I didn't read that part of the manual before I
set mine up. I've got RDP access to my new 2008 DC now, but network
discovery is off.

 

...Tim

 

From: Graeme Carstairs [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 9:21 AM
To: NT System Admin Issues
Subject: Re: Cannot use RDP to coonnect to a Windows 2008 Server

 

Yeh its wonderful,

Join to the domain loose RDP, until you switch it back on.

DCPromo loose rdp until you switch discovery back on.

Whod have thorugh it.

On Mon, Jul 14, 2008 at 4:55 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:

Network discovery? That affects RDP?

 

Huh.

 

Regards,

 

Michael B. Smith

MCITP:SA,EMA/MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: Graeme Carstairs [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 10:16 AM
To: NT System Admin Issues
Subject: Re: Cannot use RDP to coonnect to a Windows 2008 Server

 

I have resolved the issue.

Using Dameware mini remote console.

Remoted onto server and directly enabled network discovery and it worked
straight away.

Thanks

GRaeme

On Mon, Jul 14, 2008 at 3:03 PM, Miller Bonnie L.
<[EMAIL PROTECTED]> wrote:

Can you tell if there are any user accounts in the local "Remote Desktop
Users" group?  Your local admin account might need to be added if only
domain accounts were in there previously.

 

-Bonnie

 

From: Graeme Carstairs [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 1:26 AM
To: NT System Admin Issues
Subject: Cannot use RDP to coonnect to a Windows 2008 Server

 

hi list,

I am setting up a Windows 2008 server on a remote site, and was forced
to remove it from the domain and then hopefully rejoin it.

Since I have removed it from teh domain, I can no longer RDP onto it, I
have tried using PSEXEC and net sh to reenable network discovery. 

?But still cannot access it via rdp, I can get access to its C$ shares
and run all the remote admin tools, but cannt get RDP to work, the FDney
TS connections key in the reg is set correctly, but I cannot work out
how to reenable rdp

Thanks

Graeme


-- 
Carbon credits are a bit like beating someone up on this side of the
world and sponsoring one of those poor starving kids on the other side
of the world to make up for the fact that you're a complete shit at
home. 

 




-- 
Carbon credits are a bit like beating someone up on this side of the
world and sponsoring one of those poor starving kids on the other side
of the world to make up for the fact that you're a complete shit at
home. 

 




-- 
Carbon credits are a bit like beating someone up on this side of the
world and sponsoring one of those poor starving kids on the other side
of the world to make up for the fact that you're a complete shit at
home. 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Sharepoint Explorer View Issues

[Tim Evans]

Maybe I'm beating a dead horse here, but I've got to try :-)

 

We've discovered that by disabling Kerberos authentication on the site
everything works perfectly. So, implied to me that there is a problem
with Kerberos authentication on that sharepoint site, which led me to a
very nice series about Kerberos on your blog. After reading thru them, I
think I understand the problem, I just don't know how to fix it.
Hopefully you or someone else here can advise.

The server's name is MOSS, but we access it with the name SPPS (set up
as a CNAME in DNS) via host headers. When we set it up, we set up a SPN
for HTTP and the sharepoint service account on MOSS. My theory is that
Kerberos is trying to look up a SPN for SPPS instead, which doesn't
exist, and I can't add one because it isn't an object in AD.

 

Any thoughts?

 

 

...Tim

 

From: Tim Evans 
Sent: Wednesday, May 21, 2008 6:04 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Darn, Ken. I was counting on you to have a quick easy fix for this :-).
We're working on the Vista upgrade, but we're not quite ready to take
the plunge yet.

 

Thanks anyway.

...Tim

 

 

From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 21, 2008 5:44 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

I've been in a similar situation (trying to work out how to get WebDAV
rather than FP view working). Been through that paper, looking at
network packet captures, and all sorts of things. Pinged MVPs, Microsoft
people, and couldn't work it all out.


Upgrade to Vista - the WebDAV redirector was completely rewritten for
Vista and works now :-)

 

Cheers

Ken

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 22 May 2008 8:02 AM
To: NT System Admin Issues
Subject: Sharepoint Explorer View Issues

 

We're having some problems with some users ability to use Explorer View
in shared documents folders on our MOSS server. The symptom is that the
get an authentication popup when they change from the All Documents view
to Explorer view. They cannot authenticate with the pop up, no matter
what credentials are used. If they cancel the popup, they get in, but
have reduced functionality (can't drag & drop, copy, etc).  The users
affected by it appear to be completely random some with IE6, some with
IE7, nothing in common that I can see (all are XPSP2 or 3).

 

Googling for help on this yields a bunch of blog entries that all point
to a 2006 MS White paper titled "Understanding and Troubleshooting the
Sharepoint Explorer View". From reading this white paper, it sounds like
we are getting FPRPC instead of WebDAV. Following the troubleshooting
steps, we have confirmed that the Web Client Service is running, the
content unencrypted over port 80. Manually adding the site to the local
intranet zone makes no difference (it shows unknown zone/mixed by
default).

 

So, does anyone  know how to force IE to use WebDAV on a Sharepoint
site?

 

 

...Tim

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Sharepoint Explorer View Issues

[Tim Evans]

But, from what I understand, Kerberos is going to look up the object
based on what I type in (SPPS), so I'm not sure how it would find that
SPN record. And to Troy who suggested that I do it based on IP address,
I would have the same question.

 

I guess I'll just have to try it and see what happens.

 

 

...Tim

 

From: Miller Bonnie L. [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 12:53 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Ken is the real expert on SPNs (I STILL have that thread saved), but if
your theory is true, then couldn't you just add the SPN to the computer
object of the Sharepoint FE server?  Adsiedit, browse to the server
object.  Edit SerivcePrincipalName and add the cname there?  Don't know
what the longer-term effects might be though.  For example, if you add
another FE server, what works now might become a problem.

 

-Bonnie

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 12:39 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Maybe I'm beating a dead horse here, but I've got to try :-)

 

We've discovered that by disabling Kerberos authentication on the site
everything works perfectly. So, implied to me that there is a problem
with Kerberos authentication on that sharepoint site, which led me to a
very nice series about Kerberos on your blog. After reading thru them, I
think I understand the problem, I just don't know how to fix it.
Hopefully you or someone else here can advise.

The server's name is MOSS, but we access it with the name SPPS (set up
as a CNAME in DNS) via host headers. When we set it up, we set up a SPN
for HTTP and the sharepoint service account on MOSS. My theory is that
Kerberos is trying to look up a SPN for SPPS instead, which doesn't
exist, and I can't add one because it isn't an object in AD.

 

Any thoughts?

 

 

...Tim

 

From: Tim Evans 
Sent: Wednesday, May 21, 2008 6:04 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Darn, Ken. I was counting on you to have a quick easy fix for this :-).
We're working on the Vista upgrade, but we're not quite ready to take
the plunge yet.

 

Thanks anyway.

...Tim

 

 

From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 21, 2008 5:44 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

I've been in a similar situation (trying to work out how to get WebDAV
rather than FP view working). Been through that paper, looking at
network packet captures, and all sorts of things. Pinged MVPs, Microsoft
people, and couldn't work it all out.


Upgrade to Vista - the WebDAV redirector was completely rewritten for
Vista and works now :-)

 

Cheers

Ken

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 22 May 2008 8:02 AM
To: NT System Admin Issues
Subject: Sharepoint Explorer View Issues

 

We're having some problems with some users ability to use Explorer View
in shared documents folders on our MOSS server. The symptom is that the
get an authentication popup when they change from the All Documents view
to Explorer view. They cannot authenticate with the pop up, no matter
what credentials are used. If they cancel the popup, they get in, but
have reduced functionality (can't drag & drop, copy, etc).  The users
affected by it appear to be completely random some with IE6, some with
IE7, nothing in common that I can see (all are XPSP2 or 3).

 

Googling for help on this yields a bunch of blog entries that all point
to a 2006 MS White paper titled "Understanding and Troubleshooting the
Sharepoint Explorer View". From reading this white paper, it sounds like
we are getting FPRPC instead of WebDAV. Following the troubleshooting
steps, we have confirmed that the Web Client Service is running, the
content unencrypted over port 80. Manually adding the site to the local
intranet zone makes no difference (it shows unknown zone/mixed by
default).

 

So, does anyone  know how to force IE to use WebDAV on a Sharepoint
site?

 

 

...Tim

 

 

 

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Sharepoint Explorer View Issues

[Tim Evans]

OK, that's starting to make some sense. I went back and checked what we
did to set the SPN previously, and we set the SPN for HTTP/MOSS on the
service account. Would I set the IP SPN on the service account object or
the computer object?

I also checked the other items: The neither the computer account or the
service account was trusted for delegation. So, I enabled the both the
service account and the computer account for delegation on HTTP/MOSS.
Would I need to add delegation for SPPS or the IP address here too?

Time sync is good.

...Tim

> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 2:15 PM
> To: NT System Admin Issues
> Subject: RE: Sharepoint Explorer View Issues
> 
> 
> It's the other way around.  Kerberos will query for SPNs and then find
> the machine (object) based on the dns lookup of what is in that SPN.
> This is why good functional DNS is a HUGE part of Kerberos
> authentication.  Of course make sure you take care of the obvious
> first: are both service account and machines trusted for delegation.
> Is all time in sync for ticket distribution/expiration, etc.
> 
> A good way to test your setup for kerb auth is using the LDP tool to
> query by SPN and see what it returns.
> 
> Remember contrary to many bloggers, you need ONLY the FQDN, and you
can
> only have an SPN registered once per IP (NOT PORT).
> 
> Hope that helps a little, its kind of like that accounting 201 class,
> once you understand how it all works together it seems like it all
> makes sense.
> 
> -Troy
> 
> 
> From: Tim Evans [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 1:13 PM
> To: NT System Admin Issues
> Subject: RE: Sharepoint Explorer View Issues
> 
> But, from what I understand, Kerberos is going to look up the object
> based on what I type in (SPPS), so I'm not sure how it would find that
> SPN record. And to Troy who suggested that I do it based on IP
address,
> I would have the same question.
> 
> I guess I'll just have to try it and see what happens.
> 
> 
> ...Tim
> 
> From: Miller Bonnie L. [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 12:53 PM
> To: NT System Admin Issues
> Subject: RE: Sharepoint Explorer View Issues
> 
> Ken is the real expert on SPNs (I STILL have that thread saved), but
if
> your theory is true, then couldn't you just add the SPN to the
computer
> object of the Sharepoint FE server?  Adsiedit, browse to the server
> object.  Edit SerivcePrincipalName and add the cname there?  Don't
know
> what the longer-term effects might be though.  For example, if you add
> another FE server, what works now might become a problem.
> 
> -Bonnie
> 
> From: Tim Evans [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 12:39 PM
> To: NT System Admin Issues
> Subject: RE: Sharepoint Explorer View Issues
> 
> Maybe I'm beating a dead horse here, but I've got to try :-)
> 
> We've discovered that by disabling Kerberos authentication on the site
> everything works perfectly. So, implied to me that there is a problem
> with Kerberos authentication on that sharepoint site, which led me to
a
> very nice series about Kerberos on your blog. After reading thru them,
> I think I understand the problem, I just don't know how to fix it.
> Hopefully you or someone else here can advise.
> The server's name is MOSS, but we access it with the name SPPS (set up
> as a CNAME in DNS) via host headers. When we set it up, we set up a
SPN
> for HTTP and the sharepoint service account on MOSS. My theory is that
> Kerberos is trying to look up a SPN for SPPS instead, which doesn't
> exist, and I can't add one because it isn't an object in AD.
> 
> Any thoughts?
> 
> 
> ...Tim
> 
> From: Tim Evans
> Sent: Wednesday, May 21, 2008 6:04 PM
> To: NT System Admin Issues
> Subject: RE: Sharepoint Explorer View Issues
> 
> Darn, Ken. I was counting on you to have a quick easy fix for this
:-).
> We're working on the Vista upgrade, but we're not quite ready to take
> the plunge yet.
> 
> Thanks anyway.
> ...Tim
> 
> 
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 21, 2008 5:44 PM
> To: NT System Admin Issues
> Subject: RE: Sharepoint Explorer View Issues
> 
> I've been in a similar situation (trying to work out how to get WebDAV
> rather than FP view working). Been through that paper, looking at
> network packet captures, and all sorts of things. Pinged MVPs,
> Microsoft people, and couldn't work it all out.
> 
> Upgrade to Vista - the WebDAV redirector was completely rewritten for
> Vista and works now :-)
> 
> Cheers
> Ken

RE: Sharepoint Explorer View Issues

[Tim Evans]

We did this, and it worked perfectly. Thanks for the education and your
help on this.

 

FYI, once we got Kerberos working properly, the explorer view problem
went away without having to upgrade to Vista.

 

 

...Tim

 

From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 7:29 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

What account is your Sharepoint application running under? That is the
account (whether it be computer or user) that you'd register the
http/spps and http/spps.yourdomain.whatever SPNs under (unless you are
using IIS 7)

 

Cheers

Ken

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Saturday, 26 July 2008 5:39 AM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Maybe I'm beating a dead horse here, but I've got to try :-)

 

We've discovered that by disabling Kerberos authentication on the site
everything works perfectly. So, implied to me that there is a problem
with Kerberos authentication on that sharepoint site, which led me to a
very nice series about Kerberos on your blog. After reading thru them, I
think I understand the problem, I just don't know how to fix it.
Hopefully you or someone else here can advise.

The server's name is MOSS, but we access it with the name SPPS (set up
as a CNAME in DNS) via host headers. When we set it up, we set up a SPN
for HTTP and the sharepoint service account on MOSS. My theory is that
Kerberos is trying to look up a SPN for SPPS instead, which doesn't
exist, and I can't add one because it isn't an object in AD.

 

Any thoughts?

 

 

...Tim

 

From: Tim Evans 
Sent: Wednesday, May 21, 2008 6:04 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Darn, Ken. I was counting on you to have a quick easy fix for this :-).
We're working on the Vista upgrade, but we're not quite ready to take
the plunge yet.

 

Thanks anyway.

...Tim

 

 

From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 21, 2008 5:44 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

I've been in a similar situation (trying to work out how to get WebDAV
rather than FP view working). Been through that paper, looking at
network packet captures, and all sorts of things. Pinged MVPs, Microsoft
people, and couldn't work it all out.


Upgrade to Vista - the WebDAV redirector was completely rewritten for
Vista and works now :-)

 

Cheers

Ken

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 22 May 2008 8:02 AM
To: NT System Admin Issues
Subject: Sharepoint Explorer View Issues

 

We're having some problems with some users ability to use Explorer View
in shared documents folders on our MOSS server. The symptom is that the
get an authentication popup when they change from the All Documents view
to Explorer view. They cannot authenticate with the pop up, no matter
what credentials are used. If they cancel the popup, they get in, but
have reduced functionality (can't drag & drop, copy, etc).  The users
affected by it appear to be completely random some with IE6, some with
IE7, nothing in common that I can see (all are XPSP2 or 3).

 

Googling for help on this yields a bunch of blog entries that all point
to a 2006 MS White paper titled "Understanding and Troubleshooting the
Sharepoint Explorer View". From reading this white paper, it sounds like
we are getting FPRPC instead of WebDAV. Following the troubleshooting
steps, we have confirmed that the Web Client Service is running, the
content unencrypted over port 80. Manually adding the site to the local
intranet zone makes no difference (it shows unknown zone/mixed by
default).

 

So, does anyone  know how to force IE to use WebDAV on a Sharepoint
site?

 

 

...Tim

 

 

 

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: blacklists

[Tim Evans]

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Tim Evans]

Then forget about the "Set the mail server so that it only accepts mail
from your exchange server" part. Just set your firewall so that it only
accept SMTP mail from that

server. Sorry, but I can't help you on the watchguard config.

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:54 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

"Set the mail server so that it only accepts mail from your exchange
server" They are one and the same.  My DC is actually my Mail Gateway
between the WG and Exchange.

"Block port 25 at the firewall for all but authorized systems (mail
server)."  Any idea how to do this on a Watchguard 700?

 

Thanks

 

 

________

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:47 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: blacklists

[Tim Evans]

It sounds like either something is misconfigured, your DC is infected
or you don't correctly understand how mail is supposed to flow in your
network.  Get on your DC and run netstat -no and looks for connection to
port 25 on your  firewall. Then look up the PID in task manager to see
what process on the DC is sending the mail.

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 29, 2008 6:00 AM
To: NT System Admin Issues
Subject: RE: blacklists

 

Everything is looking good this morning, as far as our email is
concerned and so far still off the blacklists.  In "host watch" of the
Watchguard System Manager, I am getting numerous (hundreds/minute)
outbound Filtered-SMTP "denies" from my DC (which is my mail gateway).
I thought mail was just going thru there one-way (incoming).

Mail in ->WG Firewall -> DC (Symantec Mail Security for SMTP) ->
Exchange Server -> WG Firewall -> Mail out.

Could there just be a misconfiguration on my DC?

 

Paul

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:52 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

They are proxy's.  I have two defined.  One called SMTP and it has the
incoming set From: any, To: WG ip -> DC (mail gateway).  The outgoing
tab is disabled.

The other proxy is called Filtered-SMTP.  It's Incoming is Disabled and
the Outgoing is set From: Any, To: Any.  I change this From: Exchange
ip, To: Any.

I've never been able to figure logging on the WG.  I can never find the
logs and for email, I can't find where to set the address??  The WG
interface seems so simple, but it really makes me feel like an idiot at
times.

 

Hope this is good enough damage control for tonight.  I'll be back in
the am to check things and do more investigating.

 

Thanks for all the suggestions.

 

Paul

 



From: Dennis Hoefer [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:24 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Open Policy Manager on the Watchguard 700, you will have either a proxy
or filter policy for SMTP.  On the "Outgoing" tab, set From: to the IP
address of your mail server and To: to "all"  The default rule is all to
all, which will allow traffic from port 25 to pass from any machine on
your network.  By setting From: to only your mail server IP, you will
block any internal machines that may be attempting to send SMTP traffic
on their own.  You can also set the rule to log denied traffic which
will quickly identify internal machines that are attempting to use port
25.

 

Configuration is a little different on the newer Watchguard boxes, but
should be pretty straight forward on the 700.  If the problem persists,
then you're back to a relay problem or compromised mail server.  

 

Dennis  

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:54 PM
To: NT System Admin Issues
Subject: RE: blacklists

"Set the mail server so that it only accepts mail from your exchange
server" They are one and the same.  My DC is actually my Mail Gateway
between the WG and Exchange.

"Block port 25 at the firewall for all but authorized systems (mail
server)."  Any idea how to do this on a Watchguard 700?

 

Thanks

 

 



From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:47 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my

RE: blacklists

[Tim Evans]

And those are connections from the DC to the firewall (and not the
reverse)? Something is misconfigured or you misunderstand how mail is
supposed to flow. Is all the mail flowing outbound that is supposed to
be?

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 29, 2008 8:05 AM
To: NT System Admin Issues
Subject: RE: blacklists

 

It's the Symantec Mail Security for SMTP.  Now what?

 



From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 29, 2008 9:54 AM
To: NT System Admin Issues
Subject: RE: blacklists

 

It sounds like either something is misconfigured, your DC is infected
or you don't correctly understand how mail is supposed to flow in your
network.  Get on your DC and run netstat -no and looks for connection to
port 25 on your  firewall. Then look up the PID in task manager to see
what process on the DC is sending the mail.

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 29, 2008 6:00 AM
To: NT System Admin Issues
Subject: RE: blacklists

 

Everything is looking good this morning, as far as our email is
concerned and so far still off the blacklists.  In "host watch" of the
Watchguard System Manager, I am getting numerous (hundreds/minute)
outbound Filtered-SMTP "denies" from my DC (which is my mail gateway).
I thought mail was just going thru there one-way (incoming).

Mail in ->WG Firewall -> DC (Symantec Mail Security for SMTP) ->
Exchange Server -> WG Firewall -> Mail out.

Could there just be a misconfiguration on my DC?

 

Paul

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:52 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

They are proxy's.  I have two defined.  One called SMTP and it has the
incoming set From: any, To: WG ip -> DC (mail gateway).  The outgoing
tab is disabled.

The other proxy is called Filtered-SMTP.  It's Incoming is Disabled and
the Outgoing is set From: Any, To: Any.  I change this From: Exchange
ip, To: Any.

I've never been able to figure logging on the WG.  I can never find the
logs and for email, I can't find where to set the address??  The WG
interface seems so simple, but it really makes me feel like an idiot at
times.

 

Hope this is good enough damage control for tonight.  I'll be back in
the am to check things and do more investigating.

 

Thanks for all the suggestions.

 

Paul

 



From: Dennis Hoefer [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:24 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Open Policy Manager on the Watchguard 700, you will have either a proxy
or filter policy for SMTP.  On the "Outgoing" tab, set From: to the IP
address of your mail server and To: to "all"  The default rule is all to
all, which will allow traffic from port 25 to pass from any machine on
your network.  By setting From: to only your mail server IP, you will
block any internal machines that may be attempting to send SMTP traffic
on their own.  You can also set the rule to log denied traffic which
will quickly identify internal machines that are attempting to use port
25.

 

Configuration is a little different on the newer Watchguard boxes, but
should be pretty straight forward on the 700.  If the problem persists,
then you're back to a relay problem or compromised mail server.  

 

Dennis  

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:54 PM
To: NT System Admin Issues
Subject: RE: blacklists

"Set the mail server so that it only accepts mail from your exchange
server" They are one and the same.  My DC is actually my Mail Gateway
between the WG and Exchange.

"Block port 25 at the firewall for all but authorized systems (mail
server)."  Any idea how to do this on a Watchguard 700?

 

Thanks

 

 



From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:47 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip 

RE: DNS Vulnerability

[Tim Evans]

I don't think that's right. On my system here, IPCONFIG /ALL shows our
internal DNS servers. When I run the test at DoxPara.com, it reports on
the external forwarders that my DNS servers point to. Given that my DNS
servers are NATted behind a firewall, I'm not sure how it could check
them anyway. I can see how it might check for vulnerabilities in  the
NAT part of my firewall, but that's not the address it reports.

 

...Tim

 

From: Carl Houseman [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 30, 2008 2:20 PM
To: NT System Admin Issues
Subject: RE: DNS Vulnerability

 

It tests the DNS server(s) which appear(s) under IPCONFIG /ALL.

 

It does not check the DNS server(s) that are identified in the whois
information for your domain.

 

Carl

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 30, 2008 4:18 PM
To: NT System Admin Issues
Subject: DNS Vulnerability

 

Is this a valid test for the recently disclosed DNS cache poisoning
vulnerability?

 

http://www.doxpara.com/

 

Do I understand correctly that this will test my internal and external
DNS servers?  Internal clients point to my internal DNS servers which
then point to my ISP's (AT&T) name servers.

   

 

Roger Wright

Network Administrator

Evatone, Inc.

727.572.7076  x388

_

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Looks like Vmware Update 2 is available again.

[Tim Evans]

If you are running a DC virtualized, setting the clock back could have
an impact.

...Tim

> -Original Message-
> From: Joseph L. Casale [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 14, 2008 7:16 AM
> To: NT System Admin Issues
> Subject: RE: Looks like Vmware Update 2 is available again.
> 
> Dang... vmware makes one little small mistake and the world unleashes
> an arse kicking on them.
> 
> MS makes many big mistakes all the time and we don't even flinch?
Maybe
> vmware should drop the ball daily and we would be happier?
> 
> Man, that's life! Software has bugs, all I know is my history w/ esx
> has always been extremely positive, and even this bug was trivial! Set
> clock back, turn on vm's, set clock forward, **NO** harm done.
> 
> Wow...
> 
> -Original Message-
> From: Ziots, Edward [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 14, 2008 7:16 AM
> To: NT System Admin Issues
> Subject: RE: Looks like Vmware Update 2 is available again.
> 
> Hopefully they unbugged it with the new update accordingly, so you
> don't
> reapply faulty SP...
> 
> Z
> 
> Edward E. Ziots
> Network Engineer
> Lifespan Organization
> MCSE,MCSA,MCP,Security+,Network+,CCA
> Phone: 401-639-3505
> -Original Message-
> From: N Parr [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 14, 2008 8:55 AM
> To: NT System Admin Issues
> Subject: Looks like Vmware Update 2 is available again.
> 
> http://www.vmware.com/download/vi/
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Looks like Vmware Update 2 is available again.

[Tim Evans]

Well, yeah. I guess I got in a hurry and forgot to say that. Isn't it
the default to sync time with the host on ESX?

> -Original Message-
> From: Greg Mulholland [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 14, 2008 4:28 PM
> To: NT System Admin Issues
> Subject: RE: Looks like Vmware Update 2 is available again.
> 
> Only if yours guests are synchronising time with your esx hosts. not
> sure why you would want to do that?
> 
> ________
> From: Tim Evans [EMAIL PROTECTED]
> Sent: Friday, 15 August 2008 12:58 AM
> To: NT System Admin Issues
> Subject: RE: Looks like Vmware Update 2 is available again.
> 
> If you are running a DC virtualized, setting the clock back could have
> an impact.
> 
> ...Tim
> 
> > -Original Message-
> > From: Joseph L. Casale [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, August 14, 2008 7:16 AM
> > To: NT System Admin Issues
> > Subject: RE: Looks like Vmware Update 2 is available again.
> >
> > Dang... vmware makes one little small mistake and the world
unleashes
> > an arse kicking on them.
> >
> > MS makes many big mistakes all the time and we don't even flinch?
> Maybe
> > vmware should drop the ball daily and we would be happier?
> >
> > Man, that's life! Software has bugs, all I know is my history w/ esx
> > has always been extremely positive, and even this bug was trivial!
> Set
> > clock back, turn on vm's, set clock forward, **NO** harm done.
> >
> > Wow...
> >
> > -Original Message-
> > From: Ziots, Edward [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, August 14, 2008 7:16 AM
> > To: NT System Admin Issues
> > Subject: RE: Looks like Vmware Update 2 is available again.
> >
> > Hopefully they unbugged it with the new update accordingly, so you
> > don't
> > reapply faulty SP...
> >
> > Z
> >
> > Edward E. Ziots
> > Network Engineer
> > Lifespan Organization
> > MCSE,MCSA,MCP,Security+,Network+,CCA
> > Phone: 401-639-3505
> > -Original Message-
> > From: N Parr [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, August 14, 2008 8:55 AM
> > To: NT System Admin Issues
> > Subject: Looks like Vmware Update 2 is available again.
> >
> > http://www.vmware.com/download/vi/
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: After-hours work

[Tim Evans]

We have a nice setup here - we get our pick between #4 (paid quarterly)
or #5 (Onsite IT, private industry)

 

...Tim

 

From: Durf [mailto:[EMAIL PROTECTED] 
Sent: Saturday, August 16, 2008 8:07 AM
To: NT System Admin Issues
Subject: After-hours work

 

Hey all,

Taking a little informal poll about compensation for after hours /
weekend works.  This is mostly geared at consultants, so if you're an
onsite IT guy, please indicate.


If you work after-hours on-call, or are expected to carry the beeper,
how are you compensated?

1. None, just man up and be an IT cowboy and glad you have a job.
2. Flat fee for being on-call.
3. Overtime or time-and-a-half bonus for hours actually worked.
4. Straight hourly at my normal rate
5. Flex time - no extra compentation, but I come in late the next day /
take a day off later in the week. 

Thanks all.   Yes, I'm on the beeper this weekend (OK, there's no actual
beeper) so it's on my mind. :) 

-- Durf

-- 
--
Give a man a fish, and he'll eat for a day. 
Give a fish a man, and he'll eat for weeks!

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Scripted uninstalls - MSIEXEC

[Tim Evans]

While I haven't tested it on an uninstall, MsiExec V 3.01.4001.5512 has
a /norestart option. I know that it works on installs. Have you tried
that?

 

...Tim

 

From: Carl Houseman [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 22, 2008 10:42 AM
To: NT System Admin Issues
Subject: Scripted uninstalls - MSIEXEC

 

I'm writing a script to remove certain unwanted software, some of which
installs with MSIEXEC.  I want to uninstall silently without user
involvement.

 

So my script goes out and gets the UninstallString from the registry and
I've already found that sometimes these specify /X and other times they
specify /I, so I'm replacing /I with /X and adding /Q.  That all works
fine, but...

 

If a reboot is required, the workstation reboots immediately. 

 

I want the reboot to be postponed until I've uninstalled all things that
need to be uninstalled and I'm not seeing any command line switch for
MSIEXEC to skip the reboot after a quiet uninstall.   Anything
undocumented out there?  Or some alternative means of batch-uninstalling
multiple programs with postponed reboot?

 

Or maybe I don't even need to worry about a reboot because the script
runs as a machine startup script?  I'm still testing interactively.

 

Thanks,

Carl

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Scripted uninstalls - MSIEXEC

[Tim Evans]

You're quire a kidder there, Carl. Complete documentation from
Microsoft?

 

I don't know of any complete docs on it, but I can usually find what I
need at appdeploy.com. You might find something useful on the MSDN
Windows Installer home page at
http://msdn.microsoft.com/en-us/library/aa372866.aspx

 

I've never seen anything on the Suppress and ReallySuppress options that
others have mentioned, but If got to ask: "ReallySuppress"? If I put in
Suppress don't you think I mean it or do people joke about that stuff in
their scripts?

 

...Tim

 

From: Carl Houseman [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 22, 2008 11:52 AM
To: NT System Admin Issues
Subject: RE: Scripted uninstalls - MSIEXEC

 

Thanks Tim... No, stupid me, I was expecting this online documentation
to be complete:

 

http://technet.microsoft.com/en-us/library/bb490936.aspx

 

I should have thought to type "msiexec /?".

 

Do you know of any complete online docs?  I'm wondering about multiple
/X on the same command line, and an errorlevel or some way to determine
that a restart is needed.  I guess I can probably look in the registry
somewhere to see if something has been established to happen on reboot.

 

Thanks!

Carl

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 22, 2008 2:36 PM
To: NT System Admin Issues
Subject: RE: Scripted uninstalls - MSIEXEC

 

While I haven't tested it on an uninstall, MsiExec V 3.01.4001.5512 has
a /norestart option. I know that it works on installs. Have you tried
that?

 

...Tim

 

From: Carl Houseman [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 22, 2008 10:42 AM
To: NT System Admin Issues
Subject: Scripted uninstalls - MSIEXEC

 

I'm writing a script to remove certain unwanted software, some of which
installs with MSIEXEC.  I want to uninstall silently without user
involvement.

 

So my script goes out and gets the UninstallString from the registry and
I've already found that sometimes these specify /X and other times they
specify /I, so I'm replacing /I with /X and adding /Q.  That all works
fine, but...

 

If a reboot is required, the workstation reboots immediately. 

 

I want the reboot to be postponed until I've uninstalled all things that
need to be uninstalled and I'm not seeing any command line switch for
MSIEXEC to skip the reboot after a quiet uninstall.   Anything
undocumented out there?  Or some alternative means of batch-uninstalling
multiple programs with postponed reboot?

 

Or maybe I don't even need to worry about a reboot because the script
runs as a machine startup script?  I'm still testing interactively.

 

Thanks,

Carl

 

 

 

 

 

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Quick MS Access Question

[Tim Evans]

It's been a long time since I dealt with this (Access 98?), but I believe you 
need to enable workgroup mode on the notebook that is hosting the database. 
Even though the file is not opened exclusive, Access writes to a LDB lock file 
that other instances will respect.

...Tim

From: James Kerr [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2008 12:54 PM
To: NT System Admin Issues
Subject: Re: Quick MS Access Question

Basically we can only open the database on one PC at a time. The database is 
set to "shared" and set to "no locks" and "open databases using record level 
locking". There is nothing setup in security in security for the database. The 
share has full control for "everyone"  and doesn't inherit permissions. The 
weird thing is that we use this file once a year, we clear it out every year of 
its data, rename it and its all good. I tried grabbing an older version of the 
file from a few years back and I have the same problem. Of course this is now a 
high priority and I will be working on this through the weekend because its 
needed for our biggest fundraiser. :-\

James
- Original Message -
From: James Kerr
To: NT System Admin Issues
Sent: Friday, November 21, 2008 2:09 PM
Subject: Quick MS Access Question

I have 4 notebooks. One has a share and in that share is a MS access file. The 
notebooks can open the database fine but not if the note with the database has 
it opened first. The file isnt getting opened exclusivly. Any ideas?

James











~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Quick MS Access Question

[Tim Evans]

Workgroup mode is a feature of MS Access. You don't say what version you are 
using, but for Access 2007, here are a couple of KB articles that explain how 
it works:
http://support.microsoft.com/kb/305542
http://support.microsoft.com/kb/918583




...Tim

From: James Kerr [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2008 1:25 PM
To: NT System Admin Issues
Subject: Re: Quick MS Access Question

I dont know what workgroup mode might be but they are setup as a windows 
workgroup. I found out something more though. If I open the database using 
File/Open it works fine it just wont work if you click on the file itself or 
create a shortcut to the file which I find odd. I dont know, maybe its to have 
to be like that this year.
- Original Message -
From: Tim Evans<mailto:[EMAIL PROTECTED]>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Friday, November 21, 2008 4:00 PM
Subject: RE: Quick MS Access Question

It's been a long time since I dealt with this (Access 98?), but I believe you 
need to enable workgroup mode on the notebook that is hosting the database. 
Even though the file is not opened exclusive, Access writes to a LDB lock file 
that other instances will respect.

...Tim

From: James Kerr [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2008 12:54 PM
To: NT System Admin Issues
Subject: Re: Quick MS Access Question

Basically we can only open the database on one PC at a time. The database is 
set to "shared" and set to "no locks" and "open databases using record level 
locking". There is nothing setup in security in security for the database. The 
share has full control for "everyone"  and doesn't inherit permissions. The 
weird thing is that we use this file once a year, we clear it out every year of 
its data, rename it and its all good. I tried grabbing an older version of the 
file from a few years back and I have the same problem. Of course this is now a 
high priority and I will be working on this through the weekend because its 
needed for our biggest fundraiser. :-\

James
- Original Message -
From: James Kerr<mailto:[EMAIL PROTECTED]>
To: NT System Admin Issues<mailto:ntsysadmin@lyris.sunbelt-software.com>
Sent: Friday, November 21, 2008 2:09 PM
Subject: Quick MS Access Question

I have 4 notebooks. One has a share and in that share is a MS access file. The 
notebooks can open the database fine but not if the note with the database has 
it opened first. The file isnt getting opened exclusivly. Any ideas?

James





















~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~