I have a copy of Win95 Rev 1 on 13 floppies :)
-----Original Message----- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Monday, October 17, 2011 4:44 PM To: NT System Admin Issues Subject: Re: Macs and vunerabilities HA! I think I still have a copy of Windows 98 SE somewhere around here... --Matt Ross Ephrata School District ----- Original Message ----- From: Bill Humphries [mailto:nt...@hedgedigger.com]<mailto:[mailto:nt...@hedgedigger.com]> To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com]<mailto:[mailto:ntsysadmin@lyris.sunbelt-software.com]> Sent: Mon, 17 Oct 2011 13:00:24 -0700 Subject: Re: Macs and vunerabilities > I have a Mac SE in my attic. I think it needs a harddrive. i hope i > still have the system 7 OS floppies. > > Bill > > > David Lum wrote: > > In this environment do you have a "Mac SE" and a "Windows SE", or > > does the > same person manage both? Seems to be adding quite a bit to one's plate. > > > > -----Original Message----- > > From: David Lum > > [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> > > Sent: Monday, October 17, 2011 9:07 AM > > To: NT System Admin Issues > > Subject: RE: Macs and vunerabilities > > > > Thanks for all this information Matt, it's greatly appreciated!! > > > > -----Original Message----- > > From: Matthew W. Ross > > [mailto:mr...@ephrataschools.org]<mailto:[mailto:mr...@ephrataschools.org]> > > Sent: Monday, October 17, 2011 8:57 AM > > To: NT System Admin Issues > > Subject: RE: Macs and vunerabilities > > > > You are correct, many of these things you cannot do from a Active > Directory. There may be a few tricks you can use to force some of > these (login scripts, remote ssh, etc.) but I'm sure you're more > interested in something a little more centralized. > > > > If you want the Apple solution, check out Open Directory and Apple > > Remote > Desktop. > > > > Open Directory is a component of Mac OS X Server, and it is Apple's > attempt at a directory service ala Active Directory, but for Macs. If > you do go this route, I recommend joining the Macs to both your Active > Directory and the Open directory at the same time. Have your user's > login using their AD credentials, while the Macs get their settings > from OD. This is what's know in the mac IT circles as the "Golden Triangle". > > > > Apple Remote Desktop is, at first glance, your basic remote desktop app. > But, it's also your software deployment suite and your software inventory. > (As an aside, I wish there was an equivalent to Apple Remote Desktop > for windows PCs. Perhaps there is, but not without a per-client cost.) > Have a .pkg that needs to be installed? Install it silently on every > computer you can see online. Need it installed on offline computers? > Set up ARD to do it automatically when it sees the Macs are seen on the > network. > > > > These solutions are fairly inexpensive, thanks to the aggressive > > price > drops by apple. You need a Mac running Lion (Costs depend on weather > you have this already and could be $0), the Lion Server update from > apple > ($49.99) and optionally Apple Remote Desktop ($79.99, unlimited clients). > > > > If you don't want to go with the Apple provided solution, there are > > other > methods of making this work. Check out Puppet from Puppet Labs and > ADmitMac from Thursby. > > > > --- > > > > Now that that's said, we here have not moved to Mac OS X Lion > > (10.7). As > of their most recent patch, it appears they have finally resolved some > of their active directory integration issues. We as a district are > moving away from Macs, simply because of their initial costs are difficult to > bear. > Supporting a Mac's software is easy. Supporting the hardware can be a > nightmare. > > > > I hope some of this information is useful to you. > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: David Lum > > [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> > > To: NT System Admin Issues > > [mailto:ntsysadmin@lyris.sunbelt-software.com]<mailto:[mailto:ntsysadmin@lyris.sunbelt-software.com]> > > Sent: Mon, 17 Oct 2011 > > 08:16:43 -0700 > > Subject: RE: Macs and vunerabilities > > > > > > > >> My concern is all the above. As currently implemented, Mac's on our > >> network are no different than users home Windows laptops being > >> allowed to directly connect to our network. I can't imagine anyone > >> here would say "go ahead and hook your home laptop directly to my > >> LAN and don't bother joining to the domain". > >> > >> I can't audit what's on them for software license compliance > >> reporting I can't apply GPO's (autoconfigure wireless, browser > >> settings/favorites, > >> etc) > >> I can't remotely deploy software (via GPO or SMS) I can't enforce > >> anti-virus I can't patch Flash, Java, etc > >> > >> Dave > >> > >> -----Original Message----- > >> From: Matthew W. Ross > >> [mailto:mr...@ephrataschools.org]<mailto:[mailto:mr...@ephrataschools.org]> > >> Sent: Monday, October 17, 2011 8:07 AM > >> To: NT System Admin Issues > >> Subject: RE: Macs and vunerabilities > >> > >> David, from what direction are your concerns coming from? > >> > >> Are you concerned how to patch the macs? > >> Are you concerned about antivirus? > >> Are you concerned about controlling what the Macs are allowed to do? > >> > >> I'm just trying to understand, and perhaps help. > >> > >> > >> --Matt Ross > >> Ephrata School District > >> > >> > >> ----- Original Message ----- > >> From: David Lum > >> [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> > >> To: NT System Admin Issues > >> [mailto:ntsysadmin@lyris.sunbelt-software.com]<mailto:[mailto:ntsysadmin@lyris.sunbelt-software.com]> > >> Sent: Thu, 13 Oct 2011 > >> 15:01:20 -0700 > >> Subject: RE: Macs and vunerabilities > >> > >> > >> > >>> Well, we're getting a Mac invasion here and there is zero apparent > >>> concern for managing these things or worrying about vulnerabilities. > >>> To get to AD resources they're standing up Win7 VM's but doing as > >>> much work as possible on the native MacOS. > >>> > >>> They can get to the Internet, file shares, printers, e-mail, etc > >>> on native Mac but I just have alarms going off in my head > >>> "unmanaged machines with no idea what intellectual property is on them". > >>> > >>> Dave > >>> > >>> From: kz2...@googlemail.com<mailto:kz2...@googlemail.com> > >>> [mailto:kz2...@googlemail.com]<mailto:[mailto:kz2...@googlemail.com]> > >>> Sent: Thursday, October 13, 2011 2:49 PM > >>> To: NT System Admin Issues > >>> Subject: Re: Macs and vunerabilities > >>> > >>> I remember the big "mac virus" recently was socially engineered - > >>> but that's definitely the mac's biggest vulnerability. Given that > >>> mac users generally believe they are invulnerable, its an arguably > >>> bigger vector than the same one on a Windows system. > >>> > >>> Sent from my POS BlackBerry wireless device, which may wipe itself > >>> at any moment > >>> > >>> ________________________________ > >>> From: David Lum > >>> <david....@nwea.org<mailto:david....@nwea.org<mailto:david....@nwea.org%3cmailto:david....@nwea.org>>> > >>> Date: Thu, 13 Oct 2011 21:45:39 +0000 > >>> To: NT System Admin > >>> Issues<ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyr > >>> is > >>> .s > >>> unbelt-software.com>> > >>> ReplyTo: "NT System Admin Issues" > >>> <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysad...@lyris.sun > >>> be > >>> lt > >>> -software.com>> > >>> Subject: Macs and vunerabilities > >>> > >>> Does anyone have a link to an article or two that shows > >>> vulnerabilities that have actually been exploited? Preferably not > >>> a random > >>> > >> blog post... > >> > >>> David Lum > >>> Systems Engineer // NWEATM > >>> Office 503.548.5229 // Cell (voice/text) 503.267.9764 > >>> > >>> > >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>> > >>> --- > >>> To manage subscriptions click here: > >>> http://lyris.sunbelt-software.com/read/my_forums/ > >>> or send an email to > >>> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sun<mailto:listmana...@lyris.sunbeltsoftware.com%3cmailto:listmana...@lyris.sun> > >>> be > >>> lt > >>> software.com> > >>> with the body: unsubscribe ntsysadmin > >>> > >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>> > >>> --- > >>> To manage subscriptions click here: > >>> http://lyris.sunbelt-software.com/read/my_forums/ > >>> or send an email to > >>> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sun<mailto:listmana...@lyris.sunbeltsoftware.com%3cmailto:listmana...@lyris.sun> > >>> be > >>> lt > >>> software.com> > >>> with the body: unsubscribe ntsysadmin > >>> > >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>> > >>> --- > >>> To manage subscriptions click here: > >>> http://lyris.sunbelt-software.com/read/my_forums/ > >>> or send an email to > >>> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > >>> with the body: unsubscribe ntsysadmin > >>> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to > >> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > >> with the body: unsubscribe ntsysadmin > >> > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to > >> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > >> with the body: unsubscribe ntsysadmin > >> > >> > >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to > > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > > with the body: unsubscribe ntsysadmin > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin