How about telling them to discover if their apps works in a winpe boot prompt ?
or even a BartPE disc ?
----- Original Message -----
From: Christopher Bodnar
To: NT System Admin Issues
Sent: Monday, December 27, 2010 4:08 PM
Subject: RE: OT: NTL M and bootable DOS CD
Good luck Edward, and let me know how it turns out for you. Again, I'm going
to try and fight this, but knowing our management, I'm not optimistic about my
chances of winning.
Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
From: "Ziots, Edward" <ezi...@lifespan.org>
To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>
Date: 12/27/2010 12:57 PM
Subject: RE: OT: NTL M and bootable DOS CD
------------------------------------------------------------------------------
Chris, we are seeing the same thing here with our techs, saying there boot
disks aren’t working after they change their passwords, since we are Win2k8 R2
DFL/FFL, the authentication requirement default is higher than the NTLM and LM
hashes of old, which I can agree that they need to get there boot disks or
deployment process up to the 21st century.
IN same boat as you, not changing domain wide settings to allow folks to
ghost stuff with old boot disk, there are better tools ( WIM, WINPE etc etc)
Z
Edward E. Ziots
CISSP, Network +, Security +
Network Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Monday, December 27, 2010 12:31 PM
To: NT System Admin Issues
Cc: NT System Admin Issues
Subject: Re: OT: NTL M and bootable DOS CD
I'm definitely going to try and fight this, from a security perspective it's
a no brainer. The issue will be that the desktop group will say this will push
back the deployment of existing systems by a month while they engineer a new
process. Almost no way to fight that unless our group is willing to take over
the responsibility of doing that work, which we could easily do. Just hate
knowing that those guys will put up this road block on something that should
take them less than a day to do. I'd love for their management to step in and
say " you know what? You are right. we need to redo this process and it's not
going to take us a month to do it. we'll have it done by end of the week!"
Never going to happen.
Chris Bodnar, MCSE
Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
From: Kurt Buff <kurt.b...@gmail.com>
To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>
Date: 12/27/2010 11:37 AM
Subject: Re: OT: NTL M and bootable DOS CD
------------------------------------------------------------------------------
Uh, you've already proved that your way works.
I'd call a meeting, go over their setup with them and identify the
points that need improving.
I'll bet that the re-engineering isn't really all that much, and that
the end result will actually be faster and better installs.
Kurt
On Mon, Dec 27, 2010 at 07:32, Christopher Bodnar
<christopher_bod...@glic.com> wrote:
> Sorry, just venting:
>
> OK, so we implemented our new SCCM infrastructure about 9 months ago (all
> W2K8 servers). Almost done with the migration from our old SMS 2003
> infrastructure (W2K3 R2 servers). I get a request from our desktop guys last
> week to create a few shares on the new SCCM servers to hold the workstation
> images. No problem. So I get a call from the desktop guys saying they can't
> access the new shares. I ask them how they are being accessed. They say from
> a bootable DOS CD. I thought them meant WinPE, so I tested that, and
> verified there are no issues. Go back to the desktop guys and they say, no
> it's really DOS 6.22 using NDIS 2.0. So I start looking into it and found
> that the old SMS servers have a GPO setting that allows NTLM connections,
> the rest of the network doesn't. I was not aware of this. Our currently
> policy is to allow NTLMv2 only, and refuse LM and NTLM. I ask them if they
> can move to WinPE. They tell me the engineering involved will be too much
> work. So now the question is..... do I put up a fight and go to our Security
> group and tell them I want to keep NTLMv2, and have the desktops guys
> re-engineer the process? My guess is that I'll be over ruled, and be forced
> to allow NTLM for the new SCCM servers.
>
> Uggghhhh.........
>
>
>
> Chris Bodnar, MCSE
> Systems Engineer
> Distributed Systems Service Delivery - Intel Services
> Guardian Life Insurance Company of America
> Email: christopher_bod...@glic.com
> Phone: 610-807-6459
> Fax: 610-807-6003 ----------------------------------------- This message,
> and any attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are notified that any
> use, dissemination, distribution, copying, or communication of this message
> is strictly prohibited. If you have received this message in error, please
> notify the sender immediately by return e-mail and delete the message and
> any attachments. Thank you.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
----------------------------------------- This message, and any attachments
to it, may contain information that is privileged, confidential, and exempt
from disclosure under applicable law. If the reader of this message is not the
intended recipient, you are notified that any use, dissemination, distribution,
copying, or communication of this message is strictly prohibited. If you have
received this message in error, please notify the sender immediately by return
e-mail and delete the message and any attachments. Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
