Re: [ActiveDir] Very OT: Server room fire suppression
Our pre-action water system will only kick in when the temperature in that "zone" reaches a certain threashold. The heads are wax and melt. There is no water in the pipes until fire is detected, then they're flooded and are in stand-by until a head releases. We also have an FM-200 fire suppression system. This is not harmful to any equipment or to personnel. The problem is that these gaseous systems are typically a one shot deal. If it fails to extinguish the fire, or the fire restarts, you're SOL. Insurance companies (and most likely local codes) like to see the water system. Its not really there to save your data center. The pre-action water system is in place to save the rest of your building if your primary fails... We recently relocated and refurbished a 5000 sq data center. The previous owner only had water installed. Compared to the overall cost of data center infrastructure, I don't believe that the gaseous suppression systems are very expensive... they're not cheap :) When redesigning the room, I used Sun Blueprints "Enterprise Data Center Design and Methodology" book as a reference. I found it very informative. I highly recommend picking this up. Good luck, Jason Noah Eiger wrote: > Hello: > > I am outfitting a ground-up server room install for a medium-size business > (fewer than 200 employees). The entire building is being built from the > ground up. The architects claim that they have done many server rooms and > none have used anything but water-based systems. I also realize that "clean > agent" systems are very expensive. I have done some reading about > "pre-action water systems" that seems to allow a little delay before going > off. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT: Server room fire suppression
Apparently its been found that the non-water based systems are just as bad as the water based ones for the electronics, and generally much worse for the living occupants of the room. Preaction systems are a must - basically the water lines IN the data center are dry - they are only pressurized when they "go off". Roger SeielstadE-mail Geek From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah EigerSent: Friday, April 01, 2005 6:00 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Server room fire suppression Hello: Sorry for the very OT, but knowing what I know about this list, there will be plenty of opinions about this one. I am outfitting a ground-up server room install for a medium-size business (fewer than 200 employees). The entire building is being built from the ground up. The architects claim that they have done many server rooms and none have used anything but water-based systems. I also realize that "clean agent" systems are very expensive. I have done some reading about "pre-action water systems" that seems to allow a little delay before going off. Any thoughts on this topic are welcome. Again, sorry for the OT. Thanks. -- nme
Re: [ActiveDir] Very OT: Server room fire suppression
Interesting discussion here about just that subject: http://itmanager.blogs.com/notes/2004/05/fire_suppressio.html These guys either have a very powerful PR department, or they have received a lot of good writeups... http://www.periphman.com/fire/computer-room-fire-suppression1.shtml On Apr 1, 2005 6:00 PM, Noah Eiger <[EMAIL PROTECTED]> wrote: > > > Hello: > > > > Sorry for the very OT, but knowing what I know about this list, there will > be plenty of opinions about this one. > > > > I am outfitting a ground-up server room install for a medium-size business > (fewer than 200 employees). The entire building is being built from the > ground up. The architects claim that they have done many server rooms and > none have used anything but water-based systems. I also realize that "clean > agent" systems are very expensive. I have done some reading about > "pre-action water systems" that seems to allow a little delay before going > off. > > > > Any thoughts on this topic are welcome. Again, sorry for the OT. > > > > Thanks. > > > > -- nme > > -- Kat Collins - "The Email of the species is more powerful than the Mail!" "The human voice is the organ of the soul." Henry Wadsworth Longfellow List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants
Unfortunately, Michael you are buying (not taking) the six-pack J When I say “my typical client”, I was referring to the Administrator, not the end-user. My clients are corporations. Their admin invests about 4 hours ( am being generous here) in installing and configuring the application, and enrolling users to be protected in a typical 1000-user environment.. That’s the end of the whole exercise. Massaging LDAP and, verifying proxyaddresses, changing MX records, etc are all cruds, IMO. When a solution takes such involvement to manage/administer/operate, there is significant devaluation of its usefulness and I can then understand why someone would need to outsource. But when you have an essentially “install, configure and forget” solution, outsourcing becomes incomprehensible, again IMO. Now, we just need to arrange a location for my six-pack pick up. :-p Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Saturday, March 12, 2005 7:42 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants I'll certainly take the six-pack. :-) My solution takes no effort on the end-user side -- it's MY time I was referring to. :-/ We interface to A/D with LDAP and verify that the proxyaddress is valid in A/D and build a user record on the gateway server. No biggie to them. But with thousands of users, they asking how to access their quarantine in real-time (ignoring the daily email that comes out containing those instructions as well as the content of their individual quarantines)daily support is high-touch. If IMF had existed when we got into this business, we may not have done so to start with, and so far I'm disappointed with IMF so perhaps we would have anyway. We chose to keep the spam/virii/forbidden attachments off the Exchange servers, and I've always been happy about that decision. But care and feeding of the anti-spam servers requires bunches more support than Exchange does. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, March 11, 2005 10:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants Michael, I respectfully disagree. My typical client spends about 45 installing and configuring my solution. No infrastructure changes required. My typical client then spends about 1 hour enrolling their users to be protected by the solution – the solution is not an opt-in, meaning that you consciously add in the mailboxes you want protected. My typical client then pops champagne and celebrates. The only time he/she visits the console of the product again is when he wants to add a new user or remove someone. No administration, no baby-sitting. As long as your Exchange is talking to your AD and you mail is flowing and your data center is not burning down – all dependencies outside the control of my product – you do not need to train or teach my product or download any signature or dictionary. The SPAM does not sit in your server UNLESS you want it to sit there. They do not clog your users mailboxes either. I will see your solution and raise you a six-pack J Anti-SPAM != rocket science. It needs not be advertised or implemented as such. Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Friday, March 11, 2005 7:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants I'm an anti-spam solution provider as well (as well as a hosted Exchange provider). I can tell you that I spend more time maintaining my anti-spam services (only two servers) than I do my Exchange farm. It's a high-touch, high-support business. Nobody guarantees anything. It's a "best effort" business. (That's really what the contracts say...) I think that my "best effort" is probably better than a LOT of email admins out there. I suppose I could be fooling myself though. Having the spam reside on my servers in quarantine though - it definitely reduces bandwidth requirements on the part of my clients. For some of them, it's a significant difference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, March 11, 2005 9:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants You could add FUD to that list for many orgs. There was also a time where MBA/MGMT wanted to outsource for best in class focus (think Brightmail). Those days are behind us with the concept of black-box implementations and such, but that doesn't change the mindset. FWIW, I don't buy the lowered bandwidth concept that comes across unless they can guarantee that I
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants
I'll certainly take the six-pack. :-) My solution takes no effort on the end-user side -- it's MY time I was referring to. :-/ We interface to A/D with LDAP and verify that the proxyaddress is valid in A/D and build a user record on the gateway server. No biggie to them. But with thousands of users, they asking how to access their quarantine in real-time (ignoring the daily email that comes out containing those instructions as well as the content of their individual quarantines)daily support is high-touch. If IMF had existed when we got into this business, we may not have done so to start with, and so far I'm disappointed with IMF so perhaps we would have anyway. We chose to keep the spam/virii/forbidden attachments off the Exchange servers, and I've always been happy about that decision. But care and feeding of the anti-spam servers requires bunches more support than Exchange does. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, March 11, 2005 10:55 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants Michael, I respectfully disagree. My typical client spends about 45 installing and configuring my solution. No infrastructure changes required. My typical client then spends about 1 hour enrolling their users to be protected by the solution – the solution is not an opt-in, meaning that you consciously add in the mailboxes you want protected. My typical client then pops champagne and celebrates. The only time he/she visits the console of the product again is when he wants to add a new user or remove someone. No administration, no baby-sitting. As long as your Exchange is talking to your AD and you mail is flowing and your data center is not burning down – all dependencies outside the control of my product – you do not need to train or teach my product or download any signature or dictionary. The SPAM does not sit in your server UNLESS you want it to sit there. They do not clog your users mailboxes either. I will see your solution and raise you a six-pack J Anti-SPAM != rocket science. It needs not be advertised or implemented as such. Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. SmithSent: Friday, March 11, 2005 7:14 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants I'm an anti-spam solution provider as well (as well as a hosted Exchange provider). I can tell you that I spend more time maintaining my anti-spam services (only two servers) than I do my Exchange farm. It's a high-touch, high-support business. Nobody guarantees anything. It's a "best effort" business. (That's really what the contracts say...) I think that my "best effort" is probably better than a LOT of email admins out there. I suppose I could be fooling myself though. Having the spam reside on my servers in quarantine though - it definitely reduces bandwidth requirements on the part of my clients. For some of them, it's a significant difference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, March 11, 2005 9:55 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants You could add FUD to that list for many orgs. There was also a time where MBA/MGMT wanted to outsource for best in class focus (think Brightmail). Those days are behind us with the concept of black-box implementations and such, but that doesn't change the mindset. FWIW, I don't buy the lowered bandwidth concept that comes across unless they can guarantee that I won't lose VALID mail. Not having a tech involved would be intriguing; I'd want to see the level of service they actually get vs. what they perceive that they get. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 2:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Hi Deji, I've been on both sides of the fence in the past year. Ultimatly the main reason for this was the time required by the admins to implement this solution which was minimal. They (the powers that be) found that outsourcing the tech was way cheaper than paying for an appliance etc... They thought that they could save some bandwith this way and put some stress out of our mail servers So, cost and administration overhead were probably the major factors behind this. Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: 11 mars 2005 13:41To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- N
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants
Al, Would you mind defining “lose”? If a solution does not auto-delete your spams, leaves the decision to you, gives you a report of the spam – with sender info and subject – periodically, is that considered “lose”. Now, if it does all these without any admin intervention or helpdesk call, does this qualify as value-add? Having being on both side or the SPAM warfare, I am surprised at how little people know about it. I guess I should not be given that Virus has been with us for so longer and AV companies are still playing catch-up. Wrt the level of service, the problem with outsourced Anti-SPAM can be likened to the problem with your cell phone service contracts. You go into the shop and sign a one- or two-year contract for a “cutting-edge, fully-loaded service”. You take the phone home and find out that it does not work in your house. Worse, it does not work in many places where you need it the most. You are not pleased, you are disappointed, but more so you are seriously P.O.’ed because you can’t cancel the service without serious consequences (a.k.a. early termination charges). So, you suck it up and count down the days. With outsourced services, the infrastructure changes and upfront investment is what keep many companies locked into it. So also is the potential loss of face/ego. I am speaking from experience. Ultimately, they tend to get insourced once a viable alternative has been discovered and the decision maker is not too proud to eat crow. Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, March 11, 2005 6:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants You could add FUD to that list for many orgs. There was also a time where MBA/MGMT wanted to outsource for best in class focus (think Brightmail). Those days are behind us with the concept of black-box implementations and such, but that doesn't change the mindset. FWIW, I don't buy the lowered bandwidth concept that comes across unless they can guarantee that I won't lose VALID mail. Not having a tech involved would be intriguing; I'd want to see the level of service they actually get vs. what they perceive that they get. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Friday, March 11, 2005 2:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Hi Deji, I've been on both sides of the fence in the past year. Ultimatly the main reason for this was the time required by the admins to implement this solution which was minimal. They (the powers that be) found that outsourcing the tech was way cheaper than paying for an appliance etc... They thought that they could save some bandwith this way and put some stress out of our mail servers So, cost and administration overhead were probably the major factors behind this. Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 11 mars 2005 13:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Something tells me I shouldn’t be asking this, but the phrase “outsource Anti-SPAM” – and the recent news about MCDonald “OUTSOURCE” drive-through order processing – just make the question irresistible. Why would anyone outsource Anti-SPAM? If your mail service is outsourced, too, that would be somewhat understandable, although not justifiable, IMO. If you host and manage your mail infrastructure, what is the logic behind outsourcing Anti-SPAM? I realize that you guys may not be responsible for making the calls on this, but I am also interested in knowing the reasoning that drove the final decision maker into making that decision. Is it the administration overhead? Is it the cost? Is it the effectiveness? For the record, I am an Anti-SPAM solution provider, and it bothers me that people would give control of their mail-infrastructure out to an external party for such simple task as SPAM protection. Could this be because most of the solutions out there suck in one form or another? What is it? Deji [getting off his soap-box now] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Friday, March 11, 2005 10:12 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Binding to ldap process.. While we haven't outsourced our anti-spam stuff, we're in the same boat with the AD address validation. We're likely going to spin up an ADAM instance and have the queries run against that, so that 1) we can control what information the anti-spam software has access to and 2) it's not directly touching our DCs/GCs. It also lets you keep your DCs out of the DMZ. Something you may want to
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants
Michael, I respectfully disagree. My typical client spends about 45 installing and configuring my solution. No infrastructure changes required. My typical client then spends about 1 hour enrolling their users to be protected by the solution – the solution is not an opt-in, meaning that you consciously add in the mailboxes you want protected. My typical client then pops champagne and celebrates. The only time he/she visits the console of the product again is when he wants to add a new user or remove someone. No administration, no baby-sitting. As long as your Exchange is talking to your AD and you mail is flowing and your data center is not burning down – all dependencies outside the control of my product – you do not need to train or teach my product or download any signature or dictionary. The SPAM does not sit in your server UNLESS you want it to sit there. They do not clog your users mailboxes either. I will see your solution and raise you a six-pack J Anti-SPAM != rocket science. It needs not be advertised or implemented as such. Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Friday, March 11, 2005 7:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants I'm an anti-spam solution provider as well (as well as a hosted Exchange provider). I can tell you that I spend more time maintaining my anti-spam services (only two servers) than I do my Exchange farm. It's a high-touch, high-support business. Nobody guarantees anything. It's a "best effort" business. (That's really what the contracts say...) I think that my "best effort" is probably better than a LOT of email admins out there. I suppose I could be fooling myself though. Having the spam reside on my servers in quarantine though - it definitely reduces bandwidth requirements on the part of my clients. For some of them, it's a significant difference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Friday, March 11, 2005 9:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants You could add FUD to that list for many orgs. There was also a time where MBA/MGMT wanted to outsource for best in class focus (think Brightmail). Those days are behind us with the concept of black-box implementations and such, but that doesn't change the mindset. FWIW, I don't buy the lowered bandwidth concept that comes across unless they can guarantee that I won't lose VALID mail. Not having a tech involved would be intriguing; I'd want to see the level of service they actually get vs. what they perceive that they get. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Friday, March 11, 2005 2:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Hi Deji, I've been on both sides of the fence in the past year. Ultimatly the main reason for this was the time required by the admins to implement this solution which was minimal. They (the powers that be) found that outsourcing the tech was way cheaper than paying for an appliance etc... They thought that they could save some bandwith this way and put some stress out of our mail servers So, cost and administration overhead were probably the major factors behind this. Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 11 mars 2005 13:41 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Something tells me I shouldn’t be asking this, but the phrase “outsource Anti-SPAM” – and the recent news about MCDonald “OUTSOURCE” drive-through order processing – just make the question irresistible. Why would anyone outsource Anti-SPAM? If your mail service is outsourced, too, that would be somewhat understandable, although not justifiable, IMO. If you host and manage your mail infrastructure, what is the logic behind outsourcing Anti-SPAM? I realize that you guys may not be responsible for making the calls on this, but I am also interested in knowing the reasoning that drove the final decision maker into making that decision. Is it the administration overhead? Is it the cost? Is it the effectiveness? For the record, I am an Anti-SPAM solution provider, and it bothers me that people would give control of their mail-infrastructure out to an external party for such simple task as SPAM protection. Could this be because most of the solutions out there suck in one form or another? What is it? Deji [getting off his soap-box now] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Fr
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants
I'm an anti-spam solution provider as well (as well as a hosted Exchange provider). I can tell you that I spend more time maintaining my anti-spam services (only two servers) than I do my Exchange farm. It's a high-touch, high-support business. Nobody guarantees anything. It's a "best effort" business. (That's really what the contracts say...) I think that my "best effort" is probably better than a LOT of email admins out there. I suppose I could be fooling myself though. Having the spam reside on my servers in quarantine though - it definitely reduces bandwidth requirements on the part of my clients. For some of them, it's a significant difference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, AlSent: Friday, March 11, 2005 9:55 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants You could add FUD to that list for many orgs. There was also a time where MBA/MGMT wanted to outsource for best in class focus (think Brightmail). Those days are behind us with the concept of black-box implementations and such, but that doesn't change the mindset. FWIW, I don't buy the lowered bandwidth concept that comes across unless they can guarantee that I won't lose VALID mail. Not having a tech involved would be intriguing; I'd want to see the level of service they actually get vs. what they perceive that they get. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 2:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Hi Deji, I've been on both sides of the fence in the past year. Ultimatly the main reason for this was the time required by the admins to implement this solution which was minimal. They (the powers that be) found that outsourcing the tech was way cheaper than paying for an appliance etc... They thought that they could save some bandwith this way and put some stress out of our mail servers So, cost and administration overhead were probably the major factors behind this. Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: 11 mars 2005 13:41To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Something tells me I shouldn’t be asking this, but the phrase “outsource Anti-SPAM” – and the recent news about MCDonald “OUTSOURCE” drive-through order processing – just make the question irresistible. Why would anyone outsource Anti-SPAM? If your mail service is outsourced, too, that would be somewhat understandable, although not justifiable, IMO. If you host and manage your mail infrastructure, what is the logic behind outsourcing Anti-SPAM? I realize that you guys may not be responsible for making the calls on this, but I am also interested in knowing the reasoning that drove the final decision maker into making that decision. Is it the administration overhead? Is it the cost? Is it the effectiveness? For the record, I am an Anti-SPAM solution provider, and it bothers me that people would give control of their mail-infrastructure out to an external party for such simple task as SPAM protection. Could this be because most of the solutions out there suck in one form or another? What is it? Deji [getting off his soap-box now] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Friday, March 11, 2005 10:12 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. While we haven't outsourced our anti-spam stuff, we're in the same boat with the AD address validation. We're likely going to spin up an ADAM instance and have the queries run against that, so that 1) we can control what information the anti-spam software has access to and 2) it's not directly touching our DCs/GCs. It also lets you keep your DCs out of the DMZ. Something you may want to consider... Hunter From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 10:55 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. Thanks for the reply Joe! The url provided was extremely helpful. The reason I'm asking all of this is because the management has decided to outsource anti-spam technology to a 3rd party that uses our AD to validate e-mail addresses. Unfortunately their "security through obscurity" methods are scaring the crap out of me. They won't disclose the type of bind they are doing agains't one of our GC in the DMZ. I guess I could sniff the incomming traffic and figure out what type of bind they are doing? Thanks, Francis From: [EMAIL PROTEC
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is De ji Rants
You could add FUD to that list for many orgs. There was also a time where MBA/MGMT wanted to outsource for best in class focus (think Brightmail). Those days are behind us with the concept of black-box implementations and such, but that doesn't change the mindset. FWIW, I don't buy the lowered bandwidth concept that comes across unless they can guarantee that I won't lose VALID mail. Not having a tech involved would be intriguing; I'd want to see the level of service they actually get vs. what they perceive that they get. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 2:08 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Hi Deji, I've been on both sides of the fence in the past year. Ultimatly the main reason for this was the time required by the admins to implement this solution which was minimal. They (the powers that be) found that outsourcing the tech was way cheaper than paying for an appliance etc... They thought that they could save some bandwith this way and put some stress out of our mail servers So, cost and administration overhead were probably the major factors behind this. Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: 11 mars 2005 13:41To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Something tells me I shouldn’t be asking this, but the phrase “outsource Anti-SPAM” – and the recent news about MCDonald “OUTSOURCE” drive-through order processing – just make the question irresistible. Why would anyone outsource Anti-SPAM? If your mail service is outsourced, too, that would be somewhat understandable, although not justifiable, IMO. If you host and manage your mail infrastructure, what is the logic behind outsourcing Anti-SPAM? I realize that you guys may not be responsible for making the calls on this, but I am also interested in knowing the reasoning that drove the final decision maker into making that decision. Is it the administration overhead? Is it the cost? Is it the effectiveness? For the record, I am an Anti-SPAM solution provider, and it bothers me that people would give control of their mail-infrastructure out to an external party for such simple task as SPAM protection. Could this be because most of the solutions out there suck in one form or another? What is it? Deji [getting off his soap-box now] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Friday, March 11, 2005 10:12 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. While we haven't outsourced our anti-spam stuff, we're in the same boat with the AD address validation. We're likely going to spin up an ADAM instance and have the queries run against that, so that 1) we can control what information the anti-spam software has access to and 2) it's not directly touching our DCs/GCs. It also lets you keep your DCs out of the DMZ. Something you may want to consider... Hunter From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 10:55 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. Thanks for the reply Joe! The url provided was extremely helpful. The reason I'm asking all of this is because the management has decided to outsource anti-spam technology to a 3rd party that uses our AD to validate e-mail addresses. Unfortunately their "security through obscurity" methods are scaring the crap out of me. They won't disclose the type of bind they are doing agains't one of our GC in the DMZ. I guess I could sniff the incomming traffic and figure out what type of bind they are doing? Thanks, Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: 11 mars 2005 12:17To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. Depends on the auth options chosen. By default, ldp will use kerberos as will my adfind. The auth option is called LDAP_AUTH_NEGOTIATE which is a generic security services (GSS - SPNEGO) provider and will try different mechanisms starting out with kerberos but NTLM is also an option there. You can force it to bind with a simple bind though which is clear text passwords. See http://msdn.microsoft.com/library/default.asp?url=""> and look in the remarks section. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 11:43 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. Thanks for the reply joe, however one last questions remains: Is the process of
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants
Hi Deji, I've been on both sides of the fence in the past year. Ultimatly the main reason for this was the time required by the admins to implement this solution which was minimal. They (the powers that be) found that outsourcing the tech was way cheaper than paying for an appliance etc... They thought that they could save some bandwith this way and put some stress out of our mail servers So, cost and administration overhead were probably the major factors behind this. Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: 11 mars 2005 13:41To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants Something tells me I shouldn’t be asking this, but the phrase “outsource Anti-SPAM” – and the recent news about MCDonald “OUTSOURCE” drive-through order processing – just make the question irresistible. Why would anyone outsource Anti-SPAM? If your mail service is outsourced, too, that would be somewhat understandable, although not justifiable, IMO. If you host and manage your mail infrastructure, what is the logic behind outsourcing Anti-SPAM? I realize that you guys may not be responsible for making the calls on this, but I am also interested in knowing the reasoning that drove the final decision maker into making that decision. Is it the administration overhead? Is it the cost? Is it the effectiveness? For the record, I am an Anti-SPAM solution provider, and it bothers me that people would give control of their mail-infrastructure out to an external party for such simple task as SPAM protection. Could this be because most of the solutions out there suck in one form or another? What is it? Deji [getting off his soap-box now] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Friday, March 11, 2005 10:12 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. While we haven't outsourced our anti-spam stuff, we're in the same boat with the AD address validation. We're likely going to spin up an ADAM instance and have the queries run against that, so that 1) we can control what information the anti-spam software has access to and 2) it's not directly touching our DCs/GCs. It also lets you keep your DCs out of the DMZ. Something you may want to consider... Hunter From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 10:55 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. Thanks for the reply Joe! The url provided was extremely helpful. The reason I'm asking all of this is because the management has decided to outsource anti-spam technology to a 3rd party that uses our AD to validate e-mail addresses. Unfortunately their "security through obscurity" methods are scaring the crap out of me. They won't disclose the type of bind they are doing agains't one of our GC in the DMZ. I guess I could sniff the incomming traffic and figure out what type of bind they are doing? Thanks, Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: 11 mars 2005 12:17To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. Depends on the auth options chosen. By default, ldp will use kerberos as will my adfind. The auth option is called LDAP_AUTH_NEGOTIATE which is a generic security services (GSS - SPNEGO) provider and will try different mechanisms starting out with kerberos but NTLM is also an option there. You can force it to bind with a simple bind though which is clear text passwords. See http://msdn.microsoft.com/library/default.asp?url=""> and look in the remarks section. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis OuelletSent: Friday, March 11, 2005 11:43 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. Thanks for the reply joe, however one last questions remains: Is the process of binding to the GC (in the case I'm connecting to port 3268) different from say: A user authentication to AD when logging on to a workstation? Does it use the same kerberos ticket system? Thanks!! Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: 11 mars 2005 11:28To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Binding to ldap process.. You have two major functions in this area 1. Connect. This is where you specify the server, port, and network protocol you want to use. If you select connectionless you are using UDP, otherwise you are using TCP. For most folks, UDP is useless, so you may not want to play with it too much. You can also specify an SSL connection. Until you work out the basics, don't worry about it. 2. Bind.
RE: [ActiveDir] VERY OT -WAS Binding to ldap process..- NOW is Deji Rants
Something tells me I shouldn’t be asking this, but the phrase “outsource Anti-SPAM” – and the recent news about MCDonald “OUTSOURCE” drive-through order processing – just make the question irresistible. Why would anyone outsource Anti-SPAM? If your mail service is outsourced, too, that would be somewhat understandable, although not justifiable, IMO. If you host and manage your mail infrastructure, what is the logic behind outsourcing Anti-SPAM? I realize that you guys may not be responsible for making the calls on this, but I am also interested in knowing the reasoning that drove the final decision maker into making that decision. Is it the administration overhead? Is it the cost? Is it the effectiveness? For the record, I am an Anti-SPAM solution provider, and it bothers me that people would give control of their mail-infrastructure out to an external party for such simple task as SPAM protection. Could this be because most of the solutions out there suck in one form or another? What is it? Deji [getting off his soap-box now] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Friday, March 11, 2005 10:12 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Binding to ldap process.. While we haven't outsourced our anti-spam stuff, we're in the same boat with the AD address validation. We're likely going to spin up an ADAM instance and have the queries run against that, so that 1) we can control what information the anti-spam software has access to and 2) it's not directly touching our DCs/GCs. It also lets you keep your DCs out of the DMZ. Something you may want to consider... Hunter From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Friday, March 11, 2005 10:55 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Binding to ldap process.. Thanks for the reply Joe! The url provided was extremely helpful. The reason I'm asking all of this is because the management has decided to outsource anti-spam technology to a 3rd party that uses our AD to validate e-mail addresses. Unfortunately their "security through obscurity" methods are scaring the crap out of me. They won't disclose the type of bind they are doing agains't one of our GC in the DMZ. I guess I could sniff the incomming traffic and figure out what type of bind they are doing? Thanks, Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: 11 mars 2005 12:17 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Binding to ldap process.. Depends on the auth options chosen. By default, ldp will use kerberos as will my adfind. The auth option is called LDAP_AUTH_NEGOTIATE which is a generic security services (GSS - SPNEGO) provider and will try different mechanisms starting out with kerberos but NTLM is also an option there. You can force it to bind with a simple bind though which is clear text passwords. See http://msdn.microsoft.com/library/default.asp?url=""> and look in the remarks section. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Friday, March 11, 2005 11:43 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Binding to ldap process.. Thanks for the reply joe, however one last questions remains: Is the process of binding to the GC (in the case I'm connecting to port 3268) different from say: A user authentication to AD when logging on to a workstation? Does it use the same kerberos ticket system? Thanks!! Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: 11 mars 2005 11:28 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Binding to ldap process.. You have two major functions in this area 1. Connect. This is where you specify the server, port, and network protocol you want to use. If you select connectionless you are using UDP, otherwise you are using TCP. For most folks, UDP is useless, so you may not want to play with it too much. You can also specify an SSL connection. Until you work out the basics, don't worry about it. 2. Bind. This is where you specify the ID you want to connect to AD with and the authentication mechanism you want to use. The calls are all going against the server/port that you specified in 1. Note that you can't authenticate a UDP connection (just one reason why you don't generally want to play with UDP). Some apps combine that all together in the background so you don't see it such as my adfind command line tool. You simply specify what you want and off it goes and handles the binding and connecting and everything else for you. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Friday, March 11, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Binding to ldap process.. Hi, I'm tr
RE: [ActiveDir] Very OT: Please Settle a Bet
Rick: Excellent logical breakdown you old monkey you. Roger: I agree with you. Win9x was definitely somewhere in the transition zone so thinking of it as 24 bit or a transitional OS makes sense to me. It went so far as to have a different thunking model for 32<->16 available for use due to how many 16 bit DLLs were still in common use. The win9x only special thunking was called flat thunking and required some special compiling but allowed a 16 bit app to call a 32 bit DLL but more importantly allowed a 32 bit app to call a 16 bit DLL. They also had generic thunkking which is the only thunking available now which is one way, 16 bit app -> 32 bit DLL. A major programming aspect to look at was that win9x brought out the Windows 32 bit API (win32 api)) as the standard API for windows. Prior to that you had 16 bit and Win32S which if you ever coded for it could be trying and you could find yourself unloading and reloading the actual binary components. You wouldn't ever find yourself only unloading the Win32 API on Win9x. You would find yourself reloading the OS which people did a time or two. I didn't spend much time on Win9x personally, I jumped to NT4 as soon as I could figure out how to log on and I will admit my PC sat there for a day or maybe two before I figured out how to log on (sometime in 1996 if I recall). Damn thing wouldn't let me bypass the logon screen and I couldn't stop the load process at DOS which really chapped me... I don't recall how I found out about the administrator ID (I certainly didn't read any manuals) but once I did I was like, oh of course, I type in the word administrator and a blank password. Of course, how logical. ugh. I came from the world of sysgens and DEC Mini platforms where you start up in console mode when you booted the system and can do anything and then once you tell it to go multiuser you knew the needed password for the 1,1 or 1,2 accounts. Then the system would stay up and running for months. The only people who could reboot the systems either had a key (starting around the 11/77 or the 11/34a) or knew the right switches to flip on front of the CPU because booting the machine actually involved loading addresses into the proper registers and switching the machine into RUN mode (see pic of 11/70 - http://users.rcn.com/crfriend/museum/TCMtrip/images/1170-34.jpg). The secret of the switches to flip was a trade secret handed down from sysadmin to sysadmin and you were required to memorize it versus writing it down, or at least it was where I came up through the ranks at. Another major programming aspect was around memory management. Obviously you had more memory available to you by jumping to 32 bit pointers but there was also a jump from shared memory for all of the apps to each app having its own virtual space. This broke quite a few apps trying to go to 32 bit because they were all used to be able to talk directly to each other versus having to marshall data between the processes. Basically it wasn't a simple recompile for many apps that communicated to work on 32 versus 16 which is YAR for making the 16/32 border a little nebulous. Companies don't like to have to redesign applications, heck many companies don't like to design applications... They throw some code through a compiler and see who will pay. Win3.0/1/1.1 could all run on the 386 but one of the big complaints about it was that it was a 16 bit OS riding a 32 bit machine. I recall when win95 came out and how MS really pushed the point of it being full 32 bit to take advantage of the power of the newest PCs and corresponding complaint from press that a majority of the stuff available was only 16 bit so you really didn't get the full benefit. I wonder how much better this will be handled in the 32->64 switchover. The big problem we have this time is competing architectures which should cause it to take longer to all shake out. As a developer I intend to stick with 32 bit for some time and rely on good thunking capability in the OS. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Saturday, February 12, 2005 11:41 PMTo: ActiveDir@mail.activedir.org; 'Send - AD mailing list'Subject: RE: [ActiveDir] Very OT: Please Settle a Bet I've alway described Win95 as a 24 bit operating system myself... Actually, the OS (i.e. the kernel) is (was) definitely 32-bit code. Rick backed into the correct answer with that damn logic thing again. However. explorer.exe (i.e. the GUI) was most definitely a 16-bit app, because at the time they hadn't figured out all the 32 bit optimizations for graphics - they had done all the 3.x work in 16 bit. IMO - this is one of the reasons 9x has always been relatively unstable - the mixture of 16 and 32 bit code. Roger Roger SeielstadE-mail Geek & MS-
Re: [ActiveDir] Very OT: Please Settle a Bet
Win95 was a 32-bit OS, with a lot of 16-bit code for compatibility reasons. There was a fairly significant 16--to-32-bit thunking layer. It was not dependent on DOS in the way that WFW was dependent on DOS, even though it contained more 16-bit code than its NT counterparts... -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On Fri, 11 Feb 2005 16:54:18 -0500, Dan DeStefano <[EMAIL PROTECTED]> wrote: > > > Could anyone settle a bet for me? I would like to know if Windows 95 was a > 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran > 16-bit apps in a VM, while the other one is saying the reverse: it was a > 16-bit OS that was capable of running 32-bit apps in a VM. > > > > Also, one person is saying that W95 required DOS (like Win3.1.1) and the > other is saying that, while built on DOS, DOS was not required and the OS > went above and beyond its DOS roots. > > > > If anyone can settle these issues and offer proof like links to Web pages > and such, we would be grateful. > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT: Please Settle a Bet
What’s the definition of a 32 bit OS? I only ask because Mark Russinovich’s book says that Win95 contained oodles of 16 bit code. So the absence of 16bit code isn’t a requirement for having a 32bit OS. Cheers Ken From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Sunday, 13 February 2005 3:41 PM To: ActiveDir@mail.activedir.org; 'Send - AD mailing list' Subject: RE: [ActiveDir] Very OT: Please Settle a Bet I've alway described Win95 as a 24 bit operating system myself... Actually, the OS (i.e. the kernel) is (was) definitely 32-bit code. Rick backed into the correct answer with that damn logic thing again. However. explorer.exe (i.e. the GUI) was most definitely a 16-bit app, because at the time they hadn't figured out all the 32 bit optimizations for graphics - they had done all the 3.x work in 16 bit. IMO - this is one of the reasons 9x has always been relatively unstable - the mixture of 16 and 32 bit code. Roger Roger Seielstad E-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Saturday, February 12, 2005 12:18 PM To: ActiveDir@mail.activedir.org; 'Send - AD mailing list' Subject: RE: [ActiveDir] Very OT: Please Settle a Bet Charles, I follow your line of thinking and would tend to agree except for my first foray into Networked OS’s – Netware. Netware is CLEARLY an OS – is CLEARLY 32-bit, but requires DOS to boot the kernel, which then continues to load the required pieces of Netware on the Netware kernel. So, in that – Netware is not a frontend for DOS – it simply uses the load routines of DOS to get going, then switches the processor to privileged mode to operate with all of the features of the processor in 32-bit mode. The question that should be asked is this, which should solve the current puzzle and bet: Can Windows 95 be run on a 80286 processor? If not – and must be run on a 80386 and greater – it’s 32-bit and using privileged mode and the features that it affords. The answer to the above question is no – it must be run on a 386 or greater processor because it requires 32-bit addressing. It emulates 16-bit for those legacy apps the needed it. DOS was used, as in Netware, as a launching platform for the ‘kernel’ (though not in anyway as complex). The downside to Win95 was the obvious leverage on some DOS functions, and complete lack of any security and a very lackluster separation of program to program corruption. If you want more info – see here. http://www.webdevelopersjournal.com/archive/win95.html I remember Greg from the ‘Chicago’ (code name for Win95) beta days, and thought he wrote an article or two. Hope this helps. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Friday, February 11, 2005 4:18 PM To: 'ActiveDir@mail.activedir.org'; Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message- From: Dean Wells [mailto:[EMAIL PROTECTED] Sent: Friday, February 11, 2005 4:01 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Friday, February 11, 2005 4:54 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.530
RE: [ActiveDir] Very OT: Please Settle a Bet
I think you're confusing DOS with a text based interface. Two separate things entirely. Roger SeielstadE-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: Friday, February 11, 2005 2:18 PMTo: 'ActiveDir@mail.activedir.org'; Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
I think you're confusing DOS with a text based interface. Two separate things entirely. Roger SeielstadE-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: Friday, February 11, 2005 2:18 PMTo: 'ActiveDir@mail.activedir.org'; Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
Win95 only "required" DOS as part of the installation on a bare machine, IIRC. Roger Roger SeielstadE-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perdue David J Contr InDyne/Enterprise ITSent: Friday, February 11, 2005 2:36 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Very OT: Please Settle a Bet I'd have to agree with you. An option was to reboot to DOS from Win95. For the life of me, I can't remember what version it was at the command line though. //SIGNED// David J. PerdueNetwork Security Engineer, InDyne Inc Comm: (805) 606-4597 DSN: 276-4597 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: Friday, February 11, 2005 14:18 PMTo: 'ActiveDir@mail.activedir.org'; Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
I've alway described Win95 as a 24 bit operating system myself... Actually, the OS (i.e. the kernel) is (was) definitely 32-bit code. Rick backed into the correct answer with that damn logic thing again. However. explorer.exe (i.e. the GUI) was most definitely a 16-bit app, because at the time they hadn't figured out all the 32 bit optimizations for graphics - they had done all the 3.x work in 16 bit. IMO - this is one of the reasons 9x has always been relatively unstable - the mixture of 16 and 32 bit code. Roger Roger SeielstadE-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick KingslanSent: Saturday, February 12, 2005 12:18 PMTo: ActiveDir@mail.activedir.org; 'Send - AD mailing list'Subject: RE: [ActiveDir] Very OT: Please Settle a Bet Charles, I follow your line of thinking and would tend to agree except for my first foray into Networked OS’s – Netware. Netware is CLEARLY an OS – is CLEARLY 32-bit, but requires DOS to boot the kernel, which then continues to load the required pieces of Netware on the Netware kernel. So, in that – Netware is not a frontend for DOS – it simply uses the load routines of DOS to get going, then switches the processor to privileged mode to operate with all of the features of the processor in 32-bit mode. The question that should be asked is this, which should solve the current puzzle and bet: Can Windows 95 be run on a 80286 processor? If not – and must be run on a 80386 and greater – it’s 32-bit and using privileged mode and the features that it affords. The answer to the above question is no – it must be run on a 386 or greater processor because it requires 32-bit addressing. It emulates 16-bit for those legacy apps the needed it. DOS was used, as in Netware, as a launching platform for the ‘kernel’ (though not in anyway as complex). The downside to Win95 was the obvious leverage on some DOS functions, and complete lack of any security and a very lackluster separation of program to program corruption. If you want more info – see here. http://www.webdevelopersjournal.com/archive/win95.html I remember Greg from the ‘Chicago’ (code name for Win95) beta days, and thought he wrote an article or two. Hope this helps. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: Friday, February 11, 2005 4:18 PMTo: 'ActiveDir@mail.activedir.org'; Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in thi
RE: [ActiveDir] Very OT: Please Settle a Bet
I've alway described Win95 as a 24 bit operating system myself... Actually, the OS (i.e. the kernel) is (was) definitely 32-bit code. Rick backed into the correct answer with that damn logic thing again. However. explorer.exe (i.e. the GUI) was most definitely a 16-bit app, because at the time they hadn't figured out all the 32 bit optimizations for graphics - they had done all the 3.x work in 16 bit. IMO - this is one of the reasons 9x has always been relatively unstable - the mixture of 16 and 32 bit code. Roger Roger SeielstadE-mail Geek & MS-MVP From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick KingslanSent: Saturday, February 12, 2005 12:18 PMTo: ActiveDir@mail.activedir.org; 'Send - AD mailing list'Subject: RE: [ActiveDir] Very OT: Please Settle a Bet Charles, I follow your line of thinking and would tend to agree except for my first foray into Networked OS’s – Netware. Netware is CLEARLY an OS – is CLEARLY 32-bit, but requires DOS to boot the kernel, which then continues to load the required pieces of Netware on the Netware kernel. So, in that – Netware is not a frontend for DOS – it simply uses the load routines of DOS to get going, then switches the processor to privileged mode to operate with all of the features of the processor in 32-bit mode. The question that should be asked is this, which should solve the current puzzle and bet: Can Windows 95 be run on a 80286 processor? If not – and must be run on a 80386 and greater – it’s 32-bit and using privileged mode and the features that it affords. The answer to the above question is no – it must be run on a 386 or greater processor because it requires 32-bit addressing. It emulates 16-bit for those legacy apps the needed it. DOS was used, as in Netware, as a launching platform for the ‘kernel’ (though not in anyway as complex). The downside to Win95 was the obvious leverage on some DOS functions, and complete lack of any security and a very lackluster separation of program to program corruption. If you want more info – see here. http://www.webdevelopersjournal.com/archive/win95.html I remember Greg from the ‘Chicago’ (code name for Win95) beta days, and thought he wrote an article or two. Hope this helps. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: Friday, February 11, 2005 4:18 PMTo: 'ActiveDir@mail.activedir.org'; Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: [EMAIL PROTECTED]http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in thi
RE: [ActiveDir] Very OT: Please Settle a Bet
Charles, I follow your line of thinking and would tend to agree except for my first foray into Networked OS’s – Netware. Netware is CLEARLY an OS – is CLEARLY 32-bit, but requires DOS to boot the kernel, which then continues to load the required pieces of Netware on the Netware kernel. So, in that – Netware is not a frontend for DOS – it simply uses the load routines of DOS to get going, then switches the processor to privileged mode to operate with all of the features of the processor in 32-bit mode. The question that should be asked is this, which should solve the current puzzle and bet: Can Windows 95 be run on a 80286 processor? If not – and must be run on a 80386 and greater – it’s 32-bit and using privileged mode and the features that it affords. The answer to the above question is no – it must be run on a 386 or greater processor because it requires 32-bit addressing. It emulates 16-bit for those legacy apps the needed it. DOS was used, as in Netware, as a launching platform for the ‘kernel’ (though not in anyway as complex). The downside to Win95 was the obvious leverage on some DOS functions, and complete lack of any security and a very lackluster separation of program to program corruption. If you want more info – see here. http://www.webdevelopersjournal.com/archive/win95.html I remember Greg from the ‘Chicago’ (code name for Win95) beta days, and thought he wrote an article or two. Hope this helps. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Friday, February 11, 2005 4:18 PM To: 'ActiveDir@mail.activedir.org'; Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message- From: Dean Wells [mailto:[EMAIL PROTECTED] Sent: Friday, February 11, 2005 4:01 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Friday, February 11, 2005 4:54 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
As i recall it was hybrid 16bit/32bit OS.- a 32bit os which can run 16bit applications Below are a listing of different applications shipped with Windows95 that are 16 bit applications. and the rest are 32bit FreeCell (FREECELL.EXE) Microsoft Hearts Network (MSHEARTS.EXE) <http://www.computerhope.com/sw.htm> Solitaire (SOL.EXE) Character Map (CHARMAP.EXE) Chat (WINCHAT.EXE) Clipboard Viewer (CLIPBRD.EXE) Dialer (DIALER.EXE) Disk Defragmenter (DEFRAG.EXE) DriveSpace (DRVSPACE.EXE) ScanDisk for Windows (SCANDSKW.EXE) System Configuration Editor (SYSEDIT.EXE) Windows 3.1 File Manager (WINFILE.EXE) Windows 3.1 Program Manager (PROGMAN.EXE) Windows 95 Tour (TOUR.EXE) Windows Version (WINVER.EXE) Windows popup (WINPOPUP.EXE) Chandra -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Perdue David J Contr InDyne/Enterprise IT Sent: 11 February 2005 17:36 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Very OT: Please Settle a Bet I'd have to agree with you. An option was to reboot to DOS from Win95. For the life of me, I can't remember what version it was at the command line though. //SIGNED// David J. Perdue Network Security Engineer, InDyne Inc Comm: (805) 606-4597DSN: 276-4597 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: Friday, February 11, 2005 14:18 PM To: 'ActiveDir@mail.activedir.org'; Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message- From: Dean Wells [mailto:[EMAIL PROTECTED] Sent: Friday, February 11, 2005 4:01 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) -- Dean Wells MSEtechnology * Email: dwells <mailto:[EMAIL PROTECTED]> @msetechnology.com <http://msetechnology.com/> http://msetechnology.com _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Friday, February 11, 2005 4:54 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net <http://www.iagr.net/> Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail. <>
RE: [ActiveDir] Very OT: Please Settle a Bet
I'd have to agree with you. An option was to reboot to DOS from Win95. For the life of me, I can't remember what version it was at the command line though. //SIGNED// David J. PerdueNetwork Security Engineer, InDyne Inc Comm: (805) 606-4597 DSN: 276-4597 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: Friday, February 11, 2005 14:18 PMTo: 'ActiveDir@mail.activedir.org'; Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
Common misconception, as I recall - DOS was the bootstrap. --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, CharlesSent: Friday, February 11, 2005 5:18 PMTo: 'ActiveDir@mail.activedir.org'; Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
My vote is that Win 95 required DOS and therefore was a frontend DOS application and not a true OS. A good example, watch a Win 95 box boot, it always starts out with DOS and then DOS runs the interface, WIN 95. Gnome isn't and OS its simply a shell, DOS is the same thing. -Original Message-From: Dean Wells [mailto:[EMAIL PROTECTED]Sent: Friday, February 11, 2005 4:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
wasn't it 16-bit loaded with highmem in dos? ;) /The Swede - Jimmy Andersson, Q Advice AB Principal Advisor Microsoft MVP - Directory Services -- www.qadvice.com -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean WellsSent: Friday, February 11, 2005 11:01 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Very OT: Please Settle a Bet 32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
This sort of helps too - http://msdn.microsoft.com/library/default.asp?url=""> --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT: Please Settle a Bet
32 bit cooperatively multitasked if memory serves ...but it might not ;) --Dean WellsMSEtechnology* Email: dwells@msetechnology.comhttp://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefanoSent: Friday, February 11, 2005 4:54 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Very OT: Please Settle a Bet Could anyone settle a bet for me? I would like to know if Windows 95 was a 16 or 32-bit OS. One of us is saying that it was natively 32-bit, but ran 16-bit apps in a VM, while the other one is saying the reverse: it was a 16-bit OS that was capable of running 32-bit apps in a VM. Also, one person is saying that W95 required DOS (like Win3.1.1) and the other is saying that, while built on DOS, DOS was not required and the OS went above and beyond its DOS roots. If anyone can settle these issues and offer proof like links to Web pages and such, we would be grateful. _ Daniel DeStefano PC Support Specialist IAG Research 345 Park Avenue South, 12th Floor New York, NY 10010 T. 212.871.5262 F. 212.871.5300 www.iagr.net Measuring Ad Effectiveness on Television The information contained in this communication is confidential, may be privileged and is intended for the exclusive use of the above named addressee(s). If you are not the intended recipient(s), you are expressly prohibited from copying, distributing, disseminating, or in any other way using any of the information contained within this communication. If you have received this communication in error, please contact the sender by telephone 212.871.5262 or by response via e-mail.
RE: [ActiveDir] Very OT
Hey I think I pointed you here before Tom but seriously... Go look at hostmon at www.ks-soft.com, a lot of the stuff you have asked for plus much more this product will do. I like this product. His prices are starting to go up, but it makes sense, he has a great product and the prices are still incredibly competitive. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, June 08, 2004 3:42 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Very OT I would actually want to monitor 3 programs and be emailed(cdo) rather than msgboxed if one or all dissapeared from the task manager process list. I can't change the program to write to the registry as i didn't write it and i would be stepping on some toes. more importantly, my knowldge of VB is pretty limited, anyhoo. I would rather just rig this script to do the above mentioned things. thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 6:15 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Hi, I presume you actually want to know that it is still operational, rather than whether it still exists as a task. The standard way I do this is to put a heartbeat in the program to write status info to the registry every (say) minute including the current time. You then monitor the registry key whenever you want to know what is happening. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/adm_summary.shtml - Original Message - From: "Kern, Tom" <[EMAIL PROTECTED]> To: "ActiveDir (E-mail)" <[EMAIL PROTECTED]> Sent: Tuesday, June 08, 2004 6:35 AM Subject: [ActiveDir] Very OT Hi, I have a devloper who wrote a vb exe(not a service) that runs on start up on an AD DC and stays in memory in the backround. My question is, is there anyway to monitor if this process has stopped? Perhaps with a perl script. Since its not a service, I don't really know how to do this. Also, it doesn't log anything to the event log. i couldn't find anything on my perl groups and you guys seem pretty knowldgable on scripting so i just thought i'd take a shot in the dark and post here. thanks and my apologies for the way OT. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
If you want Tom - e-mail me off list and I'll do what I can to help you customize this script. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, June 08, 2004 3:42 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Very OT I would actually want to monitor 3 programs and be emailed(cdo) rather than msgboxed if one or all dissapeared from the task manager process list. I can't change the program to write to the registry as i didn't write it and i would be stepping on some toes. more importantly, my knowldge of VB is pretty limited, anyhoo. I would rather just rig this script to do the above mentioned things. thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 6:15 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Hi, I presume you actually want to know that it is still operational, rather than whether it still exists as a task. The standard way I do this is to put a heartbeat in the program to write status info to the registry every (say) minute including the current time. You then monitor the registry key whenever you want to know what is happening. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/adm_summary.shtml - Original Message - From: "Kern, Tom" <[EMAIL PROTECTED]> To: "ActiveDir (E-mail)" <[EMAIL PROTECTED]> Sent: Tuesday, June 08, 2004 6:35 AM Subject: [ActiveDir] Very OT Hi, I have a devloper who wrote a vb exe(not a service) that runs on start up on an AD DC and stays in memory in the backround. My question is, is there anyway to monitor if this process has stopped? Perhaps with a perl script. Since its not a service, I don't really know how to do this. Also, it doesn't log anything to the event log. i couldn't find anything on my perl groups and you guys seem pretty knowldgable on scripting so i just thought i'd take a shot in the dark and post here. thanks and my apologies for the way OT. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
I would actually want to monitor 3 programs and be emailed(cdo) rather than msgboxed if one or all dissapeared from the task manager process list. I can't change the program to write to the registry as i didn't write it and i would be stepping on some toes. more importantly, my knowldge of VB is pretty limited, anyhoo. I would rather just rig this script to do the above mentioned things. thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 6:15 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Hi, I presume you actually want to know that it is still operational, rather than whether it still exists as a task. The standard way I do this is to put a heartbeat in the program to write status info to the registry every (say) minute including the current time. You then monitor the registry key whenever you want to know what is happening. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/adm_summary.shtml - Original Message - From: "Kern, Tom" <[EMAIL PROTECTED]> To: "ActiveDir (E-mail)" <[EMAIL PROTECTED]> Sent: Tuesday, June 08, 2004 6:35 AM Subject: [ActiveDir] Very OT Hi, I have a devloper who wrote a vb exe(not a service) that runs on start up on an AD DC and stays in memory in the backround. My question is, is there anyway to monitor if this process has stopped? Perhaps with a perl script. Since its not a service, I don't really know how to do this. Also, it doesn't log anything to the event log. i couldn't find anything on my perl groups and you guys seem pretty knowldgable on scripting so i just thought i'd take a shot in the dark and post here. thanks and my apologies for the way OT. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Very OT
Hi, I presume you actually want to know that it is still operational, rather than whether it still exists as a task. The standard way I do this is to put a heartbeat in the program to write status info to the registry every (say) minute including the current time. You then monitor the registry key whenever you want to know what is happening. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/adm_summary.shtml - Original Message - From: "Kern, Tom" <[EMAIL PROTECTED]> To: "ActiveDir (E-mail)" <[EMAIL PROTECTED]> Sent: Tuesday, June 08, 2004 6:35 AM Subject: [ActiveDir] Very OT Hi, I have a devloper who wrote a vb exe(not a service) that runs on start up on an AD DC and stays in memory in the backround. My question is, is there anyway to monitor if this process has stopped? Perhaps with a perl script. Since its not a service, I don't really know how to do this. Also, it doesn't log anything to the event log. i couldn't find anything on my perl groups and you guys seem pretty knowldgable on scripting so i just thought i'd take a shot in the dark and post here. thanks and my apologies for the way OT. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
Its quoted correctly, but you need to combine the first three lines into one - the CRLFs added by the mail systems are tanking it. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Kern, Tom [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 08, 2004 9:56 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Very OT > > I get "unterminated string constant" at the end of the first > line of your script. I'm a perl guy, not vbs, so I don't > quite know where I'm supposed to terminate(quote) the line. > > Thanks, sorry to be a pest. > > -Original Message- > From: Steve Patrick [mailto:[EMAIL PROTECTED] > Sent: Friday, June 04, 2004 3:58 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] Very OT > > > Here is a (cheap hack) way: > > copy the text below to a script: > > ' > set events = > getobject("winmgmts:\\.").ExecNotificationQuery("select * from > __instancedeletionevent within 2 where targetinstance isa > 'win32_process' > and targetinstance.name = 'notepad.exe'") > > Do > set NTevent = events.nextevent > If Err <> 0 then > msgbox "it was not = to 0" > else > msgbox "Notepad was closed" > exit do > end if > Loop > > ' > > Now start the script "monitor.vbs" > Now start notepad. > Wait for some random time.. close notepad.exe > > > You should get a popup - change this to whatever action you > deem necessary. > > For your situation you change notepad.exe to your app. > Note that you can do this to a remote machine as well... > substitute the > machine name like so: > > ("winmgmts:\\mymachine") > > > This is a polling process so there is some minor overhead. > > -steve > > > > > - Original Message - > From: "Mulnick, Al" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, June 07, 2004 1:53 PM > Subject: RE: [ActiveDir] Very OT > > > > Haven't tried it, but this looks like it might be a way > > > > > http://msdn.microsoft.com/library/default.asp?url=/library/en- > us/wmisdk/wmi/ > > win32_perfrawdata_perfproc_thread.asp?frame=true > > > > You'd want to monitor thread state on a regular interval. > > > > Another option might be to use the scheduler or re-write > the code to alert > > if it encounters an error. > > > > Al > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > > Sent: Monday, June 07, 2004 4:35 PM > > To: ActiveDir (E-mail) > > Subject: [ActiveDir] Very OT > > > > Hi, I have a devloper who wrote a vb exe(not a service) > that runs on start > > up on an AD DC and stays in memory in the backround. > > My question is, is there anyway to monitor if this process > has stopped? > > Perhaps with a perl script. Since its not a service, I > don't really know > how > > to do this. > > Also, it doesn't log anything to the event log. > > > > i couldn't find anything on my perl groups and you guys seem pretty > > knowldgable on scripting so i just thought i'd take a shot > in the dark and > > post here. > > thanks and my apologies for the way OT. > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > > List FAQ: http://www.activedir.org/list_faq.htm > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
It's the word wrap Ken... that first line should be all one line or each line terminated with an underscore. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, June 08, 2004 9:56 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Very OT I get "unterminated string constant" at the end of the first line of your script. I'm a perl guy, not vbs, so I don't quite know where I'm supposed to terminate(quote) the line. Thanks, sorry to be a pest. -Original Message- From: Steve Patrick [mailto:[EMAIL PROTECTED] Sent: Friday, June 04, 2004 3:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Here is a (cheap hack) way: copy the text below to a script: ' set events = getobject("winmgmts:\\.").ExecNotificationQuery("select * from __instancedeletionevent within 2 where targetinstance isa 'win32_process' and targetinstance.name = 'notepad.exe'") Do set NTevent = events.nextevent If Err <> 0 then msgbox "it was not = to 0" else msgbox "Notepad was closed" exit do end if Loop ' Now start the script "monitor.vbs" Now start notepad. Wait for some random time.. close notepad.exe You should get a popup - change this to whatever action you deem necessary. For your situation you change notepad.exe to your app. Note that you can do this to a remote machine as well... substitute the machine name like so: ("winmgmts:\\mymachine") This is a polling process so there is some minor overhead. -steve - Original Message - From: "Mulnick, Al" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 07, 2004 1:53 PM Subject: RE: [ActiveDir] Very OT > Haven't tried it, but this looks like it might be a way > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/ wmi/ > win32_perfrawdata_perfproc_thread.asp?frame=true > > You'd want to monitor thread state on a regular interval. > > Another option might be to use the scheduler or re-write the code to alert > if it encounters an error. > > Al > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Monday, June 07, 2004 4:35 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Very OT > > Hi, I have a devloper who wrote a vb exe(not a service) that runs on start > up on an AD DC and stays in memory in the backround. > My question is, is there anyway to monitor if this process has stopped? > Perhaps with a perl script. Since its not a service, I don't really know how > to do this. > Also, it doesn't log anything to the event log. > > i couldn't find anything on my perl groups and you guys seem pretty > knowldgable on scripting so i just thought i'd take a shot in the dark and > post here. > thanks and my apologies for the way OT. > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
This part: ' set events = getobject("winmgmts:\\.").ExecNotificationQuery("select * from __instancedeletionevent within 2 where targetinstance isa 'win32_process' and targetinstance.name = 'notepad.exe'") Should all be on one line - no carriage returns until after the 'notepad.exe'") The wrapping in the e-mail client goofs it all up :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, June 08, 2004 9:56 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Very OT I get "unterminated string constant" at the end of the first line of your script. I'm a perl guy, not vbs, so I don't quite know where I'm supposed to terminate(quote) the line. Thanks, sorry to be a pest. -Original Message- From: Steve Patrick [mailto:[EMAIL PROTECTED] Sent: Friday, June 04, 2004 3:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Here is a (cheap hack) way: copy the text below to a script: ' set events = getobject("winmgmts:\\.").ExecNotificationQuery("select * from __instancedeletionevent within 2 where targetinstance isa 'win32_process' and targetinstance.name = 'notepad.exe'") Do set NTevent = events.nextevent If Err <> 0 then msgbox "it was not = to 0" else msgbox "Notepad was closed" exit do end if Loop ' Now start the script "monitor.vbs" Now start notepad. Wait for some random time.. close notepad.exe You should get a popup - change this to whatever action you deem necessary. For your situation you change notepad.exe to your app. Note that you can do this to a remote machine as well... substitute the machine name like so: ("winmgmts:\\mymachine") This is a polling process so there is some minor overhead. -steve - Original Message - From: "Mulnick, Al" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 07, 2004 1:53 PM Subject: RE: [ActiveDir] Very OT > Haven't tried it, but this looks like it might be a way > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/ > win32_perfrawdata_perfproc_thread.asp?frame=true > > You'd want to monitor thread state on a regular interval. > > Another option might be to use the scheduler or re-write the code to alert > if it encounters an error. > > Al > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Monday, June 07, 2004 4:35 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Very OT > > Hi, I have a devloper who wrote a vb exe(not a service) that runs on start > up on an AD DC and stays in memory in the backround. > My question is, is there anyway to monitor if this process has stopped? > Perhaps with a perl script. Since its not a service, I don't really know how > to do this. > Also, it doesn't log anything to the event log. > > i couldn't find anything on my perl groups and you guys seem pretty > knowldgable on scripting so i just thought i'd take a shot in the dark and > post here. > thanks and my apologies for the way OT. > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
I get "unterminated string constant" at the end of the first line of your script. I'm a perl guy, not vbs, so I don't quite know where I'm supposed to terminate(quote) the line. Thanks, sorry to be a pest. -Original Message- From: Steve Patrick [mailto:[EMAIL PROTECTED] Sent: Friday, June 04, 2004 3:58 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Very OT Here is a (cheap hack) way: copy the text below to a script: ' set events = getobject("winmgmts:\\.").ExecNotificationQuery("select * from __instancedeletionevent within 2 where targetinstance isa 'win32_process' and targetinstance.name = 'notepad.exe'") Do set NTevent = events.nextevent If Err <> 0 then msgbox "it was not = to 0" else msgbox "Notepad was closed" exit do end if Loop ' Now start the script "monitor.vbs" Now start notepad. Wait for some random time.. close notepad.exe You should get a popup - change this to whatever action you deem necessary. For your situation you change notepad.exe to your app. Note that you can do this to a remote machine as well... substitute the machine name like so: ("winmgmts:\\mymachine") This is a polling process so there is some minor overhead. -steve - Original Message - From: "Mulnick, Al" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 07, 2004 1:53 PM Subject: RE: [ActiveDir] Very OT > Haven't tried it, but this looks like it might be a way > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/ > win32_perfrawdata_perfproc_thread.asp?frame=true > > You'd want to monitor thread state on a regular interval. > > Another option might be to use the scheduler or re-write the code to alert > if it encounters an error. > > Al > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Monday, June 07, 2004 4:35 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Very OT > > Hi, I have a devloper who wrote a vb exe(not a service) that runs on start > up on an AD DC and stays in memory in the backround. > My question is, is there anyway to monitor if this process has stopped? > Perhaps with a perl script. Since its not a service, I don't really know how > to do this. > Also, it doesn't log anything to the event log. > > i couldn't find anything on my perl groups and you guys seem pretty > knowldgable on scripting so i just thought i'd take a shot in the dark and > post here. > thanks and my apologies for the way OT. > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Very OT
Here is a (cheap hack) way: copy the text below to a script: ' set events = getobject("winmgmts:\\.").ExecNotificationQuery("select * from __instancedeletionevent within 2 where targetinstance isa 'win32_process' and targetinstance.name = 'notepad.exe'") Do set NTevent = events.nextevent If Err <> 0 then msgbox "it was not = to 0" else msgbox "Notepad was closed" exit do end if Loop ' Now start the script "monitor.vbs" Now start notepad. Wait for some random time.. close notepad.exe You should get a popup - change this to whatever action you deem necessary. For your situation you change notepad.exe to your app. Note that you can do this to a remote machine as well... substitute the machine name like so: ("winmgmts:\\mymachine") This is a polling process so there is some minor overhead. -steve - Original Message - From: "Mulnick, Al" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 07, 2004 1:53 PM Subject: RE: [ActiveDir] Very OT > Haven't tried it, but this looks like it might be a way > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/ > win32_perfrawdata_perfproc_thread.asp?frame=true > > You'd want to monitor thread state on a regular interval. > > Another option might be to use the scheduler or re-write the code to alert > if it encounters an error. > > Al > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Monday, June 07, 2004 4:35 PM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Very OT > > Hi, I have a devloper who wrote a vb exe(not a service) that runs on start > up on an AD DC and stays in memory in the backround. > My question is, is there anyway to monitor if this process has stopped? > Perhaps with a perl script. Since its not a service, I don't really know how > to do this. > Also, it doesn't log anything to the event log. > > i couldn't find anything on my perl groups and you guys seem pretty > knowldgable on scripting so i just thought i'd take a shot in the dark and > post here. > thanks and my apologies for the way OT. > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT
Haven't tried it, but this looks like it might be a way http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/ win32_perfrawdata_perfproc_thread.asp?frame=true You'd want to monitor thread state on a regular interval. Another option might be to use the scheduler or re-write the code to alert if it encounters an error. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Monday, June 07, 2004 4:35 PM To: ActiveDir (E-mail) Subject: [ActiveDir] Very OT Hi, I have a devloper who wrote a vb exe(not a service) that runs on start up on an AD DC and stays in memory in the backround. My question is, is there anyway to monitor if this process has stopped? Perhaps with a perl script. Since its not a service, I don't really know how to do this. Also, it doesn't log anything to the event log. i couldn't find anything on my perl groups and you guys seem pretty knowldgable on scripting so i just thought i'd take a shot in the dark and post here. thanks and my apologies for the way OT. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
Thanks Michael. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, October 23, 2003 2:10 PMTo: [EMAIL PROTECTED] Not sure if this was mentioned by anyone - have you checked this out? http://www.microsoft.com/windows2000/technologies/directory/AD/redir-adsegment.asp Michael Parent MCSE MCTAnalyst I - Web Services ITOS - Systems EnablementMaritime Life Assurance Company(902) 453-7300 x3456 "Joe" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 10/18/2003 11:22 AM Please respond to ActiveDir To: <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live networkThis is similar to the solution I was thinking of as well. It only costs youa firewall and the full protection of a single machine. I wouldn't even givefull access to this box to production, it would allow HTTP access to it.Someone checks a file in on the lab side, you check it out on the prod side.Ditto but in reverse to get something from prod to dev. I was just telling my team this this last week. You have a see-saw, on oneside is security, on the other is flexibility/useabilty. You need to decidewhich side should be focused on. If you have to have the flexibility anduseability you have to sacrifice security. If you are sane, you choosesecurity and sacrifice flexibility and useability. Just because people areused to having full access doesn't mean it should continue or that it makessense. It is something that has been pushed due to how MS trains admins andDevelopers (MC* programs) and there own software and with how theenvironment has evolved with third party stuff. I know I beat on E2K a lot, but it is a great example of a poor directoryintegrated poor security app. I recall when I got the instructions for howto separate the administrators of Exchange and AD... I looked down the list,you had multiple ways to do it. First was to give property sets and add abunch of deny's, the other was to add a bunch of individual grants. Eitherway really goes against the recommendation of managing your directorysecurity well because it is confusing plus you don't want a bunch of ace'son your objects. Additionally one of the attributes that was to be delegatedwas the nTSecurityDescriptor... Heh Game over. It is only recently that true security has started to become something thatless than a minority on Windows is becoming aware of. You know me, I havealways been paranoid about it. It is good to see the rest of the worldstarting to show up at that party (though I ate all the peanuts and drankall the beer already so BYOB). Additionally, I think it is not only silly, not only dangerous, but outrightstupid to allow people to pull something directly from dev or the lab intothe production environment without some form of logged process in between. joe-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Bill MoranSent: Friday, October 17, 2003 3:01 PMTo: [EMAIL PROTECTED]Well, I still think you could work it out with an intermediate machine.Just put a Server in between the two networks with two interfaces on it.Load it up with all the virus protection you can find (most server-basedvirus protection will check incomming and outgoing files as they areup/downloaded) and keep the machine updated with all patches/etc.Then set it up so the only way to get files from production to lab is tocopy them on to this server first. It's a little annoying for the peoplecopying the files ("Damn ... I forgot to copy this to the transfer serverfrom thelab") but I would say that this is where you've got to draw the line if youwant have any level of safety/protection whatsoever.List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
Not sure if this was mentioned by anyone - have you checked this out? http://www.microsoft.com/windows2000/technologies/directory/AD/redir-adsegment.asp Michael Parent MCSE MCT Analyst I - Web Services ITOS - Systems Enablement Maritime Life Assurance Company (902) 453-7300 x3456 "Joe" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 10/18/2003 11:22 AM Please respond to ActiveDir To: <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network This is similar to the solution I was thinking of as well. It only costs you a firewall and the full protection of a single machine. I wouldn't even give full access to this box to production, it would allow HTTP access to it. Someone checks a file in on the lab side, you check it out on the prod side. Ditto but in reverse to get something from prod to dev. I was just telling my team this this last week. You have a see-saw, on one side is security, on the other is flexibility/useabilty. You need to decide which side should be focused on. If you have to have the flexibility and useability you have to sacrifice security. If you are sane, you choose security and sacrifice flexibility and useability. Just because people are used to having full access doesn't mean it should continue or that it makes sense. It is something that has been pushed due to how MS trains admins and Developers (MC* programs) and there own software and with how the environment has evolved with third party stuff. I know I beat on E2K a lot, but it is a great example of a poor directory integrated poor security app. I recall when I got the instructions for how to separate the administrators of Exchange and AD... I looked down the list, you had multiple ways to do it. First was to give property sets and add a bunch of deny's, the other was to add a bunch of individual grants. Either way really goes against the recommendation of managing your directory security well because it is confusing plus you don't want a bunch of ace's on your objects. Additionally one of the attributes that was to be delegated was the nTSecurityDescriptor... Heh Game over. It is only recently that true security has started to become something that less than a minority on Windows is becoming aware of. You know me, I have always been paranoid about it. It is good to see the rest of the world starting to show up at that party (though I ate all the peanuts and drank all the beer already so BYOB). Additionally, I think it is not only silly, not only dangerous, but outright stupid to allow people to pull something directly from dev or the lab into the production environment without some form of logged process in between. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Friday, October 17, 2003 3:01 PM To: [EMAIL PROTECTED] Well, I still think you could work it out with an intermediate machine. Just put a Server in between the two networks with two interfaces on it. Load it up with all the virus protection you can find (most server-based virus protection will check incomming and outgoing files as they are up/downloaded) and keep the machine updated with all patches/etc. Then set it up so the only way to get files from production to lab is to copy them on to this server first. It's a little annoying for the people copying the files ("Damn ... I forgot to copy this to the transfer server from the lab") but I would say that this is where you've got to draw the line if you want have any level of safety/protection whatsoever. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
This is similar to the solution I was thinking of as well. It only costs you a firewall and the full protection of a single machine. I wouldn't even give full access to this box to production, it would allow HTTP access to it. Someone checks a file in on the lab side, you check it out on the prod side. Ditto but in reverse to get something from prod to dev. I was just telling my team this this last week. You have a see-saw, on one side is security, on the other is flexibility/useabilty. You need to decide which side should be focused on. If you have to have the flexibility and useability you have to sacrifice security. If you are sane, you choose security and sacrifice flexibility and useability. Just because people are used to having full access doesn't mean it should continue or that it makes sense. It is something that has been pushed due to how MS trains admins and Developers (MC* programs) and there own software and with how the environment has evolved with third party stuff. I know I beat on E2K a lot, but it is a great example of a poor directory integrated poor security app. I recall when I got the instructions for how to separate the administrators of Exchange and AD... I looked down the list, you had multiple ways to do it. First was to give property sets and add a bunch of deny's, the other was to add a bunch of individual grants. Either way really goes against the recommendation of managing your directory security well because it is confusing plus you don't want a bunch of ace's on your objects. Additionally one of the attributes that was to be delegated was the nTSecurityDescriptor... Heh Game over. It is only recently that true security has started to become something that less than a minority on Windows is becoming aware of. You know me, I have always been paranoid about it. It is good to see the rest of the world starting to show up at that party (though I ate all the peanuts and drank all the beer already so BYOB). Additionally, I think it is not only silly, not only dangerous, but outright stupid to allow people to pull something directly from dev or the lab into the production environment without some form of logged process in between. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Moran Sent: Friday, October 17, 2003 3:01 PM To: [EMAIL PROTECTED] Well, I still think you could work it out with an intermediate machine. Just put a Server in between the two networks with two interfaces on it. Load it up with all the virus protection you can find (most server-based virus protection will check incomming and outgoing files as they are up/downloaded) and keep the machine updated with all patches/etc. Then set it up so the only way to get files from production to lab is to copy them on to this server first. It's a little annoying for the people copying the files ("Damn ... I forgot to copy this to the transfer server from the lab") but I would say that this is where you've got to draw the line if you want have any level of safety/protection whatsoever. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
Title: Message Deji, Technically - aside from the purely political, you have a problem. I'm not aware of anything that is going to filter the incoming/outgoing traffic in the manner that you're looking to do. In essence, you're looking for an application level firewall with the ability to do protocol scrubbing from layer 1 to layer 7. What might be possible is to treat the lab as a 'quarrantine area'. Anything that gets brought up in the lab, through private VLAN and switching, as well as an active scanning and scripting process, would be brought up as a part of the 'private vlan' that would be separate from all other traffic until it was checked and scrubbed by the virus checking and the automated scripts. Once that is accomplished, you can give it access to the private vlan that feeds into the rest of the environment by allowing ACLs or a simple command to the switching gear to switch it's membership in the vlan structure. Granted, this will not allow all machines in the lab to communicate whith each other constantly, because when the machine shuts down, it should also be removed from the PVLAN as an automated or manual process to ensure the integrity of the more public VLAN. The whole point of this is to show that it would be possible to do what you want - it's all a matter of policy, rules, and automation enforcing the rules. This is a compromise, at best. It's not giving management everything that they want, but at the same time - you're not getting everything that you want either. Possibly the best that you're going to do and still be able to provide a safe environment. Otherwise, open the lab up and batten down the hatches on everything else. Create the perimeter at the individual systems and servers. But, I can also see this solution costing a fair amount of cash in the network management department, too. Tools to automate switching and VLAN management don't usually come too cheap. That's my shot at it.. Rick Kingslan MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryLAN Administration - Windows 2000West Corporation[EMAIL PROTECTED] -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Friday, October 17, 2003 1:21 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network Thanks, Bill. We all have had to live with management-driven decisions at one time or the other, no? We change what we can, and accept what we can't and try to make the best of it. This is one of those situations. The line of thought is "we don't care what's running around in the Labs as long as they remain in the Labs, but, by the way, we need to be able to pull files from our Labs machines to our production desktops so we can work on them. So, you see, you can't block off the Labs" Anyway, the cost is really not a factor. Finding what to invest the money in is the issue. The PRIMARY (and, maybe, ONLY) concern is keeping viruses that propagate through network shares from coming to the production network. The device I was testing does SMTP, POP and Web filtering, but 90% of the Virus problems is NetBIOS borne. And, no, I can't filter out NetBIOS ports between the Labs and the production sides. That is my dilemma. IF there is a device on the market that does NetBIOS virus scanning and prevention, a big part of my problem will disappear overnight. And, if wishes were horses :-p From the look of things, though, it seems that this is on of the situations where we say "There are seldom good technological solutions to behavioral problems." Apologies to Ed Crowley :) Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Bill MoranSent: Fri 10/17/2003 10:08 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network [EMAIL PROTECTED] wrote:> I forgot to mention that. Yeah, there is a requirement for connectivity> between the 2 sides. That's why firewalling them is not an option.I've been following this because I think it's outrageous. I don't envyyour problem.I think you're in a situation where you'll have to say "if that's whatyou want, then it's going to cost you" to whoever put the connectivityrequirement in place.First off, you are going to want a firewall between production and lab.Set it to deny by default, then allow ONLY the EXACT traffic that youwant to allow. Then configure logging and make it a point to reviewthe logs regularly.I would
Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
[EMAIL PROTECTED] wrote: Thanks, Bill. We all have had to live with management-driven decisions at one time or the other, no? We change what we can, and accept what we can't and try to make the best of it. This is one of those situations. But sometimes you have to have the fortitude to stand up to management and tell them they're asking for something that's not possible. You can't have 100% security and 100% access at the same time. The line of thought is "we don't care what's running around in the Labs as long as they remain in the Labs, but, by the way, we need to be able to pull files from our Labs machines to our production desktops so we can work on them. So, you see, you can't block off the Labs" Anyway, the cost is really not a factor. Finding what to invest the money in is the issue. The PRIMARY (and, maybe, ONLY) concern is keeping viruses that propagate through network shares from coming to the production network. The device I was testing does SMTP, POP and Web filtering, but 90% of the Virus problems is NetBIOS borne. And, no, I can't filter out NetBIOS ports between the Labs and the production sides. That is my dilemma. IF there is a device on the market that does NetBIOS virus scanning and prevention, a big part of my problem will disappear overnight. And, if wishes were horses :-p Well, I still think you could work it out with an intermediate machine. Just put a Server in between the two networks with two interfaces on it. Load it up with all the virus protection you can find (most server-based virus protection will check incomming and outgoing files as they are up/downloaded) and keep the machine updated with all patches/etc. Then set it up so the only way to get files from production to lab is to copy them on to this server first. It's a little annoying for the people copying the files ("Damn ... I forgot to copy this to the transfer server from the lab") but I would say that this is where you've got to draw the line if you want have any level of safety/protection whatsoever. From the look of things, though, it seems that this is on of the situations where we say "There are seldom good technological solutions to behavioral problems." Apologies to Ed Crowley :) I agree. I think the only way you're going to get any sane level of protection is to come to a compromise. Sometimes you have to be willing to push back. Good luck in whatever approach you take. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Bill Moran Sent: Fri 10/17/2003 10:08 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network [EMAIL PROTECTED] wrote: I forgot to mention that. Yeah, there is a requirement for connectivity between the 2 sides. That's why firewalling them is not an option. I've been following this because I think it's outrageous. I don't envy your problem. I think you're in a situation where you'll have to say "if that's what you want, then it's going to cost you" to whoever put the connectivity requirement in place. First off, you are going to want a firewall between production and lab. Set it to deny by default, then allow ONLY the EXACT traffic that you want to allow. Then configure logging and make it a point to review the logs regularly. I would also suggest a dedicated SMTP relay for the lab, with virus scanning and extensive access restrictions: again, allow only what you KNOW is safe, log everything, and review the logs regularly. Configure your firewall so that ONLY mail that's gone through the SMTP relay is allowed anywhere. This will stop a lot of SMTP-based worms from getting anywhere, as well as alerting you to their existance. Even this will not protect you from every type of attack, but it should reduce the rate of occurance significantly. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
Thanks, Bill. We all have had to live with management-driven decisions at one time or the other, no? We change what we can, and accept what we can't and try to make the best of it. This is one of those situations. The line of thought is "we don't care what's running around in the Labs as long as they remain in the Labs, but, by the way, we need to be able to pull files from our Labs machines to our production desktops so we can work on them. So, you see, you can't block off the Labs" Anyway, the cost is really not a factor. Finding what to invest the money in is the issue. The PRIMARY (and, maybe, ONLY) concern is keeping viruses that propagate through network shares from coming to the production network. The device I was testing does SMTP, POP and Web filtering, but 90% of the Virus problems is NetBIOS borne. And, no, I can't filter out NetBIOS ports between the Labs and the production sides. That is my dilemma. IF there is a device on the market that does NetBIOS virus scanning and prevention, a big part of my problem will disappear overnight. And, if wishes were horses :-p >From the look of things, though, it seems that this is on of the situations where we say "There are seldom good technological solutions to behavioral problems." Apologies to Ed Crowley :) Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Bill Moran Sent: Fri 10/17/2003 10:08 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network [EMAIL PROTECTED] wrote: > I forgot to mention that. Yeah, there is a requirement for connectivity > between the 2 sides. That's why firewalling them is not an option. I've been following this because I think it's outrageous. I don't envy your problem. I think you're in a situation where you'll have to say "if that's what you want, then it's going to cost you" to whoever put the connectivity requirement in place. First off, you are going to want a firewall between production and lab. Set it to deny by default, then allow ONLY the EXACT traffic that you want to allow. Then configure logging and make it a point to review the logs regularly. I would also suggest a dedicated SMTP relay for the lab, with virus scanning and extensive access restrictions: again, allow only what you KNOW is safe, log everything, and review the logs regularly. Configure your firewall so that ONLY mail that's gone through the SMTP relay is allowed anywhere. This will stop a lot of SMTP-based worms from getting anywhere, as well as alerting you to their existance. Even this will not protect you from every type of attack, but it should reduce the rate of occurance significantly. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ <>
Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
[EMAIL PROTECTED] wrote: I forgot to mention that. Yeah, there is a requirement for connectivity between the 2 sides. That's why firewalling them is not an option. I've been following this because I think it's outrageous. I don't envy your problem. I think you're in a situation where you'll have to say "if that's what you want, then it's going to cost you" to whoever put the connectivity requirement in place. First off, you are going to want a firewall between production and lab. Set it to deny by default, then allow ONLY the EXACT traffic that you want to allow. Then configure logging and make it a point to review the logs regularly. I would also suggest a dedicated SMTP relay for the lab, with virus scanning and extensive access restrictions: again, allow only what you KNOW is safe, log everything, and review the logs regularly. Configure your firewall so that ONLY mail that's gone through the SMTP relay is allowed anywhere. This will stop a lot of SMTP-based worms from getting anywhere, as well as alerting you to their existance. Even this will not protect you from every type of attack, but it should reduce the rate of occurance significantly. Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Fri 10/17/2003 8:49 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network Is there some requirement that the peope/devices in the test labs be able to access the production network? Would a firewall between the two help? -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 6:17 PM To: [EMAIL PROTECTED] Subject: VERY OT: Preventing Viruses from Lab to Live network I'm sure this does not have much bearing on AD, per se. So, I apologize for sending it to this forum that has one of the best collection of brains I've ever seen. I have some Engineering Testing Labs with a number of Domains and computers sharing the same network with my LIVE domain. It's actually worse than just sharing, but that's another story. Business requirements prevent some clients on these domains from installing AV clients, updating patches or even having passwords for the local admin password. Yeah, I know, but, again, another story entirely. But, as you can deduce, Viruses happen in these Labs. My question is this. How do you protect your Production networks from settings like these? All production systems follow strict adherence to strict security practices, but we occasionally have slippage (like someone on a month-long vacation turning off a computer and thereby not getting patches and AV pattern updates). How do you PREVENT share-eating Viruses like Mofei, Nachi, etc from spreading from the Lab to your live network? I have been evaluating a Product called Fortigate (from Fortinet), but I gave it up as soon as I discovered that they do not protect against NetBIOS, share-borne Viruses. Any product there that can help me out? -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
I forgot to mention that. Yeah, there is a requirement for connectivity between the 2 sides. That's why firewalling them is not an option. Thanks, Gil. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick Sent: Fri 10/17/2003 8:49 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network Is there some requirement that the peope/devices in the test labs be able to access the production network? Would a firewall between the two help? -gil -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 6:17 PM To: [EMAIL PROTECTED] Subject: VERY OT: Preventing Viruses from Lab to Live network I'm sure this does not have much bearing on AD, per se. So, I apologize for sending it to this forum that has one of the best collection of brains I've ever seen. I have some Engineering Testing Labs with a number of Domains and computers sharing the same network with my LIVE domain. It's actually worse than just sharing, but that's another story. Business requirements prevent some clients on these domains from installing AV clients, updating patches or even having passwords for the local admin password. Yeah, I know, but, again, another story entirely. But, as you can deduce, Viruses happen in these Labs. My question is this. How do you protect your Production networks from settings like these? All production systems follow strict adherence to strict security practices, but we occasionally have slippage (like someone on a month-long vacation turning off a computer and thereby not getting patches and AV pattern updates). How do you PREVENT share-eating Viruses like Mofei, Nachi, etc from spreading from the Lab to your live network? I have been evaluating a Product called Fortigate (from Fortinet), but I gave it up as soon as I discovered that they do not protect against NetBIOS, share-borne Viruses. Any product there that can help me out? Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon <>
RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
Title: Message Is there some requirement that the peope/devices in the test labs be able to access the production network? Would a firewall between the two help? -gil -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 6:17 PMTo: [EMAIL PROTECTED]Subject: VERY OT: Preventing Viruses from Lab to Live network I'm sure this does not have much bearing on AD, per se. So, I apologize for sending it to this forum that has one of the best collection of brains I've ever seen. I have some Engineering Testing Labs with a number of Domains and computers sharing the same network with my LIVE domain. It's actually worse than just sharing, but that's another story. Business requirements prevent some clients on these domains from installing AV clients, updating patches or even having passwords for the local admin password. Yeah, I know, but, again, another story entirely. But, as you can deduce, Viruses happen in these Labs. My question is this. How do you protect your Production networks from settings like these? All production systems follow strict adherence to strict security practices, but we occasionally have slippage (like someone on a month-long vacation turning off a computer and thereby not getting patches and AV pattern updates). How do you PREVENT share-eating Viruses like Mofei, Nachi, etc from spreading from the Lab to your live network? I have been evaluating a Product called Fortigate (from Fortinet), but I gave it up as soon as I discovered that they do not protect against NetBIOS, share-borne Viruses. Any product there that can help me out? Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
RE: [ActiveDir] Very OT...Sun
Information specific to DNS on Solaris: http://ultra.litpixel.com:84/articles/dfd/frameset.html -Original Message- From: Marvin Cummings [mailto:[EMAIL PROTECTED]] Sent: Monday, May 27, 2002 7:31 AM To: NT 2000 Discussions; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Very OT...Sun Cool I'm pretty much trying to learn this stuff from scrratch and I kinda had an ink'ling that choosing the DNS service during the network portion of the install was the way to go. That sun site doesn't seem to have much procedural documentation on tweaking or simply working with DNS, or using it with W2K. Tis why I chose to post my topic here. Hoping that there'd be a Sun/NT guru lurking around. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stefan Lister Sent: Monday, May 27, 2002 3:20 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Very OT...Sun http://docs.sun.com has a ton of info but I'd recommend purchasing the Solaris SA-1 and SA-2 courses on CD. You can probably get them for cheap on Ebay. My employer sent me to SUN for three weeks to learn Solaris and one of the instructors told us not to bother with NIS+. Stick with DNS for now. -Original Message- From: Marvin Cummings [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 26, 2002 12:37 PM To: NT 2000 Discussions; ActiveDir Subject: [ActiveDir] Very OT...Sun Can anyone point me to some online assistance for learning Sun? I have an Ultra 10 that I'm trying to setup on my W2K network and I'm having trouble deciding on either DNS or NIS+. Acutally I installed it with DNS and I can ping my W2K servers fine, I'm just not sure where to go now. Any help is appreciated. Sorry for the change of topic... List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT...Sun
Cool I'm pretty much trying to learn this stuff from scrratch and I kinda had an ink'ling that choosing the DNS service during the network portion of the install was the way to go. That sun site doesn't seem to have much procedural documentation on tweaking or simply working with DNS, or using it with W2K. Tis why I chose to post my topic here. Hoping that there'd be a Sun/NT guru lurking around. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stefan Lister Sent: Monday, May 27, 2002 3:20 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Very OT...Sun http://docs.sun.com has a ton of info but I'd recommend purchasing the Solaris SA-1 and SA-2 courses on CD. You can probably get them for cheap on Ebay. My employer sent me to SUN for three weeks to learn Solaris and one of the instructors told us not to bother with NIS+. Stick with DNS for now. -Original Message- From: Marvin Cummings [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 26, 2002 12:37 PM To: NT 2000 Discussions; ActiveDir Subject: [ActiveDir] Very OT...Sun Can anyone point me to some online assistance for learning Sun? I have an Ultra 10 that I'm trying to setup on my W2K network and I'm having trouble deciding on either DNS or NIS+. Acutally I installed it with DNS and I can ping my W2K servers fine, I'm just not sure where to go now. Any help is appreciated. Sorry for the change of topic... List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Very OT...Sun
http://docs.sun.com has a ton of info but I'd recommend purchasing the Solaris SA-1 and SA-2 courses on CD. You can probably get them for cheap on Ebay. My employer sent me to SUN for three weeks to learn Solaris and one of the instructors told us not to bother with NIS+. Stick with DNS for now. -Original Message- From: Marvin Cummings [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 26, 2002 12:37 PM To: NT 2000 Discussions; ActiveDir Subject: [ActiveDir] Very OT...Sun Can anyone point me to some online assistance for learning Sun? I have an Ultra 10 that I'm trying to setup on my W2K network and I'm having trouble deciding on either DNS or NIS+. Acutally I installed it with DNS and I can ping my W2K servers fine, I'm just not sure where to go now. Any help is appreciated. Sorry for the change of topic... List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Very OT...Sun
Forget NIS+. Your best bet is a Sun book from any book store. It also depends on what you want to do with the Ultra re DNS. - Original Message - From: "Marvin Cummings" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]>; "ActiveDir" <[EMAIL PROTECTED]> Sent: Sunday, May 26, 2002 3:37 PM Subject: [ActiveDir] Very OT...Sun > Can anyone point me to some online assistance for learning Sun? I have an > Ultra 10 that I'm trying to setup on my W2K network and I'm having trouble > deciding on either DNS or NIS+. Acutally I installed it with DNS and I can > ping my W2K servers fine, I'm just not sure where to go now. > Any help is appreciated. > > Sorry for the change of topic... > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/