RE: undelete app
I've used the products at http://www.runtime.org/ in the past. Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Sunday, December 14, 2008 8:59 PM To: NT System Admin Issues Subject: RE: undelete app I found www.stellarinfo.com and was able to get all the files and the directory structure. It was kind of slow but it was digging up files from 2005/2004 haha In any event the raw recovery option of this app saved me. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Sunday, December 14, 2008 13:06 To: NT System Admin Issues Subject: RE: undelete app Ben, DD a complete image off and mount it then use one of the many other tools. This gives you a safe image you can work on w/o chance of wrecking your original array. You can use something like mountimage pro. From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Sunday, December 14, 2008 10:58 AM To: NT System Admin Issues Subject: RE: undelete app That looked like it would have done the trick had I not overwrote the mbr/mft with a blank one because the mft mirror is also blank. Any others anyone can recommend? Basically I need something just like ontrack which has raw recovery type options but that would work with a raid controller. As a test I tried ontrack on my vista-32bit box which has one 320gb sata drive and it crashes on that too, pretty useless in todays world I guess since every sata controller supports raid on the mobo ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Word 2007 cannot save due to file permission error
Interesting-I've been seeing something similar to this once in a while, running Vista Ent with Office 2007sp1. I think it may have started after we migrated our home directories to DFS paths, and have not had much chance to look into it yet. For me, it doesn't always happen, just pops up periodically-is that what you're seeing (intermittent) or does it always happen? I've confirmed it's not permissions and not quota-related-hadn't tried the run as admin yet. -Bonnie From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, December 13, 2008 5:56 AM To: NT System Admin Issues Subject: Word 2007 cannot save due to file permission error Getting this on an xpsp3 pc w/ office 2007sp1. I poked around there's about 500k hits that match with no reasonable answer. A lot of people were talking about usb drives. This is a network share in a 2003 AD environment. If I do a runas and run as administrator the problem goes away, making the user a domain admin does not however. If the user hits Save As.. and then clicks ok he gets prompted to overwrite hits yes and it works. So it's not *really* a permissions error. I tried disabling all add-ins (although Symantec AV is on the machine, it wasn't listed as an available add-in). I re-applied all permissions on the share. Any one? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Word 2007 cannot save due to file permission error
I've seen this on a few users, sporadically, on O2k3. Unfortunately, even Save As... wasn't resolving the issue when it would occur. Sean Rector, MCSE From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Monday, December 15, 2008 10:07 AM To: NT System Admin Issues Subject: RE: Word 2007 cannot save due to file permission error Interesting-I've been seeing something similar to this once in a while, running Vista Ent with Office 2007sp1. I think it may have started after we migrated our home directories to DFS paths, and have not had much chance to look into it yet. For me, it doesn't always happen, just pops up periodically-is that what you're seeing (intermittent) or does it always happen? I've confirmed it's not permissions and not quota-related-hadn't tried the run as admin yet. -Bonnie From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, December 13, 2008 5:56 AM To: NT System Admin Issues Subject: Word 2007 cannot save due to file permission error Getting this on an xpsp3 pc w/ office 2007sp1. I poked around there's about 500k hits that match with no reasonable answer. A lot of people were talking about usb drives. This is a network share in a 2003 AD environment. If I do a runas and run as administrator the problem goes away, making the user a domain admin does not however. If the user hits Save As.. and then clicks ok he gets prompted to overwrite hits yes and it works. So it's not *really* a permissions error. I tried disabling all add-ins (although Symantec AV is on the machine, it wasn't listed as an available add-in). I re-applied all permissions on the share. Any one? 2008-2009 Season: Tosca | The Barber of Seville Recently Announced: Virginia Opera's 35th Anniversary Season 2009-2010 Visit us online at www.vaopera.org or call 1.866.OPERA.VA This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Word 2007 cannot save due to file permission error
I didn't see the original posting. However, when one of my users had this, it was because their user profile was corrupt. That was not fun! If you're lucky, the NTUSER.DAT file can be over-written with a known good copy. If you're not lucky, then the NTUSER.DAT file for .DEFAULT could also be corrupt. -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Miller Bonnie L. mille...@mukilteo.wednet.edu wrote on 12/15/2008 09:07:29 AM: Interesting—I’ve been seeing something similar to this once in a while, running Vista Ent with Office 2007sp1. I think it may have started after we migrated our home directories to DFS paths, and have not had much chance to look into it yet. For me, it doesn’t always happen, just pops up periodically—is that what you’re seeing (intermittent) or does it always happen? I’ve confirmed it’s not permissions and not quota-related—hadn’t tried the run as admin yet. -Bonnie From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, December 13, 2008 5:56 AM To: NT System Admin Issues Subject: Word 2007 cannot save due to file permission error Getting this on an xpsp3 pc w/ office 2007sp1. I poked around there’s about 500k hits that match with no reasonable answer. A lot of people were talking about usb drives. This is a network share in a 2003 AD environment. If I do a runas and run as administrator the problem goes away, making the user a domain admin does not however. If the user hits Save As.. and then clicks ok he gets prompted to overwrite hits yes and it works. So it’s not *really* a permissions error. I tried disabling all add-ins (although Symantec AV is on the machine, it wasn’t listed as an available add-in). I re-applied all permissions on the share. Any one? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Word 2007 cannot save due to file permission error
Interesting--There are other drives connected via logon scripts on different letters, but these (home directories) are connected via the properties of the user accounts. There is also folder redirection going on, so that may be involved. -Original Message- From: Terry Dickson [mailto:te...@treasurer.state.ks.us] Sent: Monday, December 15, 2008 7:48 AM To: NT System Admin Issues Subject: RE: Word 2007 cannot save due to file permission error When we first switched to DFS we had a couple of issues with that. Our users only know Mapped drives not UNC. We had an issue with not mapping the drives persistent. When we changed the mapping statements in the login script all those issues disappeared. -Original Message- From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Monday, December 15, 2008 9:07 AM To: NT System Admin Issues Subject: RE: Word 2007 cannot save due to file permission error Interesting-I've been seeing something similar to this once in a while, running Vista Ent with Office 2007sp1. I think it may have started after we migrated our home directories to DFS paths, and have not had much chance to look into it yet. For me, it doesn't always happen, just pops up periodically-is that what you're seeing (intermittent) or does it always happen? I've confirmed it's not permissions and not quota-related-hadn't tried the run as admin yet. -Bonnie From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, December 13, 2008 5:56 AM To: NT System Admin Issues Subject: Word 2007 cannot save due to file permission error Getting this on an xpsp3 pc w/ office 2007sp1. I poked around there's about 500k hits that match with no reasonable answer. A lot of people were talking about usb drives. This is a network share in a 2003 AD environment. If I do a runas and run as administrator the problem goes away, making the user a domain admin does not however. If the user hits Save As.. and then clicks ok he gets prompted to overwrite hits yes and it works. So it's not *really* a permissions error. I tried disabling all add-ins (although Symantec AV is on the machine, it wasn't listed as an available add-in). I re-applied all permissions on the share. Any one? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Word 2007 cannot save due to file permission error
When we first switched to DFS we had a couple of issues with that. Our users only know Mapped drives not UNC. We had an issue with not mapping the drives persistent. When we changed the mapping statements in the login script all those issues disappeared. -Original Message- From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Monday, December 15, 2008 9:07 AM To: NT System Admin Issues Subject: RE: Word 2007 cannot save due to file permission error Interesting-I've been seeing something similar to this once in a while, running Vista Ent with Office 2007sp1. I think it may have started after we migrated our home directories to DFS paths, and have not had much chance to look into it yet. For me, it doesn't always happen, just pops up periodically-is that what you're seeing (intermittent) or does it always happen? I've confirmed it's not permissions and not quota-related-hadn't tried the run as admin yet. -Bonnie From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Saturday, December 13, 2008 5:56 AM To: NT System Admin Issues Subject: Word 2007 cannot save due to file permission error Getting this on an xpsp3 pc w/ office 2007sp1. I poked around there's about 500k hits that match with no reasonable answer. A lot of people were talking about usb drives. This is a network share in a 2003 AD environment. If I do a runas and run as administrator the problem goes away, making the user a domain admin does not however. If the user hits Save As.. and then clicks ok he gets prompted to overwrite hits yes and it works. So it's not *really* a permissions error. I tried disabling all add-ins (although Symantec AV is on the machine, it wasn't listed as an available add-in). I re-applied all permissions on the share. Any one? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Exchange auditing
Firstly apologies for the long post. I have a user ranting on about a bunch of e-mail that mysteriously disappeared from a shared mailbox. Naturally, I've been summoned to investigate. At this stage of my analysis I can't rule out the possibility that one of 3 users have inadvertently moved the missing e-mail from the mailbox into a PST file (albeit either manually or automatically via Outlook 2003's AutoArchive). I've tried using Outlook's Deleted Item Recovery add-in to find out if the e-mail was deleted but suffice there is nothing available to recover (which makes me think that the content was moved not deleted). Before I trawl through any PST filess located on each user PC I was wondering if there is any way to query Exchange to determine what specific actions were taken around the specific point in time prior to the e-mail disappearing, i.e. if e-mail A is moved from a mailbox to a PST, is the specific move transaction logged on the server somewhere? Also, does Outlook 2003's AutoArchive contain any client/server side logging functionality? Ultimately I can restore a mailstore backup to a recovery storage group to retrieve the missing e-mail, but I've been specifically asked by management to tell them why and how the content was originally moved/deleted. Environment is Exchange 2003, native mode AD Hope that makes some degree of sense. Thanks in advance for any help/pointers. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Exchange auditing
Just a note on shared mailboxes, if someone has deleted the emails in question, then the deleted emails will show in their Outlooks deleted items folder, not the deleted items folder of the shared mailbox. On Mon, Dec 15, 2008 at 10:29 AM, cs chr...@gmail.com wrote: Firstly apologies for the long post. I have a user ranting on about a bunch of e-mail that mysteriously disappeared from a shared mailbox. Naturally, I've been summoned to investigate. At this stage of my analysis I can't rule out the possibility that one of 3 users have inadvertently moved the missing e-mail from the mailbox into a PST file (albeit either manually or automatically via Outlook 2003's AutoArchive). I've tried using Outlook's Deleted Item Recovery add-in to find out if the e-mail was deleted but suffice there is nothing available to recover (which makes me think that the content was moved not deleted). Before I trawl through any PST filess located on each user PC I was wondering if there is any way to query Exchange to determine what specific actions were taken around the specific point in time prior to the e-mail disappearing, i.e. if e-mail A is moved from a mailbox to a PST, is the specific move transaction logged on the server somewhere? Also, does Outlook 2003's AutoArchive contain any client/server side logging functionality? Ultimately I can restore a mailstore backup to a recovery storage group to retrieve the missing e-mail, but I've been specifically asked by management to tell them why and how the content was originally moved/deleted. Environment is Exchange 2003, native mode AD Hope that makes some degree of sense. Thanks in advance for any help/pointers. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Exchange auditing
If the mail was moved, it *should* be available via deleted item recovery. The server has to do a copy operation to the pst, then does a delete operation on the messages in the original location. I've used this before to recover when someone had archived all their mail to a pst and deleted it, but then found the pst was corrupted when they took it home. So, if they were moved from the inbox to a pst, you have to enable the DumpsterAlwaysON reg key to recover deleted items from any mailbox, but messages should then be available to restore. -Bonnie From: cs [mailto:chr...@gmail.com] Sent: Monday, December 15, 2008 8:30 AM To: NT System Admin Issues Subject: Exchange auditing Firstly apologies for the long post. I have a user ranting on about a bunch of e-mail that mysteriously disappeared from a shared mailbox. Naturally, I've been summoned to investigate. At this stage of my analysis I can't rule out the possibility that one of 3 users have inadvertently moved the missing e-mail from the mailbox into a PST file (albeit either manually or automatically via Outlook 2003's AutoArchive). I've tried using Outlook's Deleted Item Recovery add-in to find out if the e-mail was deleted but suffice there is nothing available to recover (which makes me think that the content was moved not deleted). Before I trawl through any PST filess located on each user PC I was wondering if there is any way to query Exchange to determine what specific actions were taken around the specific point in time prior to the e-mail disappearing, i.e. if e-mail A is moved from a mailbox to a PST, is the specific move transaction logged on the server somewhere? Also, does Outlook 2003's AutoArchive contain any client/server side logging functionality? Ultimately I can restore a mailstore backup to a recovery storage group to retrieve the missing e-mail, but I've been specifically asked by management to tell them why and how the content was originally moved/deleted. Environment is Exchange 2003, native mode AD Hope that makes some degree of sense. Thanks in advance for any help/pointers. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Exchange auditing
Ah - good point. I haven't checked each individual's deleted items folder yet. I'll have a look. On Mon, Dec 15, 2008 at 4:35 PM, Sherry Abercrombie saber...@gmail.comwrote: Just a note on shared mailboxes, if someone has deleted the emails in question, then the deleted emails will show in their Outlooks deleted items folder, not the deleted items folder of the shared mailbox. On Mon, Dec 15, 2008 at 10:29 AM, cs chr...@gmail.com wrote: Firstly apologies for the long post. I have a user ranting on about a bunch of e-mail that mysteriously disappeared from a shared mailbox. Naturally, I've been summoned to investigate. At this stage of my analysis I can't rule out the possibility that one of 3 users have inadvertently moved the missing e-mail from the mailbox into a PST file (albeit either manually or automatically via Outlook 2003's AutoArchive). I've tried using Outlook's Deleted Item Recovery add-in to find out if the e-mail was deleted but suffice there is nothing available to recover (which makes me think that the content was moved not deleted). Before I trawl through any PST filess located on each user PC I was wondering if there is any way to query Exchange to determine what specific actions were taken around the specific point in time prior to the e-mail disappearing, i.e. if e-mail A is moved from a mailbox to a PST, is the specific move transaction logged on the server somewhere? Also, does Outlook 2003's AutoArchive contain any client/server side logging functionality? Ultimately I can restore a mailstore backup to a recovery storage group to retrieve the missing e-mail, but I've been specifically asked by management to tell them why and how the content was originally moved/deleted. Environment is Exchange 2003, native mode AD Hope that makes some degree of sense. Thanks in advance for any help/pointers. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Lose access to local domain servers when connected w/VPN to remote / different Windows domain
I'm starting to connect the dots here, I think. I noticed when I 'control userpasswords2' and click Advanced and Manage Passwords, while the VPN is connected, at the top of the saved passwords list is ... Dialup Session If I disconnect the VPN, Dialup Session disappears from this list. If I delete Dialup Session from the saved passwords list, the problem goes away (the VPN is still connected). Anybody know of a way to script the removal of something from the saved passwords list? Meanwhile, I haven't had a failure when drives are mapped to FQDNs. I'm still thinking that somewhere, Vista is bypassing the hosts file entry I made for my TLD and still uses DNS to resolve it (a security measure, hosts file not trustworthy, etc.). And then it thinks that the credentials for the connection that resolved the DNS should be used to re-authenticate. On that basis, I could script a change to the adapter order. Or just use the FQDN's for drive mapping I supposed. I don't like any of these solutions that much. The FQDN's are the least effort, but have a side effect - e.g. \\server file:///\\server is trusted to execute a .vbs script without prompting, but \\servername.mydomain.com file:///\\servername.mydomain.com always prompts. Even when servername.mydomain.com is added to Intranet or Trusted zones, it still prompts. Carl From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Saturday, December 13, 2008 12:24 PM To: NT System Admin Issues Subject: RE: Lose access to local domain servers when connected w/VPN to remote / different Windows domain Here's a new way I can see this problem... I don't know if this would have happened before the reboot, but I rebooted the DC in my local environment (it's the only DC). Following that, from the Vista machine I wanted to run something on the DC I typed psexec \\server file:///\\server command Response: Couldn't access server: Logon failure: unknown user name or bad password. Login failures on server showed the attempted use of the VPN credentials - by psexec (no other explanation for those events). Meanwhile, psexec \\server.mydomain.com file:///\\server.mydomain.com worked just fine. Still no problem pinging \\server file:///\\server , keeping in mind, my local AD TLD is in the DNS suffix search list. And still no problem with the drives mapped to FQDN's on the DC that rebooted. So it's a NETBIOS thing, maybe, except that I've seen drives that were mapped to \\ip.ad.dr.ess stop working with the same wrong-credentials login failure. Carl From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, December 10, 2008 2:28 PM To: NT System Admin Issues Subject: Lose access to local domain servers when connected w/VPN to remote / different Windows domain This problem has bothered me a long time, and happens daily. It's so bothersome, I'll send some Dale Thomas popcorn to the first person who can come up with a solution or a tip that quickly (without many hours of effort on my part) leads to a solution. Advice such as call Microsoft does not qualify for the popcorn! Past history: The problem was seen for Windows XP but seems to be worse under Vista. In fact I wrote about it in reference to XP to this list a year or two ago without any resolution. Certainly what I'm doing here can't be that unique, aside from relying on Microsoft-based VPN solutions... (kindly withhold comments on the worthiness of those solutions). Goes like this: In my local office, there are two 2003 servers - member and domain controller. My everyday Vista SP1 is joined to that domain. I have drives mapped to both servers. I use an L2TP/IPSEC VPN connection to connect to a client's network. The client's VPN gateway is ISA 2006, joined to the client's Windows domain, but I authenticate for the purpose of the VPN connection using a local username on the ISA server. We'll call the ISA server ISAVPN in further discussion. What happens: Sooner or later I will be unable to access the drives mapped to my local domain's servers (UNC references to those servers also fail). The error returned when just trying to do anything at the CMD prompt defaulted to a mapped drive on either server is: Logon failure: unknown user name or bad password. Once I disconnect from ISAVPN, at the very same CMD prompt, I again and immediately have access to files on my local servers. This seems to affect access to the member server a short time after connecting to ISAVPN. Access to files on the domain controller usually keeps working much longer, but eventually I lose it as well. This behavior has guaranteed repeatability 100% of the time. I should note that the domain controller's mapped drive is available offline but Vista does not switch to offline because of this problem. Looking in the security event log of the server, I see events 529 and 680 (source Security), in
Certificates
We have an internal certificate server here and it hold some certificates we use for our development web servers - the certificate is set to expire in two days. If I look at it under Certicates (Local Computer) / Personal / Certificates it's Issued to Server1, Issued by Server1 and expires 12/17/08. How do I renew it? If I select the certificste itself and select All Tasks, my options are: * Request cert with New Key * Request cert with Same Key * Renew cert with New key * Renew cert with Same key Are there special considerations I am overlooking if I choose renew cert w/ same key? I want the same cert with new date, but as you can tell I have zero experience with certifations... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Windows 2000 Terminal Server - Licensing Issue
I am getting this error when I try to connect to a windows 2000 terminal server. The remote computer disconnected the session because of an error in licensing protocol. We use to have a windows 2000 terminal server licensing server. We demoted that and added a windows 2003 terminal server. 2 weeks later we get this error. I am wondering if it is because the windows 2000 terminal server cannot locate the windows 2003 terminal license server. Is there a setting on windows 2000 terminal server that I can configure the windows 2000 terminal server to manually connect to the windows 2003 terminal license server? Best Regards, Phil ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2000 Terminal Server - Licensing Issue
I think I fixed it. _ From: Phil Guevara [mailto:pguev...@mhccov.org] Sent: Monday, December 15, 2008 10:26 AM To: NT System Admin Issues Subject: Windows 2000 Terminal Server - Licensing Issue I am getting this error when I try to connect to a windows 2000 terminal server. The remote computer disconnected the session because of an error in licensing protocol. We use to have a windows 2000 terminal server licensing server. We demoted that and added a windows 2003 terminal server. 2 weeks later we get this error. I am wondering if it is because the windows 2000 terminal server cannot locate the windows 2003 terminal license server. Is there a setting on windows 2000 terminal server that I can configure the windows 2000 terminal server to manually connect to the windows 2003 terminal license server? Best Regards, Phil __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2000 Terminal Server - Licensing Issue
Good man. Take an extra 5 minutes for lunch! From: Phil Guevara [mailto:pguev...@mhccov.org] Sent: Monday, December 15, 2008 10:52 AM To: NT System Admin Issues Subject: RE: Windows 2000 Terminal Server - Licensing Issue I think I fixed it. _ From: Phil Guevara [mailto:pguev...@mhccov.org] Sent: Monday, December 15, 2008 10:26 AM To: NT System Admin Issues Subject: Windows 2000 Terminal Server - Licensing Issue I am getting this error when I try to connect to a windows 2000 terminal server. The remote computer disconnected the session because of an error in licensing protocol. We use to have a windows 2000 terminal server licensing server. We demoted that and added a windows 2003 terminal server. 2 weeks later we get this error. I am wondering if it is because the windows 2000 terminal server cannot locate the windows 2003 terminal license server. Is there a setting on windows 2000 terminal server that I can configure the windows 2000 terminal server to manually connect to the windows 2003 terminal license server? Best Regards, Phil __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Image deployment to two disparate networks
Correct. During the PE boot, it pulls the image (the PE boot image) from the network. I'm told we can put a certificate on that image. We're going to test to ensure that the PE image does in fact use the certificate. If so, does our infrastructure support this method, we'll test whether using Dot1X authentication will preclude them from getting an IPAddress if they're submitting the wrong certificate (using a cert from Network A, no Network B) Make sense? ON paper it seems feasible, just have to test it now. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, December 12, 2008 7:43 PM To: NT System Admin Issues Subject: Re: Image deployment to two disparate networks On Fri, Dec 12, 2008 at 8:57 AM, Fogarty Rick MR - CONTR - Team EITC rick.foga...@us.army.mil wrote: However, two of the networks sometimes share the same computer. A switch box allows the user to switch between Network A and Network B by using a different HD (they're removable). During the PE boot process it obviously sends a broadcast out looking for an IP address. How do I ensure a machine from network A does not request an address from network B? I don't know anything about MS-SMS, so perhaps I'm misunderstanding, but you're doing an network boot with PXE, right? If so, I don't think you'll be able to do anything about it at that point. PXE sends a DHCP request with its unique ID, but that ID is based on the MAC address and/or motherboard firmware, not the hard disk drive. Indeed, you don't even need a hard disk drive for PXE to work. Once WinPE is up and running, then certificates maybe could come into play (or not; I dunno), but by that time, the computer has already received the DHCP lease from the wrong network. You might be able to detect that the hard drive's serial number belongs on Network B when you've booted on Network A, and prevent things from going further. That would involve some WinPE/MS-SMS magic way outside my experience, though. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: firewall reporting
FireGen From: Eldridge, Dave [mailto:d...@parkviewmc.com] Sent: Sunday, December 14, 2008 2:32 PM To: NT System Admin Issues Subject: firewall reporting Looking to see if anyone is using or looked at either Stoneylakesolutions.com or manageengine.adventnet.com for firewall reporting? Any others currently being used? dave This e-mail contains the thoughts and opinions of the sender and does not represent official Parkview Medical Center policy. This communication is intended only for the recipient(s) named above, may be confidential and/or legally privileged: and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please return to sender and delete the message from your computer system. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Certificates
Are there special considerations I am overlooking if I choose renew cert w/ same key? None that I know of. That's what I would do. ...Tim From: David Lum [mailto:david@nwea.org] Sent: Monday, December 15, 2008 9:54 AM To: NT System Admin Issues Subject: Certificates We have an internal certificate server here and it hold some certificates we use for our development web servers - the certificate is set to expire in two days. If I look at it under Certicates (Local Computer) / Personal / Certificates it's Issued to Server1, Issued by Server1 and expires 12/17/08. How do I renew it? If I select the certificste itself and select All Tasks, my options are: * Request cert with New Key * Request cert with Same Key * Renew cert with New key * Renew cert with Same key Are there special considerations I am overlooking if I choose renew cert w/ same key? I want the same cert with new date, but as you can tell I have zero experience with certifations... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Windows 2000 Terminal Server - Licensing Issue
I might even supersize my lunch today! :) In case anyone runs into this issue, I found out that you need to set a prefered terminal license server within the registry for windows 2000 terminal server. This is unlike windows 2003 terminal server where you can set a prefered terminal license server under the terminal services configuration. Phil _ From: Martin Blackstone [mailto:mblackst...@gmail.com] Sent: Monday, December 15, 2008 11:04 AM To: NT System Admin Issues Subject: RE: Windows 2000 Terminal Server - Licensing Issue Good man. Take an extra 5 minutes for lunch! From: Phil Guevara [mailto:pguev...@mhccov.org] Sent: Monday, December 15, 2008 10:52 AM To: NT System Admin Issues Subject: RE: Windows 2000 Terminal Server - Licensing Issue I think I fixed it. _ From: Phil Guevara [mailto:pguev...@mhccov.org] Sent: Monday, December 15, 2008 10:26 AM To: NT System Admin Issues Subject: Windows 2000 Terminal Server - Licensing Issue I am getting this error when I try to connect to a windows 2000 terminal server. The remote computer disconnected the session because of an error in licensing protocol. We use to have a windows 2000 terminal server licensing server. We demoted that and added a windows 2003 terminal server. 2 weeks later we get this error. I am wondering if it is because the windows 2000 terminal server cannot locate the windows 2003 terminal license server. Is there a setting on windows 2000 terminal server that I can configure the windows 2000 terminal server to manually connect to the windows 2003 terminal license server? Best Regards, Phil __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 3693 (20081215) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
IIS crashing
So lately I have been seeing the inet process crashing and when I extract the cabs with the dump and run the crash dump under windbg ver 6.9 I see the following and from I make out of this, the ISATQ.dll is either corrupt or I don't know what I'm seeing. Anyone seen this issue or can make out the problem? Microsoft (R) Windows Debugger Version 6.9.0003.113 X86 Copyright (c) Microsoft Corporation. All rights reserved. Extracted C:\DOCUME~1\thomas\LOCALS~1\Temp\1\15c00_inetinfo.exe.mdmp from C:\Documents and Settings\thomas\Desktop\12-2-08_crash\exchange_dmp\20474AB5.cab Loading Dump File [C:\DOCUME~1\thomas\LOCALS~1\Temp\1\15c00_inetinfo.exe.mdmp] User Mini Dump File: Only registers, stack and portions of memory are available Symbol search path is: SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2003 Version 3790 (Service Pack 1) MP (2 procs) Free x86 compatible Product: Server, suite: TerminalServer SingleUserTS Debug session time: Wed Dec 10 15:14:05.000 2008 (GMT-6) System Uptime: not available Process Uptime: 6 days 6:24:13.000 Loading unloaded module list This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (300.108c): Access violation - code c005 (first/second chance not available) eax= ebx=078aed94 ecx=0327 edx=7c82ed54 esi=078aed98 edi=bd7dd000 eip=7c82ed54 esp=078aed48 ebp=078aedf0 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=0246 ntdll!KiFastSystemCallRet: 7c82ed54 c3 ret 0:093 .ecxr eax= ebx=77e6b4af ecx=7779006c edx=0001 esi=00e2bb90 edi= eip=63ec8952 esp=078afe48 ebp=078afe6c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010246 Unloaded_ISATQ.dll+0x8952: 63ec8952 ?? ??? TIA, Thomas Gonzalez Technology Manager Girl Scouts of Southwest Texas 210.349.2404 phone 210.403.1586 DID 210.349.2666 fax www.girlscouts-swtx.org http://www.girlscouts-swtx.org/ tgonza...@girlscouts-swtx.org mailto:tgonza...@girlscouts-swtx.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
issue with accessing \\servername
Puzzling issue... We have 2 sites/locations connected a site-to-site VPN... At site A, we have a number of servers, one of which is a Win2003R2 server called (for example) Server-5. From site A, all the other servers and clients can access Server-5 properly. They can ping it by IP and ping by server name. They can access shares via \\Server-5 and by \\IP-Address-for-Server-5. At site B, we have a two servers. Both servers can ping Server-5 in Site-A by BOTH the ip address (although it automatically resolves to the fqdn name) and computername. However, accessing the server via \\Server-5 or \\IP-Address-for-Server-5 does not work. It did notice that immediately after trying to access \\server-5 from both of these server, if I do a nbtstat -c, the Server-5 DOES show up in the list. How strange. It seems like network connectivity isn't a problem, since I can ping properly. Any idea what might be going on here? mail2web.com Enhanced email for the mobile individual based on Microsoft® Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Search Engine Optimization Companies -- Any good ones?
Our compnay is looking to hire a Search Enghine Optimization firm to tweak our website. Does anyone have any experience with any of them? I know there are a ton out there, and most are probably not that great. Thanks in advance, Jon . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: issue with accessing \\servername
Check the firewall on Server-5. Chances are it's been turned on and is blocking access. -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Monday, December 15, 2008 1:13 PM To: NT System Admin Issues Subject: issue with accessing \\servername Puzzling issue... We have 2 sites/locations connected a site-to-site VPN... At site A, we have a number of servers, one of which is a Win2003R2 server called (for example) Server-5. From site A, all the other servers and clients can access Server-5 properly. They can ping it by IP and ping by server name. They can access shares via \\Server-5 and by \\IP-Address-for-Server-5. At site B, we have a two servers. Both servers can ping Server-5 in Site-A by BOTH the ip address (although it automatically resolves to the fqdn name) and computername. However, accessing the server via \\Server-5 or \\IP-Address-for-Server-5 does not work. It did notice that immediately after trying to access \\server-5 from both of these server, if I do a nbtstat -c, the Server-5 DOES show up in the list. How strange. It seems like network connectivity isn't a problem, since I can ping properly. Any idea what might be going on here? mail2web.com - Enhanced email for the mobile individual based on MicrosoftR Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Search Engine Optimization Companies -- Any good ones?
A client of mine has been with One Up Web for a long time, and has experienced sustained top rankings for some very competitive key words and phrases. http://www.oneupweb.com Klint Jon D wrote: Our compnay is looking to hire a Search Enghine Optimization firm to tweak our website. Does anyone have any experience with any of them? I know there are a ton out there, and most are probably not that great. Thanks in advance, Jon . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: issue with accessing \\servername
Forgot to mention I already made sure it was disabled and it has been... I was told that the gateway IP on Server-5 was changed about 2 weeks ago and the server had not been rebooted since. Wondering if a reboot might help then. I'll be able to take it offline in about 90 minutes and check. Original Message: - From: Jim Majorowicz jmajorow...@gmail.com Date: Mon, 15 Dec 2008 13:35:17 -0800 To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: issue with accessing \\servername Check the firewall on Server-5. Chances are it's been turned on and is blocking access. -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Monday, December 15, 2008 1:13 PM To: NT System Admin Issues Subject: issue with accessing \\servername Puzzling issue... We have 2 sites/locations connected a site-to-site VPN... At site A, we have a number of servers, one of which is a Win2003R2 server called (for example) Server-5. From site A, all the other servers and clients can access Server-5 properly. They can ping it by IP and ping by server name. They can access shares via \\Server-5 and by \\IP-Address-for-Server-5. At site B, we have a two servers. Both servers can ping Server-5 in Site-A by BOTH the ip address (although it automatically resolves to the fqdn name) and computername. However, accessing the server via \\Server-5 or \\IP-Address-for-Server-5 does not work. It did notice that immediately after trying to access \\server-5 from both of these server, if I do a nbtstat -c, the Server-5 DOES show up in the list. How strange. It seems like network connectivity isn't a problem, since I can ping properly. Any idea what might be going on here? mail2web.com - Enhanced email for the mobile individual based on MicrosoftR Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ mail2web.com Enhanced email for the mobile individual based on Microsoft® Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: issue with accessing \\servername
Wins updated when the IP address changed? Sounds similar to a problem I had a few months ago, except sometimes I couldn't resolve the server by name, and ping would report the old IP address on an intermittent basis. On Mon, Dec 15, 2008 at 4:44 PM, jesse-r...@wi.rr.com jesse-r...@wi.rr.comwrote: Forgot to mention I already made sure it was disabled and it has been... I was told that the gateway IP on Server-5 was changed about 2 weeks ago and the server had not been rebooted since. Wondering if a reboot might help then. I'll be able to take it offline in about 90 minutes and check. Original Message: - From: Jim Majorowicz jmajorow...@gmail.com Date: Mon, 15 Dec 2008 13:35:17 -0800 To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: issue with accessing \\servername Check the firewall on Server-5. Chances are it's been turned on and is blocking access. -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Monday, December 15, 2008 1:13 PM To: NT System Admin Issues Subject: issue with accessing \\servername Puzzling issue... We have 2 sites/locations connected a site-to-site VPN... At site A, we have a number of servers, one of which is a Win2003R2 server called (for example) Server-5. From site A, all the other servers and clients can access Server-5 properly. They can ping it by IP and ping by server name. They can access shares via \\Server-5 and by \\IP-Address-for-Server-5. At site B, we have a two servers. Both servers can ping Server-5 in Site-A by BOTH the ip address (although it automatically resolves to the fqdn name) and computername. However, accessing the server via \\Server-5 or \\IP-Address-for-Server-5 does not work. It did notice that immediately after trying to access \\server-5 from both of these server, if I do a nbtstat -c, the Server-5 DOES show up in the list. How strange. It seems like network connectivity isn't a problem, since I can ping properly. Any idea what might be going on here? mail2web.com - Enhanced email for the mobile individual based on MicrosoftR Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ mail2web.com – Enhanced email for the mobile individual based on Microsoft(R) Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: issue with accessing \\servername
Server-5's IP was NOT changed Only the gateway address used on Server-5. Original Message: - From: Jonathan Link jonathan.l...@gmail.com Date: Mon, 15 Dec 2008 16:53:39 -0500 To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: issue with accessing \\servername Wins updated when the IP address changed? Sounds similar to a problem I had a few months ago, except sometimes I couldn't resolve the server by name, and ping would report the old IP address on an intermittent basis. On Mon, Dec 15, 2008 at 4:44 PM, jesse-r...@wi.rr.com jesse-r...@wi.rr.comwrote: Forgot to mention I already made sure it was disabled and it has been... I was told that the gateway IP on Server-5 was changed about 2 weeks ago and the server had not been rebooted since. Wondering if a reboot might help then. I'll be able to take it offline in about 90 minutes and check. Original Message: - From: Jim Majorowicz jmajorow...@gmail.com Date: Mon, 15 Dec 2008 13:35:17 -0800 To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: issue with accessing \\servername Check the firewall on Server-5. Chances are it's been turned on and is blocking access. -Original Message- From: jesse-r...@wi.rr.com [mailto:jesse-r...@wi.rr.com] Sent: Monday, December 15, 2008 1:13 PM To: NT System Admin Issues Subject: issue with accessing \\servername Puzzling issue... We have 2 sites/locations connected a site-to-site VPN... At site A, we have a number of servers, one of which is a Win2003R2 server called (for example) Server-5. From site A, all the other servers and clients can access Server-5 properly. They can ping it by IP and ping by server name. They can access shares via \\Server-5 and by \\IP-Address-for-Server-5. At site B, we have a two servers. Both servers can ping Server-5 in Site-A by BOTH the ip address (although it automatically resolves to the fqdn name) and computername. However, accessing the server via \\Server-5 or \\IP-Address-for-Server-5 does not work. It did notice that immediately after trying to access \\server-5 from both of these server, if I do a nbtstat -c, the Server-5 DOES show up in the list. How strange. It seems like network connectivity isn't a problem, since I can ping properly. Any idea what might be going on here? mail2web.com - Enhanced email for the mobile individual based on MicrosoftR Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ mail2web.com Enhanced email for the mobile individual based on Microsoft(R) Exchange - http://link.mail2web.com/Personal/EnhancedEmail ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ mail2web - Check your email from the web at http://link.mail2web.com/mail2web ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Exchange auditing
Thanks all for the responses received. After interrogating each user to the nth degree it turned out one of them had moved the missing content to his own mailbox without telling the others. Idiot. Via the MS exchange newsgroup I also found an answer to my query about using Exchange logs to audit mailbox transactions at an item level; Response from MS; *There's no item-level auditing in Exchange (for items in a user mailbox). Journaling is an option, as are archiving tools from partners.* Cue Homer Simpson d'oh!! Guess it's time we splash some cash on an enterprise grade e-mail archiving solution. Death to PSTs!! Woohoo!! M doughnuts On Mon, Dec 15, 2008 at 4:52 PM, cs chr...@gmail.com wrote: Ah - good point. I haven't checked each individual's deleted items folder yet. I'll have a look. On Mon, Dec 15, 2008 at 4:35 PM, Sherry Abercrombie saber...@gmail.comwrote: Just a note on shared mailboxes, if someone has deleted the emails in question, then the deleted emails will show in their Outlooks deleted items folder, not the deleted items folder of the shared mailbox. On Mon, Dec 15, 2008 at 10:29 AM, cs chr...@gmail.com wrote: Firstly apologies for the long post. I have a user ranting on about a bunch of e-mail that mysteriously disappeared from a shared mailbox. Naturally, I've been summoned to investigate. At this stage of my analysis I can't rule out the possibility that one of 3 users have inadvertently moved the missing e-mail from the mailbox into a PST file (albeit either manually or automatically via Outlook 2003's AutoArchive). I've tried using Outlook's Deleted Item Recovery add-in to find out if the e-mail was deleted but suffice there is nothing available to recover (which makes me think that the content was moved not deleted). Before I trawl through any PST filess located on each user PC I was wondering if there is any way to query Exchange to determine what specific actions were taken around the specific point in time prior to the e-mail disappearing, i.e. if e-mail A is moved from a mailbox to a PST, is the specific move transaction logged on the server somewhere? Also, does Outlook 2003's AutoArchive contain any client/server side logging functionality? Ultimately I can restore a mailstore backup to a recovery storage group to retrieve the missing e-mail, but I've been specifically asked by management to tell them why and how the content was originally moved/deleted. Environment is Exchange 2003, native mode AD Hope that makes some degree of sense. Thanks in advance for any help/pointers. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Most vulnerable apps of 2008
Firefox tops list of 12 most vulnerable apps http://blogs.zdnet.com/security/?p=2304 One of their criteria is that the apps on the list can't be managed with WSUS. Isn't that a reason to use another tool besides (or in addition to) WSUS rather than not use the application in question? Read the full report for the criteria used to compile the list: http://www.bit9.com/files/Vulnerable_Apps_DEC_08.pdf Wow... - Andy O. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: IIS crashing
Are you running IIS 6.0 in IIS 5.0 Isolation Mode? Or IIS 6.0 Worker Process Mode? I don't think ISATQ.dll is corrupt, but more likely you have a component inside inetinfo.exe (e.g. ISAPI filter) that is not correctly coded for multithreaded access. ISATQ manages thread pools, and it seems to be prematurely unloading, causing an access violation inside inetinfo.exe. If you are running in IIS 5.0 Isolation mode, you could have COM .dlls loaded in there as well (if you are running a low isolation website). Typically these are VB components that do not have the unattended execution and retain in memory flags set. Cheers Ken From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Tuesday, 16 December 2008 6:41 AM To: NT System Admin Issues Subject: IIS crashing So lately I have been seeing the inet process crashing and when I extract the cabs with the dump and run the crash dump under windbg ver 6.9 I see the following and from I make out of this, the ISATQ.dll is either corrupt or I don't know what I'm seeing. Anyone seen this issue or can make out the problem? Microsoft (R) Windows Debugger Version 6.9.0003.113 X86 Copyright (c) Microsoft Corporation. All rights reserved. Extracted C:\DOCUME~1\thomas\LOCALS~1\Temp\1\15c00_inetinfo.exe.mdmp from C:\Documents and Settings\thomas\Desktop\12-2-08_crash\exchange_dmp\20474AB5.cab Loading Dump File [C:\DOCUME~1\thomas\LOCALS~1\Temp\1\15c00_inetinfo.exe.mdmp] User Mini Dump File: Only registers, stack and portions of memory are available Symbol search path is: SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2003 Version 3790 (Service Pack 1) MP (2 procs) Free x86 compatible Product: Server, suite: TerminalServer SingleUserTS Debug session time: Wed Dec 10 15:14:05.000 2008 (GMT-6) System Uptime: not available Process Uptime: 6 days 6:24:13.000 Loading unloaded module list This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (300.108c): Access violation - code c005 (first/second chance not available) eax= ebx=078aed94 ecx=0327 edx=7c82ed54 esi=078aed98 edi=bd7dd000 eip=7c82ed54 esp=078aed48 ebp=078aedf0 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=0246 ntdll!KiFastSystemCallRet: 7c82ed54 c3 ret 0:093 .ecxr eax= ebx=77e6b4af ecx=7779006c edx=0001 esi=00e2bb90 edi= eip=63ec8952 esp=078afe48 ebp=078afe6c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs= efl=00010246 Unloaded_ISATQ.dll+0x8952: 63ec8952 ?? ??? TIA, Thomas Gonzalez Technology Manager Girl Scouts of Southwest Texas 210.349.2404 phone 210.403.1586 DID 210.349.2666 fax www.girlscouts-swtx.orghttp://www.girlscouts-swtx.org/ tgonza...@girlscouts-swtx.orgmailto:tgonza...@girlscouts-swtx.org Girl Scouts of Southwest Texas offices will be closed for the winter holiday beginning Monday, December 22 and will reopen on Monday, January 5, 2009. Thank you for your understanding. Wishing you and yours a wonderful holiday season. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Most vulnerable apps of 2008
I still dont see a rationale for Firefox being at the top of the list. I would THINK that Adobe Flash and Adobe Acrobat would be a greater risk exposure, but I dont have stats for that - but neither do they it seems. Or did I miss something? -- ME2 On Mon, Dec 15, 2008 at 5:49 PM, Andy Ognenoff andyognen...@gmail.com wrote: Firefox tops list of 12 most vulnerable apps http://blogs.zdnet.com/security/?p=2304 One of their criteria is that the apps on the list can't be managed with WSUS. Isn't that a reason to use another tool besides (or in addition to) WSUS rather than not use the application in question? Read the full report for the criteria used to compile the list: http://www.bit9.com/files/Vulnerable_Apps_DEC_08.pdf Wow... - Andy O. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Most vulnerable apps of 2008
On Mon, Dec 15, 2008 at 5:49 PM, Andy Ognenoff andyognen...@gmail.com wrote: One of their criteria is that the apps on the list can't be managed with WSUS. Isn't that a reason to use another tool besides (or in addition to) WSUS rather than not use the application in question? I was more surprised to find out that Microsoft Systems Management Server is now a free Enterprise tool. (Page 1, Criteria list, item #6.) More seriously: Several of their identified worsts come with their own self-update tools. Since this list seems to assume it is okay for lusers to install and manage their own software (aside: WTF?!?), why isn't it okay to use those self-update tools? The strange thing is, this company (Bit9) doesn't appear to sell update management tools. Their chief -- if not only -- product is an Application Whitelisting tool. (Kind of like the Software Restrictions Policies built-in to MS Windows, but with more capabilities and a pre-loaded list of signatures.) I'm guessing they set out to craft a situation where you couldn't use Software Restriction Policies (due to allowing lusers running all sorts of arbitrary random crap; see above) but still wanted centralized management of the applications they can run. Of course, I have to ask, why not just solve the real problem rather than bolting on a solution that a determined luser could prolly bypass anyway (they have admin rights, remember). Also interesting is the fact that a stack smash with code injection isn't necessarily going to show up on the radar of their product anyway. That doesn't tamper with the files on disk; it just modifies the in-memory image. So the bad guys can still do bad nasty things in the unpatched application. I'm not impressed. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: issue with accessing \\servername
On Mon, Dec 15, 2008 at 4:12 PM, jesse-r...@wi.rr.com jesse-r...@wi.rr.com wrote: We have 2 sites/locations connected a site-to-site VPN... Try ping'ing with larger packet sizes. Try multiple sizes, such as 500, 2000, 1, 3, 6, and 65500. Might be an issue with path MTU. That's not uncommon with VPNs, since you're encapsulating datagrams inside datagrams -- an already max-size datagram then won't fit without fragmentation. That wouldn't show up with the default ping of 64 bytes. Could also be a name resolution issue. I've seen name resolution issues screw-up SMB, even when you give an IP address for the server name. Along those lines: Do you have WINS server(s) configured with all computers at all sites using the same set of WINS server(s)? If you are not using WINS, do you have NetBIOS-over-TCP/IP force-disabled on all clients? Describe your DNS topology, including domains, nameservers, which sites which nameservers are at, and which nameservers which clients are configured to use. You can substitute names if you want, but be complete. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Most vulnerable apps of 2008
I also like that they say ESXi 3.5 or earlier is an application that installs on Windows, is commonly known in the consumer market and installed by the user with no way for central administration via WSUS. It's like they looked up a bunch of applications that execs might recognize by name only and threw them all out on a piece of collateral for their marketing dept. But I agree with Ben S. - get to the root of the problem: least privilege. - Andy O. Micheal Espinola Jr wrote: I still dont see a rationale for Firefox being at the top of the list. I would THINK that Adobe Flash and Adobe Acrobat would be a greater risk exposure, but I dont have stats for that - but neither do they it seems. Or did I miss something? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
